Light-weight Detection of Spoofing Attacks in Wireless Networks

Abstract

Many wireless networks are susceptible to spoofing attacks, whereby an adversary imitates the network identifiers of legitimate devices. Conventionally, assuring the identity of the communicator and thereby detecting an adversarial presence is performed via device authentication. Unfortunately, full-scale authentication is not always desirable as it requires key management and more extensive computations. In this paper we argue that it is desirable to have a functionality complementary to traditional cryptographic authentication that can detect device spoofing with little or no dependency on cryptographic material. To accomplish this, we introduce the notion of forge-resistant relationships associated with transmitted packets, as well as forge-resistant consistency checks, which allow other network entities to detect anomalous activity. We then provide two practical examples of forge-resistant relationships for detecting anomalous network activity: we explore the use of a supplemental identifier field that evolves in time according to a reverse one-way function chain, and the use of signal strength readings for source discrimination. We validate the usefulness of these methods for anomalous "spoofed" traffic scenarios involving multiple sources sharing the same MAC address through experiments conducted on the ORBIT wireless testbed