{"title":"无线网络中欺骗攻击的轻量级检测","authors":"Qing Li, W. Trappe","doi":"10.1109/MOBHOC.2006.278663","DOIUrl":null,"url":null,"abstract":"Many wireless networks are susceptible to spoofing attacks, whereby an adversary imitates the network identifiers of legitimate devices. Conventionally, assuring the identity of the communicator and thereby detecting an adversarial presence is performed via device authentication. Unfortunately, full-scale authentication is not always desirable as it requires key management and more extensive computations. In this paper we argue that it is desirable to have a functionality complementary to traditional cryptographic authentication that can detect device spoofing with little or no dependency on cryptographic material. To accomplish this, we introduce the notion of forge-resistant relationships associated with transmitted packets, as well as forge-resistant consistency checks, which allow other network entities to detect anomalous activity. We then provide two practical examples of forge-resistant relationships for detecting anomalous network activity: we explore the use of a supplemental identifier field that evolves in time according to a reverse one-way function chain, and the use of signal strength readings for source discrimination. We validate the usefulness of these methods for anomalous \"spoofed\" traffic scenarios involving multiple sources sharing the same MAC address through experiments conducted on the ORBIT wireless testbed","PeriodicalId":345003,"journal":{"name":"2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":"{\"title\":\"Light-weight Detection of Spoofing Attacks in Wireless Networks\",\"authors\":\"Qing Li, W. Trappe\",\"doi\":\"10.1109/MOBHOC.2006.278663\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Many wireless networks are susceptible to spoofing attacks, whereby an adversary imitates the network identifiers of legitimate devices. Conventionally, assuring the identity of the communicator and thereby detecting an adversarial presence is performed via device authentication. Unfortunately, full-scale authentication is not always desirable as it requires key management and more extensive computations. In this paper we argue that it is desirable to have a functionality complementary to traditional cryptographic authentication that can detect device spoofing with little or no dependency on cryptographic material. To accomplish this, we introduce the notion of forge-resistant relationships associated with transmitted packets, as well as forge-resistant consistency checks, which allow other network entities to detect anomalous activity. We then provide two practical examples of forge-resistant relationships for detecting anomalous network activity: we explore the use of a supplemental identifier field that evolves in time according to a reverse one-way function chain, and the use of signal strength readings for source discrimination. We validate the usefulness of these methods for anomalous \\\"spoofed\\\" traffic scenarios involving multiple sources sharing the same MAC address through experiments conducted on the ORBIT wireless testbed\",\"PeriodicalId\":345003,\"journal\":{\"name\":\"2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems\",\"volume\":\"58 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"29\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MOBHOC.2006.278663\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2006 IEEE International Conference on Mobile Ad Hoc and Sensor Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MOBHOC.2006.278663","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Light-weight Detection of Spoofing Attacks in Wireless Networks
Many wireless networks are susceptible to spoofing attacks, whereby an adversary imitates the network identifiers of legitimate devices. Conventionally, assuring the identity of the communicator and thereby detecting an adversarial presence is performed via device authentication. Unfortunately, full-scale authentication is not always desirable as it requires key management and more extensive computations. In this paper we argue that it is desirable to have a functionality complementary to traditional cryptographic authentication that can detect device spoofing with little or no dependency on cryptographic material. To accomplish this, we introduce the notion of forge-resistant relationships associated with transmitted packets, as well as forge-resistant consistency checks, which allow other network entities to detect anomalous activity. We then provide two practical examples of forge-resistant relationships for detecting anomalous network activity: we explore the use of a supplemental identifier field that evolves in time according to a reverse one-way function chain, and the use of signal strength readings for source discrimination. We validate the usefulness of these methods for anomalous "spoofed" traffic scenarios involving multiple sources sharing the same MAC address through experiments conducted on the ORBIT wireless testbed
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
