DoS attacks use a range of techniques and tricks to manipulate 802.11 protocols, with an eye to making it difficult or impossible for legitimate users to connect, or stay connected, to a Wi-Fi access point. In some cases, this simply means users might be unable to wirelessly update their Facebook page for awhile; in others, blocking access to email or other corporate resources; and in others blocking stock trades or other time-critical transactions that could cost companies a lot of money.
The paper is “Modeling and Evaluation of Backoff Misbehaving Nodes in CSMA/CA-based Wireless Networks,” co-authored by N.C. State doctoral student Zhuo Lu, Dr. Wenye Wang, associate professor with NCSU’s Department of Electrical and Computer Engineering, and Dr. Cliff Wang of the U.S. Army Research Office. It’s due to be published soon by the IEEE Transactions on Mobile Computing.
The title refers to a common, and easy, technique used in denial of service, which prevents other users from communication normally, says Wenye Wang. “In a Wi-Fi network, the Denial of Service attacks are usually generated by so called ‘backoff misbehavior,'” she says. Based on the Wi-Fi protocols, client radios “listen” to see if the radio channel is being used. If it is, it “backs off” and waits for a set period, and then listens again. If the channel is clear, it can claim it, and send or receive data.
But an attacker can manipulate this process, changing the rules, Wang says. “[W]hen attacks change the rules of backoff time, it is similar to crashing a queue and occupying it forever,” she says. “Of course, [the] other users do not know what happened and would assume the entire network is down.”
By shortening its own backoff time, the attacker “can increase the chances of connecting to the access point dramatically, resulting in a much higher probability of access success.”
The authors looked at two broad Wi-Fi DoS attacks: one a continuous attack, the other intermittent. The research compared how different attack strategies performed under different variables, such as varying the number of users trying to connect.
The variables mean that DoS attacks have different impacts, or to think of it from the attacker’s viewpoint, different gains. It’s this area, the different gains that can accrue to “backoff misbehaviors” that has not been well-studied, according to the authors.
To measure this, the trio devised a metric they call “order gain.” Technically, order gain “compares the probability of an attacker having access to the Wi-Fi network to the probability of a legitimate user having access to the network.” The higher this number, the greater the benefits to the attacker, and therefore the greater the harm to the network. Wang says the attacker and the user are competing for access. She likens the probabilities involved roughly to those in a Black Friday shopping event.
“Imagine that two people want to get one discounted computer on Black Friday [the day after U.S. Thanksgiving when many electronic retailers have deep sales] ,” she says. “They both want to arrive earlier, say before the store’s opening time. The question is not how early they arrive, but who arrives first.”
The relative harm of a DoS attack is just that: relative. And the order gain metric is intended to help security and RF researchers devices a range of flexible counter-measures. A large group of users might be only inconvenienced in a DoS attack. But a handful of users, say stock-traders accessing real-time trading systems, could face huge monetary losses and penalties if blocked by a DoS.