Cascading Denial of Service Attacks on Wi-Fi Networks and their Counter-Measures

Speaker/Bio

Liangxiao Xin received his B.E. degree in Control Science and Engineering (2012) from Zhejiang University, Zhejiang, China. In 2014 he received his M.E. degree in Systems Engineering from Boston University and joined the Ph.D. program also in Boston University. Currently, his research interests include data dissemination and cybersecurity in wireless communication networks.

Abstract

We unveil the existence of a vulnerability in Wi-Fi, which allows an adversary to remotely launch a Denial-of-Service (DoS) attack that propagates both in time and space. This vulnerability stems from a coupling effect induced by hidden nodes. Cascading DoS attacks can congest an entire network and do not require the adversary to violate any protocol. We demonstrate the feasibility of such attacks through experiments with real Wi-Fi cards, extensive ns-3 simulations, and theoretical analysis. The analytical model predicts that a cascading attack is possible when the retry limit parameter of Wi-Fi is greater or equal to 7. The analysis also shows that the MAC overhead of IEEE 802.11 play an important role in the feasibility of the attack and that newer standards (e.g., IEEE 802.11g/n) are more vulnerable than older ones (e.g. IEEE 802.11b). Based on these findings, we propose a new method, based on optimizing the packet length, that simultaneously mitigates the attack and optimizes the throughput performance of the network.