Steinmetzer, Daniel ; Yuan, Yimin ; Hollick, Matthias (2018)
Beam-Stealing: Intercepting the Sector Sweep to Launch Man-in-the-Middle Attacks on Wireless IEEE 802.11ad Networks.
11th ACM Conference on Security and Privacy in Wireless and Mobile Networks. Stockholm, Sweden (18.06.2018-20.06.2018)
doi: 10.1145/3212480.3212499
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Millimeter-wave (mm-wave) communication systems provide high data-rates and enable emerging application scenarios, such as 'information showers' for location-based services. Devices are equipped with antenna arrays using dozens of elements to achieve high directionality and thus creating a signal beam that focuses only on a specific area-of-interest. This new communication paradigm of steerable links requires a rethinking of wireless networks and calls for efficient protocols to train the beam alignment among network nodes. The IEEE 802.1 lad standard defines the so-called sector sweep that sweeps through a predefined set of antenna-sectors to find the optimal antenna steerings. Such low-layer protocols lack proper security mechanisms and open unprecedented attack possibilities. Distant attackers might tamper with the beam-training and literally 'steal' the beam from other devices. In this work, we investigate the threat of such beam-stealing attacks that intercept the sector sweep. By injecting forged feedback, we force victims to steer their signals towards the attacker's location. We implement a proof-of-concept on commercial off-the-shelf devices and evaluate the impacts on eavesdropping and acting as a Man-in-the-Middle (MITM). Our practical experiments in typical indoor scenarios reveal that beam-stealing increases the eavesdropping performance by 38% and allow a MITM to relay packets with an average error of only 1%. With these results, we emphasize the threat of beam-training attacks on mm-wave networks and aim to raise the awareness of attack vectors that are emerging with new low-layer amendments in next-generation wireless networks.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2018 |
| Autor(en): | Steinmetzer, Daniel ; Yuan, Yimin ; Hollick, Matthias |
| Art des Eintrags: | Bibliographie |
| Titel: | Beam-Stealing: Intercepting the Sector Sweep to Launch Man-in-the-Middle Attacks on Wireless IEEE 802.11ad Networks |
| Sprache: | Englisch |
| Publikationsjahr: | Juni 2018 |
| Veranstaltungstitel: | 11th ACM Conference on Security and Privacy in Wireless and Mobile Networks |
| Veranstaltungsort: | Stockholm, Sweden |
| Veranstaltungsdatum: | 18.06.2018-20.06.2018 |
| DOI: | 10.1145/3212480.3212499 |
| URL / URN: | https://doi.org/10.1145/3212480.3212499 |
| Kurzbeschreibung (Abstract): | Millimeter-wave (mm-wave) communication systems provide high data-rates and enable emerging application scenarios, such as 'information showers' for location-based services. Devices are equipped with antenna arrays using dozens of elements to achieve high directionality and thus creating a signal beam that focuses only on a specific area-of-interest. This new communication paradigm of steerable links requires a rethinking of wireless networks and calls for efficient protocols to train the beam alignment among network nodes. The IEEE 802.1 lad standard defines the so-called sector sweep that sweeps through a predefined set of antenna-sectors to find the optimal antenna steerings. Such low-layer protocols lack proper security mechanisms and open unprecedented attack possibilities. Distant attackers might tamper with the beam-training and literally 'steal' the beam from other devices. In this work, we investigate the threat of such beam-stealing attacks that intercept the sector sweep. By injecting forged feedback, we force victims to steer their signals towards the attacker's location. We implement a proof-of-concept on commercial off-the-shelf devices and evaluate the impacts on eavesdropping and acting as a Man-in-the-Middle (MITM). Our practical experiments in typical indoor scenarios reveal that beam-stealing increases the eavesdropping performance by 38% and allow a MITM to relay packets with an average error of only 1%. With these results, we emphasize the threat of beam-training attacks on mm-wave networks and aim to raise the awareness of attack vectors that are emerging with new low-layer amendments in next-generation wireless networks. |
| Freie Schlagworte: | Solutions; S1 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Sichere Mobile Netze DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1053: MAKI – Multi-Mechanismen-Adaption für das künftige Internet DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1053: MAKI – Multi-Mechanismen-Adaption für das künftige Internet > A: Konstruktionsmethodik DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1053: MAKI – Multi-Mechanismen-Adaption für das künftige Internet > A: Konstruktionsmethodik > Teilprojekt A3: Migration DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 25 Jul 2018 06:05 |
| Letzte Änderung: | 10 Jun 2021 06:11 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum