A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks
One of the advanced Man-in-the-Middle (MitM) attacks is the Multi-Channel MitM (MC-MitM) attack, which is capable of manipulating encrypted wireless frames between clients and the Access Point (AP) in a Wireless LAN (WLAN). MC-MitM attacks are possible on any client no matter how the client authenticates with the AP. Key reinstallation attacks (KRACK) in 2017-18, and the latest FragAttacks in 2021 are frontline MC-MitM attacks that widely impacted millions of Wi-Fi systems, especially those with Internet of Things (IoT) devices. Although there are security patches against some attacks, they are not applicable on every Wi-Fi or IoT device. In addition, existing defense mechanisms to combat MC-MitM attacks are not feasible because of two reasons: they either require stringent firmware modifications on all the devices in a system, or they mandate the use of several advanced hardware and software for deployment. On top of that, high technical overhead is imposed on users in terms of network setup and maintenance. In this paper, we present a lightweight and signature-based intrusion detection system framework to detect MC-MitM attacks. Our solution is a centralized, online passive monitoring system for Wi-Fi-based IoT environments without modifying any network settings or existing devices. The evaluation results show that our proposed framework can detect MC-MitM attacks with a maximum delay of 60 seconds and a minimum accuracy of 90% by short-distance detectors and 84% by long-distance detectors under normal network scenarios. Lastly, we identify our future research works to conclude this paper.
Spanish Government through project RTI2018-095094-B-C22 “CONSENT”.