Coping with packet replay attacks in wireless networks

• Published in: 2011 8th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks pp. 368 - 376
• Main Authors: Zi Feng, Jianxia Ning, Broustis, I., Pelechrinis, K., Krishnamurthy, S. V., Faloutsos, M.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.06.2011
• Subjects: Degradation; Digital signatures; Performance evaluation; Public key; Throughput; Wireless communication
• ISBN: 1457700948; 9781457700941
• ISSN: 2155-5486
• DOI: 10.1109/SAHCN.2011.5984919

In this paper, we consider a variant of packet replay attacks wherein, an attacker simply replays overheard frames as they are, or with minor manipulations in the packet header; we refer to this as the copycat attack. When routers forward such replayed packets, the levels of congestion and interference increase in large portions of the network. Our experiments indicate that even a single attacker can degrade the route throughput by up to 61%. While simple to use techniques such as digitally signing every packet can stem the dissemination of such packets, they are resource intense. Thus, we design a lightweight detection and prevention system, COPS (for Copycat Online Prevention System), that intelligently uses a combination of digital signatures and Bloom filters to cope with the attack. With our system, the task of identifying and discarding replayed packets is distributed across a plurality of nodes on a route. We implement COPS on real hardware and perform experiments on our 42 node wireless testbed. Our measurements indicate that COPS achieves its objective; it can efficiently contain the effects of replayed packets to a local neighborhood without incurring high resource consumption penalties. Specifically, we show that COPS reduces the route throughput degradation by up to 66%.