Rogue MPDU Detection in RSNA Issues and Solutions

Slide Note
Embed
Share

Abstract CIDs highlighted issues related to valid MPDUs not being acknowledged due to malicious attacks in RSNA. Efforts were made to enhance security using Protected Block Ack, but vulnerabilities persist. Various solutions are being explored, and input from group members is sought to find the best way forward. The example of an attack scenario illustrated how replay attacks can compromise the acknowledgment of valid MPDUs.

tobin
tobin Follow

Uploaded on Aug 01, 2024 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. June 2022 doc.: IEEE 802.11-22/0689r3 Rogue MPDU detection in RSNA Date: 2022-06-16 Authors: Name Michail Koundourakis Samsung Affiliations Address Phone email m.koundou at partner.samsun g.com at samsung (a global commercial entity) I'm the letter emme then dot rison Mark Rison Samsung Submission Slide 1 Michail Koundourakis, Samsung

  2. June 2022 doc.: IEEE 802.11-22/0689r3 Abstract CIDs 1002, 1821, 1017, 1014, 1745, 1808, 1013, 1015 and 1016 raise issues related to valid MPDUs not getting acknowledged, as a result of malicious attacks. Efforts are made to improve the security and resolve some of these issues using Protected Block Ack, but there are still vulnerabilities which need further work. Offline discussion between some members established that there is a common understanding about the issues and a number of different solutions have been considered. We invite members to participate in the discussion, so that the group can identify the best way forward. Submission Slide 2 Michail Koundourakis, Samsung

  3. June 2022 doc.: IEEE 802.11-22/0689r3 Summary of issues The 802.11 spec has rules to describe: Which MPDUs get Acked, using (unencrypted) SN in Block Ack Scoreboarding Control WinStartR divides SN space in new and old How MPDUs are discarded as Duplicates (based on SN), before the MPDU reaches the Reordering Buffer or it is checked for Replay (PN) Which MPDUs are accepted for buffering and reordering using SN, before the MPDU is check for Replay (PN) WinStartB divides SN space in new and old The existing rules allow Replays (detected late) to cause valid MPDUs to: I1: Not get Acked (WinStartR moved incorrectly) I2: Be discarded in the reordering buffer (rogue MPDU with same SN takes entry) Submission Slide 3 Michail Koundourakis, Samsung

  4. June 2022 doc.: IEEE 802.11-22/0689r3 Example of an attack WinStartR = 1000 (recipient has received and Acked SNs up to 999) - Rogue device replays SN=999 MPDU, changing its SN to 2200 (> WinStartR+WinSizeR) - STA receives MPDU SN=2200 and it is a valid frame, so sets WinStartR=2200 - Peer transmits MPDU with SN=1000, but STA does not Ack SN=1000 in the BlockAck response due to: - 2200+2^11 = 152 <= 1000< 2200 - Reordering buffer processing drops the MPDU for the same reason (replay set WinStartB=2200) - Submission Slide 4 Michail Koundourakis, Samsung

  5. June 2022 doc.: IEEE 802.11-22/0689r3 How to fix Issues Principles to ensure vulnerabilities are addressed: P1. Attacker cannot move WinStartR, or if WinStartR moved by an attacker does not cause legal MPDUs to not be Acked. How can an attacker move WinStartR: Unprotected Block Ack Request Replay (same PN using different SN) P2. Duplicate Detection can trust the MPDU SN unprotected, so in current specification only PN can be trusted. Receiver cache identifier RC9 in current Draft effectively disables Duplicate Detection for QoS Data under BA. P3. Block Ack Buffering and Reordering can trust the MPDU SN unprotected, so in current specification only PN can be trusted Submission Slide 5 Michail Koundourakis, Samsung

  6. June 2022 doc.: IEEE 802.11-22/0689r3 Proposals (so far) P1 STA to support partial-state operation Scoreboard temporary record can be either forgotten or can relax partial-state rules to remove 2^11 SN space restrictions (discussion ongoing) P2 (link to support Protected Block Ack) Protect SN in AAD (Requires a new feature and support by both transmitter and recipient STA), or Use SN only after PN is checked (Requires changes to specification but no changes at the peer STA) P3 (link to support Protected Block Ack) STA to discard unsolicited Block Ack frames, and Protect SN in AAD, or Use PN to identify valid MPDUs in Reordering Buffer processing Full solution requires buffering multiple MPDUs in each position of the reordering buffer, but If STA can implement it, does not require peer STA support Submission Slide 6 Michail Koundourakis, Samsung

  7. June 2022 doc.: IEEE 802.11-22/0689r3 Impact on Architecture Replay Detection Replay Detection Replay Detection Block Ack Buffering and Reordering And Duplicate Detection And Replay Detection Block Ack Buffering and Reordering Block Ack Buffering and Reordering Block Ack Buffering and Reordering Duplicate Detection Decryption Decryption Duplicate Detection Duplicate Detection Decryption Decryption Block Ack Scoreboarding Block Ack Scoreboarding Block Ack Scoreboarding Block Ack Scoreboarding PN considered in Duplicate and Buffering SN protected Baseline All valid MPDUs Acked Submission Slide 7 Michail Koundourakis, Samsung

  8. June 2022 doc.: IEEE 802.11-22/0689r3 Specification Changes Not Acked MPDUs Specification changes to allow valid FCS MPDUs to be Acked. Discussion: Can restrict changes to apply when STA supports Protected BA Options: 1. Discard the temporary current record of scoreboard context control after a Block Ack is transmitted 2. Replace 2^11 with 2^12 in scoreboard context control operation Discussion: a) Option 1 is simple to implement and discarding of current record is allowed in some cases already b) Option 2 allows Ack information to be retained so may reduce retransmissions in some case when not all Block Ack frames are received by peer. TGm would have to select an option. Submission Slide 8 Michail Koundourakis, Samsung

  9. June 2022 doc.: IEEE 802.11-22/0689r3 Specification Changes Discarded MPDUs Specification changes to fix issues with valid MPDU discarded. Prerequisite: Link supports Protected Block Ack Options: 1. Protect the SN. Can be added to AAD. 2. Use PN in Duplicate, Buffering and Reordering Discussion: a) Option 1 is simpler and robust, however requires a new feature to be defined and does not benefit implementations which cannot comply, e.g. AAD calculations implemented in Hardware, or when peer does not support. b) Option 2 does not need peer to change and does not require new calculations, so it likely implementable by existing devices. TGm would have to select one or even both options. Submission Slide 9 Michail Koundourakis, Samsung

  10. June 2022 doc.: IEEE 802.11-22/0689r3 Option 2 Discussion Duplicate Detection and Replay Check if run in cooperation (i.e. until an MPDU reaches the start of the reordering buffer, duplicates are not identified and discarded) can be used to determine if an MPDU is legal, i.e. satisfies both SN Duplicate and PN Replay checks As a consequence: A replay within a reordering buffer cannot cause valid MPDUs to be discarded (since only one is currently stored) Submission Slide 10 Michail Koundourakis, Samsung

  11. June 2022 doc.: IEEE 802.11-22/0689r3 Option 2 How it works Claim: Current spec rules run Replay Check after Duplicate Detection. A Replay may occupy a position in the reordering buffer and cause a valid MPDU (with the same SN as the rogue MPDU) to be discarded as Duplicate: It is also responsible for identifying and discarding duplicate frames (i.e., frames that have the same sequence number as a currently buffered frame) that are part of this block ack agreement. Fix: When Duplicate Detection and Replay Check run in consecutive steps, Replay can be detected, rogue MPDU dropped and valid MPDU accepted Submission Slide 11 Michail Koundourakis, Samsung

  12. June 2022 doc.: IEEE 802.11-22/0689r3 Conclusion Security can be improved using either a protected SN, or the protected PN Discussion so far raise confidence that issues can be addressed Option 2 is worth considering, if members believe: issues shall be addressed without defining a new feature (protected SN), and Proposed Option 2 (PN-only checks) is implementable by existing devices Otherwise, Option 1 would be the preferred way forward note that it would be a new feature that might not be possible via firmware upgrade Submission Slide 12 Michail Koundourakis, Samsung

Related


Overview of GRANDproto Project Workshop on Autonomous Radio Detection

Overview of GRANDproto Project Workshop on Autonomous Radio Detection

eri_sto
Automated Melanoma Detection Using Convolutional Neural Network

Automated Melanoma Detection Using Convolutional Neural Network

shiloh
Colorimetric Detection of Hydrogen Peroxide Using Magnetic Rod-Based Metal-Organic Framework Composites

Colorimetric Detection of Hydrogen Peroxide Using Magnetic Rod-Based Metal-Organic Framework Composites

gaspard
Automated Anomaly Detection Tool for Network Performance Optimization

Automated Anomaly Detection Tool for Network Performance Optimization

sana
Drone Detection Using mmWave Radar for Effective Surveillance

Drone Detection Using mmWave Radar for Effective Surveillance

tallulah
Enhancing HARQ Framing for IEEE 802.11 Standards

Enhancing HARQ Framing for IEEE 802.11 Standards

leora
Evaluation of Low-Latency Services in IEEE 802.11-23/1530r1

Evaluation of Low-Latency Services in IEEE 802.11-23/1530r1

yehuda
GOES-R ABI Aerosol Detection Product Validation Summary

GOES-R ABI Aerosol Detection Product Validation Summary

zflec
Real-Time Cough and Sneeze Detection Project Overview

Real-Time Cough and Sneeze Detection Project Overview

aegge
Real-Time Cough and Sneeze Detection Using Deep Learning Models

Real-Time Cough and Sneeze Detection Using Deep Learning Models

enns_an
Exploring Rogue Wave Vocabulary in Maritime Context

Exploring Rogue Wave Vocabulary in Maritime Context

iyla
EPA Compliance Basics: Tank Leak Detection and Monitoring Methods

EPA Compliance Basics: Tank Leak Detection and Monitoring Methods

upury
VIIRS Boat Detection (VBD) Research Overview

VIIRS Boat Detection (VBD) Research Overview

jamareon
Data Error Detection Techniques Overview

Data Error Detection Techniques Overview

wpayl
Machine Learning Techniques for Intrusion Detection Systems

Machine Learning Techniques for Intrusion Detection Systems

shoshana
Development of Satellite Passive Microwave Snowfall Detection Algorithm

Development of Satellite Passive Microwave Snowfall Detection Algorithm

chizi
NC22Plex STR Detection Kit: Advanced 5-Color Fluorescence Detection System

NC22Plex STR Detection Kit: Advanced 5-Color Fluorescence Detection System

iqra
Efficient Data Race Detection Using Transactional Memory

Efficient Data Race Detection Using Transactional Memory

emilia
Y62Plex STR Detection Kit - Advanced Features and Applications

Y62Plex STR Detection Kit - Advanced Features and Applications

caelan
The Solomon Project: Advancements in Data Integration and Fusion (2007-2012)

The Solomon Project: Advancements in Data Integration and Fusion (2007-2012)

kanan
Comprehensive Training Package on Active Tuberculosis Drug Safety Monitoring and Management (aDSM) 2023

Comprehensive Training Package on Active Tuberculosis Drug Safety Monitoring and Management (aDSM) 2023

archimedes
Wavelet-based Scaleograms and CNN for Anomaly Detection in Nuclear Reactors

Wavelet-based Scaleograms and CNN for Anomaly Detection in Nuclear Reactors

keymar
Comprehensive Overview of Distributed Intrusion Detection System (DIDS)

Comprehensive Overview of Distributed Intrusion Detection System (DIDS)

cano_yah
Fault Location and Detection in Smart Grids

Fault Location and Detection in Smart Grids

wjar

More Related Content

Translational Liver Cancer Research Initiatives
Translational Liver Cancer Research Initiatives
Error Detection and Correction Codes in Block Coding
Error Detection and Correction Codes in Block Coding
Understanding Gravitational Waves: Basics and Detection Challenges
Understanding Gravitational Waves: Basics and Detection Challenges
Methods and Devices for Detection of Deception
Methods and Devices for Detection of Deception
Understanding Outlier Analysis in Data Mining
Understanding Outlier Analysis in Data Mining
Radiation Detection and Dosimetry in Medical Imaging
Radiation Detection and Dosimetry in Medical Imaging
Search for Dark Photons Utilizing Advanced Germanium Detectors at University of South Dakota
Search for Dark Photons Utilizing Advanced Germanium Detectors at University of South Dakota
Understanding Error Detection and Checksum Methods
Understanding Error Detection and Checksum Methods
Study of Muon Detection Efficiency in Thin-Gap RPCs
Study of Muon Detection Efficiency in Thin-Gap RPCs
Role of AI in Threat Detection and Zero-day Attacks
Role of AI in Threat Detection and Zero-day Attacks
Leveraging Artifact Dependency Graphs for Software Vulnerability Detection
Leveraging Artifact Dependency Graphs for Software Vulnerability Detection
Child Physical Abuse Incidence and Detection in Oregon
Child Physical Abuse Incidence and Detection in Oregon
How to Cite NCBI Pathogen Detection Resource
How to Cite NCBI Pathogen Detection Resource
Discovering Techniques for Detecting Deadlock Bugs in Concurrent Programs
Discovering Techniques for Detecting Deadlock Bugs in Concurrent Programs
Resistant Learning on the Envelope Bulk for Anomalous Patterns Detection
Resistant Learning on the Envelope Bulk for Anomalous Patterns Detection
Enhancing Online Exams Security with AI Proctoring Solutions
Enhancing Online Exams Security with AI Proctoring Solutions
A Hybrid Intrusion Detection System Approach for IEEE 802.11 Wireless Networks
A Hybrid Intrusion Detection System Approach for IEEE 802.11 Wireless Networks
Innovative Solutions for Thermal Neutron Beam Monitoring
Innovative Solutions for Thermal Neutron Beam Monitoring
Understanding Data Link Layer in Computer Networking
Understanding Data Link Layer in Computer Networking
Combatting Kidney Disease in Children: Importance of Early Detection and Education
Combatting Kidney Disease in Children: Importance of Early Detection and Education
Comprehensive IT & Security Solutions for Home and Business Needs
Comprehensive IT & Security Solutions for Home and Business Needs
Understanding Solutions in Pharmaceutics: Advantages, Disadvantages, and Classification
Understanding Solutions in Pharmaceutics: Advantages, Disadvantages, and Classification
Counterfeit Detection Techniques in Currency to Combat Financial Fraud
Counterfeit Detection Techniques in Currency to Combat Financial Fraud
Real-time Monitoring and Detection of Android Privacy Leakage
Real-time Monitoring and Detection of Android Privacy Leakage