Detecting Mobile Agents Using Identity Fraud

Abstract

Attacks involving identity fraud can facilitate a variety of advanced attacks to significantly impact the normal operation of wireless networks (F. Ferreri, M. Bernaschi, and L. Valcamonici, “Access points vulnerabilities to dos attacks in 802.11 networks,” in Proceedings of the IEEE Wireless Communications and Networking Conference, 2004; J. Bellardo and S. Savage, “802.11 denial-of-service attacks: Real vulnerabilities and practical solutions,” in Proceedings of the USENIX Security Symposium, 2003, pp. 15–28; D. Faria and D. Cheriton, “Detecting identity-based attacks in wireless networks using signalprints,” in Proceedings of the ACM Workshop on Wireless Security (WiSe), September 2006; Q. Li andW. Trappe, “Relationship-based detection of spoofing-related anomalous traffic in ad hoc networks,” in Proceedings of the Third Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), September 2006). Identity fraud performed by mobile wireless devices may further inflict security and privacy damages on the social life of the individual who carries wireless devices. We call these kind of attacks as mobile spoofing attacks. There has been active work in detecting spoofing attacks (D. Faria and D. Cheriton, “Detecting identity-based attacks in wireless networks using signalprints,” in Proceedings of the ACM Workshop on Wireless Security (WiSe), September 2006; Y. Chen, W. Trappe, and R. P. Martin, “Detecting and localizing wirelss spoofing attacks,” in Proceedings of the Fourth Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), May 2007. (Acceptance rate: 20%); Y. Sheng, K. Tan, G. Chen, D. Kotz, and A. Campbell, “Detecting 802.11 MAC layer spoofing using received signal strength,” in Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), April 2008). D. Faria and D. Cheriton, (“Detecting identity-based attacks in wireless networks using signalprints,” in Proceedings of the ACM Workshop on Wireless Security (WiSe), September 2006) proposed the use of matching rules of Received Signal Strength (RSS) for spoofing detection, (Y. Chen, W. Trappe, and R. P. Martin, “Detecting and localizing wirelss spoofing attacks,” in Proceedings of the Fourth Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON), May 2007. used K-means cluster analysis of RSS, and (Y. Sheng, K. Tan, G. Chen, D. Kotz, and A. Campbell, “Detecting 802.11 MAC layer spoofing using received signal strength,” in Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), April 2008.) modeled RSS readings as a Gaussian mixture model to capture antenna diversity. However, these mechanisms only work in static wireless environments, i.e., the victim node has a fixed location. In this chapter, we focus on spoofing attack detection in mobile wireless environments, that is, the wireless devices including the victim node and/or the spoofing node are moving around. Thus, detecting identity fraud launched by mobile agents is important as it allows the network to further exploit a wide range of defense strategies in different network layers, and consequently helps to ensure secure and trustworthy communication in emerging mobile pervasive computing.