Hamming distance as a metric for the detection of CRC-based side-channel communications in 802.11 wireless networks

Abstract

Wireless technology has become a main player in communication through its desirable mobility characteristic. However, like many technologies, there are ways that it can be exploited. One of these ways is through side-channel communication, whereby secret messages are passed along by the purposeful corruption of frames. These side channels can be established by intentionally corrupting the Frame Check Sequence (FCS) field by using a Cyclic Redundancy Check (CRC) polynomial that is different from the standard CRC polynomial. Malicious nodes can exploit the fact that normal unsuspecting nodes will drop these frames since they appear as naturally corrupted frames. This paper presents a CRC Hamming distance metric as a feature for the detection of this type of side-channel communication. The proposed detection method applies the Hamming distance measure to compare CRC values that are generated by different CRC polynomials. The hypothesis is that the mean Hamming distance between two CRC values generated by two different CRC polynomials would be significantly far apart than the mean Hamming distance of a CRC value of a frame that was naturally corrupted but was generated by the same CRC polynomial. The results of our real data experiments show that the there is a consistent and significant difference between the mean Hamming values of naturally corrupted frames to those that use the Koopman polynomial to calculate the CRC for side-channel communications. The analysis of the results also demonstrate that the difference of the CRC values that have the the maximum F-Score vary between 10–14 under varying noisy conditions and side-channel throughput.