Detecting Identity Spoofs in 802 . 11 e Wireless Networks

Wireless networks are vulnerable to identity spoofing attacks, where an attacker can forge the MAC address of hi s wireless device to assume the identity of another victim dev ice on the network. Identity spoofing allows an attacker to avail network services that are normally restricted to legitimate users. Prior techniques to detect such attacks rely on characteris tics such as progressions of MAC sequence numbers. However, thes e techniques can wrongly classify benign flows as malicious wi th newer 802.11e wireless devices that allow multiple progres sions of MAC sequence numbers from the same device. Several other techniques that rely on physical properties of transmitting devices are ineffective when the attacker and the victim are mobile. In this paper, we propose an architecture to robustly detect identity spoofing attacks under varying operating conditions. Our architecture employs a series of increasingly powerful detctors to identify or eliminate the possibility of an attack, culminating in a powerful, RSSI-based per-packet localizer that reliablydetects identity spoofing attacks. We implemented this architectur e and used it to detect a variety of identity spoofing attacks. Our experiments show that it can effectively detect identity sp oofs with a low false positive rate of0.5%.