Rejecting the Attack: Source Authentication for Wi-Fi Management Frames using CSI Information

TL;DR

This paper introduces CSITE, a novel Wi-Fi management frame authentication method using Channel State Information (CSI) that significantly improves spoofing detection accuracy over traditional RSS-based techniques, enabling single-station operation without external support.

Contribution

The paper presents a CSI-based authentication system for Wi-Fi management frames that operates independently on standard hardware, addressing mobility and channel dynamics challenges.

Findings

CSITE achieves about 8 times lower false acceptance rate compared to RSS-based methods.

The system effectively detects spoofing attacks in various mobility scenarios.

Experimental results show high accuracy, robustness, and efficiency in real-world tests.

Abstract

Comparing to well protected data frames, Wi-Fi management frames (MFs) are extremely vulnerable to various attacks. Since MFs are transmitted without encryption, attackers can forge them easily. Such attacks can be detected in cooperative environment such as Wireless Intrusion Detection System (WIDS). However, in non-cooperative environment it is difficult for a single station to identify these spoofing attacks using Received Signal Strength (RSS)-based detection, due to the strong correlation of RSS to both the transmission power (Txpower) and the location of the sender. By exploiting some unique characteristics (i.e., rapid spatial decorrelation, independence of Txpower, and much richer dimensions) of the Channel State Information (CSI), a standard feature in 802.11n Specification, we design a prototype, called CSITE, to authenticate the Wi-Fi management frames by a single station without external support. Our design CSITE, built upon off-the-shelf hardware, achieves precise spoofing detection without collaboration and in-advance finger-print. Several novel techniques are designed to address the challenges caused by user mobility and channel dynamics. To verify the performances of our solution, we implement a prototype of our design and conduct extensive evaluations in various scenarios. Our test results show that our design significantly outperforms the RSS-based method in terms of accuracy, robustness, and efficiency: we observe about 8 times improvement by CSITE over RSS-based method on the falsely accepted attacking frames.