The Mason Test: A Defense Against Sybil Attacks in Wireless Networks Without Trusted Authorities

TL;DR

The Mason Test introduces practical methods to detect Sybil attacks in wireless ad hoc networks using commodity 802.11 devices, addressing challenges of mobility and malicious falsification.

Contribution

It presents the first implementation of channel-based Sybil detection techniques tailored for commodity wireless devices in ad hoc and delay-tolerant networks.

Findings

Effective separation of valid and falsified RSSI observations

Robust challenge-response defense against mobile attackers

Successful real-world scenario performance demonstration

Abstract

Wireless networks are vulnerable to Sybil attacks, in which a malicious node poses as many identities in order to gain disproportionate influence. Many defenses based on spatial variability of wireless channels exist, but depend either on detailed, multi-tap channel estimation - something not exposed on commodity 802.11 devices - or valid RSSI observations from multiple trusted sources, e.g., corporate access points - something not directly available in ad hoc and delay-tolerant networks with potentially malicious neighbors. We extend these techniques to be practical for wireless ad hoc networks of commodity 802.11 devices. Specifically, we propose two efficient methods for separating the valid RSSI observations of behaving nodes from those falsified by malicious participants. Further, we note that prior signalprint methods are easily defeated by mobile attackers and develop an appropriate challenge-response defense. Finally, we present the Mason test, the first implementation of these techniques for ad hoc and delay-tolerant networks of commodity 802.11 devices. We illustrate its performance in several real-world scenarios.