Seeing the Unseen: The REVEAL protocol to expose the wireless Man-in-the-Middle

TL;DR

The paper introduces the REVEAL protocol, which detects Man-in-the-Middle attacks in wireless networks by exploiting synchronization interference, demonstrated on 4G systems with open-source tools.

Contribution

It presents a novel protocol that detects MiM attacks across different duplex capabilities by using synchronization conflicts and challenge packets in wireless communications.

Findings

Successfully detects MiM in 4G systems

Works with various duplex capabilities of MiM

Open-source implementation available

Abstract

A Man-in-the-Middle (MiM) can collect over-the-air packets whether from a mobile or a base station, process them, possibly modify them, and forward them to the intended receiver. This paper exhibits the REVEAL protocol that can detect a MiM, whether it has half duplex capability, full duplex capability, or double full duplex capability. Protocol is based on synchronizing clocks between the mobile and the base station, with the MiM being detected if it interferes in the synchronization process. Once synchronized, the REVEAL protocol creates a sequence of challenge packets where the transmission times of the packets, their durations, and their frequencies, are chosen to create conflicts at the MiM, and make it impossible for the MiM to function. We implement the REVEAL protocol for detecting a MiM in 4G technology. We instantiate a MiM between the 4G/5G base station and a mobile, and exhibit the successful detection mechanisms. With the shared source code, our work can be reproduced using open software defined cellular networks with off-the-shelf devices