Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

SecBeam: Securing mmWave Beam Alignment against Beam-Stealing Attacks (2307.00178v1)

Published 1 Jul 2023 in cs.CR and eess.SP

Abstract: Millimeter wave (mmWave) communications employ narrow-beam directional communications to compensate for the high path loss at mmWave frequencies. Compared to their omnidirectional counterparts, an additional step of aligning the transmitter's and receiver's antennas is required. In current standards such as 802.11ad, this beam alignment process is implemented via an exhaustive search through the horizontal plane known as beam sweeping. However, the beam sweeping process is unauthenticated. As a result, an adversary, Mallory, can launch an active beam-stealing attack by injecting forged beacons of high power, forcing the legitimate devices to beamform towards her direction. Mallory is now in control of the communication link between the two devices, thus breaking the false sense of security given by the directionality of mmWave transmissions. Prior works have added integrity protection to beam alignment messages to prevent forgeries. In this paper, we demonstrate a new beam-stealing attack that does not require message forging. We show that Mallory can amplify and relay a beam sweeping frame from her direction without altering its contents. Intuitively, cryptographic primitives cannot verify physical properties such as the SNR used in beam selection. We propose a new beam sweeping protocol called SecBeam that utilizes power/sector randomization and coarse angle-of-arrival information to detect amplify-and-relay attacks. We demonstrate the security and performance of SecBeam using an experimental mmWave platform and via ray-tracing simulations.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. [Online]. Available: https://www.ettus.com/all-products/usrp-n320/
  2. [Online]. Available: https://tmytek.com/products/frequency-converters/udbox5g
  3. A. Abidin, “Quantum distance bounding,” in Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, 2019, pp. 233–238.
  4. S. Balakrishnan, S. Gupta, A. Bhuyan, P. Wang, D. Koutsonikolas, and Z. Sun, “Physical layer identification based on spatial–temporal beam features for millimeter-wave wireless networks,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 1831–1845, 2019.
  5. S. Čapkun, M. Čagalj, R. Rengaswamy, I. Tsigkogiannis, J.-P. Hubaux, and M. Srivastava, “Integrity codes: Message integrity protection and authentication over insecure channels,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 4, pp. 208–223, 2008.
  6. C. Cremers, K. B. Rasmussen, B. Schmidt, and S. Capkun, “Distance hijacking attacks on distance bounding protocols,” in 2012 IEEE symposium on security and privacy.   IEEE, 2012, pp. 113–127.
  7. S. Drimer, S. J. Murdoch et al., “Keep your enemies close: Distance bounding against smartcard relay attacks.” in USENIX security symposium, vol. 312, 2007.
  8. A. Francillon, B. Danev, and S. Capkun, “Relay attacks on passive keyless entry and start systems in modern cars,” in Proceedings of the Network and Distributed System Security Symposium (NDSS).   Eidgenössische Technische Hochschule Zürich, Department of Computer Science, 2011.
  9. L. Francis, G. Hancke, K. Mayes, and K. Markantonakis, “Practical relay attack on contactless transactions by using nfc mobile phones,” Cryptology ePrint Archive, 2011.
  10. H. Gao, W. Wang, Y. Wu, Y. Liu, G. F. Pedersen, and W. Fan, “Experimental comparison of on–off and all-on calibration modes for beam-steering performance of mmwave phased array antenna-in-package,” IEEE Transactions on Instrumentation and Measurement, vol. 70, pp. 1–9, 2021.
  11. Y. Ghasempour, C. R. Da Silva, C. Cordeiro, and E. W. Knightly, “Ieee 802.11 ay: Next-generation 60 ghz communication for 100 gb/s wi-fi,” IEEE Communications Magazine, vol. 55, no. 12, pp. 186–192, 2017.
  12. N. Ghose, L. Lazos, and M. Li, “Help: Helper-enabled in-band device pairing resistant against signal cancellation.” in USENIX Security Symposium, 2017, pp. 433–450.
  13. P. Gupta and S. Kar, “Music and improved music algorithm to estimate direction of arrival,” in 2015 International Conference on Communications and Signal Processing (ICCSP).   IEEE, 2015, pp. 0757–0761.
  14. F. Jameel, S. Wyne, S. J. Nawaz, and Z. Chang, “Propagation channels for mmwave vehicular communications: State-of-the-art and future research directions,” IEEE Wireless Communications, vol. 26, no. 1, pp. 144–150, 2018.
  15. Z. Jiang, T. H. Luan, X. Ren, D. Lv, H. Hao, J. Wang, K. Zhao, W. Xi, Y. Xu, and R. Li, “Eliminating the barriers: demystifying wi-fi baseband design and introducing the picoscenes wi-fi sensing platform,” IEEE Internet of Things Journal, vol. 9, no. 6, pp. 4476–4496, 2021.
  16. Z. Kfir and A. Wool, “Picking virtual pockets using relay attacks on contactless smartcard,” in First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM’05).   IEEE, 2005, pp. 47–58.
  17. M. Kim, E. Hwang, and J.-N. Kim, “Analysis of eavesdropping attack in mmwave-based wpans with directional antennas,” Wireless Networks, vol. 23, no. 2, pp. 355–369, 2017.
  18. D. Ma, A. K. Prasad, N. Saxena, and T. Xiang, “Location-aware and safer cards: enhancing rfid security and privacy via location sensing,” in Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, 2012, pp. 51–62.
  19. S. Mathur, R. Miller, A. Varshavsky, W. Trappe, and N. Mandayam, “Proximate: proximity-based secure pairing using ambient wireless signals,” in Proceedings of the 9th international conference on Mobile systems, applications, and services, 2011, pp. 211–224.
  20. D. Moser, V. Lenders, and S. Capkun, “Digital radio signal cancellation attacks: An experimental evaluation,” in Proceedings of the 12th conference on security and privacy in wireless and mobile networks, 2019, pp. 23–33.
  21. E. Papadogiannaki and S. Ioannidis, “A survey on encrypted network traffic analysis applications, techniques, and countermeasures,” ACM Computing Surveys (CSUR), vol. 54, no. 6, pp. 1–35, 2021.
  22. C. Pöpper, N. O. Tippenhauer, B. Danev, and S. Capkun, “Investigation of signal and message manipulations on the wireless channel,” in Computer Security–ESORICS 2011: 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14, 2011. Proceedings 16.   Springer, 2011, pp. 40–59.
  23. L. T. RAMSEY, “Convexity of the binomial distribution,” 2005.
  24. T. S. Rappaport, Y. Xing, G. R. MacCartney, A. F. Molisch, E. Mellios, and J. Zhang, “Overview of millimeter wave communications for fifth-generation (5g) wireless networks—with a focus on propagation models,” IEEE Transactions on Antennas and Propagation, vol. 65, no. 12, pp. 6213–6230, 2017.
  25. M. K. Samimi, G. R. MacCartney, S. Sun, and T. S. Rappaport, “28 ghz millimeter-wave ultrawideband small-scale fading models in wireless channels,” in 2016 IEEE 83rd Vehicular Technology Conference (VTC Spring).   IEEE, 2016, pp. 1–6.
  26. D. Steinmetzer, S. Ahmad, N. Anagnostopoulos, M. Hollick, and S. Katzenbeisser, “Authenticating the sector sweep to protect against beam-stealing attacks in ieee 802.11 ad networks,” in Proceedings of the 2nd ACM Workshop on Millimeter Wave Networks and Sensing Systems, 2018, pp. 3–8.
  27. D. Steinmetzer, J. Classen, and M. Hollick, “mmtrace: Modeling millimeter-wave indoor propagation with image-based ray-tracing,” in 2016 IEEE conference on computer communications workshops (INFOCOM WKSHPS).   IEEE, 2016, pp. 429–434.
  28. D. Steinmetzer, Y. Yuan, and M. Hollick, “Beam-stealing: Intercepting the sector sweep to launch man-in-the-middle attacks on wireless ieee 802.11 ad networks,” in Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 2018, pp. 12–22.
  29. X. Tian, Q. Liu, Z. Wang, and M. Li, “Secure hybrid beamformers design in mmwave mimo wiretap systems,” IEEE Systems Journal, vol. 14, no. 1, pp. 548–559, 2019.
  30. N. O. Tippenhauer, H. Luecken, M. Kuhn, and S. Capkun, “Uwb rapid-bit-exchange system for distance bounding,” in Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, 2015, pp. 1–12.
  31. H. T. T. Truong, X. Gao, B. Shrestha, N. Saxena, N. Asokan, and P. Nurmi, “Comparing and fusing different sensor modalities for relay attack resistance in zero-interaction authentication,” in 2014 IEEE International Conference on Pervasive Computing and Communications (PerCom).   IEEE, 2014, pp. 163–171.
  32. P. Urien and S. Piramuthu, “Elliptic curve-based rfid/nfc authentication with temperature sensor input for relay attacks,” Decision Support Systems, vol. 59, pp. 28–36, 2014.
  33. N. Wang, L. Jiao, P. Wang, W. Li, and K. Zeng, “Machine learning-based spoofing attack detection in mmwave 60ghz ieee 802.11 ad networks,” in IEEE INFOCOM 2020-IEEE Conference on Computer Communications.   IEEE, 2020, pp. 2579–2588.
  34. ——, “Exploiting beam features for spoofing attack detection in mmwave 60-ghz ieee 802.11 ad networks,” IEEE Transactions on Wireless Communications, vol. 20, no. 5, pp. 3321–3335, 2021.
  35. Y. Wang, Z. Wei, and Z. Feng, “Beam training and tracking in mmwave communication: A survey,” 2022.
  36. X. Wu, Y. Zhang, C.-X. Wang, G. Goussetis, M. M. Alwakeel et al., “28 ghz indoor channel measurements and modelling in laboratory environment using directional antennas,” in 2015 9th European Conference on Antennas and Propagation (EuCAP).   IEEE, 2015, pp. 1–5.
  37. M. Xiao, S. Mumtaz, Y. Huang, L. Dai, Y. Li, M. Matthaiou, G. K. Karagiannidis, E. Björnson, K. Yang, C.-L. I, and A. Ghosh, “Millimeter wave communications for future mobile networks,” IEEE Journal on Selected Areas in Communications, vol. 35, no. 9, pp. 1909–1935, 2017.
  38. Z. Xu, J. Li, Y. Pan, L. Lazos, M. Li, and N. Ghose, “PoF: Proof-of-following for vehicle platoons,” in Proceedings 2022 Network and Distributed System Security Symposium, 2022.
  39. Y. Yang, X. Wei, R. Xu, L. Peng, L. Zhang, and L. Ge, “Man-in-the-middle attack detection and localization based on cross-layer location consistency,” IEEE Access, vol. 8, pp. 103 860–103 874, 2020.
  40. Y. Zhu, L. Wang, K.-K. Wong, and R. W. Heath, “Secure communications in millimeter wave ad hoc networks,” IEEE Transactions on Wireless Communications, vol. 16, no. 5, pp. 3205–3217, 2017.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now