802.11 Packets in Packets – Standard-Compliant PHY Exploits

Travis Goodspeed presented a sneaky attack against WiFi networks at 28C3. The idea is simple: Assume we want to inject packets remotely into a wireless network. Assume that there is a user in the network visiting a malicious webpage. How can we trick him into injecting a packet of our choice into his network?

We can use a nice property of many radio protocols: They split their transmission in packets. A static radio preamble and/or sync-field is send at the beginning of a packet, followed by a packet header, payload, and a checksum. (Some protocols also use forward error correction.) The radio preamble is used by a receiver to detect the start of a transmission. A receiver will scan the frequency for a valid radio preamble, and if one was found, receive a packet. The end of a packet can either be determined by a length-field in the header, or some protocols use fixed length packets, so that the length of a packet is known in advance. After the packet has been received, a checksum in the packet can be used to find out, if the transmission has been damaged by radio interference.

So what would happen, if we embed the packet we want to inject, into a HTML-Page or another file, that is transferred to the client. When that file is downloaded, a perfectly valid packet, containing our packet as payout will be transmitted. As long as this packet is received correctly by the client, everything works as normal. However, if the radio preamble of this packet is damaged during the transmission, the receiver will continue to scan for a radio preamble, and start receiving our embedded packet. Of course, the odds that this specific radio preamble is damaged during the transmission might be quiet low, we can easily repeat that packet in the transmission, until it is decoded by a client. This is not a theoretical thing, from time to time, radio preambles of packets are really received incorrectly in practice. As a result, we manage to inject a packet into a WiFi network, that was never send. The packet send is also perfectly standard compliant(, if it is received without any error).

There are some practical problems when implementing this, like switching the transmission speed during a packet or different modulations. However, Travis managed to implement his attack against 802.11b WiFi networks.

The full paper is available at: http://www.usenix.org/events/woot11/tech/final_files/Goodspeed.pdf

 

OpenSCA

Being at the ECRYPT VAMPIRE research retreat in Bristol at the moment, I have just become aware of become aware of OpenSCA, a toolbox by Elisabeth Oswald for experimenting with side-channel attacks. Unfortunately, although being open-source, it is built upon the commercial (and expensive, I might add) Matlab instead of an open-source mathematics package like SAGE. The reason for that seems to be that MATLAB offers toolboxes like the Instrument Control Toolbox that allow for easy communication and data exchange with measurement instruments. I wonder whether there are any Python packages that would allow you to do the same from within SAGE…

Accepted papers for EUROCRYPT 2009, FSE 2009 and CT-RSA 2009

The lists of accepted papers for the following conferences have become available in the last couple of days:

Interesting cryptanalysis papers will be presented at all of the above conferences. It is a bit of a hassle to have CT-RSA and EUROCRYPT back to back on two different continents though.