TY - JOUR
T1 - Combating Adversarial Covert Channels in Wi-Fi Networks
AU - Park, Hoorin
AU - Jang, Wonwoo
AU - Sung, Jekyung
AU - Roh, Heejun
AU - Lee, Wonjun
N1 - Funding Information:
This work was supported in part by the National Research Foundation of Korea (NRF) funded by the Korean Government (Ministry of Science and ICT) under Grant 2019R1A2C2088812 and Grant 2022R1G1A1007263, in part by the Korea University, and in part by the Research Grant from Seoul Women's University under Grant 2021-0385.
Publisher Copyright:
© 2013 IEEE.
PY - 2022
Y1 - 2022
N2 - Physical layer covert channels exploit the characteristics of radio signals to convey secret messages while remaining inconspicuous within wireless channels. With specifically designed modulation schemes, covert channels effectively disguise secret messages as noise. Since the intentionally embedded noise dissipates when the radio signal is decoded as a bitstream, adversaries can maintain a stealthy breach in communication systems. IoT devices, particularly, often utilize vendor-specific firmware and hardware whose security verification is too complex for everyday users. Hence, these devices can easily be compromised to transmit their data to unauthorized adversaries via the covert channels. To this end, we propose a novel countermeasure system, Ghost-Fi Detector, which detects the covert channels reliably and comprehensively. Our attack models reflect a real-world wireless network technology, Wi-Fi, and cover three aspects of its radio signal characteristics including amplitude, phase, and frequency. Since each model induces distinct manifestations in the received signal, there is no dominant universal detection mechanism that detects all the attack models simultaneously. Instead, Ghost-Fi detector consists of six precisely designed complementary defense mechanisms that perform passive radio-frequency analyses. Evaluation results show that Ghost-Fi Detector achieves an average hit rate of 95% with an almost zero false-positive rate for arbitrary Wi-Fi frames.
AB - Physical layer covert channels exploit the characteristics of radio signals to convey secret messages while remaining inconspicuous within wireless channels. With specifically designed modulation schemes, covert channels effectively disguise secret messages as noise. Since the intentionally embedded noise dissipates when the radio signal is decoded as a bitstream, adversaries can maintain a stealthy breach in communication systems. IoT devices, particularly, often utilize vendor-specific firmware and hardware whose security verification is too complex for everyday users. Hence, these devices can easily be compromised to transmit their data to unauthorized adversaries via the covert channels. To this end, we propose a novel countermeasure system, Ghost-Fi Detector, which detects the covert channels reliably and comprehensively. Our attack models reflect a real-world wireless network technology, Wi-Fi, and cover three aspects of its radio signal characteristics including amplitude, phase, and frequency. Since each model induces distinct manifestations in the received signal, there is no dominant universal detection mechanism that detects all the attack models simultaneously. Instead, Ghost-Fi detector consists of six precisely designed complementary defense mechanisms that perform passive radio-frequency analyses. Evaluation results show that Ghost-Fi Detector achieves an average hit rate of 95% with an almost zero false-positive rate for arbitrary Wi-Fi frames.
KW - Covert channel detection system
KW - modulation-based covert channel
KW - Wi-Fi network
KW - wireless network security
UR - http://www.scopus.com/inward/record.url?scp=85137574574&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2022.3201648
DO - 10.1109/ACCESS.2022.3201648
M3 - Article
AN - SCOPUS:85137574574
VL - 10
SP - 89944
EP - 89958
JO - IEEE Access
JF - IEEE Access
SN - 2169-3536
ER -