Analog Man-in-the-middle Attack Against Link-based Packet Source Identification

A novel attack model is proposed against the existing wireless link-based source identification, which classifies packet sources according to the physical-layer link signatures. A link signature is believed to be a more reliable indicator than an IP or MAC address for identifying packet source, as it is generally harder to modify/forge. It is therefore expected to be a future authentication against impersonation and DoS attacks. However, if an attacker is equipped with the same capability/hardware as the authenticator to process physical-layer signals, a link signature can be easily manipulated by any nearby wireless device during the training phase. Based on this finding, we propose an attack model, called the analog man-in-the-middle (AMITM) attack, which utilizes the latest full-duplex relay technology to inject semi-controlled link signatures into authorized packets and reproduce the injected signature in the fabricated packets. Our experimental evaluation shows that with a proper parameter setting, 90% of fabricated packets are classified as those sent from an authorized transmitter. A countermeasure against this new attack is also proposed for the authenticator to inject link-signature noise by the same attack methodology.