Detecting and locating man-in-the-middle attacks in fixed wireless networks

Abstract

We propose a novel method to detect and locate a Man-in-the-Middle attack in a fixed wireless network by analyzing round-trip time and measured received signal strength from fixed access points. The proposed method was implemented as a client-side application that establishes a baseline for measured round trip time (RTTs) and received signal strength (RSS) under no-threat scenarios and applies statistical measures on the measured RTT and RSS to detect and locate Man-in-the-Middle attacks. We show empirically that the presence of a Man-in-the- Middle attack incurs a significantly longer delay and larger standard deviation in measured RTT compared to that measured without a Man-in-the-Middle attack. We evaluated three machine learning algorithms on the measured RSS dataset to estimate the location of a Man-in-the-Middle attacker. Experimental results show that the proposed method can effectively detect and locate a Man-in-the-Middle attack and achieves a mean location estimation error of 0.8 meters in an indoor densely populated metropolitan environment.