PHYAlert: identity spoofing attack detection and prevention for a wireless edge network

Abstract

Delivering service intelligence to billions of connected devices is the next step in edge computing. Wi-Fi, as the de facto standard for high-throughput wireless connectivity, is highly vulnerable to packet-injection-based identity spoofing attacks (PI-ISAs). An attacker can spoof as the legitimate edge coordinator and perform denial of service (DoS) or even man-in-the-middle (MITM) attacks with merely a laptop. Such vulnerability leads to serious systematic risks, especially for the core edge/cloud backbone network.In this paper, we propose PHYAlert, an identity spoofing attack alert system designed to protect a Wi-Fi-based edge network. PHYAlert profiles the wireless link with the rich dimensional Wi-Fi PHY layer information and enables real-time authentication for Wi-Fi frames. We prototype PHYAlert with commercial off-the-shelf (COTS) devices and perform extensive experiments in different scenarios. The experiments verify the feasibility of spoofing detection based on PHY layer information and show that PHYAlert can achieve an 8x improvement in the false positive rate over the conventional signal-strength-based solution.