The present invention relates to a process and devices for selective collision detection.
Carrier Sense Multiple Access (CSMA) mechanism is a commonly used scheme in network communications, where all the devices can send a message at any time on the network. Generally, a device verifies the absence of other traffic before sending a packet. Anyway, in this context, two stations can send a message at same time, in which case a collision occurs.
To prevent from collisions, two types of countermeasure have been defined. The Collision Detection (CSMA/CD) has been defined in the IEEE802.3 standard, document IEEE Standard 802.3—2002 Edition, dated 8 Mar. 2002. The Collision Avoidance (CSMA/CA) has been defined in the IEEE802.11 standard, document IEEE Standard 802.11—2003 Edition.
With CSMA/CD, a device detects the collisions by listening to the carrier at the time of sending the message. A collision is detected if there is a difference between what was sent and what was received.
With CSMA/CA, a device avoids collision by asking availability of the medium before emitting. The IEEE802.11 standard defines the Request To Send packet, noted RTS and the Clear To Send packet, noted CTS. A first device willing to send a data packet first sends a RTS packet to a second device and waits for a CTS packet from the second device before sending the data packet. When the second device has successfully received the data packet, it sends an acknowledgement control packet, noted ACK. An emitter device that receives the ACK signalization deduces that no collision occurred.
In current technologies, the ACK signalization is not authenticated. Authenticated acknowledgment could be used to know if the sender of the acknowledgment is the correct receiver of the data packet. Nevertheless, it would require a preexisting context with the right key material, and cryptographic solution which cannot be always available.
A type of attack, as described hereafter, is made possible in a CSMA/CA scheme of a wireless local area network, noted WLAN, because all devices of the WLAN receive data at the same time.
In a WLAN of IEEE802.11 type, a first device sends data packet to a second device. When receiving the data packet the second device sends an ACK packet to the first device.
An attacker is comprised of a third device, located close to the first device and a fourth device located close to the second device. As soon as the first device sends a data packet to the second device, the fourth device sends a packet, which produces a collision in the network. In addition the third device always acknowledges the packets sent by the first device. As a result the second device does not receive any message from the first device, and the first device considers that the second device has correctly received the message.
This selective destruction of messages attack is often used to prepare a Man-In-The-Middle attack. The attacker may generate a collision for each packet, in an unselective way. In this case, no packet is correctly received on the network and all devices quickly discover that the network is unavailable or under attack.
The attacker may also generate a collision for some packets only, in a selective way. Generally, all the bits of a packet are not sent at the same time, but sequentially. The attacker then waits for getting information on source or destination address. And as soon as it gets the information on the addresses, it generates a collision.
U.S. Pat. No. 6,643,296 deals with a system for controlling frame collision, enabling retry of transmission earlier in a wireless LAN. Notably it describes several mechanisms for detecting collisions and reemitting the transmitted packet as soon as possible.
The course on network security, section 2 from P. Meunier, 30 Jul. 2004, XP002373781 deals with network security and various possible attacks in the scope of Address Resolution Protocol, noted ARP, CSMA/CA and CSMA/CD.