Secure Triggering Frame-Based Dynamic Power Saving Mechanism against Battery Draining Attack in Wi-Fi-Enabled Sensor Networks
Abstract
:1. Introduction
- This paper analyzes the structural vulnerabilities of trigger frames in trigger-based uplink transmission methods and proposes methods to combat battery draining attacks in a multi-link environment.
- We propose the STF-DPSM, which combines dynamic power-saving methods to enhance energy efficiency with a secure trigger frame (STF) to counter power-draining attacks while ensuring confidentiality and integrity.
- We propose a performance evaluation framework for power-saving methods designed to counter trigger-based battery draining attacks in next-generation Wi-Fi-enabled sensor networks.
2. Security Vulnerability in 802.11
2.1. Main Features up to 802.11ac
2.2. Trigger Frame in IEEE 802.11ax
2.3. Multi-Link Operation (MLO) in IEEE 802.11be
2.4. Vulnerabilities of Trigger Frame in MLO
2.5. Related Work
Ref. | Attack Vector and Scenario | Countermeasure | Limitation | |
---|---|---|---|---|
Detection | Response | |||
[40] | Conducting five different battery drain attacks, including packet flooding | - | - | No mechanisms exist to detect and respond to battery drain attacks |
[41] | Repeatedly sending fake messages with manipulated MAC frame counter values to consume significant energy in verification by the receiver | Detecting battery depletion attacks through an energy prediction-based intrusion anomaly detection system | Introduction of frame encryption | The encryption method induces high overheads during normal operation, degrading network performance |
[42] | Attacker poses as a legitimate node to perform energy drain attacks | By detecting abnormal packet transmission intervals, the attack node is temporarily blocked | Verify the integrity and authentication of packets using symmetric and asymmetric encryption | Increased system complexity due to the introduction of encryption and security mechanisms |
[43] | Battery drain attack through unencrypted TWT negotiation procedures | By measuring the power consumed in a normal state, a power consumption model is established. This model is used to detect abnormal power consumption caused by attacks | By encrypting the TWT negotiation procedure and improving the scheduling algorithm, power consumption and security issues are addressed | Encrypting the TWT negotiation procedure increases system complexity and leads to performance degradation |
[44] | Sending unauthorized packets or replaying recorded traffic to prevent the device from entering sleep mode, causing a sleep deprivation attack | During the training period, the system learns the normal state of the network. If an abnormally high number of wake-up packets are received during the transmission opportunity, it is considered an attack | Notify the AP of the attack and allocate a new wake-up ID with the AP to prevent the attack | There are issues with increased complexity and false positive rates. Additional authentication processes may cause overheads |
[45] | Performing a battery drain attack by forging beacon signals with manipulated timestamps and TIM elements to make the client send unnecessary frames | Add authentication tags to beacon frames to detect forged beacons and report the alert to the AP | Extend the 802.11 standard [46] to authenticate beacon frames | The process of reporting to the AP and adding authentication tags introduces overhead issues |
[47] | Performing a sleep deprivation attack by continuously transmitting specially crafted wireless signals near the sensor to prevent IoT devices from entering sleep mode | Collect real-time battery consumption data from sensors and detect based on threshold values | Sensors automatically switch to power-saving mode if battery consumption exceeds the threshold | Switching to power-saving mode causes availability issues, as sensors cannot communicate for a certain period |
[48] | Attacker performs a battery drain attack by sending a large number of packets at shorter intervals than the actual sensor node | Detect an attack if packets are transmitted more frequently than the configured transmission interval | Monitor the transmission intervals of nodes to detect abnormal activities and temporarily block the attack node | There is the possibility of false positives, and the process of detecting and blocking attacks consumes additional energy and resources |
[49] | Manipulating specific information elements in beacons to cause battery drain or changing TIM elements to prevent IoT devices from entering sleep mode | Use packet analysis tools and battery monitoring tools to detect attacks | Verify the integrity of beacon frames using a beacon integrity group temporal key (BIGTK) | The introduction of integrity verification mechanisms increases system complexity |
[50] | Attacker performs a DoS attack by spoofing IP addresses and sending a large number of messages, draining the IoT device’s battery | Detection by verifying the validity of messages based on short message authentication codes | Defending against attacks through cooperation with the gateway. The gateway filters attack messages, and the IoT device handles only legitimate requests | Dependent on the performance and reliability of the gateway |
[51] | Attacker drains the energy of intermediate nodes by sending a large number of packets | Each node records the number of packets received within a specific time frame and compares it to a dynamically calculated threshold to detect potential attacks | Isolate suspected malicious nodes from the network to prevent them from receiving or transmitting any packets | Additional resource consumption occurs during the threshold calculation and comparison process, and attackers may find ways to bypass it |
[52] | Attacker inserts malformed packets to force the target device to consume unnecessary energy | Detect attacks by analyzing the CRC error patterns of received packets | Set transmission and reception times randomly to prevent attackers from predicting packet insertion times. Additionally, if a faulty packet is detected, stop receiving packets on the corresponding channel or time slot to avoid additional energy consumption | The threshold set for attack detection increases implementation complexity |
[53] | Attacker depletes the device’s battery through continuous service requests | Analyze the MAC header to identify error patterns | When abnormal requests are detected, limit those requests to minimize energy consumption | Detection becomes difficult if attackers evade error patterns |
[54] | Attacker continuously sends unauthorized fake packets, causing the device to constantly respond and deplete its battery | Monitor abnormal Ack response patterns caused by fake packets | Add integrity checks to beacon frames to detect and ignore fake beacon frames | Integrity checks lead to complexity issues and performance degradation |
Our Work | Exploiting the vulnerability of trigger frames to make multi-link devices continuously consume energy | The normal AP detects masquerading attacks | Adjust the power-saving time adaptively, and use the STF method, which applies security only after an attack has occurred using trigger frames | Lack of evaluation in realistic environments |
3. Triggering-Based Battery Draining Attacks
4. Proposed STF-DPSM
- TWT Setup or Teardown Phase: This initial phase involves adjusting the TWT settings based on the detection of abnormal trigger activities to either prolong or terminate the TWT.
- Target Wake Time: During this phase, the device remains in a power-saving state to minimize power consumption. This interval is crucial for conserving battery life, particularly in environments susceptible to attack.
- TWT Wake Duration: In this segment, the device exits the power-saving state to perform data transmission and reception at the scheduled TWT.
5. Evaluation Results and Analysis
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Edirisinghe, S.; Galagedarage, O.; Dias, I.; Ranaweera, C. Recent development of emerging indoor wireless networks towards 6G. Network 2023, 3, 269–297. [Google Scholar] [CrossRef]
- Lima, M.P.; Takahashi, R.H.; Vieira, M.A.; Carrano, E.G. Multiobjective planning of indoor Wireless Local Area Networks using subpermutation-based hybrid algorithms. Knowl.-Based Syst. 2023, 263, 110293. [Google Scholar] [CrossRef]
- Deng, C.; Fang, X.; Han, X.; Wang, X.; Yan, L.; He, R.; Guo, Y. IEEE 802.11 be Wi-Fi 7: New challenges and opportunities. IEEE Commun. Surv. Tutor. 2020, 22, 2136–2166. [Google Scholar] [CrossRef]
- Ioulianou, P.P.; Vassilakis, V.G.; Logothetis, M.D. Battery drain denial-of-service attacks and defenses in the Internet of Things. J. Telecommun. Inf. Technol. 2019, 30, 37–45. [Google Scholar] [CrossRef]
- Maddikunta PK, R.; Srivastava, G.; Gadekallu, T.R.; Deepa, N.; Boopathy, P. Predictive model for battery life in IoT networks. IET Intell. Transp. Syst. 2020, 14, 1388–1395. [Google Scholar] [CrossRef]
- Friansa, K.; Haq, I.N.; Santi, B.M.; Kurniadi, D.; Leksono, E.; Yuliarto, B. Development of battery monitoring system in smart microgrid based on internet of things (IoT). Procedia Eng. 2017, 170, 482–487. [Google Scholar] [CrossRef]
- Nurchis, M.; Bellalta, B. Target wake time: Scheduled access in IEEE 802.11 ax WLANs. IEEE Wirel. Commun. 2019, 26, 142–150. [Google Scholar] [CrossRef]
- Piyare, R.; Murphy, A.L.; Kiraly, C.; Tosato, P.; Brunelli, D. Ultra low power wake-up radios: A hardware and networking survey. IEEE Commun. Surv. Tutor. 2017, 19, 2117–2157. [Google Scholar] [CrossRef]
- Chen, Q.; Zhu, Y.H. Scheduling channel access based on target wake time mechanism in 802.11 ax WLANs. IEEE Trans. Wirel. Commun. 2020, 20, 1529–1543. [Google Scholar] [CrossRef]
- Yang, C.; Lee, J.; Bahk, S. Target wake time scheduling strategies for uplink transmission in IEEE 802.11 ax networks. In Proceedings of the 2021 IEEE Wireless Communications and Networking Conference, Nanjing, China, 29 March–1 April 2021. [Google Scholar]
- Deng, D.J.; Lien, S.Y.; Lin, C.C.; Gan, M.; Chen, H.C. IEEE 802.11 ba wake-up radio: Performance evaluation and practical designs. IEEE Access 2020, 8, 141547–141557. [Google Scholar] [CrossRef]
- Djidi NE, H.; Gautier, M.; Courtay, A.; Berder, O.; Magno, M. How can wake-up radio reduce lora downlink latency for energy harvesting sensor nodes? Sensors 2021, 21, 733. [Google Scholar] [CrossRef] [PubMed]
- IEEE Standard 802.11ax; IEEE Standard for Information Technology—Telecommunications and Information Exchange between Systems Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications—Amendment 5: Enhancements for High Efficiency WLAN. IEEE: Piscataway, NJ, USA, 2021; pp. 1–634.
- Daldoul, Y.; Meddour, D.E.; Ksentini, A. Performance evaluation of OFDMA and MU-MIMO in 802.11 ax networks. Comput. Netw. 2020, 182, 107477. [Google Scholar] [CrossRef]
- Yang, M.; Li, B.; Yan, Z. MAC Technology of IEEE 802.11 ax: Progress and Tutorial. Mob. Netw. Appl. 2021, 26, 1122–1136. [Google Scholar] [CrossRef]
- Khorov, E.; Levitsky, I.; Akyildiz, I.F. Current status and directions of IEEE 802.11 be, the future Wi-Fi 7. IEEE Access 2020, 8, 88664–88688. [Google Scholar] [CrossRef]
- IEEE Standard 802.11be; IEEE Draft Standard for Information Technology—Telecommunications and Information Exchange between Systems Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications—Amendment: Enhancements for Extremely High Throughput (EHT). IEEE: Piscataway, NJ, USA, 2021; pp. 1–1200.
- Qureshi, I.A.; Asghar, S. A systematic review of the IEEE-802.11 standard’s enhancements and limitations. Wirel. Pers. Commun. 2023, 131, 2539–2572. [Google Scholar] [CrossRef]
- Paul, T.; Ogunfunmi, T. Wireless LAN comes of age: Understanding the IEEE 802.11 n amendment. IEEE Circuits Syst. Mag. 2008, 8, 28–54. [Google Scholar] [CrossRef]
- IEEE Standard 802.11n; IEEE Standard for Information Technology—Telecommunications and Information Exchange between Systems Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications—Amendment 5: Enhancements for Higher Throughput. IEEE: Piscataway, NJ, USA, 2009; pp. 1–640.
- Wang, C.Y.; Wei, H.Y. IEEE 802.11 n MAC enhancement and performance evaluation. Mob. Netw. Appl. 2009, 14, 760–771. [Google Scholar] [CrossRef]
- Lu, L.; Li, G.Y.; Swindlehurst, A.L.; Ashikhmin, A.; Zhang, R. An overview of massive MIMO: Benefits and challenges. IEEE J. Sel. Top. Signal Process. 2014, 8, 742–758. [Google Scholar] [CrossRef]
- Xiao, Y. IEEE 802.11 n: Enhancements for higher throughput in wireless LANs. IEEE Wirel. Commun. 2005, 12, 82–91. [Google Scholar] [CrossRef]
- IEEE Standard 802.11ac; IEEE Standard for Information Technology—Telecommunications and Information Exchange between Systems Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications—Amendment 4: Enhancements for Very High Throughput for Operation in Bands below 6 GHz. IEEE: Piscataway, NJ, USA, 2014; pp. 1–425.
- Gong, M.X.; Hart, B.; Mao, S. Advanced wireless LAN technologies: IEEE 802.11 ac and beyond. GetMobile Mob. Comput. Commun. 2015, 18, 48–52. [Google Scholar] [CrossRef]
- Perahia; Gong, M.X. Gigabit wireless LANs: An overview of IEEE 802.11 ac and 802.11 ad. ACM SIGMOBILE Mob. Comput. Commun. Rev. 2011, 15, 23–33. [Google Scholar] [CrossRef]
- Ong, E.H.; Kneckt, J.; Alanen, O.; Chang, Z.; Huovinen, T.; Nihtilä, T. IEEE 802.11 ac: Enhancements for very high throughput WLANs. In Proceedings of the 2011 IEEE 22nd International Symposium on Personal, Indoor and Mobile Radio Communications, Toronto, ON, Canada, 11–14 September 2011; pp. 849–853. [Google Scholar]
- Bellalta, B. IEEE 802.11 ax: High-efficiency WLANs. IEEE Wirel. Commun. 2016, 23, 38–46. [Google Scholar] [CrossRef]
- Bankov, D.; Didenko, A.; Khorov, E.; Lyakhov, A. OFDMA uplink scheduling in IEEE 802.11 ax networks. In Proceedings of the 2018 IEEE International Conference on Communications (ICC), Kansas City, MO, USA, 20–24 May 2018; pp. 1–6. [Google Scholar]
- Khorov, E.; Kiryanov, A.; Lyakhov, A.; Bianchi, G. A tutorial on IEEE 802.11 ax high efficiency WLANs. IEEE Commun. Surv. Tutor. 2018, 21, 197–216. [Google Scholar] [CrossRef]
- Bellalta, B.; Kosek-Szott, K. AP-initiated multi-user transmissions in IEEE 802.11 ax WLANs. Ad Hoc Netw. 2019, 85, 145–159. [Google Scholar] [CrossRef]
- Goncalves, V.D.S.; Knightly, E.W. An experimental study of triggered multi-user uplink access with real application traffic. In Proceedings of the 2022 IEEE/ACM 30th International Symposium on Quality of Service (IWQoS), Oslo, Norway, 5 July 2022; pp. 1–10. [Google Scholar]
- Lopez-Perez, D.; Garcia-Rodriguez, A.; Galati-Giordano, L.; Kasslin, M.; Doppler, K. IEEE 802.11 be extremely high throughput: The next generation of Wi-Fi technology beyond 802.11 ax. IEEE Commun. Mag. 2019, 57, 113–119. [Google Scholar] [CrossRef]
- López-Raventós, A.; Bellalta, B. Multi-link operation in IEEE 802.11 be WLANs. IEEE Wirel. Commun. 2022, 29, 94–100. [Google Scholar] [CrossRef]
- Murti, W.; Yun, J.H. Multi-link operation with enhanced synchronous channel access in IEEE 802.11 be wireless LANs: Coexistence issue and solutions. Sensors 2021, 21, 7974. [Google Scholar] [CrossRef]
- Elhigazi, A.; Abd Razak, S.; Hamdan, M.; Mohammed, B.; Abaker, I.; Elsafi, A. Authentication flooding dos attack detection and prevention in 802.11. In Proceedings of the 2020 IEEE Student Conference on Research and Development (SCOReD), Batu Pahat, Malaysia, 27–29 September 2020; pp. 325–329. [Google Scholar]
- Lee, I.G.; Go, K.; Lee, J.H. Battery draining attack and defense against power saving wireless LAN devices. Sensors 2020, 20, 2043. [Google Scholar] [CrossRef] [PubMed]
- Hugon, J.; Cunche, M.; Begin, T. RoMA: Rotating MAC Address for privacy protection. In Proceedings of the SIGCOMM’22 Poster and Demo Sessions, Amsterdam, The Netherlands, 22–26 August 2022; pp. 31–33. [Google Scholar]
- Yun, S.-W.; Park, N.-E.; Lee, I.-G. Wake-up Security: Effective Security Improvement Mechanism for Low Power Internet of Things. Intell. Autom. Soft Comput. 2023, 37, 2897–2917. [Google Scholar] [CrossRef]
- Smith, R.; Palin, D.; Ioulianou, P.P.; Vassilakis, V.G.; Shahandashti, S.F. Battery draining attacks against edge computing nodes in IoT networks. Cyber-Phys. Syst. 2020, 6, 96–116. [Google Scholar] [CrossRef]
- Nguyen, V.L.; Lin, P.C.; Hwang, R.H. Energy depletion attacks in low power wireless networks. IEEE Access 2019, 7, 51915–51932. [Google Scholar] [CrossRef]
- Tropea, M.; Spina, M.G.; De Rango, F.; Gentile, A.F. Security in wireless sensor networks: A cryptography performance analysis at mac layer. Future Internet 2022, 14, 145. [Google Scholar] [CrossRef]
- Liu, R.; Choi, N. A First Look at Wi-Fi 6 in Action: Throughput, Latency, Energy Efficiency, and Security. Proc. ACM Meas. Anal. Comput. Syst. 2023, 7, 1–25. [Google Scholar]
- Park, H. Anti-malicious attack algorithm for low-power wake-up radio protocol. IEEE Access 2020, 8, 127581–127592. [Google Scholar] [CrossRef]
- Vanhoef, M.; Adhikari, P.; Pöpper, C. Prot41ecting wi-fi beacons from outsider forgeries. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Linz, Austria, 8–10 July 2020; pp. 155–160. [Google Scholar]
- IEEE Standard 802.11; IEEE Standard for Information Technology—Telecommunications and Information Exchange between Systems Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE: Piscataway, NJ, USA, 2016; pp. 1–2793.
- Fobe, J.L.A.O.; Nogueira, M.; Batista, D.M. A New Defensive Technique Against Sleep Deprivation Attacks Driven by Battery Usage. In Proceedings of the Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeG), Santa Maria, Brazil, 12–15 September 2022; pp. 85–96. [Google Scholar]
- Serianni, A.; Palmieri, N. A MAC Layer Energy Drain Attack Analysis in WSN. In Proceedings of the 2022 30th Telecommunications Forum (TELFOR), Belgrade, Serbia, 15–16 November 2022; pp. 1–4. [Google Scholar]
- Raj, A.; Sankaran, D.S. Battery Drain using Wi-Fi Beacons. In Proceedings of the 2023 11th International Symposium on Digital Forensics and Security (ISDFS), Chattanooga, TN, USA, 11–12 May 2023; pp. 1–6. [Google Scholar]
- Atiiq, S.A.; Gehrmann, C. CLI-DOS: Collaborative Counteraction against Denial of Service in the Internet of Things. In Proceedings of the 2020 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Austin, TX, USA, 23–27 March 2020; pp. 1–6. [Google Scholar]
- Pu, C.; Groves, B. Energy Depletion Attack in Low Power and Lossy Networks: Analysis and Defenses. In Proceedings of the 2019 2nd International Conference on Data Intelligence and Security (ICDIS), South Padre Island, TX, USA, 28–30 June 2019; pp. 14–21. [Google Scholar]
- Sciancalepore, S.; Tedeschi, P.; Riasat, U.; Pietro, R.D. Mitigating Energy Depletion Attacks in IoT via Random Time-Slotted Channel Access. In Proceedings of the 2021 IEEE Conference on Communications and Network Security (CNS), Tempe, AZ, USA, 4–6 October 2021; pp. 10–18. [Google Scholar]
- Hristozov, S.; Huber, M.; Sigl, G. Protecting RESTful IoT Devices from Battery Exhaustion DoS Attacks. In Proceedings of the 2020 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), San Jose, CA, USA, 7–11 December 2020; pp. 316–327. [Google Scholar]
- Abedi, A.; Lu, H.; Chen, A.; Liu, C.; Abari, O. Wi-Fi Physical Layer Stays Awake and Responds When it Should Not. IEEE Internet Things J. 2024, 11, 4483–4496. [Google Scholar] [CrossRef]
Parameter | Meaning | Value |
---|---|---|
V | Voltage | 1.1 V |
TTOTAL | Total Transmission Time | - |
TTX | Time spent in TX mode | - |
TRX | Time spent in RX mode | - |
TIDLE | Time spent in IDLE mode | - |
TDOZE | Time spent in DOZE mode | - |
TSIFS | SIFS | 16 us |
TTWT | TWT | variable |
LACK | Length of ACK | 14 B |
LTF | Length of Trigger Frame | 34 B |
LSTF | Length of Secure Triggering Frame | 58 B |
LPPDU | Length of PPDU | 1024 B |
PTX | Power consumption in TX mode | 308 mW |
PRX | Power consumption in RX mode | 110 mW |
PIDLE | Power consumption in IDLE mode | 55 mW |
PDOZE | Power consumption in DOZE mode | 0.0033 mW |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Kim, S.-Y.; Park, S.-H.; Lee, J.-H.; Lee, I.-G. Secure Triggering Frame-Based Dynamic Power Saving Mechanism against Battery Draining Attack in Wi-Fi-Enabled Sensor Networks. Sensors 2024, 24, 5131. https://doi.org/10.3390/s24165131
Kim S-Y, Park S-H, Lee J-H, Lee I-G. Secure Triggering Frame-Based Dynamic Power Saving Mechanism against Battery Draining Attack in Wi-Fi-Enabled Sensor Networks. Sensors. 2024; 24(16):5131. https://doi.org/10.3390/s24165131
Chicago/Turabian StyleKim, So-Yeon, So-Hyun Park, Jung-Hoon Lee, and Il-Gu Lee. 2024. "Secure Triggering Frame-Based Dynamic Power Saving Mechanism against Battery Draining Attack in Wi-Fi-Enabled Sensor Networks" Sensors 24, no. 16: 5131. https://doi.org/10.3390/s24165131
APA StyleKim, S. -Y., Park, S. -H., Lee, J. -H., & Lee, I. -G. (2024). Secure Triggering Frame-Based Dynamic Power Saving Mechanism against Battery Draining Attack in Wi-Fi-Enabled Sensor Networks. Sensors, 24(16), 5131. https://doi.org/10.3390/s24165131