Segment-Based Formal Verification of WiFi Fragmentation and Power Save Mode
CoRR(2023)
摘要
The IEEE 802.11 family of standards, better known as WiFi, is a widely used
protocol utilized by billions of users. Previous works on WiFi formal
verification have mostly focused on the four-way handshake and other security
aspects. However, recent works have uncovered severe vulnerabilities in
functional aspects of WiFi, which can cause information leakage for billions of
devices. No formal analysis method exists able to reason on the functional
aspects of the WiFi protocol. In this paper, we take the first steps in
addressing this gap and present an extensive formal analysis of the functional
aspects of the WiFi protocol, more specifically, the fragmentation and the
power-save-mode process. To achieve this, we design a novel segment-based
formal verification process and introduce a practical threat model (i.e. MAC
spoofing) in Tamarin to reason about the various capabilities of the attacker.
To this end, we verify 68 properties extracted from WiFi protocol
specification, find 3 vulnerabilities from the verification, verify 3 known
attacks, and discover 2 new issues. These vulnerabilities and issues affect 14
commercial devices out of 17 tested cases, showing the prevalence and impact of
the issues. Apart from this, we show that the proposed countermeasures indeed
are sufficient to address the issues. We hope our results and analysis will
help vendors adopt the countermeasures and motivate further research into the
verification of the functional aspects of the WiFi protocol.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要