Practical Evaluation of Passive COTS Eavesdropping in 802.11b/n/ac WLAN

  • Daniele AntonioliEmail author
  • Sandra Siby
  • Nils Ole Tippenhauer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11261)


In this work, we compare the performance of a passive eavesdropper in 802.11b/n/ac WLAN networks. In particular, we investigate the downlink of 802.11 networks in infrastructure mode (e. g. from an access point to a terminal) using Commercial-Of-The-Shelf (COTS) devices. Recent 802.11n/ac amendments introduced several physical and link layer features, such as MIMO, spatial diversity, and frame aggregation, to increase the throughput and the capacity of the channel. Several information theoretical studies state that some of those 802.11n/ac features (e. g. beamforming) should provide a degradation of performance for a passive eavesdropper. However, the real impact of those features has not yet been analyzed in a practical context and experimentally evaluated. We present a theoretical discussion and a statistical analysis (using path loss models) to estimate the effects of such features on a passive eavesdropper in 802.11n/ac, using 802.11b as a baseline. We use Signal-to-Noise-Ratio (SNR) and Packet-Error-Rate (PER) as our main metrics. We compute lower and upper bounds for the expected SNR difference between 802.11b and 802.11n/ac using high-level wireless channel characteristics. We show that the PER in 802.11n/ac increases up to 98% (compared to 802.11b) at a distance of 20 m between the sender and the eavesdropper. To obtain a PER of 0.5 in 802.11n/ac, the attacker’s maximal distance is reduced by up to 129.5 m compared to 802.11b. We perform an extensive set of experiments, using COTS devices in an indoor office environment, to verify our theoretical estimations. The experimental results validate our predicted effects and show that every amendment add extra resiliency against passive COTS eavesdropping.


WLAN 802.11 Eavesdropping MIMO Beamforming 


  1. 1.
    Arbaugh, W.A., et al.: Real 802.11 Security: Wi-Fi Protected Access and 802.11 i. Addison-Wesley Longman Publishing Co., Inc., Boston (2003)Google Scholar
  2. 2.
    Bernaschi, M., Ferreri, F., Valcamonici, L.: Access points vulnerabilities to dos attacks in 802.11 networks. Wirel. Netw. (2008)Google Scholar
  3. 3.
    Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: the insecurity of 802.11. In: Proceedings of the 7th Annual International Conference on Mobile Computing and Networking. ACM (2001)Google Scholar
  4. 4.
    Cheng, Y.-C., Bellardo, J., Benkö, P., Snoeren, A.C., Voelker, G.M., Savage, S.: Jigsaw: solving the puzzle of enterprise 802.11 analysis. In: Proceedings of Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM) (2006)Google Scholar
  5. 5.
    Cisco: Cisco’s visual networking index forecast projects nearly half the world’s population will be connected to the internet by 2017 (2013).
  6. 6.
    Coleman, D.D., Westcott, D.A.: CWNA: Certified Wireless Network Administrator Official Study Guide: Exam CWNA-106. Sybex (2014)Google Scholar
  7. 7.
    Crow, B.P., Widjaja, I., Kim, L.G., Sakai, P.T.: IEEE 802.11 wireless local area networks. IEEE Commun. Mag. (1997)Google Scholar
  8. 8.
    Dong, L., Han, Z., Petropulu, A.P., Poor, H.V.: Improving wireless physical layer security via cooperating relays. IEEE Trans. Sig. Process. 58, 185–1888 (2010)MathSciNetzbMATHGoogle Scholar
  9. 9.
    Goldsmith, A.: Wireless Communications. Cambridge University Press, Cambridge (2005)CrossRefGoogle Scholar
  10. 10.
    Gopala, P.K., Lai, L., El Gamal, H.: On the secrecy capacity of fading channels. IEEE Trans. Inf. Theory 54, 4687–4698 (2008)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Gummadi, R., Wetherall, D., Greenstein, B., Seshan, S.: Understanding and mitigating the impact of RF interference on 802.11 networks. ACM SIGCOMM Comput. Commun. Rev. 37, 385–396 (2007)CrossRefGoogle Scholar
  12. 12.
    Hero, A.: Secure space-time communication. IEEE Trans. Inf. Theory 49, 3235–3249 (2003)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Hiertz, G.R., Denteneer, D., Stibor, L., Zang, Y., Costa, X.P., Walke, B.: The IEEE 802.11 universe. IEEE Commun. Mag. 48, 62–70 (2010)CrossRefGoogle Scholar
  14. 14.
    IEEE: IEEE standard for information technology-telecommunications and information exchange between systems local and metropolitan area networks-specific requirements - part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications (2016).
  15. 15.
    Kolias, C., Kambourakis, G., Stavrou, A., Gritzalis, S.: Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset. IEEE Commun. Surv. Tutor. 18, 184–208 (2016)CrossRefGoogle Scholar
  16. 16.
    Leung-Yan-Cheong, S.K., Hellman, M.E.: The Gaussian wire-tap channel. IEEE Trans. Inf. Theory 24, 451–456 (1978)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Martin, S.: Directional Gain of IEEE 802.11 MIMO Devices Employing Cyclic Delay Diversity (2013)Google Scholar
  18. 18.
    Mishra, A., Shin, M., Arbaugh, W.: An empirical analysis of the IEEE 802.11 MAC layer handoff process. ACM SIGCOMM Comput. Commun. Rev. 33, 93–102 (2003)CrossRefGoogle Scholar
  19. 19.
    Mukherjee, A., Swindlehurst, A.L.: Robust beamforming for security in MIMO wiretap channels with imperfect CSI. IEEE Trans. Sig. Process. 59, 351–361 (2013)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Oggier, F., Hassibi, B.: The secrecy capacity of the MIMO wiretap channel. In: IEEE Transactions on Information Theory (2011)Google Scholar
  21. 21.
    Ong, E.H., Kneckt, J., Alanen, O., Chang, Z., Huovinen, T., Nihtilä, T.: IEEE 802.11 ac: enhancements for very high throughput WLANs. In: 2011 IEEE 22nd International Symposium on Personal Indoor and Mobile Radio Communications (PIMRC). IEEE (2011)Google Scholar
  22. 22.
    Peppas, K.P., Sagias, N.C., Maras, A.: Physical layer security for multiple-antenna systems: a unified approach. IEEE Trans. Commun. 64, 314–328 (2016)CrossRefGoogle Scholar
  23. 23.
    Perahia, E., Stacey, R.: Next Generation Wireless LANs: 802.11 n and 802.11 ac. Cambridge University Press, Cambridge (2013)CrossRefGoogle Scholar
  24. 24.
    Pöpper, C., Tippenhauer, N.O., Danev, B., Capkun, S.: Investigation of signal and message manipulations on the wireless channel. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 40–59. Springer, Heidelberg (2011). Scholar
  25. 25.
    Prabhu, V.U., Rodrigues, M.R.: On wireless channels with \(M\)-antenna eavesdroppers: characterization of the outage probability and-outage secrecy capacity. IEEE Trans. Inf. Forensics Secur. 6, 853–860 (2011)CrossRefGoogle Scholar
  26. 26.
    Robyns, P., Bonné, B., Quax, P., Lamotte, W.: Exploiting WPA2-enterprise vendor implementation weaknesses through challenge response oracles. In: WiSec. ACM (2014)Google Scholar
  27. 27.
    Sheth, A., Doerr, C., Grunwald, D., Han, R., Sicker, D.: MOJO: a distributed physical layer anomaly detection system for 802.11 WLANs. In: Proceedings of the 4th International Conference on Mobile Systems, Applications and Services. ACM (2006)Google Scholar
  28. 28.
    OD Team: OpenWRT wireless freedom.
  29. 29.
    Van Veen, B., Buckley, K.: Beamforming: a versatile approach to spatial filtering. IEEE ASSP Mag. 5, 4–24 (1988)CrossRefGoogle Scholar
  30. 30.
    Wang, J., Lee, J., Quek, T.Q.S.: Best antenna placement for eavesdroppers: distributed or co-located? IEEE Commun. Lett. 20, 1820–1823 (2016)CrossRefGoogle Scholar
  31. 31.
    Wyner, A.D.: The wiretap channel. Bell Syst. Tech. J. 54, 1355–1387 (1975)CrossRefGoogle Scholar
  32. 32.
    Yang, N., Yeoh, P.L., Elkashlan, M., Schober, R., Collings, I.B.: Transmit antenna selection for security enhancement in MIMO wiretap channels. IEEE Trans. Commun. 64, 144–154 (2013)CrossRefGoogle Scholar
  33. 33.
    Zou, Y., Zhu, J., Wang, X., Leung, V.C.M.: Improving physical-layer security in wireless communications using diversity techniques. IEEE Netw. 29, 42–48 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Singapore University of Technology and Design (SUTD)SingaporeSingapore
  2. 2.Ecole Polytechnique Federale de Lausanne (EPFL)LausanneSwitzerland

Personalised recommendations