Multi-channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks and Their Attack Signatures

Multi-Channel Man-in-the-Middle (MC-MitM) attack is an advanced form of MitM attack that can manipulate protected wireless communication between the Access Point (AP) and connected clients in a wireless network. Frontline MC-MitM attacks in recent years include Key Reinstallation Attacks (KRACK) reported in 2017 and the FragAttacks reported in 2021. Such attacks affected millions of wireless devices, particularly those associated with the Internet of Things (IoT) systems due to faulty implementations of the standard. Despite the fact that there are security updates available to defend against specific attacks, significant issue is that most of the IoT and Wi-Fi devices do not comply with them. Existing security mechanisms to combat MC-MitM attacks are unfeasible since they demand firmware upgrades on all network devices or use of complicated hardware and software for deployment. In this paper, we empirically develop lightweight attack signatures capable of passively and quickly identifying various MC-MitM attacks without altering any existing protocols or devices.