Seeing the Unseen: The REVEAL protocol to expose the wireless Man-in-the-Middle

TL;DR

Implementing the REVEAL protocol in 4G/5G technology, the MiM can be reproduced using software defined radios and protocol efficacy can be verified using any open software defined cellular networks with off-the-shelf devices.

Abstract

A Man-in-the-Middle (MiM) can collect over-the-air packets whether from a mobile or a base station, process them, possibly modify them, and forward them to the intended receiver. This paper exhibits the REVEAL protocol that can detect a MiM, whether it has half duplex capability, full duplex capability, or double full duplex capability. Protocol is based on synchronizing clocks between the mobile and the base station, with the MiM being detected if it interferes in the synchronization process. Once synchronized, the REVEAL protocol creates a sequence of challenge packets where the transmission times of the packets, their durations, and their frequencies, are chosen to create conflicts at the MiM, and make it impossible for the MiM to function. We implement the REVEAL protocol for detecting a MiM in 4G technology. We instantiate a MiM between the 4G/5G base station and a mobile, and exhibit the successful detection mechanisms. With the shared source code, our work can be reproduced using open software defined cellular networks with off-the-shelf devices

Figures (18)

• Figure 1: Three classes of Man-in-the-Middle
• Figure 2: Relationship between reference and slave clocks
• Figure 3: Timestamp exchanges. (Note that $d_{mb}$ is to be measured in the reference clock's time units rather than the slave clock's.)
• Figure 4: Clock synchronization in the presence of Man-in-the-Middle. (Both the durations $d_{rs}$ and $d_{sr}$ are in the units of the reference clock.)
• Figure 5: Half-duplex middle node. (Both $d_{rs}$ and $d_{sr}$ are in the units of the reference clock, which in this case is the base station.)