Wi-Fi Cheaters, Beware! DOMINO Will Get You

By Roland Piquepaille

According to Imad Aad, a computer scientist at the Swiss Federal Institute of Technology in Lausanne, it's pretty easy to abuse Wi-Fi networks and to get a higher bandwidth than honest users. All you need is a recent and programmable Wi-Fi card and a Linux machine. You just have to change one line in the code of the Multiple Access Control (MAC) protocol to set the transfer rate at a high fixed value, and you're done. New Scientist has more details in "Greedy hackers can hog Wi-Fi bandwidth." But beware, if the carriers catch you, they'll throw you out of the network and maybe even fine you. And their detective work to identify the cheaters can be easily done with Aad's tool, DOMINO, which claims to detect hackers in fractions of a second. My advice: don't cheat.

Here is the News Scientist description of the trick used by the greedy hackers, and how DOMINO will fight it.

The hacks that DOMINO tackles alter the Multiple Access Control (MAC) protocol, one of the series of protocols that govern how bandwidth is distributed between multiple users of the same Wi-Fi access point.
This type of hack became possible when a new generation of Wi-Fi access cards hit the market in 2003. The cards run the MAC protocol in software, rather than hardware. This makes it easy to change when using a Linux computer, on which all the code is openly available.
For example, one line of the MAC protocol randomly assigns each hotspot user a rate for data transfer. The rates are constantly re-assigned so that on average each user receives data at the same rate. But by changing that line of the MAC protocol, a hacker can fix his rate at a high value, and siphon off most or all of the bandwidth.
Aad claims that DOMINO could detect if someone is doing this by monitoring the rate of data flow in the MAC layer. The tool can be set to raise an alarm when one user is receiving data at an abnormally high speed compared to other users.

As you already probably guessed by now, DOMINO is an acronym. It stands for "system for the Detection Of greedy behavior in the MAC layer of IEEE 802.11 public NetwOrks." More details and diagrams are available on this page.

[To prevent this kind of hack,] we have designed DOMINO , a piece of software to be installed in the Access Point in order to detect and identify greedy stations. DOMINO induces a negligible computation and storage overhead.
DOMINO is totally compatible with existing user equipment and wireless infrastructures. It runs at the AP and has negligible processing overhead. It captures all packets sent on the radio channel and analyzes them to check their compliance with the IEEE 802.11 standard. It takes DOMINO fractions of a second to few seconds to detect a cheater, depending on the density of the traffic he sends and the cheating technique he uses.
False detections are reduced with proper selection of DOMINO parameters. DOMINO detects all misbehaving techniques currently known, and we are pursuing our research efforts to foresee other potential threats to public hotspots.

For more technical information, you can read this research paper, "DOMINO: A System to Detect Greedy Behavior in IEEE 802.11 Hotspots" (PDF format, 14 pages, 327 KB). And if you have some money on the side, you also can create a company and license the technology.

Sources: Celeste Biever, New Scientist, June 8, 2004; Ecole Polytechnique Fédérale de Lausanne