An IEEE 802.11 MAC Layer Covert Channel Based On Supported Rates


  • Geovani Teca AGH University of Science and Technology
  • Marek Natkaniec AGH University of Science and Technology


Wireless Local Area Networks present several vulnerabilities that are exploited, and as a result, numerous attacks have been developed and used against them. Although countermeasures to detect and eliminate such threats have been created throughout the years, few methods exist to prevent the attacks. IEEE 802.11 covert channels could be considered a candidate to prevent Wi-Fi attacks since they allow secret communication between the client station and the access point without establishing an association. They can be implemented in frames that attackers do not target. This paper presents a new covert channel that prevents Wi-Fi attacks. We also describe metrics, and discuss the performance results of the proposed solution. We show that the new protocol is able to achieve high efficiency of operation.


“IEEE standard for information technology–telecommunications and

information exchange between systems - local and metropolitan area

networks–specific requirements - part 11: Wireless lan medium access

control (mac) and physical layer (phy) specifications - redline,” pp. 1–

, 2021.

M. Ergen, “IEEE 802.11 tutorial,”

publication/2533138 IEEE 80211 Tutorial, 2002, online; accessed: 23

December 2022.

K. Umesh and G. Sapna, “A literature review of security threats to

wireless networks,” International Journal of Future Generation Com-

munication and Networking, vol. 7(4), pp. 25–34, 2014.

J. J. Flores and A. Cruz, “A study in wireless attacks and its tools,” in

th Latin American and Caribbean Conference for Engineering and

Technology, 08 2013.

M. M. Noor and W. H. Hassan, “Wireless networks: Developments,

threats and countermeasures,” International Journal of Digital Informa-

tion and Wireless Communications, vol. 3, no. 1, pp. 125–140, 2013.

M. Aung and K. Thant, “IEEE 802.11 attacks and defenses,” in Pro-

ceedings of the 17th International Conference on Computer Application

(ICCA), 03 2019, pp. 186–191.

K. Sawicki and Z. Piotrowski, “Two-way complex steganographic

system for authentication and authorization in ieee 802.11 wireless


STOSOWANIA, no. 1, pp. 24–28, 2017.

L. Frikha, Z. Trabelsi, and W. El-Hajj, “Implementation of a covert

channel in the 802.11 header,” in 2008 International Wireless Commu-

nications and Mobile Computing Conference, 2008, pp. 594–599.

S. Vibhuti, “IEEE 802.11 wep (wired equivalent privacy) concepts

and vulnerability,” in CS265 Spring, 2005. [Online]. Available:∼stamp/CS265/projects/Spr05/papers/WEP.pdf

G. Ricardo, T. Murali, and M. John C., “Analysis of a mac layer covert

channel in 802.11 networks,” International Journal on Advances in

Telecommunications, vol. 5, no. 3 & 4, pp. 131–140, 2012.

K. Sawicki and Z. Piotrowski, “The proposal of ieee 802.11 network

access point authentication mechanism using a covert channel,” in

19th International Conference on Microwaves, Radar & Wireless

Communications, vol. 2, 2012, pp. 656–659.

H. Seong, I. Kim, Y. Jeon, M.-K. Oh, S. Lee, and D. Choi, “Practical

covert wireless unidirectional communication in IEEE 802.11 environ-

ment,” IEEE Internet of Things Journal, pp. 1–1, 2022.

T. Mekhaznia and A. Zidani, “Wi-fi security analysis,” Procedia Com-

puter Science, vol. 73, pp. 172–178, 2015.

K. Chintan, B. Dhrumil, B. Ravi, P. Vivek, and D. Deepti, “De-

authentication attack on wireless network,” International Journal of

Engineering and Advanced Technology (IJEAT), vol. 8, no. 3S, pp. 881–

, 02 2019.

Y. Song, C. Yang, and G. Gu, “Who is peeping at your passwords at

starbucks? — to catch an evil twin access point,” in 2010 IEEE/IFIP

International Conference on Dependable Systems & Networks (DSN),

, pp. 323–332.

W. Wu, X. Gu, K. Dong, X. Shi, and M. Yang, “Prapd: A novel

received signal strength–based approach for practical rogue access

point detection,” International Journal of Distributed Sensor Networks,

vol. 14, no. 8, 08 2018.

A. Abhijit S. Bodhe, “Rogue access point: A threat to wireless soci-


SCIENCES, vol. 4, no. 7, pp. 97–102, 12 2017.

S. Shetty, M. Song, and L. Ma, “Rogue access point detection by

analyzing network traffic characteristics,” in MILCOM 2007 - IEEE

Military Communications Conference, 2007, pp. 1–7.

V. Modi and C. Parekh, “Detection of rogue access point to prevent evil twin attack in wireless network,” International Journal of Engineering

Research & Technology (IJERT), vol. 6, no. 4, pp. 23–26, 04 2017.

R. Gonc ̧alves, M. E. Correia, and P. Brand ̃ao, “A flexible framework for rogue access point detection,” in 15th International Joint Conference on e-Business and Telecommunications (ICETE 2018), vol. 2: SECRYPT,

, pp. 466–471.

P. B and J. Nagamalai, “A review on various sniffing attacks and its

mitigation techniques,” Indonesian Journal of Electrical Engineering

and Computer Science, vol. 12, pp. 1117–1125, 12 2018.

M. Gregorczyk, P. ̇Z ́orawski, P. Nowakowski, K. Cabaj, and W. Mazurczyk, “Sniffing detection based on network traffic probing and machine learning,” IEEE Access, vol. 8, pp. 149 255–149 269, 2020.

K. Yogi and Ernastuti, “Analysis of deauthentication attack on ieee

11 connectivity based on iot technology using external penetration

test,” Communication and Information Technology (CommIT), vol. 14,

no. 1, pp. 45–51, 2020.

A. H. Noman, M. A. Shahidan, and H. I. Mohammed, “An automated

approach to detect deauthentication and disassociation dos attacks on

wireless 802.11 networks,” IJCSI International Journal of Computer

Science, vol. 12, no. 4, pp. 107–112, 07 2015.

A. Arora, “Preventing wireless deauthentication attacks over 802.11

networks,” CoRR, vol. abs/1901.07301, 2019. [Online]. Available:

A. Amoordon, V. Deniau, A. Fleury, and C. Gransart, “A single super-

vised learning model to detect fake access points, frequency sweeping

jamming and deauthentication attacks in ieee 802.11 networks,” Machine

Learning with Applications, vol. 10, p. 100389, 12 2022.

Z. Feng, J. Ning, I. Broustis, K. Pelechrinis, S. V. Krishnamurthy, and

M. Faloutsos, “Coping with packet replay attacks in wireless networks,”

in 8th Annual IEEE Communications Society Conference on Sensor,

Mesh and Ad Hoc Communications and Networks, 2011, pp. 368–376.

“NS-3 network simulator.” [Online]. Available:






Security, Safety, Military