A Weakest Chain Approach to Assessing the Overall Effectiveness of the 802.11 Wireless Network Security

This study aims to assess wireless network security holistically and attempts to determine the weakest link among the parts that comprise the 'secure' aspect of the wireless networks: security protocols, wireless technologies and user habits. The assessment of security protocols is done by determining the time taken to break a specific protocol's encryption key, or to pass an access control by using brute force attack techniques. Passphrase strengths as well as encryption key strengths ranging from 40 to 256 bits are evaluated. Different scenarios are planned and created for passphrase generation, using different character sets and different number of characters. Then each scenario is evaluated based on the time taken to break that passphrase. At the end of the study, it is determined that the choice of the passphrase is the weakest part of the entire 802.11 wireless security system.Comment: 8 pages, 3 table

Transparent password policies: A case study of investigating end-user situational awareness

Transparent password policies are utilized by organizations in an effort to ease the user from the burden of configuring authentication settings while maintaining a high level of security. However, authentication transparency can challenge security and usability and can impact the awareness of the end-users with regards to the protection level that is realistically achieved. For authentication transparency to be effective, the triptych security – usability – situational awareness should be considered when designing relevant security solutions. Although various efforts have been made in the literature, the usability aspects of the password selection process are not well understood or addressed in the context of end-user situational awareness. This research work specifies three security and usability-related strategies that represent the organizations’, the end users’ and the attackers’ objectives with regards to password construction. Understanding each actor’s perspective can greatly assist in increasing situational awareness with regards to the authentication controls usage and effectiveness. Furthermore, a case study is presented to evaluate if, and in what way, transparent password policies, that isolate users’ involvement can affect the perspective of the end-user with regards to the security situation. Results showed that the transparent approached utilized has created a negative situation, users were not aware and never dealt with changing or trying to alter default security settings, leaving their home network vulnerable to external attacks. Finally, initial recommendations are made to organizations that would like to implement and evaluate transparent authentication controls

Using metrics from multiple layers to detect attacks in wireless networks

The IEEE 802.11 networks are vulnerable to numerous wireless-specific attacks. Attackers can implement MAC address spoofing techniques to launch these attacks, while masquerading themselves behind a false MAC address. The implementation of Intrusion Detection Systems has become fundamental in the development of security infrastructures for wireless networks. This thesis proposes the designing a novel security system that makes use of metrics from multiple layers of observation to produce a collective decision on whether an attack is taking place. The Dempster-Shafer Theory of Evidence is the data fusion technique used to combine the evidences from the different layers. A novel, unsupervised and self- adaptive Basic Probability Assignment (BPA) approach able to automatically adapt its beliefs assignment to the current characteristics of the wireless network is proposed. This BPA approach is composed of three different and independent statistical techniques, which are capable to identify the presence of attacks in real time. Despite the lightweight processing requirements, the proposed security system produces outstanding detection results, generating high intrusion detection accuracy and very low number of false alarms. A thorough description of the generated results, for all the considered datasets is presented in this thesis. The effectiveness of the proposed system is evaluated using different types of injection attacks. Regarding one of these attacks, to the best of the author knowledge, the security system presented in this thesis is the first one able to efficiently identify the Airpwn attack

Development and Analysis of a Model for Assessing Perceived Security Threats and Characteristics of Innovating for Wireless Networks

This dissertation employed a two prong approach, whereby the survey and case study methods were used to investigate security issues regarding wireless networks. The survey portion draws together two previously unrelated research streams. Given the recent increased concern for security in the computing milieu, Innovation Diffusion Theory and security factor constructs were merged and synthesized to form a new instrument. This instrument is useful in an effort to understand what role security concerns play in the adoption and diffusion of technology. In development of the new instrument, 481 usable surveys were collected and analyzed. Factor analysis revealed favorable factor loadings in the data. Further analysis was then conducted utilizing multiple regression analysis. This analysis led to the discovery that the constructs of Susceptibility and Severity of Threat, Improvement Potential, and Visibility are significant predictors in regard to level of concern when using wireless networks. Case studies were conducted with a goal to gain a deep knowledge of IT professionals? concerns, attitudes, and best practices toward wireless security. To this end, seven IT professionals were personally interviewed regarding their perceptions and attitudes toward wireless security. In an effort to compare IT professional and end user opinions, 30 IT professionals also completed a paper based survey regarding their perceptions about security. Findings indicate that security professionals are very optimistic for the future of wireless computing. However, that optimism is tempered by a realization that there are a myriad of potential threats that might exploit weakness in wireless security. To determine differences and similarities between users? perspectives and managers? perspectives regarding wireless network security, the results from the survey and case study were synthesized. Most IT professionals (76.19%) reported that, all factors considered, they prefer to use wired networks as opposed to wireless networks; whereas, substantially fewer (44.86%) of the end user respondents reported that they preferred wired over wireless networks. Overall, results suggest that IT professionals are more concerned about security than are end users. However, a challenge remains to make administrators and users aware of the full effect of security threats present in the wireless computing paradigm

Securing industrial control system environments: the missing piece

Cyberattacks on industrial control systems (ICSs) are no longer matters of anticipation. These systems are continually subject to malicious attacks without much resistance. Network breaches, data theft, denial of service, and command and control functions are examples of common attacks on ICSs. Despite available security solutions, safety, security, resilience, and performance require both private public sectors to step-up strategies to address increasing security concerns on ICSs. This paper reviews the ICS security risk landscape, including current security solution strategies in order to determine the gaps and limitations for effective mitigation. Notable issues point to a greater emphasis on technology security while discounting people and processes attributes. This is clearly incongruent with; emerging security risk trends, the biased security strategy of focusing more on supervisory control and data acquisition systems, and the emergence of more sector-specific solutions as against generic security solutions. Better solutions need to include approaches that follow similar patterns as the problem trend. These include security measures that are evolutionary by design in response to security risk dynamics. Solutions that recognize and include; people, process and technology security enhancement into asingle system, and addressing all three-entity vulnerabilities can provide a better solution for ICS environments

An adaptable fuzzy-based model for predicting link quality in robot networks.

It is often essential for robots to maintain wireless connectivity with other systems so that commands, sensor data, and other situational information can be exchanged. Unfortunately, maintaining sufficient connection quality between these systems can be problematic. Robot mobility, combined with the attenuation and rapid dynamics associated with radio wave propagation, can cause frequent link quality (LQ) issues such as degraded throughput, temporary disconnects, or even link failure. In order to proactively mitigate such problems, robots must possess the capability, at the application layer, to gauge the quality of their wireless connections. However, many of the existing approaches lack adaptability or the framework necessary to rapidly build and sustain an accurate LQ prediction model. The primary contribution of this dissertation is the introduction of a novel way of blending machine learning with fuzzy logic so that an adaptable, yet intuitive LQ prediction model can be formed. Another significant contribution includes the evaluation of a unique active and incremental learning framework for quickly constructing and maintaining prediction models in robot networks with minimal sampling overhead

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

SUTMS - Unified Threat Management Framework for Home Networks

Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates

Development of an M-commerce security framework

Research shows how M-Commerce has managed to find its way to previously inaccessible parts of the world as a major Information and Communication Technologies (ICT) tool for development due to widespread introduction of mobile phones in remote areas. M-Commerce has offered valuable advantages: anytime, anywhere, more personal, more location-aware, more context-aware, more age aware, always online and instant connectivity. But this is not without its problems, of which security is high on the list. The security issues span the whole M-Commerce spectrum, from the top to the bottom layer of the OSI network protocol stack, from machines to humans. This research proposes a threat-mitigation modular framework to help address the security issues lurking in M-Commerce systems being used by marginalised rural community members. The research commences with a literature survey carried out to establish security aspects related to M-Commerce and to determine requirements for a security framework. The framework classifies M-Commerce security threat-vulnerability-risks into four levels: human behaviour and mobile device interaction security, mobile device security, M-Commerce access channel security, wireless network access security. This is followed by a review of the supporting structures or related frameworks that the proposed framework could leverage to address security issues on M-Commerce systems as ICT4D initiatives. The proposed security framework based on the requirements discovered is then presented. As a proof-of-concept, a case study was undertaken at the Siyakhula Living Lab at Dwesa in the Eastern Cape province of South Africa in order to validate the components of the proposed framework. Following the application of the framework in a case study, it can be argued that the proposed security framework allows for secure transacting by marginalised users using M-Commerce initiatives. The security framework is therefore useful in addressing the identified security requirements of M-Commerce in ICT4D contexts