Securearray: Improving WiFi security with fine-grained physical-layer information

Despite the important role that WiFi networks play in home and enterprise networks they are relatively weak from a security standpoint. With easily available directional antennas, attackers can be physically located off-site, yet compromise WiFi security protocols such as WEP, WPA, and even to some extent WPA2 through a range of exploits specific to those protocols, or simply by running dictionary and human-factors attacks on users' poorly-chosen passwords. This presents a security risk to the entire home or enterprise network. To mitigate this ongoing problem, we propose SecureArray, a system designed to operate alongside existing wireless security protocols, adding defense in depth against active attacks. SecureArray's novel signal processing techniques leverage multi-antenna access point (AP) to profile the directions at which a client's signals arrive, using this angle-of-arrival (AoA) information to construct highly sensitive signatures that with very high probability uniquely identify each client. Upon overhearing a suspicious transmission, the client and AP initiate an AoA signature-based challenge-response protocol to confirm and mitigate the threat. We also discuss how SecureArray can mitigate direct denial-of-service attacks on the latest 802.11 wireless security protocol. We have implemented SecureArray with an eight-antenna WARP hardware radio acting as the AP. Our experimental results show that in a busy office environment, SecureArray is orders of magnitude more accurate than current techniques, mitigating 100% of WiFi spoofing attack attempts while at the same time triggering false alarms on just 0.6% of legitimate traffic. Detection rate remains high when the attacker is located only five centimeters away from the legitimate client, for AP with fewer numbers of antennas and when client is mobile

A Resilient MAC Protocol for Wireless Networks

Paper presented at the IMA Conference on Game Theory and its Applications, Oxford, 8/12/2014Peer reviewe

Security Validation of Wireless Access Point with Purpose of Preventing Access to Sensitive Information

Glavna prednost, a istovremeno i značajan sigurnosni nedostatak bežičnih lokalnih računalnih mreža, je činjenica da se područje pokrivanja ne može kontrolirati kao i u žičanoj infrastrukturi. Standard za bežičnu komunikaciju naziva IEEE 802.11, omogućuje pristup mreži informacijsko komunikacijskog sustava čak i izvan područja zgrade ili objekta u kojoj se ona koristi. Povezivanjem na bežičnu infrastrukturu, napadaču je omogućeno daljnje napredovanje kroz sustav i ugrožavanje osjetljivih informacija koje on sadrži. Validacija sigurnosti informacijsko komunikacijskog sustava, jedan je od načina provjere implementiranih mjera zaštite u sustavu. Poznat još i kao penetracijsko testiranje, postupak je autoriziranog napada na sustav od strane izvođača testa. U radu je analiziran postupak penetracijskog testiranja informacijsko komunikacijskog sustava, napadom na uređaje u bežičnoj mreži fakulteta te je istraženo kojim informacijama i podacima je moguće pristupiti uporabom raznih alata iz Kali Linux operativnog sustava.The main advantage, and a huge security vulnerability in the wireless network communication standard 802.11, is the fact that network coverage area can't be controlled as in its wired counterpart. This kind of networks can be accessed outside of the area or the building where the network is used, and after that the entire system can be compromised by an attacker in case there are no implemented security controls. Security validation of information and communication systems, also known as penetration testing, is security check of safety measures implemented in the system. It is a simulation of authorized attack performed by a tester who uses tools and thinks like an attacker. This paper analyzes the procedure of penetration testing of the faculty's information system that includes wireless network. The paper describes some possible attacks on other devices in the wireless network and investigates which sensitive information and data that can be acquired, by using various tools from Kali Linux operating system

Robustness in Wireless Network Access Protocols

Wireless network access protocols are used in numerous safety critical applications. Network availability is essential for safety critical applications,since loss of availability can cause personal or material damage. An adversary can disrupt the availability of a wireless network using denial of service (DoS) attacks. The most widely used wireless protocols are vulnerable to DoS attacks. Researchers have published DoS attacks against IEEE 802.11 local area networks (LANs), IEEE 802.16 wide area networks (WANs) and GSM andUMTS mobile networks. In this work, we analyze DoS vulnerabilities in wireless network protocols and define four categories of attacks:  jamming attacks, flooding attacks, semantic attacks and implementation specific attacks. We identify semantic attacks as the most severe threat to current andfuture wireless protocols, and as the category that has received the least attention by researchers. During the first phase of the research project we discover semantic DoS vulnerabilities in the IEEE 802.11 communication protocols through manual analysis. The 802.11 standard has been subject to manual analysis of DoS vulnerabilities for more than a decade, thus our results indicate that protocol vulnerabilities can elude manual analysis. We conclude that formal methods are required in order to improve protocol robustness against semantic DoS attacks.We propose a formal method that can be used to automatically discover protocol vulnerabilities. The formal method defines a protocol model, adversary model and cost model. The protocol participants and adversary are modeled as finite state transducers, while the cost is modeled as a function of time. Our primary goal is to construct a formal method that is practical, i.e. does not require a vast amount of resources to implement, and useful, i.e. able to discover protocol vulnerabilities. We verify and validate our proposed method by modeling the 802.11w amendment to the 802.11 standard using Promela as the modeling language. We then use the SPIN model checker to verify the model properties and experiments to validate the results. The modeling and experiments result in the discovery and experimental validation of four new deadlock vulnerabilities that had eluded manual analysis. We find one deadlock vulnerability in 802.11i and three deadlock vulnerabilitiesin 802.11w. A deadlock vulnerability is the most severe form of communication protocol DoS vulnerabilities, and their discovery and removal are an essential part of robust protocol design. Thus, we conclude that our proposed formal method is both practical and useful