Towards DoS attack prevention based on clustering architecture in mobile IP communication

Mobile IP communication, like wired communication and mobile ad hoc networking, is vulnerable to Denial-of-Service (DoS) attacks. In this paper, we propose using a lightweight packet filtering technique in different domains and base stations to reduce/eliminate the threat of DoS attacks on mobile IP networks. The proposed technique will be able to detect and filter out any suspected packets containing spoofed IP address created by DoS attackers. The results of our experiments indicate that our proposed technique can significantly reduce the effect of DoS attacks and improves performance of mobile IP communication

Access control and availability aspects using wireless solutions based on IEEE 802.11 technologies, providing access to classified networks

Wireless networking is among the fastest growing trends in technology. For military objectives wireless networks are effective and flexible ways of communicating, and important elements in operating quick, accurate and independent. Over the last year’s commercial technology, based on the wireless IEEE 802.11 standard has grown to be low-cost products offering cheap and easy ways to establish rapid communication services. For all that, lacking elements of security, increased availability, weak mechanisms and capabilities in order to protect and safeguard private wireless networking, concerns costumers which require high assurance communication facilities. To comply with physical security, high-end wireless security requirements and protection mechanisms are required to fully ensure the wireless environment and control the enterprise. Wireless networks has not been considered secure enough to be implemented as part of high assurance communication systems which have access to classified information networks. This thesis considers security aspects of wireless networking related to access control and availability, which means that a wide range of security issues will be discussed. Based on availability, the thesis will focus on requirements and mechanisms related to authentication, confidentiality, integrity and authenticity. The thesis has indicated through two problem scenarios that high-end requirements signifies complexity and that security mechanisms must be implemented through adoption and adjustment of the available security protocols IEEE 802.1X and IEEE 802.11i. Still, the thesis has shown that security protocols such as IEEE 802.1X and 802.11i does not solve all security problems. Additional wireless protection systems are required to supervise and control state security in order to protect the wireless network environment. In addition, network-layer security is required to oblige end-to-end security control. The conclusion brings security in wireless network into comprehensive challenges that require fully control to analyze data and operations to consolidate the wireless environment. Considering wireless protection systems which operate as integrated parts of high assurance wireless system, the thesis has investigated mechanisms and ways to actively protect the wireless network environment. The thesis has shown that wireless monitor and honeypot networks introduce potential solutions to meet availability aspects in turns of automatic detection, protection and preventio

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

TorSH: Obfuscating consumer Internet-of-Things traffic with a collaborative smart-home router network

When consumers install Internet-connected smart devices in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users’ incom- ing and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to defend themselves against profiling by ISP-like actors and that is more in tune with their wishes. In this thesis, we present The Onion Router for Smart Homes (TorSH), a network of smart-home routers working collaboratively to defend smart-device traffic from analysis by ISP-like adversaries. We demonstrate that TorSH succeeds in deterring such profiling while preserving smart-device experiences and without encumbering latency-sensitive, non-smart-device experiences like web browsing

Privacy Protection and Mobility Enhancement in Internet

Indiana University-Purdue University Indianapolis (IUPUI)The Internet has substantially embraced mobility since last decade. Cellular data network carries majority of Internet mobile access traffic and become the de facto solution of accessing Internet in mobile fashion, while many clean-slate Internet mobility solutions were proposed but none of them has been largely deployed. Internet mobile users increasingly concern more about their privacy as both researches and real-world incidents show leaking of communication and location privacy could lead to serious consequences. Just the communication itself between mobile user and their peer users or websites could leak considerable privacy of mobile user, such as location history, to other parties. Additionally, comparing to ordinary Internet access, connecting through cellular network yet provides equivalent connection stability or longevity. In this research we proposed a novelty paradigm that leverages concurrent far-side proxies to maximize network location privacy protection and minimize interruption and performance penalty brought by mobility.To avoid the deployment feasibility hurdle we also investigated the root causes impeding popularity of existing Internet mobility proposals and proposed guidelines on how to create an economical feasible solution for this goal. Based on these findings we designed a mobility support system offered as a value-added service by mobility service providers and built on elastic infrastructure that leverages various cloud aided designs, to satisfy economic feasibility and explore the architectural trade-offs among service QoS, economic viability, security and privacy

Masquerading Techniques in IEEE 802.11 Wireless Local Area Networks

The airborne nature of wireless transmission offers a potential target for attackers to compromise IEEE 802.11 Wireless Local Area Network (WLAN). In this dissertation, we explore the current WLAN security threats and their corresponding defense solutions. In our study, we divide WLAN vulnerabilities into two aspects, client, and administrator. The client-side vulnerability investigation is based on examining the Evil Twin Attack (ETA) while our administrator side research targets Wi-Fi Protected Access II (WPA2). Three novel techniques have been presented to detect ETA. The detection methods are based on (1) creating a secure connection to a remote server to detect the change of gateway\u27s public IP address by switching from one Access Point (AP) to another. (2) Monitoring multiple Wi-Fi channels in a random order looking for specific data packets sent by the remote server. (3) Merging the previous solutions into one universal ETA detection method using Virtual Wireless Clients (VWCs). On the other hand, we present a new vulnerability that allows an attacker to force the victim\u27s smartphone to consume data through the cellular network by starting the data download on the victim\u27s cell phone without the victim\u27s permission. A new scheme has been developed to speed up the active dictionary attack intensity on WPA2 based on two novel ideas. First, the scheme connects multiple VWCs to the AP at the same time-each VWC has its own spoofed MAC address. Second, each of the VWCs could try many passphrases using single wireless session. Furthermore, we present a new technique to avoid bandwidth limitation imposed by Wi-Fi hotspots. The proposed method creates multiple VWCs to access the WLAN. The combination of the individual bandwidth of each VWC results in an increase of the total bandwidth gained by the attacker. All proposal techniques have been implemented and evaluated in real-life scenarios

Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures

Wireless Sensor Networks (WSNs) constitute one of the most promising third-millennium technologies and have wide range of applications in our surrounding environment. The reason behind the vast adoption of WSNs in various applications is that they have tremendously appealing features, e.g., low production cost, low installation cost, unattended network operation, autonomous and longtime operation. WSNs have started to merge with the Internet of Things (IoT) through the introduction of Internet access capability in sensor nodes and sensing ability in Internet-connected devices. Thereby, the IoT is providing access to huge amount of data, collected by the WSNs, over the Internet. Hence, the security of IoT should start with foremost securing WSNs ahead of the other components. However, owing to the absence of a physical line-of-defense, i.e., there is no dedicated infrastructure such as gateways to watch and observe the flowing information in the network, security of WSNs along with IoT is of a big concern to the scientific community. More specifically, for the application areas in which CIA (confidentiality, integrity, availability) has prime importance, WSNs and emerging IoT technology might constitute an open avenue for the attackers. Besides, recent integration and collaboration of WSNs with IoT will open new challenges and problems in terms of security. Hence, this would be a nightmare for the individuals using these systems as well as the security administrators who are managing those networks. Therefore, a detailed review of security attacks towards WSNs and IoT, along with the techniques for prevention, detection, and mitigation of those attacks are provided in this paper. In this text, attacks are categorized and treated into mainly two parts, most or all types of attacks towards WSNs and IoT are investigated under that umbrella: “Passive Attacks” and “Active Attacks”. Understanding these attacks and their associated defense mechanisms will help paving a secure path towards the proliferation and public acceptance of IoT technology