Detecting and Locating Man-in-the-Middle Attacks in Fixed Wireless Networks

We propose a novel method to detect and locate a Man-in-the-Middle attack in a fixed wireless network by analyzing round-trip time and measured received signal strength from fixed access points. The proposed method was implemented as a client-side application that establishes a baseline for measured round trip time (RTTs) and received signal strength (RSS) under no-threat scenarios and applies statistical measures on the measured RTT and RSS to detect and locate Man-in-the-Middle attacks.We show empirically that the presence of a Man-in-the-Middle attack incurs a significantly longer delay and larger standard deviation in measured RTT compared to that measured without a Man-in-the-Middle attack.We evaluated three machine learning algorithms on the measured RSS dataset to estimate the location of a Man-in-the-Middle attacker.Experimental results show that the proposed method can effectively detect and locate a Man-in-the-Middle attack and achieves a mean location estimation error of 0.8 meters in an indoor densely populated metropolitanenvironment.</p

Guest Editorial

Network security is a continuing endeavor as exhibited by this special issue on the subject. Although the problem of securing networks emerged almost simultaneously with their development, attaining a fixed set of complete solutions remains evasive. In the history of the development of computers and networking, solutions to challenging problems have become touchstones, and from among them we can draw a parallel to the current state of network development

Author Index

Author Index: CIT Vol. 23 (2015), No 1–

Design of Real-Time Simulation Testbed for Advanced Metering Infrastructure (Ami) Network

Conventional power grids are being superseded by smart grids, which have smart meters as one of the key components. Currently, for the smart metering communication, wireless technologies have predominantly replaced the traditional Power Line Communication (PLC). Different vendors manufacture smart meters using different wireless communication technologies. For example, some vendors use WiMAX, others prefer Low-Power Wireless Personal Area Networks (Lo-WPAN) for the Media Access Control (MAC) and physical layer of the smart meter network, also known as Advanced Metering Infrastructure (AMI) network. Different communication techniques are used in various components of an AMI network. Thus, it is essential to create a testbed to evaluate the performance of a new wireless technology or a novel protocol to the network. It is risky to study cyber-security threats in an operational network. Hence, a real-time simulation testbed is considered as a substitute to capture communication among cyber-physical subsystems. To design the communication part of our testbed, we explored a Cellular Internet of Things (CIoT) : Co-operative Ultra NarrowBand (C-UNB) technology for the physical and the MAC layer of the Neighborhood Area Network (NAN) of the AMI. After successful evaluation of its performance in a Simpy python simulator, we integrated a module into Network Simulator-3 (NS-3). As NS-3 provides a platform to incorporate real-time traffic to the AMI network, we can inject traffic from power simulators like Real Time Digital Simulator (RTDS). Our testbed was used to make a comparative study of different wireless technologies such as IEEE 802.11ah, WiMAX, and Long Term Evolution (LTE). For the traffic, we used HTTP and Constrained Application Protocol (CoAP), a widely used protocol in IoT. Additionally, we integrated the NS-3 module of Device Language Message Specification - Companion Specification for Energy Metering (DLMS-COSEM), that follows the IEC 62056 standards for electricity metering data exchange. This module which comprises of application and transport layers works in addition with the physical and MAC layer of the ii C-UNB module. Since wireless communication is prone to eavesdropping and information leakages, it is crucial to conduct security studies on these networks. Hence, we performed some cyber-attacks such as Denial of Service (DoS), Address Resolution Protocol (ARP) spoofing and Man-in-the-Middle (MiTM) attacks in the testbed, to analyze their impact on normal operation of AMI network. Encryption techniques can alleviate the issue of data hijacking, but makes the network traffic invisible, which prevents conventional Intrusion Detection Systems (IDS) from undertaking packet-level inspection. Thus, we developed a Bayesian-based IDS for ARP spoof detection to prevent rogue smart meters from modifying genuine data or injecting false data. The proposed real time simulation testbed is successfully utilized to perform delay and throughput analysis for the existing wireless technologies alongwith the evaluation of the novel features of C-UNB module in NS-3. This module can be used to evaluate a broad range of traffic. Using the testbed we also validated our IDS for ARP spoofing attack. This work can be further utilized by security researchers to study different cyber attacks in the AMI network and propose new attack prevention and detection solution. Moreover, it can also allow wireless communication researchers to improve our C-UNB module for NS-3