Wireless intrusion detection system using fingerprinting

Wireless network is the network which is easy to deploy and very easy to access that network and that network is user friendly. The main reason behind of getting popular is because it provide benefits, like as easy to installation, flexibility, mobility, scalability and reduced cost-of-ownership. But drawback in these wireless networks is that it doesn't provide security as much as required, due to that user faces attacks of various types which are damageable to user information. One of the serious attack is Identity based attacks which steals the identity of some other user in that network and performed some other attack. The available present security tools to detect such these identity(spoofed MAC) based attacks are quite limited. In this proposed work a new technique is developed for detecting masquerade(identity) attacks or spoofed MAC attack exploited in 802.11 wireless network. Current methods of device fingerprinting includes only probe request packets fingerprinting, which results in large amount of false positive. In our proposed work fingerprint is created on basis of three frames which are required in three section of connectivity phase and that frames are probe request frame, authentication frame and association frame. Time differences between consecutive frames are take into consideration and on the basis of that fingerprint is created of different device. In this proposed technique cross-correlation method is used to estimate the signals similarity in terms of time lagging to each other. Those signals are captured by different devices. Stored signature of actual device and captured signal of transmitting device is compared using this technique and after that result analysis, identification of device is done

Wireless device identification from a phase noise prospective

As wireless devices become increasingly pervasive and essential, they are becoming both a target for attacks and the very weapon with which such an attack can be carried out. Wireless networks have to face new kinds of intrusion that had not been considered previously because they are linked to the open nature of wireless networks. In particular, device identity management and intrusion detection are two of the most significant challenges in any network security solution but they are paramount for any wireless local area networks (WLANs) because of the inherent non-exclusivity of the transmission medium. The physical layer of 802.11-based wireless communication does not offer security guarantee because any electromagnetic signal transmitted can be monitored, captured, and analyzed by any sufficiently motivated and equipped adversary within the 802.11 device's transmission range. What is required is a form of identification that is nonmalleable (cannot be spoofed easily). For this reason we have decided to focus on physical characteristics of the network interface card (NIC) to distinguish between different wireless users because it can provide an additional layer of security. The unique properties of the wireless medium are extremely useful to get an additional set of information that can be used to extend and enhance traditional security mechanisms. This approach is commonly referred to as radio frequency fingerprinting (RFF), i.e., determining specific characteristics (fingerprint) of a network device component. More precisely, our main goal is to prove the feasibility of exploiting phase noise in oscillators for fingerprinting design and overcome existing limitations of conventional approaches. The intuition behind our design is that the autonomous nature of oscillators among noisy physical systems makes them unique in their response to perturbations and none of the previous work has ever tried to take advantage of thi

IEEE 802.11 i Security and Vulnerabilities

Despite using a variety of comprehensive preventive security measures, the Robust Secure Networks (RSNs) remain vulnerable to a number of attacks. Failure of preventive measures to address all RSN vulnerabilities dictates the need for enhancing the performance of Wireless Intrusion Detection Systems (WIDSs) to detect all attacks on RSNs with less false positive and false negative rates

Empirical Techniques To Detect Rogue Wireless Devices

Media Access Control (MAC) addresses in wireless networks can be trivially spoofed using off-the-shelf devices. We proposed a solution to detect MAC address spoofing in wireless networks using a hard-to-spoof measurement that is correlated to the location of the wireless device, namely the Received Signal Strength (RSS). We developed a passive solution that does not require modification for standards or protocols. The solution was tested in a live test-bed (i.e., a Wireless Local Area Network with the aid of two air monitors acting as sensors) and achieved 99.77%, 93.16%, and 88.38% accuracy when the attacker is 8–13 m, 4–8 m, and less than 4 m away from the victim device, respectively. We implemented three previous methods on the same test-bed and found that our solution outperforms existing solutions. Our solution is based on an ensemble method known as Random Forests. We also proposed an anomaly detection solution to deal with situations where it is impossible to cover the whole intended area. The solution is totally passive and unsupervised (using unlabeled data points) to build the profile of the legitimate device. It only requires the training of one location which is the location of the legitimate device (unlike the misuse detection solution that train and simulate the existing of the attacker in every possible spot in the network diameter). The solution was tested in the same test-bed and yield about 79% overall accuracy. We build a misuseWireless Local Area Network Intrusion Detection System (WIDS) and discover some important fields in WLAN MAC-layer frame to differentiate the attackers from the legitimate devices. We tested several machine learning algorithms and found some promising ones to improve the accuracy and computation time on a public dataset. The best performing algorithms that we found are Extra Trees, Random Forests, and Bagging. We then used a majority voting technique to vote on these algorithms. Bagging classifier and our customized voting technique have good results (about 96.25 % and 96.32 %respectively) when tested on all the features. We also used a data mining technique based on Extra Trees ensemble method to find the most important features on AWID public dataset. After selecting the most 20 important features, Extra Trees and our voting technique are the best performing classifiers in term of accuracy (96.31 % and 96.32 % respectively)

Signal Processing in Wireless Communications: Device Fingerprinting and Wide-Band Interference Rejection

The rapid progress of wireless communication technologies that has taken place in recent years has significantly improved the quality of everyday life. However with this expansion of wireless communication systems come significant security threats and significant technological challenges, both of which are due to the fact that the communication medium is shared. The ubiquity of open wireless Internet access networks creates a new avenue for cyber-criminals to impersonate and act in an unauthorized way. The increasing number of deployed wide-band wireless communication systems entails technological challenges for effective utilization of the shared medium, which implies the need for advanced interference rejection methods. Wireless security and interference rejection in wide-band wireless communications are therefore often considered as the two main challenges in wireless network\u27s design and research. Important aspects of these challenges are illuminated and addressed in this dissertation. This dissertation considers signal processing approaches for exploiting or mitigating the effects of non-ideal components in wireless communication systems. In the first part of the dissertation, we introduce and study a novel, model-based approach to wireless device identification that exploits imperfections in the transmitter caused by manufacturing process nonidealities. Previous approaches to device identification based on hardware imperfections vary from transient analysis to machine learning but have not provided verifiable accuracy. Here, we detail a model-based approach, that uses statistical models of RF transmitter components: digital-to-analog converter, power amplifier and RF oscillator, which are amenable for analysis. Our proposed approach examines the key device characteristics that cause anonymity loss, countermeasures that can be applied by the nodes to regain the anonymity, and ways of thwarting such countermeasures. We develop identification algorithms based on statistical signal processing methods and address the challenging scenario when the units that need to be distinguished from one another are of the same model and from the same manufacturer. Using simulations and measurements of components that are commonly used in commercial communications systems, we show that our anonymity breaking techniques are effective. In the second part of the dissertation, we consider innovative approaches for the acquisition of frequency-sparse signals with wide-band receivers when a weak signal of interest is received in the presence of a very strong interference, and the effects of the nonlinearities in the low-noise amplifier at the receiver must be mitigated. All samples with amplitude above a given threshold, dictated by the linear input range of the receiver, are discarded to avoid the distortion caused by saturation of the low noise amplifier. Such a sampling scheme, while avoiding nonlinear distortion that cannot be corrected in the digital domain, poses challenges for signal reconstruction techniques, as the samples are taken non-uniformly, but also non-randomly. The considered approaches fall into the field of compressive sensing (CS); however, what differentiates them from conventional CS is that a structure is forced upon the measurement scheme. Such a structure causes a violation of the core CS assumption of the measurements\u27 randomness. We consider two different types of structured acquisition: signal independent and signal dependent structured acquisition. For the first case, we derive bounds on the number of samples needed for successful CS recovery when samples are drawn at random in predefined groups. For the second case, we consider enhancements of CS recovery methods when only small-amplitude samples of the signal that needs to be recovered are available for the recovery. Finally, we address a problem of spectral leakage due to the limited processing block size of block processing, wide-band receivers and propose an adaptive block size adjustment method, which leads to significant dynamic range improvements

Memory-Based antiforensic tools and techniques

Computer forensics is the discipline that deals with the acquisition, investigation, preservation, and presentation of digital evidence in the court of law. Whereas antiforensics is the terminology used to describe malicious activities deployed to delete, alter, or hide digital evidence with the main objective of manipulating, destroying, and preventing the creation of evidence. Various antiforensic methodologies and tools can be used to interfere with digital evidence and computer forensic tools. However, memory-based antiforensic techniques are of particular interest because of their effectiveness, advanced manipulation of digital evidence, and attack on computer forensic tools. These techniques are mainly performed in volatile memory using advanced data alteration and hiding techniques. For these reasons memory-based antiforensic techniques are considered to be unbeatable. This article aims to present some of the current antiforensic approaches and in particular reports on memory-based antiforensic tools and techniques

Managing Access Control in Virtual Private Networks

Virtual Private Network technology allows remote network users to benefit from resources on a private network as if their host machines actually resided on the network. However, each resource on a network may also have its own access control policies, which may be completely unrelated to network access. Thus users� access to a network (even by VPN technology) does not guarantee their access to the sought resources. With the introduction of more complicated access privileges, such as delegated access, it is conceivable for a scenario to arise where a user can access a network remotely (because of direct permissions from the network administrator or by delegated permission) but cannot access any resources on the network. There is, therefore, a need for a network access control mechanism that understands the privileges of each remote network user on one hand, and the access control policies of various network resources on the other hand, and so can aid a remote user in accessing these resources based on the user\u27s privileges. This research presents a software solution in the form of a centralized access control framework called an Access Control Service (ACS), that can grant remote users network presence and simultaneously aid them in accessing various network resources with varying access control policies. At the same time, the ACS provides a centralized framework for administrators to manage access to their resources. The ACS achieves these objectives using VPN technology, network address translation and by proxying various authentication protocols on behalf of remote users