A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

MPTCP Robustness Against Large-Scale Man-in-the-Middle Attacks

International audienceMultipath communications at the Internet scale have been a myth for a long time, with no actual protocol being deployed at large scale. Recently, the Multipath Transmission Control Protocol (MPTCP) extension was standardized and is undergoing rapid adoption in many different use-cases, from mobile to fixed access networks, from data-centers to core networks. Among its major benefits-i.e., reliability thanks to backup path rerouting, through-put increase thanks to link aggregation, and confidentiality being more difficult to intercept a full connection-the latter has attracted lower attention. How effective would be to use MPTCP, or an equivalent multipath transport layer protocol, to exploit multiple Internet-scale paths and decrease the probability of Man-in-the-Middle (MITM) attacks is a question which we try to answer. By analyzing the Autonomous System (AS) level graph, we identify which countries and regions show a higher level of robustness against MITM AS-level attacks, for example due to core cable tapping or route hijacking practices.

Physical layer security (PLS) solutions for passive eavesdropping in wireless communication

An absolute secured wireless communication is unattainable. Nevertheless, communication models must be secure and unique across each layer of the model. The physical layer is the easiest layer through which information leaks, due to its broadcast nature. The security in the physical layer, measured as secrecy capacity, is subdivided into keyed and keyless security models. In practice, the eavesdropper’s evasive and obscure random wireless channel model makes it difficult to optimise keyless security measure at the physical layer. Considering this practical challenge, the objective of this work is to use novel keyless approaches to reduce the ability of an illegitimate user to access the transmitted message via the physical layer. Physical layer security (PLS) was achieved through the deployment of unmanned aerial vehicles (UAV), intelligent reflecting surfaces (IRS), and communication sensing as security enablers in this thesis. The UAV operates with interfering signals while the IRS and sensing techniques optimise respective inherent properties leading to higher PLS performance. The thesis presents solutions to the parametric design of UAV, IRS, and wireless sensing technologies for PLS functionality. Designs and analysis herein follow from analytical derivations and numerical simulations. Specifically, the thesis presents a novel average secrecy rate formulation for passive eavesdropping with a reception rate upper bound by that of the legitimate receiver. The keyless PLS assessed from the formulations guaranteed positive rates with the design of a broadcast interfering signal delivered from a UAV. Based on the verification of the positive secrecy rate with passive eavesdropping, a swarm of UAVs improved the PLS of the communication system delivering more interfering signals. Furthermore, the functionalities of the interference driven UAV swarm were miniaturised with a system of aerial IRS. By harnessing inherent channel dynamics, a novel non-iterative design of the aerial IRS system was presented as a panacea to PLS requirements. Finally, the thesis presents the analysis of a legitimate receiver with a novel noise and interference filter as a sensing mitigation technique. The filter enhanced PLS by enabling the legitimate receiver to effectively extract desired information

Multipath Routing on Anonymous Communication Systems: Enhancing Privacy and Performance

We live in an era where mass surveillance and online tracking against civilians and organizations have reached alarming levels. This has resulted in more and more users relying on anonymous communications tools for their daily online activities. Nowadays, Tor is the most popular and widely deployed anonymization network, serving millions of daily users in the entire world. Tor promises to hide the identity of users (i.e., IP addresses) and prevents that external agents disclose relationships between the communicating parties. However, the benefit of privacy protection comes at the cost of severe performance loss. This performance loss degrades the user experience to such an extent that many users do not use anonymization networks and forgo the privacy protection offered. On the other hand, the popularity of Tor has captured the attention of attackers wishing to deanonymize their users. As a response, this dissertation presents a set of multipath routing techniques, both at transport and circuit level, to improve the privacy and performance offered to Tor users. To this end, we first present a comprehensive taxonomy to identify the implications of integrating multipath on each design aspect of Tor. Then, we present a novel transport design to address the existing performance unfairness of the Tor traffic.In Tor, traffic from multiple users is multiplexed in a single TCP connection between two relays. While this has positive effects on privacy, it negatively influences performance and is characterized by unfairness as TCP congestion control gives all the multiplexed Tor traffic as little of the available bandwidth as it gives to every single TCP connection that competes for the same resource. To counter this, we propose to use multipath TCP (MPTCP) to allow for better resource utilization, which, in turn, increases throughput of the Tor traffic to a fairer extend. Our evaluation in real-world settings shows that using out-of-the-box MPTCP leads to 15% performance gain. We analyze the privacy implications of MPTCP in Tor settings and discuss potential threats and mitigation strategies. Regarding privacy, in Tor, a malicious entry node can mount website fingerprinting (WFP) attacks to disclose the identities of Tor users by only observing patterns of data flows.In response to this, we propose splitting traffic over multiple entry nodes to limit the observable patterns that an adversary has access to. We demonstrate that our sophisticated splitting strategy reduces the accuracy from more than 98% to less than 16% for all state-of-the-art WFP attacks without adding any artificial delays or dummy traffic. Additionally, we show that this defense, initially designed against WFP, can also be used to mitigate end-to-end correlation attacks. The contributions presented in this thesis are orthogonal to each other and their synergy comprises a boosted system in terms of both privacy and performance. This results in a more attractive anonymization network for new and existing users, which, in turn, increases the security of all users as a result of enlarging the anonymity set