A novel cheater and jammer detection scheme for IEEE 802.11-based wireless LANs

The proliferation of IEEE 802.11 networks has made them an easy and attractive target for malicious devices/adversaries which intend to misuse the available network. In this paper, we introduce a novel malicious entity detection method for IEEE 802.11 networks. We propose a new metric, the Beacon Access Time (BAT), which is employed in the detection process and inherits its characteristics from the fact that beacon frames are always given preference in IEEE 802.11 networks. An analytical model to define the aforementioned metric is presented and evaluated with experiments and simulations. Furthermore, we evaluate the adversary detection capabilities of our scheme by means of simulations and experiments over a real testbed. The simulation and experimental results indicate consistency and both are found to follow the trends indicated in the analytical model. Measurement results indicate that our scheme is able to correctly detect a malicious entity at a distance of, at least, 120 m. Analytical, simulation and experimental results signify the validity of our scheme and highlight the fact that our scheme is both efficient and successful in detecting an adversary (either a jammer or a cheating device). As a proof of concept, we developed an application that when deployed at the IEEE 802.11 Access Point, is able to effectively detect an adversary. (C) 2015 Elsevier B.V. All rights reserved.Postprint (author's final draft

Secure and Reliable Wireless Communication through End-to-End-based Solution

In the past few decades, network architectures and protocols are often designed to achieve a high throughput and a low latency. Security was rarely considered during the initial design phases. As a result, many network systems are insecure by design. Once they are widely deployed, the inherent vulnerabilities may be difficult to eliminate due to the prohibitive update cost. In this dissertation, we examine such types of vulnerabilities in various networks and design end-to-end-based solutions that allow end systems to address such loopholes. The end-to-end argument was originally proposed to let end hosts implement application-specific functions rather than letting intermediate network nodes (i.e., routers) perform unneeded functions. In this dissertation, we apply the end-to-end principle to address three problems in wireless networks that are caused by design flaw with following reasons: either because integrating solutions into a large number of already deployed intermediate nodes is not a viable option or because end hosts are in a better position to cope with the problems. First, we study the problem of jamming in a multihop wireless network. Jamming attacks are possible because wireless networks communicate over a shared medium. It is easy to launch a jamming attack but is difficult to defend against it. To ensure the end-to-end packet delivery, we propose a jamming-resilient multipath routing algorithm that maximizes end-to-end availability based on the availability history between sources and destinations. Second, we investigate caller ID spoofing attacks in telephone networks in which an attacker can send a fake caller ID to a callee rather than her real one to impersonate as someone else. Such attacks are possible because there is no caller ID authentication mechanism in operator interconnection protocols. Modifying current protocols to verify caller ID between operators may be infeasible due to the scale of deployed systems. So, we propose two schemes to detect caller ID spoofing attacks based on end-to-end verification. Finally, we examine evil twin access point attacks in wireless hotspots. In such attacks, an adversary sets up a phishing access point that has the same Service Set IDentification (SSID) as the legitimate ones in the hotspot. Such attacks are easy to launch because of how 802.11 standards are designed. Existing solutions take away convenience from the user while providing security. Our aim is to detect evil twin access point attacks in wireless hotspots without modifying how access point works in hotspots and without additional infrastructure support. We propose an end-to-end-based mechanism that can effectively detect evil twin access point attacks in wireless hotspots

Game-Theoretic Frameworks and Strategies for Defense Against Network Jamming and Collocation Attacks

Modern networks are becoming increasingly more complex, heterogeneous, and densely connected. While more diverse services are enabled to an ever-increasing number of users through ubiquitous networking and pervasive computing, several important challenges have emerged. For example, densely connected networks are prone to higher levels of interference, which makes them more vulnerable to jamming attacks. Also, the utilization of software-based protocols to perform routing, load balancing and power management functions in Software-Defined Networks gives rise to more vulnerabilities that could be exploited by malicious users and adversaries. Moreover, the increased reliance on cloud computing services due to a growing demand for communication and computation resources poses formidable security challenges due to the shared nature and virtualization of cloud computing. In this thesis, we study two types of attacks: jamming attacks on wireless networks and side-channel attacks on cloud computing servers. The former attacks disrupt the natural network operation by exploiting the static topology and dynamic channel assignment in wireless networks, while the latter attacks seek to gain access to unauthorized data by co-residing with target virtual machines (VMs) on the same physical node in a cloud server. In both attacks, the adversary faces a static attack surface and achieves her illegitimate goal by exploiting a stationary aspect of the network functionality. Hence, this dissertation proposes and develops counter approaches to both attacks using moving target defense strategies. We study the strategic interactions between the adversary and the network administrator within a game-theoretic framework. First, in the context of jamming attacks, we present and analyze a game-theoretic formulation between the adversary and the network defender. In this problem, the attack surface is the network connectivity (the static topology) as the adversary jams a subset of nodes to increase the level of interference in the network. On the other side, the defender makes judicious adjustments of the transmission footprint of the various nodes, thereby continuously adapting the underlying network topology to reduce the impact of the attack. The defender\u27s strategy is based on playing Nash equilibrium strategies securing a worst-case network utility. Moreover, scalable decomposition-based approaches are developed yielding a scalable defense strategy whose performance closely approaches that of the non-decomposed game for large-scale and dense networks. We study a class of games considering discrete as well as continuous power levels. In the second problem, we consider multi-tenant clouds, where a number of VMs are typically collocated on the same physical machine to optimize performance and power consumption and maximize profit. This increases the risk of a malicious virtual machine performing side-channel attacks and leaking sensitive information from neighboring VMs. The attack surface, in this case, is the static residency of VMs on a set of physical nodes, hence we develop a timed migration defense approach. Specifically, we analyze a timing game in which the cloud provider decides when to migrate a VM to a different physical machine to mitigate the risk of being compromised by a collocated malicious VM. The adversary decides the rate at which she launches new VMs to collocate with the victim VMs. Our formulation captures a data leakage model in which the cost incurred by the cloud provider depends on the duration of collocation with malicious VMs. It also captures costs incurred by the adversary in launching new VMs and by the defender in migrating VMs. We establish sufficient conditions for the existence of Nash equilibria for general cost functions, as well as for specific instantiations, and characterize the best response for both players. Furthermore, we extend our model to characterize its impact on the attacker\u27s payoff when the cloud utilizes intrusion detection systems that detect side-channel attacks. Our theoretical findings are corroborated with extensive numerical results in various settings as well as a proof-of-concept implementation in a realistic cloud setting