164 research outputs found

    A Survey on Spoofing and Selective Forwarding Attacks on Zigbee based WSN

    Get PDF
    The main focus of WSN is to gather data from the physical world. It is often deployed for sensing, processing as well as disseminating information of the targeted physical environments. The main objective of the WSN is to collect data from the target environment using sensors as well as transmit those data to the desired place of choice. In order to achieve an efficient performance, WSN should have efficient as well as reliable networking protocols. The most popular technology behind WSN is Zigbee. In this paper a pilot study is done on important security issues on spoofing and selective forwarding attack on Zigbee based WSN. This paper identifies the security vulnerabilities of Zigbee network and gaps in the existing methodologies to address the security issues and will help the future researchers to narrow down their research in WSN.Keywords: Zigbee, WSN, Protocol Stack, Spoofing and Selective Forwarding

    Innovating additional Layer 2 security requirements for a protected stack

    Get PDF
    Security is only as good as the weakest link and if the weakness is at a low level in the communication stack then every other Layer has potential to inherit the problem. The OSI Layer model has defined the theoretical architecture for network communications (ISO/IEC 7498-1). Standardisation assures that each element of an internetwork uses the same model and hence a message can be moved intelligibly and correctly between participants. The OSI model divides communications into seven hierarchical Layers that provide the necessary services from the application Layer through to the physical Layer of electricity (ISO/IEC 7498-2). Each Layer is dependent on the one below to provide the more primitive functions and is hence interconnected from top to bottom in a communication chain. The four Layer TCP/IP pragmatic model conveys a similar relationship of dependant services for communication that have inter-dependence (Comer, 1995). The consequence is that no matter how a communication stack is looked at – theoretically or in practice – problems low down impact higher Layers. In this research we looked specifically at the OSI Data Link Layer (2) not only because so much has been written on security issues at this Layer, but also because it is the first Layer where serious abstraction in terms of logics and protocols is made from the primitive physical impulses (Altunbasak et al., 2005; NIST, 2013). These theoretical abstractions offer opportunity for proper and improper manipulation that may either better facilitate communication or impede effective communication. The data link Layer also gives opportunity for a range of logical attacks that may exploit the effective communication but not always for the intended purposes. Such vulnerabilities occur elsewhere in the communication stack but Layer 2 is the first real opportunity for logical attacks (Shanmug et al, 2010; Altunbasak, et al., 2005). This paper is structured to briefly review current literature and define the implications of OSI Layer 2 security vulnerabilities. The OSI model is selected in preference over the TCP/IP model as it has greater clarity around specific layers and reference detail. Two gaps in the literature are identified and theoretical solutions proposed for Layer 2 security

    Implementing network security at Layer 2 and Layer 3 OSI model

    Get PDF
    This thesis investigated the features of security devices that would be suitable for implementations in medium to large enterprise networks at the global scale. In the thesis are covered open standard and proprietary security features. The open standard security features that are discussed in the report are the one that are developed by Internet Engineering Task Force – IETF and described in their Request For Comments – RFC. The proprietary features discussed in this report are from Cisco Systems and these features are always implemented in the Cisco Systems equipment. The author at the beginning describes common vulnerabilities, threats and attacks and then used comparative and quantities methodology to analyze the security features and its mitigation. Then in details were analyzed features of Cisco security devices, which operate at layer two and three of the OSI model, as the most commonly used equipment worldwide for securing entire computer networks. Based on their features and technical specifications it is shown that Cisco IOS Firewall feature set and Cisco Adaptive Security Appliance features are suitable for medium to big networks and with a staff that has advanced knowledge of risk security at computer networks. Network security is the process by which digital information assets are protected. The goals of security are to protect confidentiality, maintain integrity, and assure availability. With this in mind, it is imperative that all networks be protected from threats and vulnerabilities in order for a business to achieve its fullest potential. Typically, these threats are persistent due to vulnerabilities, which can arise from misconfigured hardware or software, poor network design, inherent technology weaknesses, or end-user carelessness. With the help of the Packet Tracer simulation software, different features and implementations of security features are tested. Using Packet Tracer software the author has created configuration script for every case used in a designed topology. At the end of the thesis under the Appendixes section is introduced operation of the Packet Tracer and configuration topology that is used throughout this report for the testing purposes

    Analysis and Design of a secure WLAN solution for Cobre Las Cruces

    Get PDF
    Cobre Las Cruces is a renowned copper mining company located in Sevilla, with unexpected problems in wireless communications that have a direct affectation in production. Therefore, the main goals are to improve the WiFi infrastructure, to secure it and to detect and prevent from attacks and from the installation of rogue (and non-authorized) APs. All of that integrated with the current ICT infrastructure. This project has been divided into four phases, although only two of them have been included into the TFC; they are the analysis of the current situation and the design of a WLAN solution. Once the analysis part was finished, some weaknesses were detected. Subjects such as lack of connectivity and control, ignorance about installed WiFi devices and their localization and state and, by and large, the use of weak security mechanisms were some of the problems found. Additionally, due to the fact that the working area became larger and new WiFi infrastructures were added, the first phase took more time than expected. As a result of the detailed analysis, some goals were defined to solve and it was designed a centralized approach able to cope with them. A solution based on 802.11i and 802.1x protocols, digital certificates, a probe system running as IDS/IPS and ligthweight APs in conjunction with a Wireless LAN Controller are the main features

    Intrusion Detection for Smart Grid Communication Systems

    Get PDF
    Transformation of the traditional power grid into a smart grid hosts an array of vulnerabilities associated with communication networks. Furthermore, wireless mediums used throughout the smart grid promote an environment where Denial of Service (DoS) attacks are very effective. In wireless mediums, jamming and spoofing attack techniques diminish system operations thus affecting smart grid stability and posing an immediate threat to Confidentiality, Integrity, and Availability (CIA) of the smart grid. Intrusion detection systems (IDS) serve as a primary defense in mitigating network vulnerabilities. In IDS, signatures created from historical data are compared to incoming network traffic to identify abnormalities. In this thesis, intrusion detection algorithms are proposed for attack detection in smart grid networks by means of physical, data link, network, and session layer analysis. Irregularities in these layers provide insight to whether the network is experiencing genuine or malicious activity

    IPv6: a new security challenge

    Get PDF
    Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks

    Radio Frequency Fingerprinting Techniques through Preamble Modification in IEEE 802.11b

    Get PDF
    Wireless local area networks are particularly vulnerable to cyber attacks due to their contested transmission medium. Access point spoofing, route poisoning, and cryptographic attacks are some of the many mature threats faced by wireless networks. Recent work investigates physical-layer features such as received signal strength or radio frequency fingerprinting to identify and localize malicious devices. This thesis demonstrates a novel and complementary approach to exploiting physical-layer differences among wireless devices that is more energy efficient and invariant with respect to the environment than traditional fingerprinting techniques. Specifically, this methodology exploits subtle design differences among different transceiver hardware types. A software defined radio captures packets with standard-length IEEE 802.11b preambles, manipulates the recorded preambles by shortening their length, then replays the altered packets toward the transceivers under test. Wireless transceivers vary in their ability to receive packets with preambles shorter than the standard. By analyzing differences in packet reception with respect to preamble length, this methodology distinguishes amongst eight transceiver types from three manufacturers. All tests to successfully enumerate the transceivers achieve accuracy rates greater than 99%, while transmitting less than 60 test packets. This research extends previous work illustrating RF fingerprinting techniques through IEEE 802.15.4 wireless protocols. The results demonstrate that preamble manipulation is effective for multi-factor device authentication, network intrusion detection, and remote transceiver type fingerprinting in IEEE 802.11b

    BANDWIDTH CONTROL BASED ON IP ADDRESS

    Get PDF
    This report provides an insight of problem identification, related secondary data (literature reviews), the possible approach in completing the project and the result/discussion arguments. The progress of the project are also been projected in this report. It can be referred to the diagrams, testing results and some comparisons that will be later discuss in depth. The proposed method is based on the current situation that every network is experiencing which is the congested problem as a result of some phenomenon that occurs such as the bottleneck problems and ip spoofing. Upon the completion of this project, it is expected to deliver a fair distribution of network bandwidth to the users. It is practically done by controlling the bandwidth usage from a dedicated server and a resource locator so that the abuser can be pin-pointed and the whereabouts can also be determined. A network policy is also being implemented here with the integration of the PHP language, the MySQL as the main data storage and also the GIS application such as the mapserver for the resource locator part. This paper will also focus on the security part and data visualization from the result

    Block the Root Takeover: Validating Devices Using Blockchain Protocol

    Get PDF
    This study addresses a vulnerability in the trust-based STP protocol that allows malicious users to target an Ethernet LAN with an STP Root-Takeover Attack. This subject is relevant because an STP Root-Takeover attack is a gateway to unauthorized control over the entire network stack of a personal or enterprise network. This study aims to address this problem with a potentially trustless research solution called the STP DApp. The STP DApp is the combination of a kernel /net modification called stpverify and a Hyperledger Fabric blockchain framework in a NodeJS runtime environment in userland. The STP DApp works as an Intrusion Detection System (IPS) by intercepting Ethernet traffic and blocking forged Ethernet frames sent by STP Root-Takeover attackers. This study’s research methodology is a quantitative pre-experimental design that provides conclusive results through empirical data and analysis using experimental control groups. In this study, data collection was based on active RAM utilization and CPU Usage during a performance evaluation of the STP DApp. It blocks an STP Root-Takeover Attack launched by the Yersinia attack tool installed on a virtual machine with the Kali operating system. The research solution is a test blockchain framework using Hyperledger Fabric. It is made up of an experimental test network made up of nodes on a host virtual machine and is used to validate Ethernet frames extracted from stpverify

    Wireless intrusion detection system using fingerprinting

    Get PDF
    Wireless network is the network which is easy to deploy and very easy to access that network and that network is user friendly. The main reason behind of getting popular is because it provide benefits, like as easy to installation, flexibility, mobility, scalability and reduced cost-of-ownership. But drawback in these wireless networks is that it doesn't provide security as much as required, due to that user faces attacks of various types which are damageable to user information. One of the serious attack is Identity based attacks which steals the identity of some other user in that network and performed some other attack. The available present security tools to detect such these identity(spoofed MAC) based attacks are quite limited. In this proposed work a new technique is developed for detecting masquerade(identity) attacks or spoofed MAC attack exploited in 802.11 wireless network. Current methods of device fingerprinting includes only probe request packets fingerprinting, which results in large amount of false positive. In our proposed work fingerprint is created on basis of three frames which are required in three section of connectivity phase and that frames are probe request frame, authentication frame and association frame. Time differences between consecutive frames are take into consideration and on the basis of that fingerprint is created of different device. In this proposed technique cross-correlation method is used to estimate the signals similarity in terms of time lagging to each other. Those signals are captured by different devices. Stored signature of actual device and captured signal of transmitting device is compared using this technique and after that result analysis, identification of device is done
    corecore