A Review Paper on Security of Wireless Network

In the past few years, wireless networks, specifically those based on the IEEE 802.11 Standard, have experienced tremendous growth. A team at Rice University recovered the 802.11 Wired Equivalent Privacy 128-bit security key which is used by an active network. This Standard has increased the interest and attention of many researchers in recent years. The IEEE 802.11 is a family of standards, which defines and specifies the parts of the standard. This paper explains the survey on the latest development in how to secure an 802.11 wireless network by understanding its security protocols and mechanism. In order to fix security loopholes a public key authentication and key-establishment procedure has been proposed which fixes security loopholes in current standard. The public key cryptosystem is used to establish a session key securely between the client and Access point. Knowing how these mechanism and protocols works, including its weakness and vulnerabilities can be very helpful for planning, designing, implementing and/or hardening a much secure wireless network, effectively minimizing the impact of an attack. The methods used in current research are especially emphasized to analysis the technique of securing 802.11 standards. Finally, in this paper we pointed out some possible future directions of research

MedLAN: Compact mobile computing system for wireless information access in emergency hospital wards

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.As the need for faster, safer and more efficient healthcare delivery increases, medical consultants seek new ways of implementing a high quality telemedical system, using innovative technology. Until today, teleconsultation (the most common application of Telemedicine) was performed by transferring the patient from the Accidents and Emergency ward, to a specially equipped room, or by moving large and heavy machinery to the place where the patient resided. Both these solutions were unpractical, uneconomical and potentially dangerous. At the same time wireless networks became increasingly useful in point-of-care areas such as hospitals, because of their ease of use, low cost of installation and increased flexibility. This thesis presents an integrated system called MedLAN dedicated for use inside the A&E hospital wards. Its purpose is to wirelessly support high-quality live video, audio, high-resolution still images and networks support from anywhere there is WLAN coverage. It is capable of transmitting all of the above to a consultant residing either inside or outside the hospital, or even to an external place, thorough the use of the Internet. To implement that, it makes use of the existing IEEE 802.11b wireless technology. Initially, this thesis demonstrates that for specific scenarios (such as when using WLANs), DICOM specifications should be adjusted to accommodate for the reduced WLAN bandwidth. Near lossless compression has been used to send still images through the WLANs and the results have been evaluated by a number of consultants to decide whether they retain their diagnostic value. The thesis further suggests improvements on the existing 802.11b protocol. In particular, as the typical hospital environment suffers from heavy RF reflections, it suggests that an alternative method of modulation (OFDM) can be embedded in the 802.11b hardware to reduce the multipath effect, increase the throughput and thus the video quality sent by the MedLAN system. Finally, realising that the trust between a patient and a doctor is fundamental this thesis proposes a series of simple actions aiming at securing the MedLAN system. Additionally, a concrete security system is suggested, that encapsulates the existing WEP security protocol, over IPSec

Greenpass Client Tools for Delegated Authorization in Wireless Networks

Dartmouth\u27s Greenpass project seeks to provide strong access control to a wireless network while simultaneously providing flexible guest access; to do so, it augments the Wi-Fi Alliance\u27s existing WPA standard, which offers sufficiently strong user authentication and access control, with authorization based on SPKI certificates. SPKI allows certain local users to delegate network access to guests by issuing certificates that state, in essence, he should get access because I said it\u27s okay. The Greenpass RADIUS server described in Kim\u27s thesis [55] performs an authorization check based on such statements so that guests can obtain network access without requiring a busy network administrator to set up new accounts in a centralized database. To our knowledge, Greenpass is the first working delegation-based solution to Wi-Fi access control. My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work.My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work

Practical privacy enhancing technologies for mobile systems

Mobile computers and handheld devices can be used today to connect to services available on the Internet. One of the predominant technologies in this respect for wireless Internet connection is the IEEE 802.11 family of WLAN standards. In many countries, WLAN access can be considered ubiquitous; there is a hotspot available almost anywhere. Unfortunately, the convenience provided by wireless Internet access has many privacy tradeoffs that are not obvious to mobile computer users. In this thesis, we investigate the lack of privacy of mobile computer users, and propose practical enhancements to increase the privacy of these users. We show how explicit information related to the users' identity leaks on all layers of the protocol stack. Even before an IP address is configured, the mobile computer may have already leaked their affiliation and other details to the local network as the WLAN interface openly broadcasts the networks that the user has visited. Free services that require authentication or provide personalization, such as online social networks, instant messengers, or web stores, all leak the user's identity. All this information, and much more, is available to a local passive observer using a mobile computer. In addition to a systematic analysis of privacy leaks, we have proposed four complementary privacy protection mechanisms. The main design guidelines for the mechanisms have been deployability and the introduction of minimal changes to user experience. More specifically, we mitigate privacy problems introduced by the standard WLAN access point discovery by designing a privacy-preserving access-point discovery protocol, show how a mobility management protocol can be used to protect privacy, and how leaks on all layers of the stack can be reduced by network location awareness and protocol stack virtualization. These practical technologies can be used in designing a privacy-preserving mobile system or can be retrofitted to current systems

MedLAN : compact mobile computing system for wireless information access in emergency hospital wards

As the need for faster, safer and more efficient healthcare delivery increases, medical consultants seek new ways of implementing a high quality telemedical system, using innovative technology. Until today, teleconsultation (the most common application of Telemedicine) was performed by transferring the patient from the Accidents and Emergency ward, to a specially equipped room, or by moving large and heavy machinery to the place where the patient resided. Both these solutions were unpractical, uneconomical and potentially dangerous. At the same time wireless networks became increasingly useful in point-of-care areas such as hospitals, because of their ease of use, low cost of installation and increased flexibility. This thesis presents an integrated system called MedLAN dedicated for use inside the A;E hospital wards. Its purpose is to wirelessly support high-quality live video, audio, high-resolution still images and networks support from anywhere there is WLAN coverage. It is capable of transmitting all of the above to a consultant residing either inside or outside the hospital, or even to an external place, thorough the use of the Internet. To implement that, it makes use of the existing IEEE 802.11b wireless technology. Initially, this thesis demonstrates that for specific scenarios (such as when using WLANs), DICOM specifications should be adjusted to accommodate for the reduced WLAN bandwidth. Near lossless compression has been used to send still images through the WLANs and the results have been evaluated by a number of consultants to decide whether they retain their diagnostic value. The thesis further suggests improvements on the existing 802.11b protocol. In particular, as the typical hospital environment suffers from heavy RF reflections, it suggests that an alternative method of modulation (OFDM) can be embedded in the 802.11b hardware to reduce the multipath effect, increase the throughput and thus the video quality sent by the MedLAN system. Finally, realising that the trust between a patient and a doctor is fundamental this thesis proposes a series of simple actions aiming at securing the MedLAN system. Additionally, a concrete security system is suggested, that encapsulates the existing WEP security protocol, over IPSec.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Multi-layer traffic control for wireless networks

Le reti Wireless LAN, così come definite dallo standard IEEE 802.11, garantiscono connettività senza fili nei cosiddetti “hot-spot” (aeroporti, hotel, etc.), nei campus universitari, nelle intranet aziendali e nelle abitazioni. In tali scenari, le WLAN sono denotate come “ad infrastruttura” nel senso che la copertura della rete è basata sulla presenza di un “Access Point” che fornisce alle stazioni mobili l’accesso alla rete cablata. Esiste un ulteriore approccio (chiamato “ad-hoc”) in cui le stazioni mobili appartenenti alla WLAN comunicano tra di loro senza l’ausilio dell’Access Point. Le Wireless LAN tipicamente sono connesse alla rete di trasporto (che essa sia Internet o una Intranet aziendale) usando un’infrastruttura cablata. Le reti wireless Mesh ad infrastruttura (WIMN) rappresentano un’alternativa valida e meno costosa alla classica infrastruttura cablata. A testimonianza di quanto appena affermato vi è la comparsa e la crescita sul mercato di diverse aziende specializzate nella fornitura di infrastrutture di trasporto wireless e il lancio di varie attività di standardizzazione (tra cui spicca il gruppo 802.11s). La facilità di utilizzo, di messa in opera di una rete wireless e i costi veramente ridotti hanno rappresentato fattori critici per lo straordinario successo di tale tecnologia. Di conseguenza possiamo affermare che la tecnologia wireless ha modificato lo stile di vita degli utenti, il modo di lavorare, il modo di passare il tempo libero (video conferenze, scambio foto, condivisione di brani musicali, giochi in rete, messaggistica istantanea ecc.). D’altro canto, lo sforzo per garantire lo sviluppo di reti capaci di supportare servizi dati ubiqui a velocità di trasferimento elevate è strettamente legato a numerose sfide tecniche tra cui: il supporto per l’handover tra differenti tecnologie (WLAN/3G), la certezza di accesso e autenticazione sicure, la fatturazione e l’accounting unificati, la garanzia di QoS ecc. L’attività di ricerca svolta nell’arco del Dottorato si è focalizzata sulla definizione di meccanismi multi-layer per il controllo del traffico in reti wireless. In particolare, nuove soluzioni di controllo del traffico sono state realizzate a differenti livelli della pila protocollare (dallo strato data-link allo strato applicativo) in modo da fornire: funzionalità avanzate (autenticazione sicura, differenziazione di servizio, handover trasparente) e livelli soddisfacenti di Qualità del Servizio. La maggior parte delle soluzioni proposte in questo lavoro di tesi sono state implementate in test-bed reali. Questo lavoro riporta i risultati della mia attività di ricerca ed è organizzato nel seguente modo: ogni capitolo presenta, ad uno specifico strato della pila protocollare, un meccanismo di controllo del traffico con l’obiettivo di risolvere le problematiche presentate precedentemente. I Capitoli 1 e 2 fanno riferimento allo strato di Trasporto ed investigano il problema del mantenimento della fairness per le connessioni TCP. L’unfairness TCP conduce ad una significativa degradazione delle performance implicando livelli non soddisfacenti di QoS. Questi capitoli descrivono l’attività di ricerca in cui ho impiegato il maggior impegno durante gli studi del dottorato. Nel capitolo 1 viene presentato uno studio simulativo delle problematiche di unfairness TCP e vengono introdotti due possibili soluzioni basate su rate-control. Nel Capitolo 2 viene derivato un modello analitico per la fairness TCP e si propone uno strumento per la personalizzazione delle politiche di fairness. Il capitolo 3 si focalizza sullo strato Applicativo e riporta diverse soluzioni di controllo del traffico in grado di garantire autenticazione sicura in scenari di roaming tra provider wireless. Queste soluzioni rappresentano parte integrante del framework UniWireless, un testbed nazionale sviluppato nell’ambito del progetto TWELVE. Il capitolo 4 descrive, nuovamente a strato Applicativo, una soluzione (basata su SIP) per la gestione della mobilità degli utenti in scenari di rete eterogenei ovvero quando diverse tecnologie di accesso radio sono presenti (802.11/WiFi, Bluetooth, 2.5G/3G). Infine il Capitolo 5 fa riferimento allo strato Data-Link presentando uno studio preliminare di un approccio per il routing e il load-balancing in reti Mesh infrastrutturate.Wireless LANs, as they have been defined by the IEEE 802.11 standard, are shared media enabling connectivity in the so-called “hot-spots” (airports, hotel lounges, etc.), university campuses, enterprise intranets, as well as “in-home” for home internet access. With reference to the above scenarios, WLANs are commonly denoted as “infra-structured” in the sense that WLAN coverage is based on “Access Points” which provide the mobile stations with access to the wired network. In addition to this approach, there exists also an “ad-hoc” mode to organize WLANs where mobile stations talk to each other without the need of Access Points. Wireless LANs are typically connected to the wired backbones (Internet or corporate intranets) using a wired infrastructure. Wireless Infrastructure Mesh Networks (WIMN) may represent a viable and cost-effective alternative to this traditional wired approach. This is witnessed by the emergence and growth of many companies specialized in the provisioning of wireless infrastructure solutions, as well as the launch of standardization activities (such as 802.11s). The easiness of deploying and using a wireless network, and the low deployment costs have been critical factors in the extraordinary success of such technology. As a logical consequence, the wireless technology has allowed end users being connected everywhere – every time and it has changed several things in people’s lifestyle, such as the way people work, or how they live their leisure time (videoconferencing, instant photo or music sharing, network gaming, etc.). On the other side, the effort to develop networks capable of supporting ubiquitous data services with very high data rates in strategic locations is linked with many technical challenges including seamless vertical handovers across WLAN and 3G radio technologies, security, 3G-based authentication, unified accounting and billing, consistent QoS and service provisioning, etc. My PhD research activity have been focused on multi-layer traffic control for Wireless LANs. In particular, specific new traffic control solutions have been designed at different layers of the protocol stack (from the link layer to the application layer) in order to guarantee i) advanced features (secure authentication, service differentiation, seamless handover) and ii) satisfactory level of perceived QoS. Most of the proposed solutions have been also implemented in real testbeds. This dissertation presents the results of my research activity and is organized as follows: each Chapter presents, at a specific layer of the protocol stack, a traffic control mechanism in order to address the introduced above issues. Chapter 1 and Charter 2 refer to the Transport Layer, and they investigate the problem of maintaining fairness for TCP connections. TCP unfairness may result in significant degradation of performance leading to users perceiving unsatisfactory Quality of Service. These Chapters describe the research activity in which I spent the most significant effort. Chapter 1 proposes a simulative study of the TCP fairness issues and two different solutions based on Rate Control mechanism. Chapter 2 illustrates an analytical model of the TCP fairness and derives a framework allowing wireless network providers to customize fairness policies. Chapter 3 focuses on the Application Layer and it presents new traffic control solutions able to guarantee secure authentication in wireless inter-provider roaming scenarios. These solutions are an integral part of the UniWireless framework, a nationwide distributed Open Access testbed that has been jointly realized by different research units within the TWELVE national project. Chapter 4 describes again an Application Layer solution, based on Session Initiation Protocol to manage user mobility and provide seamless mobile multimedia services in a heterogeneous scenario where different radio access technologies are used (802.11/WiFi, Bluetooth, 2.5G/3G networks). Finally Chapter 5 refers to the Data Link Layer and presents a preliminary study of a general approach for routing and load balancing in Wireless Infrastructure Mesh Network. The key idea is to dynamically select routes among a set of slowly changing alternative network paths, where paths are created through the reuse of classical 802.1Q multiple spanning tree mechanisms

Cooperative Energy-efficient Management of Federated WiFi Networks

The proliferation of overlapping, always-on IEEE 802.11 access points (APs) in urban areas, can cause inefficient bandwidth usage and energy waste. Cooperation among APs could address these problems by allowing underused devices to hand over their wireless stations to nearby APs and temporarily switch off, while avoiding to overload a BSS and thus offloading congested APs. The federated house model provides an appealing backdrop to implement cooperation among APs. In this paper, we outline a distributed framework that assumes the presence of a multipurpose gateway with AP capabilities in every household. Our framework allows cooperation through the monitoring of local wireless resources and the triggering of offloading requests toward other federated gateways. Our simulation results show that, in realistic residential settings, the proposed framework yields an energy saving between 45 and 86 percent under typical usage patterns, while avoiding congestion and meeting user expectations in terms of throughput. Furthermore, we show the feasibility and the benefits of our framework with a real test-bed deployed on commodity hardware

Multimedia

The nowadays ubiquitous and effortless digital data capture and processing capabilities offered by the majority of devices, lead to an unprecedented penetration of multimedia content in our everyday life. To make the most of this phenomenon, the rapidly increasing volume and usage of digitised content requires constant re-evaluation and adaptation of multimedia methodologies, in order to meet the relentless change of requirements from both the user and system perspectives. Advances in Multimedia provides readers with an overview of the ever-growing field of multimedia by bringing together various research studies and surveys from different subfields that point out such important aspects. Some of the main topics that this book deals with include: multimedia management in peer-to-peer structures & wireless networks, security characteristics in multimedia, semantic gap bridging for multimedia content and novel multimedia applications

Using Wireless Link Dynamics to Extract a Secret Key in Vehicular Scenarios

Securing a wireless channel between any two vehicles is a crucial component of vehicular networks security. This can be done by using a secret key to encrypt the messages. We propose a scheme to allow two cars to extract a shared secret from RSSI (Received Signal Strength Indicator) values in such a way that nearby cars cannot obtain the same key. The key is information-theoretically secure, i.e., it is secure against an adversary with unlimited computing power. Although there are existing solutions of key extraction in the indoor or low-speed environments, the unique channel conditions make them inapplicable to vehicular environments. Our scheme effectively and efficiently handles the high noise and mismatch features of the measured samples so that it can be executed in the noisy vehicular environment. We also propose an online parameter learning mechanism to adapt to different channel conditions. Extensive real-world experiments are conducted to validate our solution