Wireless and Physical Security via Embedded Sensor Networks

Wireless Intrusion Detection Systems (WIDS) monitor 802.11 wireless frames (Layer-2) in an attempt to detect misuse. What distinguishes a WIDS from a traditional Network IDS is the ability to utilize the broadcast nature of the medium to reconstruct the physical location of the offending party, as opposed to its possibly spoofed (MAC addresses) identity in cyber space. Traditional Wireless Network Security Systems are still heavily anchored in the digital plane of "cyber space" and hence cannot be used reliably or effectively to derive the physical identity of an intruder in order to prevent further malicious wireless broadcasts, for example by escorting an intruder off the premises based on physical evidence. In this paper, we argue that Embedded Sensor Networks could be used effectively to bridge the gap between digital and physical security planes, and thus could be leveraged to provide reciprocal benefit to surveillance and security tasks on both planes. Toward that end, we present our recent experience integrating wireless networking security services into the SNBENCH (Sensor Network workBench). The SNBENCH provides an extensible framework that enables the rapid development and automated deployment of Sensor Network applications on a shared, embedded sensing and actuation infrastructure. The SNBENCH's extensible architecture allows an engineer to quickly integrate new sensing and response capabilities into the SNBENCH framework, while high-level languages and compilers allow novice SN programmers to compose SN service logic, unaware of the lower-level implementation details of tools on which their services rely. In this paper we convey the simplicity of the service composition through concrete examples that illustrate the power and potential of Wireless Security Services that span both the physical and digital plane.National Science Foundation (CISE/CSR 0720604, ENG/EFRI 0735974, CIES/CNS 0520166, CNS/ITR 0205294, CISE/ERA RI 0202067

Remote Management of Unix Router with XMPP/Jabber Protocol

Tato bakalářská práce se zabývá návrhem a implementací modulárního klienta protokolu XMPP/Jabber pro interpretaci příkazů určeného pro operační systém OpenWrt. Práce obsahuje informace o protokolu XMPP/Jabber a operačním systému OpenWrt a popisuje návrh a implementaci klienta.This thesis concerns designing and implementing a modular client for XMPP/Jabber protocol intended for interpreting commands for the OpenWrt operating system. My work contains information about XMPP/Jabber protocol and OpenWrt operation system and describes the process of designing and implementing the client.

xLED: Covert Data Exfiltration from Air-Gapped Networks via Router LEDs

In this paper we show how attackers can covertly leak data (e.g., encryption keys, passwords and files) from highly secure or air-gapped networks via the row of status LEDs that exists in networking equipment such as LAN switches and routers. Although it is known that some network equipment emanates optical signals correlated with the information being processed by the device ('side-channel'), intentionally controlling the status LEDs to carry any type of data ('covert-channel') has never studied before. A malicious code is executed on the LAN switch or router, allowing full control of the status LEDs. Sensitive data can be encoded and modulated over the blinking of the LEDs. The generated signals can then be recorded by various types of remote cameras and optical sensors. We provide the technical background on the internal architecture of switches and routers (at both the hardware and software level) which enables this type of attack. We also present amplitude and frequency based modulation and encoding schemas, along with a simple transmission protocol. We implement a prototype of an exfiltration malware and discuss its design and implementation. We evaluate this method with a few routers and different types of LEDs. In addition, we tested various receivers including remote cameras, security cameras, smartphone cameras, and optical sensors, and also discuss different detection and prevention countermeasures. Our experiment shows that sensitive data can be covertly leaked via the status LEDs of switches and routers at a bit rates of 10 bit/sec to more than 1Kbit/sec per LED

Advanced solution of SIP communication server with a new approach to management

The paper deals with the development of an advanced solution for a SIP communication server. Works were carried out within the scope of Bright Embedded Solution for IP Telephony (BESIP) project. The output of the project should be a modular architecture with additional functionality such as speech quality monitoring and security of IP telephony. We sought to unify the configuration of individual components based on the NETCONF protocol. In order to be able to implement the idea into OpenWrt, we had to integrate a complex support for the NETCONF configuration protocol. Our modifications of OpenWrt in respect of NETCONF were accepted by the OpenWrt community and have been included in OpenWrt/Trunk branch. The paper explains and describes the whole concept of the BESIP project and its individual modules.Web of Science59454954

PENGUJIAN DAN ANALISIS KEAMANAN WPA2 DAN SIGNAL STRENGTH PADA ROUTER BERBASIS OPENWRT

Seiring dengan perkembangan teknologi, keamanan suatu perangkat merupakan hal penting yang menjadi perhatian khusus. Salah satunya adalah keamanan jaringan WiFi, dengan sistem proteksi WiFi Protected Access (WPA2) yang menggunakan enkripsi Temporal Key Integrity Protocol (TKIP) dan Advanced Encryption Standard (AES). Sistem keamanan WPA/WPA2 sendiri memiliki kerentanan terhadap serangan seperti dictionary attack. Selain itu, keandalan suatu jaringan yang dipancarkan oleh router dapat diukur salah satunya berdasarkan parameter kuat sinyal (signal strength). Signal strength berkisar antara -10 dBm hingga -95 dBm tergantung pada jarak siaran WiFi antara perangkat router dan pengguna. Beberapa router memiliki kekurangan yang bisa diminimalisir dengan mengganti firmware router yang lebih fungsional, seperti OpenWrt. Oleh karena itu, pada penelitian ini dilakukan pengujian keamanan WPA2 pada router OpenWrt dan melihat pengaruh signal strength pada router OpenWrt pada saat sinyal kuat, sedang, dan rendah. Hasil penelitian menunjukkan bahwa WPA2 OpenWrt masih dapat ditembus selama password yang digunakan terdapat pada wordlist dan signal strength tidak berpengaruh terhadap serangan, melainkan terhadap waktu.Kata kunci: router, WiFi, WPA2, dBm, TKIP, AES, OpenWrt, wordlist

ANALISA PERFORMANSI DAN KUALITAS KANAL VOIP PADA SISTEM EMBEDDED WIRELESS

Nowadays, the improvement of technology make the central PBX (Private Branchexchange) has developed into an IPPBX (Internet Protocol � PBX). It because the IP-PBX has many function than the PBX. IP-PBX supports VoIP application, so clients can use a digital phone (soft phone) such as IP phones or mobile phones that have free wi-fi. That�s why it is easy to supervise and more efficient. In this final project, made a VoIP server that is embedded into access point using OpenWrt firmware and Asterisk application. So, client can use digital telephone (softphone) such IP phone and mobile phone that w-ifi supported. The result of Quality of Service observation is depend on several parameters, including the measurements of clients communication, the comparison between wireless network and wire line network, the distance comparison, the MOS calculation also the using of memory resources. Overall, the best value in VoIP communication using embedded wireless IP-PBX base 802.11 is the access point ability when it can serve 16 clients with delay value is 20,89 ms ; jitter with 6,259 ms ; packet loss is 3,675% and throughput with 80,112 kbps. Keyword : VoIP, QoS, wireles