A Novel Design and Implementation of Dos-Resistant Authentication and Seamless Handoff Scheme for Enterprise WLANs

With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design of 802.11i does not consider network availability. Thus 802.11i is highly susceptible to malicious denial-of-service (DoS) attacks, which exploit the vulnerability of unprotected management frames. This paper proposes, tests and evaluates a combination of three novel methods by which the exploitation of 802.11i by DoS attacks can be improved. These three methods include an access point nonce dialogue scheme, a fast access point transition protocol handoff scheme and a location management based selective scanning scheme. This combination is of particular value to real-time users running time-dependant applications such as VoIP. In order to acquire practical data to evaluate the proposed schemes, a prototype network has been implemented as an experimental testbed using open source tools and drivers. This testbed allows practical data to be collected and analysed. The result demonstrates that not only the proposed authentication scheme eradicates most of the DoS vulnerabilities, but also substantially improved the handoff performance to a level suitable for supporting real-time services

Modeling and Performance Evaluation of Bicycle-to-X Communication Networks

The growing connectivity of vehicles and Vulnerable Road Users, i.e., pedestrians and cyclists, allows to explore solutions based on wireless communication to support safety, efficiency and infotainment applications.However, there are few communication technologies that enjoy similar penetration ratios on cars, bicycles and pedestrians.WiFi is one of such technologies, as can be found in smart phones and in on-board hotspots.This thesis aims to characterize experimentally the wireless link performance and develop a model to estimate the received signal strength (RSS) between WiFi devices installed on bicycles and cars equipped with built-in WiFi APs.The RSS estimation model extends existing empirical models (e.g., the Log-Distance Path Loss model) by including the shadowing of the bicycle-and-cyclist system and of a vehicle.We first characterize the radiation pattern of antennas installed in several mounting points of a bicycle, in order to reduce the set of mounting points to be explored in future measurements.We then measured the radiation pattern of the bicycle and cyclist system, and the radiation pattern of a car with built-in and dedicated WiFi access points.Finally, we evaluate the performance of the model by comparing RSS estimates and measurements collected in selected interaction scenarios between bicycles and car: (i) bicycle overtaking a parked car, (ii) perpendicular crossing with LOS, and (iii) without LOS. We observed that 50% of the RSS estimates our model underestimates by less than are within 10 dBs of measured values about 50% of the RSSI values for the scenarios in LOS, and overestimates the RSSI values by more than 5 DBs about 75% of the RSSI values for the scenario containing obstructions

The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis

In recent years, mobile devices (e.g., smartphones and tablets) have met an increasing commercial success and have become a fundamental element of the everyday life for billions of people all around the world. Mobile devices are used not only for traditional communication activities (e.g., voice calls and messages) but also for more advanced tasks made possible by an enormous amount of multi-purpose applications (e.g., finance, gaming, and shopping). As a result, those devices generate a significant network traffic (a consistent part of the overall Internet traffic). For this reason, the research community has been investigating security and privacy issues that are related to the network traffic generated by mobile devices, which could be analyzed to obtain information useful for a variety of goals (ranging from device security and network optimization, to fine-grained user profiling). In this paper, we review the works that contributed to the state of the art of network traffic analysis targeting mobile devices. In particular, we present a systematic classification of the works in the literature according to three criteria: (i) the goal of the analysis; (ii) the point where the network traffic is captured; and (iii) the targeted mobile platforms. In this survey, we consider points of capturing such as Wi-Fi Access Points, software simulation, and inside real mobile devices or emulators. For the surveyed works, we review and compare analysis techniques, validation methods, and achieved results. We also discuss possible countermeasures, challenges and possible directions for future research on mobile traffic analysis and other emerging domains (e.g., Internet of Things). We believe our survey will be a reference work for researchers and practitioners in this research field.Comment: 55 page

Enhanced link layer handover based on localization

Includes abstract.Includes bibliographical references (leaves 60-63).Wireless Technologies over the past years have become cheaper and more available to users. In the Infrastructure Mode of operation, when a mobile node moves from the coverage of one Access Point (AP) to the coverage of another AP, it is said to undergo handoffs. The mobile node has to complete a link layer handoffs together with other tasks associated with handoffs in order to effectively have a new wireless link with the new AP. The link layer handoffs currently specified and practiced in IEEE 802.11 is normally carried out in three time steps. These are; the Scanning Phase; the Authentication Phase and the Association Phase. During the three steps the mobile node is unable to send or receive data meaning that packets are lost or delayed causing real-time applications such as video streaming or VoIP, which can only tolerate an end-to-end delay of 50 ms during handoffs, to suffer. The Scanning phase can be done passively or actively. In passive scanning, the mobile node listens on every bandwidth channel for Beacon Frames from the APs. In active scanning, the mobile node sends Probe Requests frames on every channel expecting to receive Probe Responses from the APs operating on each channel. Localization is the process of a node ending its position in space. Localization methods include the Global Positioning Service (GPS), Cricket, Ultrasonic Location and many more. This study investigates how localization can be used to decrease the latency delay experienced at the link layer during wireless handoffs. In our method, a mobile node is given the ability to have knowledge of the APs through an AP-Table server. The mobile node then uses localization to and the closest APs to it and make faster, smarter handoffs. Our simulations are implemented using the NCTUns network simulator and emulator. The simulations comprise of a mobile node undergoing handoffs between APs in the same subnet and APs in different subnets. Added to that, the direction of the mobile node is monitored and used to further assist the handoffs process to alleviate the number of total handoffs. Our research shows the disadvantages and advantages of the proposed system as it integrates localization and direction into WLAN and mobile communication

Presence analytics: discovering meaningful patterns about human presence using WLAN digital imprints

In this paper we illustrates how aggregated WLAN activity traces provide anonymous information that reveals invaluable insight into human presence within a university campus. We show how technologies supporting pervasive services, such as WLAN, which have the potential to generate vast amounts of detailed information, provide an invaluable opportunity to understand the presence and movement of people within such an environment. We demonstrate how these aggregated mobile network traces offer the opportunity for human presence analytics in several dimensions: social, spatial, temporal and semantic dimensions. These analytics have real potential to support human mobility studies such as the optimisation of space use strategies. The analytics presented in this paper are based on recent WLAN traces collected at Birkbeck College of University of London, one of the participants in the Eduroam network

Quality of service-aware routing and admission control for mobile ad hoc networks

EThOS - Electronic Theses Online ServiceGBUnited Kingdo