341 research outputs found

    Securearray: Improving WiFi security with fine-grained physical-layer information

    Get PDF
    Despite the important role that WiFi networks play in home and enterprise networks they are relatively weak from a security standpoint. With easily available directional antennas, attackers can be physically located off-site, yet compromise WiFi security protocols such as WEP, WPA, and even to some extent WPA2 through a range of exploits specific to those protocols, or simply by running dictionary and human-factors attacks on users' poorly-chosen passwords. This presents a security risk to the entire home or enterprise network. To mitigate this ongoing problem, we propose SecureArray, a system designed to operate alongside existing wireless security protocols, adding defense in depth against active attacks. SecureArray's novel signal processing techniques leverage multi-antenna access point (AP) to profile the directions at which a client's signals arrive, using this angle-of-arrival (AoA) information to construct highly sensitive signatures that with very high probability uniquely identify each client. Upon overhearing a suspicious transmission, the client and AP initiate an AoA signature-based challenge-response protocol to confirm and mitigate the threat. We also discuss how SecureArray can mitigate direct denial-of-service attacks on the latest 802.11 wireless security protocol. We have implemented SecureArray with an eight-antenna WARP hardware radio acting as the AP. Our experimental results show that in a busy office environment, SecureArray is orders of magnitude more accurate than current techniques, mitigating 100% of WiFi spoofing attack attempts while at the same time triggering false alarms on just 0.6% of legitimate traffic. Detection rate remains high when the attacker is located only five centimeters away from the legitimate client, for AP with fewer numbers of antennas and when client is mobile

    Design and Implementation of Intrusion Detection Systems using RPL and AOVD Protocols-based Wireless Sensor Networks

    Get PDF
    Wireless Sensor Network (WSN) technology has grown in importance in recent years. All WSN implementations need secure data transmission between sensor nodes and base stations. Sensor node attacks introduce new threats to the WSN. As a result, an appropriate Intrusion Detection System (IDS) is required in WSN for defending against security attacks and detecting attacks on sensor nodes. In this study, we use the Routing Protocol for Low Power and Lossy Networks (RPL) for addressing security services in WSN by identifying IDS with a network size of more or less 20 nodes and introducing 10% malicious nodes. The method described above is used on Cooja in the VMware virtual machine Workstation with the InstantContiki2.7 operating system. To track the movement of nodes, find network attacks, and spot dropped packets during IDS in WSN, an algorithm is implemented in the Network Simulator (NS2) using the Ad-hoc On-Demand Distance Vector (AODV) protocol in the Linux operating system.Keywords—Intrusion Detection Systems, wireless sensor networks, Cooja simulator, sensor nodes, NS

    Channel Scanning and Access Point Selection Mechanisms for 802.11 Handoff: A Survey

    Get PDF
    While the cellular technology has been evolving continuously in recent years and client handoffs remain unnoticed, the 802.11 networks still impose an enormous latency issue once the client device decides to roam between the Access Point (AP). This latency is caused by many factors reckoning on scanning the channels and searching for APs with better signal strength. Once data from all the nearby APs has been collected, the client picks the most suitable AP and tries to connect with it. The AP verifies if it has enough capability to serve the client. It also ensures that the client has the required parameters and supported rates to match with the AP. The AP then processes this request, generates a new Association ID and sends it back to the client, thereby granting access to connect. Throughout this re-association process, the client fails to receive or send any data frames and experiences a lag between leaving the old and associating with a new AP. Originally, 802.11 authentication frames were designed for Wired Equivalent Privacy protocol, but later it was found to be insecure and thus got depreciated. Keeping these security aspects concerning shared key authentication in mind, few additional drafts were introduced by IEEE that concerned many key exchanges between the devices. IEEE 802.11r was introduced in 2008 that permits wireless clients to perform faster handoff along with additional data security standards. The key exchange method was redefined and also the new security negotiation protocol started serving wireless devices with a better approach. This enables a client to set up the Quality of Service state and security on an alternative AP before making a transition which ends up in minimal connectivity losses. Although this was an excellent step towards minimizing the service disruption and channel scanning, failure to remain connected with consecutive suitable APs within the minimum time continued to be a challenge. Different manufacturers use their custom-built methodology of handling a client handoff and hence the latency costs differ based on the type of handoff scheme deployed on the device. This thesis focuses on the foremost economical researches throughout recent years which targets minimizing the delays involved with channel scanning and AP selection. A wide sort of enhancements, whether it is on a client device or the AP, has been discussed and compared. Some modifications are associated with enhancing channel scan period or using beacons, and probe requests/responses in an efficient manner. Others concentrate on modifying the device hardware configuration and switching between Network Interfaces. Central controllers are a solution to handoff delays that may track the status of each device within the network and guide them to provide the appropriate Quality of Service to the end-users

    The effective combating of intrusion attacks through fuzzy logic and neural networks

    Get PDF
    The importance of properly securing an organization’s information and computing resources has become paramount in modern business. Since the advent of the Internet, securing this organizational information has become increasingly difficult. Organizations deploy many security mechanisms in the protection of their data, intrusion detection systems in particular have an increasingly valuable role to play, and as networks grow, administrators need better ways to monitor their systems. Currently, many intrusion detection systems lack the means to accurately monitor and report on wireless segments within the corporate network. This dissertation proposes an extension to the NeGPAIM model, known as NeGPAIM-W, which allows for the accurate detection of attacks originating on wireless network segments. The NeGPAIM-W model is able to detect both wired and wireless based attacks, and with the extensions to the original model mentioned previously, also provide for correlation of intrusion attacks sourced on both wired and wireless network segments. This provides for a holistic detection strategy for an organization. This has been accomplished with the use of Fuzzy logic and neural networks utilized in the detection of attacks. The model works on the assumption that each user has, and leaves, a unique footprint on a computer system. Thus, all intrusive behaviour on the system and networks which support it, can be traced back to the user account which was used to perform the intrusive behavior

    A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

    Full text link
    This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

    IntelliFlow : um enfoque proativo para adicionar inteligência de ameaças cibernéticas a redes definidas por software

    Get PDF
    Orientador: Christian Rodolfo Esteve RothenbergDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Segurança tem sido uma das principais preocupações enfrentadas pela computação em rede principalmente, com o aumento das ameaças à medida que a Internet comercial e economias afins crescem rapidamente. Tecnologias de virtualização que permitem serviços em nuvem em escala colocam novos desafios para a segurança das infraestruturas computacionais, exigindo novos mecanismos que combinem o best-of-breed para reagir contra as metodologias de ataque emergentes. Nosso trabalho busca explorar os avanços na Cyber Threat Intelligence (CTI) no contexto da arquitetura de redes definidas por software, ou em inglês, Software Defined Networking (SDN). Enquanto a CTI representa uma abordagem recente para o combate de ameaças baseada em fontes confiáveis, a partir do compartihamento de informação e conhecimento sobre atividades criminais virtuais, a SDN é uma tendência recente na arquitetura de redes computacionais baseada em princípios de modulação e programabilidade. Nesta dissertação, nós propomos IntelliFlow, um sistema de detecção de inteligência para SDN que segue a abordagem proativa usando OpenFlow para efetivar contramedidas para as ameaças aprendidas a partir de um plano de inteligência distribuida. Nós mostramos a partir de uma implementação de prova de conceito que o sistema proposto é capaz de trazer uma série de benefícios em termos de efetividade e eficiência, contribuindo no plano geral para a segurança de projetos de computação de rede modernosAbstract: Security is a major concern in computer networking which faces increasing threats as the commercial Internet and related economies continue to grow. Virtualization technologies enabling scalable Cloud services pose further challenges to the security of computer infrastructures, demanding novel mechanisms combining the best-of-breed to counter certain types of attacks. Our work aims to explore advances in Cyber Threat Intelligence (CTI) in the context of Software Defined Networking (SDN) architectures. While CTI represents a recent approach to combat threats based on reliable sources, by sharing information and knowledge about computer criminal activities, SDN is a recent trend in architecting computer networks based on modularization and programmability principles. In this dissertation, we propose IntelliFlow, an intelligent detection system for SDN that follows a proactive approach using OpenFlow to deploy countermeasures to the threats learned through a distributed intelligent plane. We show through a proof of concept implementation that the proposed system is capable of delivering a number of benefits in terms of effectiveness and efficiency, altogether contributing to the security of modern computer network designsMestradoEngenharia de ComputaçãoMestre em Engenharia Elétrica159905/2013-3CNP

    Impact of malicious node on secure incentive based advertisement distribution (SIBAD) in VANET

    Get PDF
    Last decade has seen an increasing demand for vehicle aided data delivery. This data delivery has proven to be beneficial for vehicular communication. The vehicular network provisions safety, warning and infotainment applications. Infotainment applications have attracted drivers and passengers as it provides location based entertainment services, a value add to the traveling experience. These infotainment messages are delivered to the nearby vehicles in the form of advertisements. For every advertisement disseminated to its neighboring vehicle, an incentive is awarded to the forwarder. The incentive based earning foresee a security threat in the form of a malicious node as it hoards the incentives, thus are greedy for earning incentives. The malicious behavior of the insider has an adverse effect on the incentive based advertisement distribution approach. In this paper, we have identified the malicious nodes and analyzed its effect on incentive based earning for drivers in vehicular networks. © 2017 IEEE

    SecureArray: Improving wifi security with fine-grained physical-layer

    Get PDF
    corecore