Cloned Access Point Detection and Point Detection and Prevention Mechanism in IEEE 802.11 Wireless Mesh Networks

IEEE 802.11 Wireless Mesh Network (WMN) is an emerging low cost, decentralized community-based broadband technology, which is based on self-healing and multi-hop deployment of Access Points (APs), so that to increase the coverage area with maximum freedom to end-users to join or leave the network from anywhere anytime having low deployment and maintenance cost. Such kind of decentralized structure and multihop architecture increases its security vulnerabilities especially against the APs. One of such possible security attack is the placement of cloned AP to create serious performance degradation in IEEE 802.11 WMN. In this paper, we discuss the different security vulnerabilities of AP in IEEE 802.11 WMN along with possible research directions. We also propose a mutual cooperation mechanism between the multi-hop APs and serving gateway so that to detect and prevent the possibility of cloned AP. In this way the large scale exploitation of IEEE 802.11 WMN can be eliminated

Analysing the EAP-TLS handshake and the 4-way handshake of the 802.11i standard

The IEEE 802.11i standard has been designed to enhance security in wireless networks. The EAP-TLS handshake aims to provide mutual authentication between supplicant and authentication server, and then derive the Pairwise Master Key (PMK). In the 4 -way handshake the supplicant and the authenticator use PMK to derive a fresh pairwise transient key (PTK). The PMK is not used directly for security while assuming the supplicant and authenticator have the same PMK before running 4- way handshake. In this paper, the EAP-TLS handshake and the 4-way handshake phases have been analysed with a proposed framework using Isabelle tool. In the analysis, we have found a new Denial-of-Service (DoS) attack in the 4-way handshake. The attack prevents the authenticator from receiving message 4 after the supplicant sends it out. This attack forces the authenticator to re-send the message 3 until time out and subsequently to de-authenticate supplicant. This paper has proposed improvements to the 4-way handshake to avoid the Denial-of-Service attack

IEEE 802.11 i Security and Vulnerabilities

Despite using a variety of comprehensive preventive security measures, the Robust Secure Networks (RSNs) remain vulnerable to a number of attacks. Failure of preventive measures to address all RSN vulnerabilities dictates the need for enhancing the performance of Wireless Intrusion Detection Systems (WIDSs) to detect all attacks on RSNs with less false positive and false negative rates

Security in Wireless Local Area Networks (WLANs)

Major research domains in the WLAN security include: access control & data frame protection, lightweight authentication and secure handoff. Access control standard like IEEE 802.11i provides flexibility in user authentication but on the other hand fell prey to Denial of Service (DoS) attacks. For Protecting the data communication between two communicating devices—three standard protocols i.e., WEP (Wired Equivalent Privacy), TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption Standard—Counter mode with CBC-MAC protocol) are used. Out of these, AES-CCMP protocol is secure enough and mostly used in enterprises. In WLAN environment lightweight authentication is an asset, provided it also satisfies other security properties like protecting the authentication stream or token along with securing the transmitted message. CAPWAP (Control and Provisioning of Wireless Access Points), HOKEY (Hand Over Keying) and IEEE 802.11r are major protocols for executing the secure handoff. In WLANs, handoff should not only be performed within time limits as required by the real time applications but should also be used to transfer safely the keying material for further communication. In this chapter, a comparative study of the security mechanisms under the above-mentioned research domains is provided

Token-based Fast Authentication for Wireless Network

Wireless Networks based on WIFI or WIMAX become popular and are used in many places as compliment network to wired LAN to support mobility. The support of mobility of clients, the continuous access anywhere and anytime make WLAN preferable network for many applications. However, there are some issues associated with the usage of WLAN that put some restriction on adapting this technology everywhere. These issues are related to using the best routing algorithm to achieve good performance of throughput and delay, and to securing the open access to avoid attacks at the physical and MAC layer. IEEE 802.1x, suggested a solution to address the security issue at the MAC layer and but there are varieties of implementations address this solution and they differ in performance. IEEE 802.1af tried to address other security issue remained at the MAC layer but it is still at early stage and need verification for easy deployment. In this paper a new technique for securing wireless network using fast token-based authentication has been invented to address the vulnerability inherited by the wireless network at the MAC layer using fast authentication process. This technique is based on an authentication server distributing a security token, public authentication key, and network access key parameter to eligible mobile client MCs during registration. All messages will be encrypted during registration using temporary derived token key, but it will use derived valid token key during authentication. Authenticated MCs will then use derived group temporal key generated from the network access parameter key to encrypt all messages exchanged over the wireless network. The token, the authentication key and the access network parameter key will be only distributed during registration. This makes the security parameters known only to authentication server, authenticator and MC. Hence, this technique will protect the wireless network against attack since attackers are unable to know the token and other security keys. Moreover, it will avoid the exchange of public keys during authentication such as the one used in other existing technologies, and consequently speedup the authentication phase which is very critical to wireless technologies

Experimenting with commodity 802.11 hardware: overview and future directions

The huge adoption of 802.11 technologies has triggered a vast amount of experimentally-driven research works. These works range from performance analysis to protocol enhancements, including the proposal of novel applications and services. Due to the affordability of the technology, this experimental research is typically based on commercial off-the-shelf (COTS) devices, and, given the rate at which 802.11 releases new standards (which are adopted into new, affordable devices), the field is likely to continue to produce results. In this paper, we review and categorise the most prevalent works carried out with 802.11 COTS devices over the past 15 years, to present a timely snapshot of the areas that have attracted the most attention so far, through a taxonomy that distinguishes between performance studies, enhancements, services, and methodology. In this way, we provide a quick overview of the results achieved by the research community that enables prospective authors to identify potential areas of new research, some of which are discussed after the presentation of the survey.This work has been partly supported by the European Community through the CROWD project (FP7-ICT-318115) and by the Madrid Regional Government through the TIGRE5-CM program (S2013/ICE-2919).Publicad

A two‐step authentication framework for Mobile ad hoc networks

The lack of fixed infrastructure in ad hoc networks causes nodes to rely more heavily on peer nodes for communication. Nevertheless, establishing trust in such a distributed environment is very difficult, since it is not straightforward for a node to determine if its peer nodes can be trusted. An additional concern in such an environment is with whether a peer node is merely relaying a message or if it is the originator of the message. In this paper, we propose an authentication approach for protecting nodes in mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using several authentication protocols are analyzed. Protocols based on zero knowledge and challenge response techniques are presented and their performance is evaluated through analysis and simulation