Detecting Impersonation Attacks in a Static WSN

The current state of security found in the IoT domain is highly flawed, a major problem being that the cryptographic keys used for authentication can be easily extracted and thus enable a myriad of impersonation attacks. In this MSc thesis a study is done of an authentication mechanism called device fingerprinting. It is a mechanism which can derive the identity of a device without relying on device identity credentials and thus detect credential-based impersonation attacks. A proof of concept has been produced to showcase how a fingerprinting system can be designed to function in a resource constrained IoT environment. A novel approach has been taken where several fingerprinting techniques have been combined through machine learning to improve the system’s ability to deduce the identity of a device. The proof of concept yields high performant results, indicating that fingerprinting techniques are a viable approach to achieve security in an IoT system

Wireless intrusion detection system using fingerprinting

Wireless network is the network which is easy to deploy and very easy to access that network and that network is user friendly. The main reason behind of getting popular is because it provide benefits, like as easy to installation, flexibility, mobility, scalability and reduced cost-of-ownership. But drawback in these wireless networks is that it doesn't provide security as much as required, due to that user faces attacks of various types which are damageable to user information. One of the serious attack is Identity based attacks which steals the identity of some other user in that network and performed some other attack. The available present security tools to detect such these identity(spoofed MAC) based attacks are quite limited. In this proposed work a new technique is developed for detecting masquerade(identity) attacks or spoofed MAC attack exploited in 802.11 wireless network. Current methods of device fingerprinting includes only probe request packets fingerprinting, which results in large amount of false positive. In our proposed work fingerprint is created on basis of three frames which are required in three section of connectivity phase and that frames are probe request frame, authentication frame and association frame. Time differences between consecutive frames are take into consideration and on the basis of that fingerprint is created of different device. In this proposed technique cross-correlation method is used to estimate the signals similarity in terms of time lagging to each other. Those signals are captured by different devices. Stored signature of actual device and captured signal of transmitting device is compared using this technique and after that result analysis, identification of device is done

Non-Hierarchical Networks for Censorship-Resistant Personal Communication.

The Internet promises widespread access to the world’s collective information and fast communication among people, but common government censorship and spying undermines this potential. This censorship is facilitated by the Internet’s hierarchical structure. Most traffic flows through routers owned by a small number of ISPs, who can be secretly coerced into aiding such efforts. Traditional crypographic defenses are confusing to common users. This thesis advocates direct removal of the underlying heirarchical infrastructure instead, replacing it with non-hierarchical networks. These networks lack such chokepoints, instead requiring would-be censors to control a substantial fraction of the participating devices—an expensive proposition. We take four steps towards the development of practical non-hierarchical networks. (1) We first describe Whisper, a non-hierarchical mobile ad hoc network (MANET) architecture for personal communication among friends and family that resists censorship and surveillance. At its core are two novel techniques, an efficient routing scheme based on the predictability of human locations anda variant of onion-routing suitable for decentralized MANETs. (2) We describe the design and implementation of Shout, a MANET architecture for censorship-resistant, Twitter-like public microblogging. (3) We describe the Mason test, amethod used to detect Sybil attacks in ad hoc networks in which trusted authorities are not available. (4) We characterize and model the aggregate behavior of Twitter users to enable simulation-based study of systems like Shout. We use our characterization of the retweet graph to analyze a novel spammer detection technique for Shout.PhDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/107314/1/drbild_1.pd

Wireless device identification from a phase noise prospective

As wireless devices become increasingly pervasive and essential, they are becoming both a target for attacks and the very weapon with which such an attack can be carried out. Wireless networks have to face new kinds of intrusion that had not been considered previously because they are linked to the open nature of wireless networks. In particular, device identity management and intrusion detection are two of the most significant challenges in any network security solution but they are paramount for any wireless local area networks (WLANs) because of the inherent non-exclusivity of the transmission medium. The physical layer of 802.11-based wireless communication does not offer security guarantee because any electromagnetic signal transmitted can be monitored, captured, and analyzed by any sufficiently motivated and equipped adversary within the 802.11 device's transmission range. What is required is a form of identification that is nonmalleable (cannot be spoofed easily). For this reason we have decided to focus on physical characteristics of the network interface card (NIC) to distinguish between different wireless users because it can provide an additional layer of security. The unique properties of the wireless medium are extremely useful to get an additional set of information that can be used to extend and enhance traditional security mechanisms. This approach is commonly referred to as radio frequency fingerprinting (RFF), i.e., determining specific characteristics (fingerprint) of a network device component. More precisely, our main goal is to prove the feasibility of exploiting phase noise in oscillators for fingerprinting design and overcome existing limitations of conventional approaches. The intuition behind our design is that the autonomous nature of oscillators among noisy physical systems makes them unique in their response to perturbations and none of the previous work has ever tried to take advantage of thi

Securearray: Improving WiFi security with fine-grained physical-layer information

Despite the important role that WiFi networks play in home and enterprise networks they are relatively weak from a security standpoint. With easily available directional antennas, attackers can be physically located off-site, yet compromise WiFi security protocols such as WEP, WPA, and even to some extent WPA2 through a range of exploits specific to those protocols, or simply by running dictionary and human-factors attacks on users' poorly-chosen passwords. This presents a security risk to the entire home or enterprise network. To mitigate this ongoing problem, we propose SecureArray, a system designed to operate alongside existing wireless security protocols, adding defense in depth against active attacks. SecureArray's novel signal processing techniques leverage multi-antenna access point (AP) to profile the directions at which a client's signals arrive, using this angle-of-arrival (AoA) information to construct highly sensitive signatures that with very high probability uniquely identify each client. Upon overhearing a suspicious transmission, the client and AP initiate an AoA signature-based challenge-response protocol to confirm and mitigate the threat. We also discuss how SecureArray can mitigate direct denial-of-service attacks on the latest 802.11 wireless security protocol. We have implemented SecureArray with an eight-antenna WARP hardware radio acting as the AP. Our experimental results show that in a busy office environment, SecureArray is orders of magnitude more accurate than current techniques, mitigating 100% of WiFi spoofing attack attempts while at the same time triggering false alarms on just 0.6% of legitimate traffic. Detection rate remains high when the attacker is located only five centimeters away from the legitimate client, for AP with fewer numbers of antennas and when client is mobile

Doctor of Philosophy

dissertationThe wireless radio channel is typically thought of as a means to move information from transmitter to receiver, but the radio channel can also be used to detect changes in the environment of the radio link. This dissertation is focused on the measurements we can make at the physical layer of wireless networks, and how we can use those measurements to obtain information about the locations of transceivers and people. The first contribution of this work is the development and testing of an open source, 802.11b sounder and receiver, which is capable of decoding packets and using them to estimate the channel impulse response (CIR) of a radio link at a fraction of the cost of traditional channel sounders. This receiver improves on previous implementations by performing optimized matched filtering on the field-programmable gate array (FPGA) of the Universal Software Radio Peripheral (USRP), allowing it to operate at full bandwidth. The second contribution of this work is an extensive experimental evaluation of a technology called location distinction, i.e., the ability to identify changes in radio transceiver position, via CIR measurements. Previous location distinction work has focused on single-input single-output (SISO) radio links. We extend this work to the context of multiple-input multiple-output (MIMO) radio links, and study system design trade-offs which affect the performance of MIMO location distinction. The third contribution of this work introduces the "exploiting radio windows" (ERW) attack, in which an attacker outside of a building surreptitiously uses the transmissions of an otherwise secure wireless network inside of the building to infer location information about people inside the building. This is possible because of the relative transparency of external walls to radio transmissions. The final contribution of this dissertation is a feasibility study for building a rapidly deployable radio tomographic (RTI) imaging system for special operations forces (SOF). We show that it is possible to obtain valuable tracking information using as few as 10 radios over a single floor of a typical suburban home, even without precise radio location measurements