MDS-WLAN: Maximal Data Security in WLAN for Resisting Potential Threats

The utmost security standards over Wireless Local Area Network (WLAN) are still an unsolved answer in research community as well as among the commercial users. There are various prior attempts in proposing security of WLAN that lacks focus on access point and is found to be quite complex implementation of cryptography. The proposed paper presents a novel, simple, and yet robust technique called as MDS-WLAN i.e. maximal data security in WLAN. The system is evaluated over laboratory prototype and mitigation measures are drawn for resisting wormhole attack, Sybil attack, and rogue access point issue in WLAN. The outcome of the MDS is compared with conventional AES and SHA that shows optimal communication performance and highest data security

Subjective Audio Quality over a Secure IEEE 802.11n Draft 2.0 Wireless Local Area Network

This thesis investigates the quality of audio generated by a G.711 codec and transmission over an IEEE 802.11n draft 2.0 wireless local area network (WLAN). Decline in audio quality due to additional calls or by securing the WLAN with transport mode Internet Protocol Security (IPsec) is quantified. Audio quality over an IEEE 802.11n draft 2.0 WLAN is also compared to that of IEEE 802.11b and IEEE 802.11g WLANs under the same conditions. Audio quality is evaluated by following International Telecommunication Union Telecommunication Standardization Sector (ITU-T) Recommendation P.800, where human subjects rate audio clips recorded during various WLAN configurations. The Mean Opinion Score (MOS) is calculated as the average audio quality score given for each WLAN configuration. An 85% confidence interval is calculated for each MOS. Results suggest that audio quality over an IEEE 802.11n draft 2.0 WLAN is not higher than over an IEEE 802.11b WLAN when up to 10 simultaneous G.711 calls occur. A linear regression of the subjective scores also suggest that an IEEE 802.11n draft 2.0 WLAN can sustain an MOS greater than 3.0 (fair quality) for up to 75 simultaneous G.711 calls secured with WPA2, or up to 40 calls secured with both WPA2 and transport mode IPsec. The data strongly suggest that toll quality audio (MOS ≥ 4.0) is not currently practical over IEEE 802.11 WLANs secured with WPA2, even with the G.711 codec

Using Primitive Pythagorean Triples and the Blom's Scheme in the 4-way Handshake Wireless Security Protocol

The current standards for wireless security are WPA and its revised version WPA2 (IEEE 802.11i). At the basis of both of these is the WEP protocol that has been broken and automated software can crack it in under a minute. In order to put wireless security on a strong theoretical footing, this thesis proposes a novel way of using Pythagorean triples along with Blom's scheme to perform raw key exchange and authentication by using a 2 stage process to do the 4-way handshake similar to the one described in IEEE 802.11i. Primitive Pythagorean Triples (PPT's) are infinite and they display randomness that makes them good candidates for cryptographic key. We analyze the cryptographic strength of random keys generated by Primitive Pythagorean Triples and determine whether or not they can be used for wireless authentication and as raw keys for encryption in wireless security.Computer Scienc

Intrusion detection and management over the world wide web

As the Internet and society become ever more integrated so the number of Internet users continues to grow. Today there are 1.6 billion Internet users. They use its services to work from home, shop for gifts, socialise with friends, research the family holiday and manage their finances. Through generating both wealth and employment the Internet and our economies have also become interwoven. The growth of the Internet has attracted hackers and organised criminals. Users are targeted for financial gain through malware and social engineering attacks. Industry has responded to the growing threat by developing a range defences: antivirus software, firewalls and intrusion detection systems are all readily available. Yet the Internet security problem continues to grow and Internet crime continues to thrive. Warnings on the latest application vulnerabilities, phishing scams and malware epidemics are announced regularly and serve to heighten user anxiety. Not only are users targeted for attack but so too are businesses, corporations, public utilities and even states. Implementing network security remains an error prone task for the modern Internet user. In response this thesis explores whether intrusion detection and management can be effectively offered as a web service to users in order to better protect them and heighten their awareness of the Internet security threat

Étude et mise en œuvre d'une méthode de détection d'intrusions dans les réseaux sans-fil 802.11 basée sur la vérification formelle de modèles

Malgré de nombreuses lacunes au niveau sécurité, les équipements sans-fil deviennent omniprésents: au travail, au café, à la maison, etc. Malheureusement, pour des raisons de convivialité, de simplicité ou par simple ignorance, ces équipements sont souvent configurés sans aucun service de sécurité, sinon un service minimal extrêmement vulnérable. Avec de telles configurations de base, plusieurs attaques sont facilement réalisables avec des moyens financiers négligeables et des connaissances techniques élémentaires. Les techniques de détection d'intrusions peuvent aider les administrateurs systèmes à détecter des comportements suspects et à prévenir les tentatives d'intrusions. Nous avons modifié et étendu un outil existant (Orchids), basé sur la vérification de modèles, pour détecter des intrusions dans les réseaux sans-fil. Les attaques sont décrites de façon déclarative, à l'aide de signatures en logique temporelle. Nous avons tout d'abord développé et intégré, dans Orchids, notre propre module spécialisé dans l'analyse des événements survenant sur un réseau sans-fil 802.11. Par la suite, nous avons décrit, à l'aide de signatures, un certain nombre d'attaques, notamment, ChopChop - à notre connaissance, nous somme les premiers à détecter cette attaque -, ARP Replay, et la deauthentication flooding. Ces attaques ont ensuite été mises en oeuvre, puis détectées avec succès dans un environnement réel (trois machines: client, pirate et détecteur d'intrusion, plus un point d'accès). ______________________________________________________________________________ MOTS-CLÉS DE L’AUTEUR : Sécurité, Détection d'intrusions, Réseaux sans-fil, Vérification de modèles

Designing an architecture for secure sharing of personal health records : a case of developing countries

Includes bibliographical references.While there has been an increase in the design and development of Personal Health Record (PHR) systems in the developed world, little has been done to explore the utility of these systems in the developing world. Despite the usual problems of poor infrastructure, PHR systems designed for the developing world need to conform to users with different models of security and literacy than those designed for developed world. This study investigated a PHR system distributed across mobile devices with a security model and an interface that supports the usage and concerns of low literacy users in developing countries. The main question addressed in this study is: “Can personal health records be stored securely and usefully on mobile phones?” In this study, mobile phones were integrated into the PHR architecture that we/I designed because the literature reveals that the majority of the population in developing countries possess mobile phones. Additionally, mobile phones are very flexible and cost efficient devices that offer adequate storage and computing capabilities to users for typically communication operations. However, it is also worth noting that, mobile phones generally do not provide sufficient security mechanisms to protect the user data from unauthorized access

Análisis teórico y experimental sobre seguridad en redes Wi-Fi

Proyecto Fin de Carrera de la titulación Ingeniero en Informática, tutorizado por Antonio Jesús Nebro Urbaneja y José Francisco Chicano García.Este proyecto realiza un minucioso estudio sobre los mecanismos de seguridad que están disponibles para los dispositivos Wi-Fi, conforme a las especificaciones de la versión del estándar IEEE 802.11 publicada en el año 2007, incluyendo también una breve descripción de las debilidades y de los ataques más importantes que han sido descubiertos y que afectan a estos mecanismos de seguridad. En lo que respecta a la parte práctica, se documenta tanto el análisis como el diseño y se discusten cuestiones relevantes de la programación de una aplicación que implementa una prueba de concepto de una debilidad del protocolo de seguridad WEP