LOCATION FINGERPRINT AS A FACTOR OF AUTHENTICATION OF ACCESS POINTS IN WIRELESS NETWORK DEPLOYMENTS

Usage of Wi-Fi has gone to the next level with ever increase in the number of mobile devices, improved bandwidth and stability of Wireless LANs. There are many indoor and outdoor deployments using Wi-Fi in the form of wireless mesh networks. Administrators have little control on the APs installed in outdoor wireless mesh deployments. While AP authenticity is ensured by verifying its device certificate, but its physical location and safety is always big concern for Administrators. Being outdoor APs, they face always threats in the form of, getting stolen, misplacements, installation of rogue APs etc., Monitoring APs with the help of cameras or manually are very expensive solutions and may not be feasible in certain situations. As we know, once Access Points (APs) are deployed, they usually does not move. APs can use existing features (e.g., radio interface, NDP protocol, GPS etc.,) to detect their unique Location Fingerprint to identify with the physical location. Location Fingerprint is generated based on number of factors such as RRM neighbours, GPS co-ordinates, etc., The technique presented herein propose method, wherein APs periodically report their physical location information to the Network Management System, which generate Location Fingerprint from the collected location information of the AP and record the historical data of the Location Fingerprint of the APs. Whenever AP tries to re-join to the WLC, after completion of first factor authentication, second factor authentication is triggered, wherein WLC asks AP to provide the current location information. Upon receiving the location information from the AP, WLC forward it to the NMS. Further, NMS validate the location information of the AP with the pattern of historical data of the Location Fingerprint. If the pattern matches with the current location information of the AP, it is further allowed to proceed with the onboarding, otherwise, AP is rejected to join

AUTHENTICATED ROUTE DISCOVERY IN WIRELESS MESH NETWORKS

Techniques are presented herein to provide an efficient and secure signature scheme to authenticate route discovery in Wireless Mesh Networks (WMNs). Specifically, the techniques presented herein provide a scheme where multi-signatures are generated with cryptographic keys provided by Trusted Platform Modules (TPMs) on each Mesh Router (MR) in the WMN. The keys can protect device identities, which may secure the network devices against attacks, and, in at least some instances, the cryptographic keys can also provide authentication and encryption at the software/application level. Overall, the techniques may eliminate the need for a Key Generation Center (KGC) in the WMN and do not require MRs to cooperate to construct a signature. Thus, among other advantages, the techniques described herein may be efficient and inexpensive to implement

Gaussian Process Optimization in the Bandit Setting: No Regret and Experimental Design

Many applications require optimizing an unknown, noisy function that is expensive to evaluate. We formalize this task as a multi-armed bandit problem, where the payoff function is either sampled from a Gaussian process (GP) or has low RKHS norm. We resolve the important open problem of deriving regret bounds for this setting, which imply novel convergence rates for GP optimization. We analyze GP-UCB, an intuitive upper-confidence based algorithm, and bound its cumulative regret in terms of maximal information gain, establishing a novel connection between GP optimization and experimental design. Moreover, by bounding the latter in terms of operator spectra, we obtain explicit sublinear regret bounds for many commonly used covariance functions. In some important cases, our bounds have surprisingly weak dependence on the dimensionality. In our experiments on real sensor data, GP-UCB compares favorably with other heuristical GP optimization approaches

AUTHENTICATION OF APPLICATION FLOWS IN SOFTWARE DEFINED NETWORK DEPLOYMENTS USING A TRANSACTION MODEL

As Software Defined Networking (SDN) enables third party applications to be integrated into the architecture, a malicious application could have as much of a detrimental effect on the network as a compromised controller. In order to avoid the deployment of malicious/compromised applications, controllers and applications should establish a trusted connection and authenticate the identity of applications and their flows before exchanging control messages. Application flows may be considered network configurations sent by applications that are managed by controllers, which install network configurations into switches. Without authentication, applications may inject malicious configurations into network devices at will, which could reduce network availability, reliability, and/or even lead to a network breakdown. Presented herein are techniques involving a Transaction model that can be utilized to authenticate applications and their flows and further provide trust establishment between a controller and a switch in multi-provider SDN deployment

TRUSTWORTHINESS AMONG CONTROLLERS AND SWITCHES IN MULTI-PROVIDER SOFTWARE DEFINED NETWORK DEPLOYMENTS USING A TRUSTED PLATFORM MODULE (TPM) AND SECURE LEDGER

The OpenFlow® protocol especially OpenFlow® Discovery Protocol (OFDP) utilizes clear text Link Layer Discovery Protocol (LLDP) message exchanges to discover network topology. Such exchanges lack security and may lead to network attacks such as LLDP flooding, link fabrication, etc. Currently, the OpenFlow® protocol both in the case of discovery (OFDP) as well during subsequent communication between a controller and a switch (even with Transport Layer Security (TLS)) does not offer a way to understand whether or not a discovered controller or switch is a trustworthy device. Presented herein are techniques that provide Trusted Platform Module (TPM) and blockchain-based trust establishment for OpenFlow® protocol communications that may be utilized between controllers and switches in multi-provider software defined network (SDN) deployments

SECURE AND EFFICIENT METHOD TO DISTRIBUTE CONFIGURATIONS IN WIRELESS CLUSTER DEPLOYMENTS USING HYPER LEDGER

An enterprise wireless clustering deployment is comprises of cluster of Wireless Local Area Network (LAN) Controllers (WLCs), intended to provide collaborative services such as load balancing of Access Points (APs), distributed mDNS gateway, etc. Since these cluster deployments are typically very large, configuring individual WLCs is difficult. Presented herein are techniques to incorporate WLC cluster deployments with an authenticated distributed ledger to securely store the configuration and subsequent changes (e.g., only maintain changes from the previous one, using dictionary method: key-value pair to identify the difference). This avoids the use of control Datagram Transport Layer Security (DTLS) connection between AP and WLC for sharing the configuration, thereby giving access to the ledger based on the service registered by the worker WLCs or APs. For example, a worker WLC would register for services such as load balancing, mDNS gateway etc., to obtain the relevant configurations. Similarly, APs would register for wireless service to get configurations and policies based on the Site Tag (location)

DISTRIBUTED POLICY MANAGEMENT FOR SERVICE PROVIDER CHAINS

Techniques are described herein to provide distributed end-to-end policy management across a chain of service provider networks (i.e., administrative domains). The techniques leverage an agent-centric framework for a fully distributed peer-to-peer network that allows nodes to maintain decentralized tamper-proof hash chains (e.g., Holochain). With this framework, the techniques are able to quickly and conveniently indicate network policies across a chain of service providers, in a distributed manner, and guarantee that requirements of the policies are met along the chain of service providers