Rogue Access Point Detection using Temporal Traffic Characteristics

Similar documents
II. CURRENT APPROACHES. A. Wireless Approaches

Rogue Access Point Detection using Challenge-Response Mechanism

Application Layer Switching: A Deployable Technique for Providing Quality of Service

A Passive Approach to Wireless NIC Identification

Detecting Protected Layer-3 Rogue APs

Introduction to Mobile Ad hoc Networks (MANETs)

521262S Computer Networks 2 (fall 2007) Laboratory exercise #4: Multimedia, QoS and testing

Cache and Forward Architecture

Computer Communication Networks

WiFi Networks: IEEE b Wireless LANs. Carey Williamson Department of Computer Science University of Calgary Winter 2018

Networking and TCP/IP. John Kalbach November 8, 2004

Lab - Using Wireshark to Examine a UDP DNS Capture

Rogue Access Points and UBC s Wi-Fi Network

A Deployable Framework for Providing Better Than Best-Effort Quality of Service for Traffic Flows

Lab - Using Wireshark to Examine a UDP DNS Capture

Supporting Mobility in MobilityFirst

What is Eavedropping?

Analysis QoS Parameters for Mobile Ad-Hoc Network Routing Protocols: Under Group Mobility Model

SWITCH Implementing Cisco IP Switched Networks

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

CUWN Release 8.2 mdns Gateway with Chromecast Support Feature Deployment Guide

Wireless technology Principles of Security

Chapter 6 Wireless and Mobile Networks. Csci 4211 David H.C. Du

CS118 Discussion 1A, Week 9. Zengwen Yuan Dodd Hall 78, Friday 10:00 11:50 a.m.

CS263: Wireless Communications and Sensor Networks

Wireless Terms. Uses a Chipping Sequence to Provide Reliable Higher Speed Data Communications Than FHSS

Optimized Wireless LAN Plan An AirTight Service. For

Overview of IEEE Networks. Timo Smura

Impact of End-to-end QoS Connectivity on the Performance of Remote Wireless Local Networks

Architecture and Evaluation of an Unplanned b Mesh Network

SJTU 2018 Fall Computer Networking. Wireless Communication

Mesh Network. Kiran Mathews Seminar: Verteilte und vernetzte Systeme

ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

Computer Networks รศ.ดร.อน นต ผลเพ ม. Assoc. Prof. Anan Phonphoem, Ph.D. Kasetsart University, Bangkok, Thailand

Mobile Security Fall 2013

VoIP over wireless networks: a packet scheduling approach to provide QoS using Linux

Hands-On IP Multicasting for Multimedia Distribution Networks

CE693: Adv. Computer Networking

On the Performance Characteristics of WLANs: Revisited

Packet-oriented QoS management model for a wireless Access Point

Topics for Today. More on Ethernet. Wireless LANs Readings. Topology and Wiring Switched Ethernet Fast Ethernet Gigabit Ethernet. 4.3 to 4.

On the Scalability of Hierarchical Ad Hoc Wireless Networks

Network Simulators, Emulators and Testbeds

Towards a Sensor Network Architecture: Issues and Challenges. Muneeb Ali LUMS, Pakistan SICS, Sweden

Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS

CIS 5373 Systems Security

ch02 True/False Indicate whether the statement is true or false.

WiCheck TestCase Report

Simulation and Analysis of Impact of Buffering of Voice Calls in Integrated Voice and Data Communication System

Dynamic Energy-based Encoding and Filtering in Sensor Networks (DEEF)

LiRa: a WLAN architecture for Visible Light Communication with a Wi-Fi uplink

QUT Digital Repository:

Last Lecture. Network Architecture: Layers. This Lecture. In the sending host (2) In the sending host

SYSTEMS ADMINISTRATION USING CISCO (315)

DYNAMIC SEARCH TECHNIQUE USED FOR IMPROVING PASSIVE SOURCE ROUTING PROTOCOL IN MANET

Performance Study of CCNx

Common problems in production Wireless Networks. Jigsaw: Solving the Puzzle of Enterprise Analysis. Sounds Familiar?

Transfer of data from one device to another via some form of transmission medium.

XORs in the Air: Practical Wireless Network Coding

Network Game High Level Design Document CS426 Fall 2006

CS 3516: Advanced Computer Networks

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Fundamentals of Computer Networking AE6382

Fundamentals of Telecommunication Networks (ECP 602)

Design of Link and Routing Protocols for Cache-and- Forward Networks. Shweta Jain, Ayesha Saleem, Hongbo Liu, Yanyong Zhang, Dipankar Raychaudhuri

Practical MU-MIMO User Selection on ac Commodity Networks

Configuring Wireless Multicast

Wireless Mesh Networks

Strategies and Guidelines for Improving Wireless Local Area Network Performance

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

PERFORMANCE ANALYSIS OF AF IN CONSIDERING LINK UTILISATION BY SIMULATION WITH DROP-TAIL

Research Article Size-Based and Direction-Based TCP Fairness Issues in IEEE WLANs

Dynamic Deferred Acknowledgment Mechanism for Improving the Performance of TCP in Multi-Hop Wireless Networks

Homework Assignment #3 Due Oct 3:50 PM

DOMINO: A System to Detect Greedy Behavior in IEEE Hotspots

Solutions to Performance Problems in VoIP Over a Wireless LAN

Wireless Attacks and Countermeasures

1. The Internet 2. Principles 3. Ethernet 4. WiFi 5. Routing 6. Internetworking 7. Transport 8. Models 9. WiMAX & LTE 10. QoS 11. Physical Layer 12.

Man In The Middle Project completed by: John Ouimet and Kyle Newman

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

ITM542 Spring 2004 Feasibility Study of a Wireless LAN network With-VoIP at IIT Rice campus Ninad Narkhede Masaaki Yana Saturday, 1 May 2004

Applications and Performance Analysis of Bridging with Layer-3 Forwarding on Wireless LANs

Networked Control Systems for Manufacturing: Parameterization, Differentiation, Evaluation, and Application. Ling Wang

CyberP3i Course Module Series

Mobile IPv4 Secure Access to Home Networks. Jin Tang

Local Area Networks (LANs) & Networks Inter-Connection Chapter 5

Faculty Of Computer Sc. & Information Technology (FSKTM)

Dual Cell-high Speed Downlink Packet Access System Benefits and User Experience Gains

Network Systems ( / ), Test 3 March 24, 2017, 13:45 15:15

Outline. A Professional Company in Software-Defined Networking (SDN) Copyright , EstiNet Technologies Inc. All Rights Reserved..

ECE 544 Computer Networks II Mid-Term Exam March 29, 2002 Profs. D. Raychaudhuri & M. Ott

CS 268: Computer Networking. Taking Advantage of Broadcast

Wireless Challenges : Computer Networking. Overview. Routing to Mobile Nodes. Lecture 25: Wireless Networking

Application Specific Large Scale Sensor Networks

CSC 4900 Computer Networks: Security Protocols (2)

Mobile and Sensor Systems

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

CS513/EE506/CS4514 Intro to Local and Wide Area Networks WPI, Summer 2006

Network Encryption 3 4/20/17

Configure Multicast on Cisco Mobility Express AP's

Transcription:

Rogue Access Point Detection using Temporal Traffic Characteristics Raheem Beyah, Shantanu Kangude, George Yu, Brian Strickland, and John Copeland Communications Systems Center School of Electrical and Computer Engineering Georgia Institute of Technology

Outline Abstract Current Approaches Background of Proposed Scheme Experimental Setup Performance Analysis Conclusion and Future Work 2-Dec-04 Globecom 2004 2

Abstract As the cost of 802.11 hardware continues to fall, the appeal of inserting unauthorized wireless access points (APs) grows These rogue APs seriously breach the security of the network Current approaches to detecting rogue APs are rudimentary and easily evaded We propose a scheme that uses temporal traffic characteristics to detect rogues APs Further, this approach is independent of the wireless technology 2-Dec-04 Globecom 2004 3

Layered Solution Application Transport Network Data Link Layer Physical Layer 2-Dec-04 Globecom 2004 4

Current Approaches - Wireless Most of the current approaches fall into this category Popular solutions include: wireless packet analyzers (as separate devices, or as software on laptops), distributed sensors (e.g., separate devices, valid APs, laptops with special software) These solutions are either costly, impractical for networks without a wireless infrastructure, limited to one wireless technology, or can be foiled by intelligent hackers with special hardware (e.g., directional antennas) 2-Dec-04 Globecom 2004 5

Current Approaches - Hybrid A solution that combines wireless and wired techniques is a step in the right direction In addition to distributed sensors. This solution listens at layers 2 and 3 and queries switches and routers to determine connected devices This solution is inadequate: Medium Access Control (MAC) addresses can be spoofed Queried devices can be configured to be unresponsive to specific queries 2-Dec-04 Globecom 2004 6

Current Approaches - Wired Best approach However, current solutions are inadequate because they rely on: MAC addresses that can be spoofed Querying devices that can be configured to be unresponsive Look for specific transactions during a short window to identify rogues Are not scalable 2-Dec-04 Globecom 2004 7

Background of Proposed Scheme Wireless links in a That is: network path cause more random temporally different spreading of packets as compared to wired Specifically, the spreading of packets caused by wireless links is normally greater than that caused by wired links { 2-Dec-04 Globecom 2004 8

Background of Proposed Scheme Difference in inter-packet spacing in wireless and wired traffic is a result of: Reliability of the wired link vs. wireless link - thus traffic is shaped mostly by higher layers (e.g., TCP) MAC protocol used to access the shared wireless link vs. non-contention based access to a switched wired link Increased capacity of wired link vs. wireless link 2-Dec-04 Globecom 2004 9

PWR 10M100M 1 2 3 4 5 6 7 8 9101112 ACTACT COLCOL SWITCH 131415161718192021222324 1 2 3 4 13 14 15 16 5 6 7 8 17 18 19 20 9 10 11 12 21 22 23 24 UPLINK PWR 1 2 3 4 5 6 7 8 9 101112 10M100M ACT ACT COLCOL SWITCH 131415161718192021222324 1 2 3 4 13 14 15 16 5 6 7 8 17 18 19 20 9 10 11 12 21 22 23 24 UPLINK Experimental Setup Figure 1. Configuration with wired link. Figure 2. Configuration with wireless link. o FTP traffic generated o File sizes (10MB, to 100MB, using 10MB increments) o Wireless network - 802.11b 2-Dec-04 Globecom 2004 10

Performance Analysis Rogue AP Detection at Immediate Switch Forward Path Figure 3. Cumulative Distribution Function of the inter-packet spacing of wired and wireless traffic on the forward path. 2-Dec-04 Globecom 2004 11

Performance Analysis Rogue AP Detection at Immediate Switch Reverse Path Figure 4. Cumulative Distribution Function of the inter-packet spacing of wired and wireless traffic on the reverse path. 2-Dec-04 Globecom 2004 12

Performance Analysis Rogue AP Detection at Immediate Switch Forward Path 10Mb/s cross traffic Figure 5. Cumulative Distribution Function of the Inter-packet spacing of wired and wireless traffic on the forward path with UDP constant bit rate cross traffic at 10Mb/s. 2-Dec-04 Globecom 2004 13

Performance Analysis Results Figure 3 shows that 80% of the interpacket spacing on the forward path for the wired link was less than 1ms, while around 90% of the inter-packet spacing for the wired link was greater than 1ms Figure 4 shows a similar theme for the reverse path Figure 5 also confirms the approach with the inclusion of 10Mb/s of cross traffic 2-Dec-04 Globecom 2004 14

Conclusion & Future Work We presented a novel wired approach to detecting rogues APs Create detection algorithms at upper layers Detection several segments downstream is underway Automation of the algorithm is also being actively researched Incorporation of this scheme in with switched with non-traditional queuing (other than first in first out (FIFO)) is being researched 2-Dec-04 Globecom 2004 15

Questions 2-Dec-04 Globecom 2004 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback