Detection of Man-in-the-middle Attacks Using Physical Layer Wireless Security Techniques

Wang, Le

27 August 2013

"In a wireless network environment, all the users are able to access the wireless channel. Thus, if malicious users exploit this feature by mimicking the characteristics of a normal user or even the central wireless access point (AP), they can intercept almost all the information through the network. This scenario is referred as a Man-in-the-middle (MITM) attack. In the MITM attack, the attackers usually set up a rogue AP to spoof the clients. In this thesis, we focus on the detection of MITM attacks in Wi-Fi networks. The thesis introduces the entire process of performing and detecting the MITM attack in two separate sections. The first section starts from creating a rogue AP by imitating the characteristics of the legitimate AP. Then a multi-point jamming attack is conducted to kidnap the clients and force them to connect to the rogue AP. Furthermore, the sniffer software is used to intercept the private information passing through the rogue AP. The second section focuses on the detection of MITM attacks from two aspects: jamming attacks detection and rogue AP detection. In order to enable the network to perform defensive strategies more effectively, distinguishing different types of jamming attacks is necessary. We begin by using signal strength consistency mechanism in order to detect jamming attacks. Then, based on the statistical data of packets send ratio (PSR) and packets delivery ratio (PDR) in different jamming situations, a model is built to further differentiate the jamming attacks. At the same time, we gather the received signal strength indication (RSSI) values from three monitor nodes which process the random RSSI values employing a sliding window algorithm. According to the mean and standard deviation curve of RSSI, we can detect if a rogue AP is present within the vicinity. All these proposed approaches, either attack or detection, have been validated via computer simulations and experimental hardware implementations including Backtrack 5 Tools and MATLAB software suite. "

RSSI

Jamming attack

rogue AP

MITM

Wi-Fi

Security Enhanced Communications in Cognitive Networks

Yan, Qiben

08 August 2014

With the advent of ubiquitous computing and Internet of Things (IoT), potentially billions of devices will create a broad range of data services and applications, which will require the communication networks to efficiently manage the increasing complexity. Cognitive network has been envisioned as a new paradigm to address this challenge, which has the capability of reasoning, planning and learning by incorporating cutting edge technologies including knowledge representation, context awareness, network optimization and machine learning. Cognitive network spans over the entire communication system including the core network and wireless links across the entire protocol stack. Cognitive Radio Network (CRN) is a part of cognitive network over wireless links, which endeavors to better utilize the spectrum resources. Core network provides a reliable backend infrastructure to the entire communication system. However, the CR communication and core network infrastructure have attracted various security threats, which become increasingly severe in pace with the growing complexity and adversity of the modern Internet. The focus of this dissertation is to exploit the security vulnerabilities of the state-of-the-art cognitive communication systems, and to provide detection, mitigation and protection mechanisms to allow security enhanced cognitive communications including wireless communications in CRNs and wired communications in core networks. In order to provide secure and reliable communications in CRNs: emph{first}, we incorporate security mechanisms into fundamental CRN functions, such as secure spectrum sensing techniques that will ensure trustworthy reporting of spectrum reading. emph{Second}, as no security mechanism can completely prevent all potential threats from entering CRNs, we design a systematic passive monitoring framework, emph{SpecMonitor}, based on unsupervised machine learning methods to strategically monitor the network traffic and operations in order to detect abnormal and malicious behaviors. emph{Third}, highly capable cognitive radios allow more sophisticated reactive jamming attack, which imposes a serious threat to CR communications. By exploiting MIMO interference cancellation techniques, we propose jamming resilient CR communication mechanisms to survive in the presence of reactive jammers. Finally, we focus on protecting the core network from botnet threats by applying cognitive technologies to detect network-wide Peer-to-Peer (P2P) botnets, which leads to the design of a data-driven botnet detection system, called emph{PeerClean}. In all the four research thrusts, we present thorough security analysis, extensive simulations and testbed evaluations based on real-world implementations. Our results demonstrate that the proposed defense mechanisms can effectively and efficiently counteract sophisticated yet powerful attacks. / Ph. D.

Cognitive radio networks security

Cognitive radio networks

reactive jamming attack

network monitoring

botnet detection

Contribution to the Intelligent Transportation System : security of Safety Applications in Vehicle Ad hoc Networks / Contribution aux systèmes de transport intelligents : sécurité des applications de sureté dans les réseaux de véhicules ad hoc

Nguyen-Minh, Huong

29 September 2016

Le développement du transport partout dans le monde a fourni un grand nombre d'avantages pour de nombreux aspects de la vie humaine. Les systèmes de transport intelligents (ITS) sont des applications avancées qui visent à rendre les réseaux de transport plus sûrs, plus pratiques et plus intelligents. Selon leurs usages, ils peuvent être classés en deux types d'applications ITS, qui sont des applications de sûreté et des applications non-sûreté. Le réseau de véhicules ad hoc (VANET) est un élément clé des systèmes ITS, car il permet la communication entre les unités de transport. Ces communications prennent en charge différentes applications ITS avec différentes propriétés. Parmi les deux types d'applications, nous nous intéressons aux applications de sûreté qui ont des contraintes de qualité de service et des contraintes de sécurité plus strictes. Selon le scénario considéré et l'application de sûreté donnée, les informations échangées entre les véhicules doivent être diffusé localement dans une communication à un seul saut et / ou également notifiées aux véhicules à large dimension. L'objectif principal de cette thèse est d'améliorer les performances des applications de sûreté en termes de qualité de service et de sécurité, à la fois dans une communication à un saut et dans une communication multi-sauts. Nous nous intéressons à la fiabilité, la connectivité et le déni de service (DoS). Nous étudions et proposons des solutions techniques provenant de couches inférieures (Physique, Liaison et Réseaux) qui jouent un rôle fondamental dans l'atténuation des défis créés par la nature de l'environnement des véhicules. Tout d'abord, nous introduisons une nouvelle méthode efficace pour fiabiliser la radiodiffusion. Dans notre système, les messages de sécurité sont rediffusés lorsque l'expéditeur est sollicité. Cela augmente le pourcentage de véhicules qui reçoivent les messages alors que le nombre de messages dupliqués reste limité. En second lieu, en tenant compte de la fragmentation du réseau, nous étudions des solutions qui permettent de pallier la déconnexion temporaire du réseau pour apporter l'information de sécurité aux destinataires. Basé sur les propriétés sociales des réseaux de véhicules, nous proposons un protocole de transfert basé sur des relations sociales pour relayer la communication entre les véhicules et des points d'intérêt qui fournissent des services de sécurité avec des contraintes de temps plus souples, telles que la recherche et le sauvetage. Troisièmement, nous étudions l'attaque de brouillage, une sorte d'attaques DoS, qui est cruciale pour les applications de sûreté et qui et facilement réalisable au niveau des couches inférieures. Nous modélisons l'attaque de brouillage afin d'étudier la dégradation causée par l'attaque sur les performances du réseau. La dégradation à un certain niveau dans les performances du réseau est une indication de présence d'attaques de brouillage dans le réseau; donc les résultats de cette analyse nous permettent de déterminer les seuils de performance du réseau pour distinguer entre les scénarios normaux et les scénarios attaqués. Toutefois, selon cette analyse, le procédé utilisant la dégradation comme une indication pour détecter une attaque de brouillage est impossible pour des applications temps réel. Par conséquent, nous proposons des nouvelles méthodes afin de détecter les attaques de brouillage temps réel. Nos méthodes permettent la détection en temps réel avec une grande précision, non seulement chez le moniteur central mais aussi au niveau de chaque véhicule. Par conséquent, les véhicules sont avertis sur l'attaque assez tôt pour récupérer la communication et réagir à ces attaques. / The development of transportation all over the world has been providing a lot of benefits for many aspects of human life. Intelligent Transportation Systems (ITS) are advanced applications that aim to make the transport networks safer, more convenient and smarter. According to their usages, they can be classified into two types of ITS applications, which are safety applications and non-safety applications. Vehicular ad hoc network (VANET) is a key component of ITS since it enables communications among transportation units. These communications support different ITS applications with various properties. Between two types of applications, we are interested in safety applications which have tighter quality and security constraints. Depending on an applied scenario of a given safety application, the exchanged information among vehicles must be broadcast locally within one-hop communication and/or also be notified to vehicles in large range. The main objective of this thesis is to improve the performance of safety applications in term of the quality of service and security, in both one-hop communication and multi-hop communication. We focus on reliability, connectivity and Denial of Services (DoS) attack. We study and propose technical solutions coming from lower layers (Physical, MAC and network layers) which play a fundamental role in mitigation to challenges created by the nature of the vehicular environment. Firstly, we introduce a reliable scheme to achieve the reliability for broadcasting. In our scheme, the safety messages are rebroadcast when the sender is solicited. This increases the percentage of vehicles receiving the messages while duplicated messages are limited. Secondly, with consideration of the fragmentation of the network, we study solutions that overcome the temporary disconnection in the network to bring the safety information to the recipients. Based on the social properties of vehicular networks, we propose a social-based forwarding protocol to support the communication between vehicles to points of interest that provide safety services with looser time constraints, such as search and rescue. Thirdly, we investigate jamming attack, a kind of DoS attacks, which is crucial for safety applications because of the adequate condition of the attack at the lower layers. We model jamming attack on broadcasting in order to study the degradation caused by the attack on network performance. The degradation at a certain level in network performance is an indication of a jamming attack presence in the network; therefore results from this analysis will allow us to determine network performance thresholds to distinguish between normal and attacked scenarios. However, according to our analysis, the method using the degradation as an indication to detect a jamming attack is not feasible for real-time applications. Hence, we propose methods to detect jamming attacks in real-time. Our methods allow real-time detection with high accuracy, not only at the central monitor but also at each vehicle. Therefore, vehicles are noticed about the attack soon enough to recover the communication and react to these attacks.

Réseau de véhicule

Couche MAC

ITS

Attaque de brouillage

IEEE 802.11p

Jamming attack

Vehicular network

ITS

MAC

IEEE 802.11p

005.8

Information Theoretical Studies on MIMO Channel with Limited Channel State Information

Abdelaziz, Amr Mohamed

January 2017

No description available.

Communication

Electrical Engineering

Information Science

Information Theory

Secrecy Capacity

Transmitter Optimization

Limited CSI

Delay Limited Secrecy Capacity

Ergodic Secrecy Capacity

Covert MIMO Communication

Physical Layer Authentication

Jamming Attack