Multi-Vector Portable Intrusion Detection System

Moyers, Benjamin

18 August 2009

This research describes an intrusion detection system designed to fulfill the need for increased mobile device security. The Battery-Sensing Intrusion Protection System (B-SIPS) [1] initially took a non-conventional approach to intrusion detection by recognizing attacks based on anomalous Instantaneous Current (IC) drainage. An extension of B-SIPS, the Multi-Vector Portable Intrusion Detection System (MVP-IDS) validates the idea of recognizing attacks based on anomalous IC drain by correlating the detected anomalies with wireless attack traffic from both the Wi-Fi and Bluetooth mediums. To effectively monitor the Wi-Fi and Bluetooth mediums for malicious packet streams, the Snort-Based Wi-Fi and Bluetooth Attack Detection and Signature System (BADSS) modules were introduced. MVP-IDS illustrates that IC anomalies, representing attacks, can be correlated with wireless attack traffic through a collaborative and multi-module approach. Furthermore, MVP-IDS not only correlates wireless attacks, but mitigates them and defends its clients using an administrative response mechanism. This research also provides insight into the ramifications of battery exhaustion Denial of Service (DoS) attacks on battery-powered mobile devices. Several IEEE 802.11 Wi-Fi, IEEE 802.15.1 Bluetooth, and blended attacks are studied to understand their effects on device battery lifetimes. In the worst case, DoS attacks against mobile devices were found to accelerate battery depletion as much as 18.5%. However, if the MVP-IDS version of the B-SIPS client was allowed to run in the background during a BlueSYN flood attack, it could mitigate the attack and preserve as much as 16% of a mobile device's battery lifetime as compared with an unprotected device. / Master of Science

Intrusion Detection

Bluetooth Security

Wireless Security

Mobile Device Security

Security in next generation air traffic communication networks

Strohmeier, Martin

January 2016

A multitude of wireless technologies are used by air traffic communication systems during different flight phases. From a conceptual perspective, all of them are insecure as security was never part of their design and the evolution of wireless security in aviation did not keep up with the state of the art. Recent contributions from academic and hacking communities have exploited this inherent vulnerability and demonstrated attacks on some of these technologies. However, these inputs revealed that a large discrepancy between the security perspective and the point of view of the aviation community exists. In this thesis, we aim to bridge this gap and combine wireless security knowledge with the perspective of aviation professionals to improve the safety of air traffic communication networks. To achieve this, we develop a comprehensive new threat model and analyse potential vulnerabilities, attacks, and countermeasures. Since not all of the required aviation knowledge is codified in academic publications, we examine the relevant aviation standards and also survey 242 international aviation experts. Besides extracting their domain knowledge, we analyse the awareness of the aviation community concerning the security of their wireless systems and collect expert opinions on the potential impact of concrete attack scenarios using insecure technologies. Based on our analysis, we propose countermeasures to secure air traffic communication that work transparently alongside existing technologies. We discuss, implement, and evaluate three different approaches based on physical and data link layer information obtained from live aircraft. We show that our countermeasures are able to defend against the injection of false data into air traffic control systems and can significantly and immediately improve the security of air traffic communication networks under the existing real-world constraints. Finally, we analyse the privacy consequences of open air traffic control protocols. We examine sensitive aircraft movements to detect large-scale events in the real world and illustrate the futility of current attempts to maintain privacy for aircraft owners.

004

Behavioral Mimicry Covert Communication

Ahmadzadeh, Seyed Ali

January 2013

Covert communication refers to the process of communicating data through a channel that is neither designed, nor intended to transfer information. Traditionally, covert channels are considered as security threats in computer systems and a great deal of attention has been given to countermeasures for covert communication schemes. The evolution of computer networks led the communication community to revisit the concept of covert communication not only as a security threat but also as an alternative way of providing security and privacy to communication networks. In fact, the heterogeneous structure of computer networks and the diversity of communication protocols provide an appealing setting for covert channels. This dissertation is an exploration on a novel design methodology for undetectable and robust covert channels in communication networks. Our new design methodology is based on the concept of behavioral mimicry in computer systems. The objective is to design a covert transmitter that has enough degrees of freedom to behave like an ordinary transmitter and react normally to unpredictable network events, yet it has the ability to modulate a covert message over its behavioral fingerprints in the network. To this end, we argue that the inherent randomness in communication protocols and network environments is the key in finding the proper medium for network covert channels. We present a few examples on how random behaviors in communication protocols lead to discovery of suitable shared resources for covert channels. The proposed design methodology is tested on two new covert communication schemes, one is designed for wireless networks and the other one is optimized for public communication networks (e.g., Internet). Each design is accompanied by a comprehensive analysis from undetectability, achievable covert rate and reliability perspectives. In particular, we introduced turbo covert channels, a family of extremely robust model-based timing covert channels that achieve provable polynomial undetectability in public communication networks. This means that the covert channel is undetectable against any polynomial-time statistical test that analyzes samples of the covert traffic and the legitimate traffic of the network. Target applications for the proposed covert communication schemes are discussed including detailed practical scenarios in which the proposed channels can be implemented.

Covert Communication

Information Hiding

Channel Coding

Wireless Security

Network Security

Protocol Design

Electrical and Computer Engineering

Seguridad en redes de computación ubicua: contribución a la validación de credenciales

Hinarejos Campos, M. Francisca

30 June 2010

Technology progress in both user devices and networks allows communications anytime and anywhere. New communication environments offer a wide range of possibilities to users, but also generate new threats. For this reason, it is necessary to establish measures to find out who is establishing a communication and what actions is authorized to do. Currently proposed solutions in the literature are not completely adapted to the new features such as user mobility, network disconnections and constraints of devices and networks. Many of the existing proposals have focused in providing specific solutions to particular scenarios, but they do not consider a global heterogeneous scenario. Therefore, it is necessary to design security mechanisms able to adapt themselves to new scenarios. In this sense, digital certificates are a standardized and widely used solution. Digital certificates enable performing user authentication and authorization in a distributed way. The problem is that ubiquitous environments complicate the process of digital certificates validation. This complexity could result in a service being not accessible. The goal of this thesis is to contribute in making ubiquitous scenarios more secure. More specifically, the work proposes solutions for reducing the credential validation cost and for improving the availability of authentication and authorization services. In first place, we propose a solution for credential validation that works properly in environments with connection to on-line servers and also in environments where the connection to servers is sometimes not possible. In second place, we propose a cascade revocation system where the delegation is partially centralized. Delegation provides high flexibility to authorization systems, but adds complexity to the system. Our proposal reduces the burden on the verifier-side. In third place, we propose a revocation system for delegation chains based on prefix codes. This proposal deals with the problem of centralization of the previous proposal. In particular, the decentralized solution presented keeps the load reduction achieved in the partially centralized proposal, and also enables dynamic delegation and distribution of revocation data. While the user is connected, revocation data distribution can be done with a certificate revocation list. However, in scenarios where the connection can be lost temporally, this might not be possible. To address this issue, we have proposed a system in which users can perform the functions of revocation servers without being trusted entities. This will allow increasing the availability of validation service, and reduce resource consumption. Each proposal has been analyzed and compared with existing solutions to verify the improvements achieved. / El avance tecnológico tanto de los dispositivos de usuario como de las redes permite que se puedan establecer comunicaciones en cualquier momento y en cualquier lugar. Si bien estos entornos ofrecen un gran abanico de posibilidades a los usuarios, también es cierto que generan nuevas amenazas. Por este motivo, son necesarias medidas que permitan saber con quién se está estableciendo la comunicación y qué acciones se pueden autorizar. Las soluciones propuestas en la literatura no se adaptan completamente a las nuevas características de movilidad, desconexión y limitaciones tanto de los dispositivos como de las redes. De hecho, muchas de las propuestas existentes se han centrado en ofrecer soluciones concretas a escenarios particulares, sin tener en cuenta que el usuario puede entrar a formar parte de entornos heterogéneos. Por lo tanto, se hace necesario diseñar mecanismos de seguridad que conviviendo con los estándares vigentes, se adapten a los nuevos escenarios. En este sentido, los certificados digitales son una solución estandarizada y ampliamente extendida. Los certificados digitales permiten llevar a cabo tanto la autenticación como la autorización de un usuario de forma distribuida. Sin embargo, las características de los entornos ubicuos complican el proceso de validación de certificados. Esta complejidad podría llevar a que no se puediera acceder a los servicios. El objetivo de esta tesis es contribuir a aumentar la seguridad en entornos ubicuos. Más concretamente, se proporcionan soluciones para reducir la carga en la validación de credenciales y aumentar la disponibilidad de los servicios de autenticación y autorización. En primer lugar se propone un sistema de verificación de credenciales que se adapta para funcionar tanto en entornos con conexión a servidores on-line, como en sistemas off-line. Por otra parte, el proceso de delegación en sistemas de autorización, aporta una gran flexibilidad a estos entornos, pero a su vez añade complejidad al sistema. Para reducir esta carga sobre el verificador se propone un sistema de revocación en cascada con delegación centralizada. Sin embargo, esta centralización del servicio limita la escalabilidad y flexibilidad de la solución. Para dar solución a ese inconveniente, se ha propuesto un sistema de revocación en cadenas de delegación basado en códigos prefijo. Esta solución permite mantener la reducción de la carga en la validación lograda en la propuesta centralizada, y además, hace posible la delegación dinámica y la distribución de la información de revocación. Esta distribución puede realizarse a través de listas de revocación de credenciales. En redes con desconexión temporal esta información podría no estar accesible. Para solventarlo, se ha propuesto un sistema en el que los usuarios pueden realizar las funciones de servidores de revocación sin ser entidades de confianza. De esta forma se permite aumentar la disponibilidad del servicio de validación, y reducir el consumo de los recursos. Cada una de las propuestas realizadas se ha analizado para verificar las mejoras proporcionadas frente a las soluciones existentes. Para ello, se han evaluado de forma analítica, por simulación y/o implementación en función de cada caso. Los resultados del análisis verifican el funcionamiento esperado y muestran las mejoras de las propuestas frente a las soluciones existentes.

PKI

PMI

Certificate validation

Wireless security

Access control

Delegation

Mobile segurity

004

621.3

A Secure Wireless Network Architecture Proposal To Be Used By Governments In Case Of Emergency Situations

Aksoy, Mustafa

01 September 2007

Since wireless network technology has advanced swiftly and dropped in price, it became a widely used networking option among numerous organizations and even single home users. In spite of their widespread usage by private sector, wireless networks are still undesired alternative for the governments due to security concerns. Although wireless networks possessed lots of proven and documented security flaws at first, with the latest researches and developments this condition ameliorated by the time and wireless networks became much more robust to various security attacks. In this thesis, a secure wireless network architecture that will allow exchange of unclassified information, using 802.11 (Wi-fi) and 802.16 (WIMAX), will be proposed that could be established by governments in case of emergency situations, namely natural disasters or wars, where cable infrastructure becomes unavailable.

T Information Technology 58.5-58.64

Behavioral Mimicry Covert Communication

Ahmadzadeh, Seyed Ali

January 2013

Covert communication refers to the process of communicating data through a channel that is neither designed, nor intended to transfer information. Traditionally, covert channels are considered as security threats in computer systems and a great deal of attention has been given to countermeasures for covert communication schemes. The evolution of computer networks led the communication community to revisit the concept of covert communication not only as a security threat but also as an alternative way of providing security and privacy to communication networks. In fact, the heterogeneous structure of computer networks and the diversity of communication protocols provide an appealing setting for covert channels. This dissertation is an exploration on a novel design methodology for undetectable and robust covert channels in communication networks. Our new design methodology is based on the concept of behavioral mimicry in computer systems. The objective is to design a covert transmitter that has enough degrees of freedom to behave like an ordinary transmitter and react normally to unpredictable network events, yet it has the ability to modulate a covert message over its behavioral fingerprints in the network. To this end, we argue that the inherent randomness in communication protocols and network environments is the key in finding the proper medium for network covert channels. We present a few examples on how random behaviors in communication protocols lead to discovery of suitable shared resources for covert channels. The proposed design methodology is tested on two new covert communication schemes, one is designed for wireless networks and the other one is optimized for public communication networks (e.g., Internet). Each design is accompanied by a comprehensive analysis from undetectability, achievable covert rate and reliability perspectives. In particular, we introduced turbo covert channels, a family of extremely robust model-based timing covert channels that achieve provable polynomial undetectability in public communication networks. This means that the covert channel is undetectable against any polynomial-time statistical test that analyzes samples of the covert traffic and the legitimate traffic of the network. Target applications for the proposed covert communication schemes are discussed including detailed practical scenarios in which the proposed channels can be implemented.

Covert Communication

Information Hiding

Channel Coding

Wireless Security

Network Security

Protocol Design

Electrical and Computer Engineering

Enhancing Message Privacy In Wired Equivalent Privacy.

Purandare, Darshan

01 January 2005

The 802.11 standard defines the Wired Equivalent Privacy (WEP) and encapsulation of data frames. It is intended to provide data privacy to the level of a wired network. WEP suffered threat of attacks from hackers owing to certain security shortcomings in the WEP protocol. Lately, many new protocols like WiFi Protected Access (WPA), WPA2, Robust Secure Network (RSN) and 802.11i have come into being, yet their implementation is fairly limited. Despite its shortcomings one cannot undermine the importance of WEP as it still remains the most widely used system and we chose to address certain security issues and propose some modifications to make it more secure. In this thesis we have proposed a modification to the existing WEP protocol to make it more secure. We achieve Message Privacy by ensuring that the encryption is not breached. The idea is to update the shared secret key frequently based on factors like network traffic and number of transmitted frames. We also develop an Initialization Vector (IV) avoidance algorithm that eliminates IV collision problem. The idea is to partition the IV bits among different wireless hosts in a predetermined manner unique to every node. We can use all possible 224 different IVs without making them predictable for an attacker. Our proposed algorithm eliminates the IV collision ensuring Message Privacy that further strengthens security of the existing WEP. We show that frequent rekeying thwarts all kinds of cryptanalytic attacks on the WEP.

WEP

IEEE 802.11

IV

WPA

RSN

Wireless Security

Computer Sciences

Engineering

Development and Analysis of a Model for Assessing Perceived Security Threats and Characteristics of Innovating for Wireless Networks

Schmidt, Mark Bradley

13 May 2006

This dissertation employed a two prong approach, whereby the survey and case study methods were used to investigate security issues regarding wireless networks. The survey portion draws together two previously unrelated research streams. Given the recent increased concern for security in the computing milieu, Innovation Diffusion Theory and security factor constructs were merged and synthesized to form a new instrument. This instrument is useful in an effort to understand what role security concerns play in the adoption and diffusion of technology. In development of the new instrument, 481 usable surveys were collected and analyzed. Factor analysis revealed favorable factor loadings in the data. Further analysis was then conducted utilizing multiple regression analysis. This analysis led to the discovery that the constructs of Susceptibility and Severity of Threat, Improvement Potential, and Visibility are significant predictors in regard to level of concern when using wireless networks. Case studies were conducted with a goal to gain a deep knowledge of IT professionals? concerns, attitudes, and best practices toward wireless security. To this end, seven IT professionals were personally interviewed regarding their perceptions and attitudes toward wireless security. In an effort to compare IT professional and end user opinions, 30 IT professionals also completed a paper based survey regarding their perceptions about security. Findings indicate that security professionals are very optimistic for the future of wireless computing. However, that optimism is tempered by a realization that there are a myriad of potential threats that might exploit weakness in wireless security. To determine differences and similarities between users? perspectives and managers? perspectives regarding wireless network security, the results from the survey and case study were synthesized. Most IT professionals (76.19%) reported that, all factors considered, they prefer to use wired networks as opposed to wireless networks; whereas, substantially fewer (44.86%) of the end user respondents reported that they preferred wired over wireless networks. Overall, results suggest that IT professionals are more concerned about security than are end users. However, a challenge remains to make administrators and users aware of the full effect of security threats present in the wireless computing paradigm.

Perceived Characteristics of Innovating

Security

Wireless network

Wireless security

Innovation Diffusion Theory

A Taxonomy of Computer Attacks with Applications to Wireless Networks

Lough, Daniel Lowry

30 April 2001

The majority of attacks made upon modern computers have been successful due to the exploitation of the same errors and weaknesses that have plagued computer systems for the last thirty years. Because the industry has not learned from these mistakes, new protocols and systems are not designed with the aspect of security in mind; and security that is present is typically added as an afterthought. What makes these systems so vulnerable is that the security design process is based upon assumptions that have been made in the past; assumptions which now have become obsolete or irrelevant. In addition, fundamental errors in the design and implementation of systems repeatedly occur, which lead to failures. This research presents a comprehensive analysis of the types of attacks that are being leveled upon computer systems and the construction of a general taxonomy and methodologies that will facilitate design of secure protocols. To develop a comprehensive taxonomy, existing lists, charts, and taxonomies of host and network attacks published over the last thirty years are examined and combined, revealing common denominators among them. These common denominators, as well as new information, are assimilated to produce a broadly applicable, simpler, and more complete taxonomy. It is shown that all computer attacks can be broken into a taxonomy consisting of improper conditions: <b>V</b>alidation <b>E</b>xposure <b>R</b>andomness <b>D</b>eallocation <b>I</b>mproper <b>C</b>onditions <b>T</b>axonomy; hence described by the acronym <b>VERDICT</b>. The developed methodologies are applicable to both wired and wireless systems, and they are applied to some existing Internet attacks to show how they can be classified under VERDICT. The methodologies are applied to the IEEE 802.11 wireless local area network protocol and numerous vulnerabilities are found. Finally, an extensive annotated bibliography is included. / Ph. D.

computer attack taxonomy

computer security

integrity flaws

wireless security

VERDICT

IEEE 802.11

Utilizing GAN and Sequence Based LSTMs on Post-RF Metadata for Near Real Time Analysis

Barnes-Cook, Blake Alexander

17 January 2023

Wireless anomaly detection is a mature field with several unique solutions. This thesis aims to describe a novel way of detecting wireless anomalies using metadata analysis based methods. The metadata is processed and analyzed by a LSTM based Autoencoder and a LSTM based feature analyzer to produce a wide range of anomaly scores. The anomaly scores are then uploaded and analyzed to identify any anomalous fluctuations. An associated tool can also automatically download live data, train, test, and upload results to the Elasticsearch database. The overall method described is in sharp contrast to the more weathered solution of analyzing raw data from a Software Designed Radio, and has the potential to be scaled much more efficiently. / Master of Science / Wireless communications are a major part of our world. Detecting unusual changes in the wireless spectrum is therefore a high priority in maintaining networks and more. This paper describes a method that allows centralized processing of wireless network output, allowing monitoring of several areas simultaneously. This is in sharp contrast to other methods which generally must be located near the area being monitored. In addition, this implementation has the capability to be scaled more efficiently as the hardware required to monitor is less costly than the hardware required to process wireless data.

Signal Processing

Anomaly Detection

Elasticsearch

Omnisig

Sensing

Analytics

Edge Intelligence

Wireless Security