Multimediální služby v bezdrátových sítích / Multimedia services in wireless networks

Bučina, Peter

January 2012

The main topic of my diploma thesis is dedicated to the issue of wireless networks mostly aimed at IEEE 802.11 standard. Theoretical part of the thesis is divided into three main chapters. It deals with basic overview of standards, architecture, utilization of radio spectrum and modulating techniques in signal processing. Further, it describes basic security measures and quality of service requirements in WLAN networks. The thesis is complemented by two separate laboratory assignments focused on procedure related to the chosen problematic. The first assignment handles common steps to break ciphered protocols WEP and WPA in WLAN’s. Linux software called Back Track 5 was used to provide complete package of tools for WLAN security tests. The second one is aimed at practical options on video streaming in converged wireless networks and also at remote access of mobile users to wireless IP camera video stream.

Rogue Access Point Detection through Statistical Analysis

Kanaujia, Swati

26 May 2010

The IEEE 802.11 based Wireless LAN (WLAN) has become increasingly ubiquitous in recent years. However, due to the broadcast nature of wireless communication, attackers can exploit the existing vulnerabilities in IEEE 802.11 to launch various types of attacks in wireless and wired networks. This thesis presents a statistical based hybrid Intrusion Detection System (IDS) for Rogue Access Point (RAP) detection, which employs distributed monitoring devices to monitor on 802.11 link layer activities and a centralized detection module at a gateway router to achieve higher accuracy in detection of rogue devices. This detection approach is scalable, non-intrusive and does not require any specialized hardware. It is designed to utilize the existing wireless LAN infrastructure and is independent of 802.11a/b/g/n. It works on passive monitoring of wired and wireless traffic, and hence is easy to manage and maintain. In addition, this approach requires monitoring a smaller number of packets for detection as compared to other detection approaches in a heterogeneous network comprised of wireless and wired subnets. Centralized detection is done at a gateway router by differentiating wired and wireless TCP traffic using Weighted Sequential Hypothesis Testing on inter-arrival time of TCP ACK-pairs. A decentralized module takes care of detection of MAC spoofing and totally relies on 802.11 beacon frames. Detection is done through analysis of the clock skew and the Received Signal Strength (RSS) as fingerprints using a naïve Bayes classifier to detect presence of rogue APs. Analysis of the system and extensive experiments in various scenarios on a real system have proven the efficiency and accuracy of the approach with few false positives/negatives and low computational and storage overhead. / Master of Science

Hypothesis Test

Intrusion Detection

Rogue Access Point

IEEE 802.11

Naïve Bayes Classifiers

Stability analysis of new paradigms in wireless networks

Kangas, M. (Maria)

02 June 2017

Abstract Fading in wireless channels, the limited battery energy available in wireless handsets, the changing user demands and the increasing demand for high data rate and low delay pose serious design challenges in the future generations of mobile communication systems. It is necessary to develop efficient transmission policies that adapt to changes in network conditions and achieve the target delay and rate with minimum power consumption. In this thesis, a number of new paradigms in wireless networks are presented. Dynamic programming tools are used to provide dynamic network stabilizing resource allocation solutions for virtualized data centers with clouds, cooperative networks and heterogeneous networks. Exact dynamic programming is used to develop optimal resource allocation and topology control policies for these networks with queues and time varying channels. In addition, approximate dynamic programming is also considered to provide new sub-optimal solutions. Unified system models and unified control problems are also provided for both secondary service provider and primary service provider cognitive networks and for conventional wireless networks. The results show that by adapting to the changes in queue lengths and channel states, the dynamic policy mitigates the effects of primary service provider and secondary service provider cognitive networks on each other. We investigate the network stability and provide new unified stability regions for primary service provider and secondary service provider cognitive networks as well as for conventional wireless networks. The K-step Lyapunov drift is used to analyse the performance and stability of the proposed dynamic control policies, and new unified stability analysis and queuing bound are provided for both primary service provider and secondary service provider cognitive networks and for conventional wireless networks. By adapting to the changes in network conditions, the dynamic control policies are shown to stabilize the network and to minimize the bound for the average queue length. In addition, we prove that the previously proposed frame based does not minimize the bound for the average delay, when there are shared resources between the terminals with queues. / Tiivistelmä Langattomien kanavien häipyminen, langattomien laitteiden akkujen rajallinen koko, käyttäjien käyttötarpeiden muutokset sekä lisääntyvän tiedonsiirron ja lyhyemmän viiveen vaatimukset luovat suuria haasteita tulevaisuuden langattomien verkkojen suunnitteluun. On välttämätöntä kehittää tehokkaita resurssien allokointialgoritmeja, jotka sopeutuvat verkkojen muutoksiin ja saavuttavat sekä tavoiteviiveen että tavoitedatanopeuden mahdollisimman pienellä tehon kulutuksella. Tässä väitöskirjassa esitetään uusia paradigmoja langattomille tietoliikenneverkoille. Dynaamisen ohjelmoinnin välineitä käytetään luomaan dynaamisia verkon stabiloivia resurssien allokointiratkaisuja virtuaalisille pilvipalveludatakeskuksille, käyttäjien yhteistyöverkoille ja heterogeenisille verkoille. Tarkkoja dynaamisen ohjelmoinnin välineitä käytetään kehittämään optimaalisia resurssien allokointi ja topologian kontrollointialgoritmeja näille jonojen ja häipyvien kanavien verkoille. Tämän lisäksi, estimoituja dynaamisen ohjelmoinnin välineitä käytetään luomaan uusia alioptimaalisia ratkaisuja. Yhtenäisiä systeemimalleja ja yhtenäisiä kontrollointiongelmia luodaan sekä toissijaisen ja ensisijaisen palvelun tuottajan kognitiivisille verkoille että tavallisille langattomille verkoille. Tulokset osoittavat että sopeutumalla jonojen pituuksien ja kanavien muutoksiin dynaaminen tekniikka vaimentaa ensisijaisen ja toissijaisen palvelun tuottajien kognitiivisten verkkojen vaikutusta toisiinsa. Tutkimme myös verkon stabiiliutta ja luomme uusia stabiilisuusalueita sekä ensisijaisen ja toissijaisen palveluntuottajan kognitiivisille verkoille että tavallisille langattomille verkoille. K:n askeleen Lyapunovin driftiä käytetään analysoimaan dynaamisen kontrollointitekniikan suorituskykyä ja stabiiliutta. Lisäksi uusi yhtenäinen stabiiliusanalyysi ja jonon yläraja luodaan ensisijaisen ja toissijaisen palveluntuottajan kognitiivisille verkoille ja tavallisille langattomille verkoille. Dynaamisen algoritmin näytetään stabiloivan verkko ja minimoivan keskimääräisen jonon pituuden yläraja sopeutumalla verkon olosuhteiden muutoksiin. Tämän lisäksi todistamme että aiemmin esitetty frame-algoritmi ei minimoi keskimääräisen viiveen ylärajaa, kun käyttäjät jakavat keskenään resursseja.

access point

ad hoc network

cooperative communication

dynamic programming

lyapunov drift

network stability

topology control

value iteration algorithm

access point

ad hoc-verkko

arvoiteraatioalgoritmi

dynaaminen ohjelmointi

lyapunov drift

topologian kontrollointi

verkon stabiilius

yhteistyö kommunikaatio

Transmission multi-standards sur lien optique bas-coût / Multi-standard low-cost optical link transmission

Bouhamri, Zine-Abidine

03 October 2013

Dans ce travail, nous avons étudié un système complet d'antennes distribuées par voie optique pour déport de signaux radio suivant le principe de la radio sur fibre. La caractérisation du lien optique servant de base au système radio sur fibre, d'un point de vue composant et système via la transmission de standards radio a d'abord été effectuée. Nous avons montré par une nouvelle technique de caractérisation que l'élément non linéaire de notre chaîne de transmission pouvait se comporter de manière plus linéaire qu'attendue et faiblement impacter les standards radio transmis. Les standards choisis sont à enveloppe constante (GSM) et à enveloppe non constante (WLAN) pour mieux mettre en évidence les non-linéarités de la chaîne de transmission. Il est ainsi montré que les signaux à enveloppe non constante sont les signaux limitants et qu'en leur adjoignant un signal à enveloppe constante à faible puissance, la qualité de leur transmission n'est pas impactée. A partir de ces résultats expérimentaux, un algorithme de calcul de couvertures radio a été développé et appliqué à plusieurs scénarios de couverture intra-bâtiment. Notre étude montre que dans tous les cas, c'est la liaison montante, de l'utilisateur à la station centrale, qui est limitante puisque bien plus impactée par le bruit ajouté par la chaîne de transmission optique. Par suite, nous avons proposé une architecture de déploiement réseau originale de type bus pour laquelle nous montrons que malgré un coût de déploiement faible, il est possible d'atteindre des performances suffisantes pour assurer des couvertures au sein d'un réseau domestique. Enfin, ces résultats de simulation sur architecture bus sont confirmés par la réalisation d'un banc de test de type industriel permettant de confirmer par la mesure les résultats obtenus précédemment. Nous réalisons aussi un circuit radio passif permettant la séparation et recombination de plusieurs signaux (GSM et WLAN étudiés précédemment) de sorte que tous les éléments prouvant la réalisation et les mesures sur le système complet d'antennes distribuées sont à disposition et fonctionnels. / In this manuscript, we study a complete distributed antenna system through optical ways, to extend radio signals coverage, thanks to the radio over fiber principle. The optical link characterization is done first as the system basic building block. The characterization is done both through component and system analysis, thanks to different radio standards transmission. We develop a new characterization technique that allows us to confirm that the most non-linear element of the optical link behaves much more linearly than expected so that it has a low effect on transmission quality. Chosen standards are both constant and non-constant envelop to highlight the link non-linearities. This shows that non-constant envelop signals are the limiting signals for our system. This also allows to demonstrate that adding a low power constant envelop signal to a non-constant envelop one does not impact its transmission performance. From these experimental results, we develop an in-building coverage distance calculation algorithm for our system. Those simulations confirm that the uplink, from the user to the central station, is the most limiting section of our system because of the noise quantity added by the optical link. To follow this, we propose a new low-cost bus network in-building topology for our system that proves to be performing as wanted for personal homes. Finally, these bus topology simulation results are confirmed with the production of an industrial type test bench. We also produce a passive radio front-end that permits the separation and recombination of several radio signals (GSM and WLAN as previously studied) so that all the elements proving the production and the results of the complete distributed antenna system through optical ways are available and functional.

Fibres optiques

Radiofréquences

Radio sur fibre

Point d'accès

Liens optiques

Optical fibers

Radiofrequencies

Radio over fiber

Access point

Optical links

EzMole: A new prototype for securing public Wi-Fi connections

Karlsson, Rickard

January 2017

When public Wi-Fi networks are being used, it can be hard to know who else that is using the same network or is monitoring the traffic that is traveling across the network. If the network is public and unencrypted anyone can monitor the traffic and to use these networks for work can be very risky. This is a big problem that needs a solution because the information that travels across the public network might have organizational secrets or sensitive personal information that shouldn’t be read by outsiders. One way to significantly increase the security while using these public networks is by configuring and setting up a VPN-tunnel, all traffic will then be sent encrypted. But nowadays many computers and mobile phones runs applications in the background that are actively asking for updates. It can for example be news apps, mail clients or instant messaging services like WhatsApp or Telegram. Since the apps is pushing for updates in the background there is a big risk that these programs are asking for updates and therefore transmit and receives information unencrypted over the public network before they have been able to set up their VPN-tunnel. People might be unaware about this problem and this research can be used to explain the problem and offer a solution to it and that is the reason why this research is important. This research tries to solve the problem and find answers to the research questions, “How to design and implement an affordable intermediate device that offers the user secure access to Internet on public Wi-Fi networks?" and “What are the design principles of that method?”. The proposed solution to solve this problem was to design and implement a new intermediate device, which was called EzMole, in between the public Wi-Fi and the users’ personal devices. The new device will operate and secure the users’ devices from potential malicious users on the public Wi-Fi while the VPN-tunnel is being established. It will also create a new encrypted wireless network that will be used to connect the personal devices to EzMole, for example mobile phone or laptop. The methodology that was used to design and develop the new EzMole-device was the Design Science Research Methodology. It includes six steps that was used during three phases of the project that worked in an iterative process with development, testing and evaluation until the device met the initial requirements of a successful device. There were tests for both functionality and security to make sure that it worked in the right way and that it didn’t have any known security weaknesses or flaws. This was very important since EzMole will be and represent an Internet-of-Things(IoT)-device and therefore the security had a big focus. After the tests, it was time to evaluate it against the initial requirements and the new device lived up to 9/12 requirements and was therefore classified as successful. The research contributes with a universal solution for the research problem and it gives answers to the research questions and in the meantime, reduces the gap in the literature. It also contributes with providing a new piece of hardware that will can help people to connect to the Internet in a more secure way when they are using public Wi-Fi networks.

EzMole

Wi-Fi

wifi

Internet of Things

IoT

security

vulnerability assessment

access point

Internet

public Wi-Fi

Computer Systems

Datorsystem

Návrh rozšíření podnikové sítě o WiFi síť / Proposal of Extension of the Corporate Network by WiFi Network

Chobotová, Jana

January 2014

This diploma thesis deals with implementation of wireless network to company network. It analyzes current state in the company and suggests appropriate solution. The goal of this thesis is to create a proposal for enabling wireless connection and mobility for users.

Development of a Client-Side Evil Twin Attack Detection System for Public Wi-Fi Hotspots based on Design Science Approach

Horne, Liliana R.

01 January 2018

Users and providers benefit considerably from public Wi-Fi hotspots. Users receive wireless Internet access and providers draw new prospective customers. While users are able to enjoy the ease of Wi-Fi Internet hotspot networks in public more conveniently, they are more susceptible to a particular type of fraud and identify theft, referred to as evil twin attack (ETA). Through setting up an ETA, an attacker can intercept sensitive data such as passwords or credit card information by snooping into the communication links. Since the objective of free open (unencrypted) public Wi-Fi hotspots is to provide ease of accessibility and to entice customers, no security mechanisms are in place. The public’s lack of awareness of the security threat posed by free open public Wi-Fi hotspots makes this problem even more heinous. Client-side systems to help wireless users detect and protect themselves from evil twin attacks in public Wi-Fi hotspots are in great need. In this dissertation report, the author explored the problem of the need for client-side detection systems that will allow wireless users to help protect their data from evil twin attacks while using free open public Wi-Fi. The client-side evil twin attack detection system constructed as part of this dissertation linked the gap between the need for wireless security in free open public Wi-Fi hotspots and limitations in existing client-side evil twin attack detection solutions. Based on design science research (DSR) literature, Hevner’s seven guidelines of DSR, Peffer’s design science research methodology (DSRM), Gregor’s IS design theory, and Hossen & Wenyuan’s (2014) study evaluation methodology, the author developed design principles, procedures and specifications to guide the construction, implementation, and evaluation of a prototype client-side evil twin attack detection artifact. The client-side evil twin attack detection system was evaluated in a hotel public Wi-Fi environment. The goal of this research was to develop a more effective, efficient, and practical client-side detection system for wireless users to independently detect and protect themselves from mobile evil twin attacks while using free open public Wi-Fi hotspots. The experimental results showed that client-side evil twin attack detection system can effectively detect and protect users from mobile evil twin AP attacks in public Wi-Fi hotspots in various real-world scenarios despite time delay caused by many factors.

design science research

evil twin attack

public Wi-Fi hotspots

wireless security

Computer Sciences

Investigation of Power Reduction Methods for Multi-User MIMO WLAN Applications

McCarthy, Stephen J.

January 2014

No description available.

Electrical Engineering

MU-MIMO

wireless communication

power amplifier

energy efficiency

wireless networking

access point

peak-to-average power ratio

PAPR

Computer wireless networks : a design plan for building wireless networks using IEEE 802.11 standard

Almantheri, Hamed

03 1900

Approved for public release; distribution in unlimited. / In spite of the fact that wireless network technology has been available for long period of time, there has been very limited wireless networks deployments around the world before 1997 due to the lack of widely recognized standard for wireless networks. Thanks to the approval of the IEEE 802.11 family of standards in 1997, the world has witnessed tremendous deployment and proliferation of wireless networks in all aspects of life. Although the IEEE 802.11 family of standards has been ratified to design radio transceivers for wireless computer stations capable of interconnecting with other wireless computer stations in close proximity, the technology has been successfully employed to design and implement wireless networks with great number of distant wireless computer stations with reasonable data throughput and flexibility. This thesis explores the wireless network technology and the primary building blocks and components of a wireless network. It also explores the IEEE 802.11 standard and its technical specifications including the Physical layer (PHY), the Media Access Control layer (MAC) and the ongoing task forces. Additionally, the thesis examines the wireless network security including the vulnerabilities, ongoing improvements and recommendations. Next, it investigates the market for available wireless devices compatible with the IEEE 802.11 standard that can be used to build a wireless network with high data throughput and high level of security. Subsequently, the thesis formulates a design plan for civilian wireless network with different scenarios in order to provide a speedy solution to the limited broadband service availability in the Sultanate of Oman. Additionally, the thesis formulates a generic design plan for a military wireless network with different scenarios that can be rapidly deployed in the field of operations. / Computer Engineer, Royal Army of Oman

Wireless LANs

IEEE 802.11

Media Access Control Layer

Physical Layer

Wireless Local Area Network

Wireless Point of Presence

Hotspots

WPOP

Access Point

Wireless Network Interface Card

Wireless Router

MIMO ANTENNA DESIGNS FOR WLAN APPLICATIONS

Chou, Jui-hung

22 May 2006

In this thesis, the studies mainly focus on recent trends in novel MIMO antennas for indoor wireless communication system. Firstly, we propose a novel MIMO antenna for access-point application. This proposed antenna can reduce the lateral length of the conventional access-point antenna for MIMO application. Then, we present MIMO antenna designs for mobile devices such as PDA phones and laptop computers. Although these two devices are of different configurations, the PIFAs are applicable in these two devices, and their design rules are basically the same. Thus, for this study, the design consideration of the MIMO antenna will focus on S-parameter analysis. Detailed antenna designs and experimental results are presented and discussed in this thesis.

PDA (Personal Digital Assistant) Phone

Laptop Computer

PIFA (Planar Inverted-F Antenna)

Access-Point antenna

Antenna

MIMO (Multiple-Input Multiple-Output)