Paramvir Bahl
Ranveer Chandra
ABSTRACT
We present a framework for monitoring enterprise wireless networks using desktop infrastructure. The framework is called DAIR, which is short for Dense Array of Inexpensive Radios. We demonstrate that the DAIR framework is useful for detecting rogue wireless devices (e.g., access points) attached to corporate networks, as well as for detecting Denial of Service attacks on Wi-Fi networks.Prior proposals in this area include monitoring the network via a combination of access points (APs), mobile clients, and dedicated sensor nodes. We show that a dense deployment of sensors is necessary to effectively monitor Wi-Fi networks for certain types of threats, and one can not accomplish this using access points alone. An ordinary, single-radio AP can not monitor multiple channels effectively, without adversely impacting the associated clients. Moreover, we show that a typical deployment of access points is not sufficiently dense to detect the presence of rogue wireless devices. Due to power constraints, mobile devices can provide only limited assistance in monitoring wireless networks. Deploying a dense array of dedicated sensor nodes is an expensive proposition.Our solution is based on two simple observations. First, in most enterprise environments, one finds plenty of desktop machines with good wired connectivity, and spare CPU and disk resources. Second, inexpensive USB-based wireless adapters are commonly available. By attaching these adapters to desktop machines, and dedicating the adapters to the task of monitoring the wireless network, we create a low cost management infrastructure.
- AirDefense: Wireless LAN Security. http://airdefense.net.Google Scholar
- AirTight Networks. http://www.airtightnetworks.net.Google Scholar
- AirWave Management Platform. http://airwave.com.Google Scholar
- Aruba Wireless Networks. http://www.arubanetworks.com.Google Scholar
- BAE Systems, Frequency Selective Surface Panels. http://www.baesystems.com/atctowcester/products.htm.Google Scholar
- Cisco Intrusion Prevention System. http://www.cisco.com/en/US/products/sw/secursw/ps2113/.Google Scholar
- Cisco PIX 500 Series Security Appliances. http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html.Google Scholar
- Cisco Wireless LAN Solution Engine (WLSE). http://www.cisco.com/en/US/products/sw/cscowork/ps3915/.Google Scholar
- CMU Warning Against Multiple Active Interfaces. http://www.cmu.edu/computing/documentation/connect wire wireless/wired wireless rules.html#multiple.Google Scholar
- Private communication with Microsoft IT department.Google Scholar
- Symantec Enterprise Firewall. http://enterprisesecurity.symantec.com/products/products.cfm?productid=47.Google Scholar
- Symantec Network Security 7100 Series. http://enterprisesecurity.symantec.com/products/products.cfm?productid=540.Google Scholar
- Symbol Technologies: SpetcrtumSoft Wireless Management System. http://www.symbol.com.Google Scholar
- B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz. Extensible Authentication Protocol. RFC 3748, IETF, June 2004. Google ScholarDigital Library
- A. Adya, P. Bahl, R. Chandra, and L. Qiu. Architecture and Techniques for Diagnosing Faults in IEEE 802.11 Infrastructure Networks. In Proceedings of the Annual ACM International Conference on Mobile Computing (MobiCom), September 2004. Google ScholarDigital Library
- P. Bahl, J. Padhye, L. Ravindranath, M. Singh, A. Wolman, and B. Zill. DAIR: A framework for managing enterprise wireless networks using desktop infrastructure. In Proceedings of the Annual ACM Workshop on Hot Topics in Networks (HotNets), November 2005.Google Scholar
- P. Bahl and V. N. Padmanabhan. RADAR: An in-building rf-based user location and tracking system. In Proceedings of the IEEE Conference on Computer Communications (Infocom), March 2000.Google ScholarCross Ref
- M. Balazinska and P. Castro. Characterizing mobility and network usage in a corporate wireless local-area network. In Proceedings of the Annual ACM/USENIX International Conference on Mobile Systems, Applications and Services (MobiSys), May 2003. Google ScholarDigital Library
- J. Bellardo and S. Savage. 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions. In Proceedings of the USENIX Security Symposium, August 2003. Google ScholarDigital Library
- N. Cam-Winget, R. Housley, D. Wagner, and J. Walker. Security flaws in 802.11 data link protocols. Communications of the ACM, 46(5):35--39, May 2003. Google ScholarDigital Library
- W. S. Conner, L. Krishnamurthy, and R. Want. Making Everyday Life Easier Using Dense Sensor Networks. In Proceedings of International Conference on Ubiquitous Computing (UbiComp), October 2001. Google ScholarDigital Library
- U. Deshpande, T. Henderson, and D. Kotz. Channel sampling strategies for monitoring wireless networks. In Proceedings of the Second International Workshop On Wireless Network Measurement (WiNMee). IEEE Computer Society Press, April 2006.Google ScholarCross Ref
- Diane Tang and Mary Baker. Analyis of a Local-Area Wireless Network. In Proceedings of the Annual ACM International Conference on Mobile Computing (MobiCom), August 2000. Google ScholarDigital Library
- J. R. Douceur and W. J. Bolosky. Progress-based regulation of low-importance processes. In Proceedings of ACM Symposium on Operating Systems Principles (SOSP), December 1999. Google ScholarDigital Library
- S. Guha, R. Murty, and E. G. Sirer. Sextant: A unified node and event localization framework using non-convex constraints. In Proceedings of the Annual ACM International Conference on Mobile Ad Hoc Networking and Computing (MobiHoc), May 2005. Google ScholarDigital Library
- T. Henderson, D. Kotz, and I. Abyzov. The changing usage of a mature campus-wide wireless network. In Proceedings of the Annual ACM International Conference on Mobile Computing (MobiCom), September 2004. Google ScholarDigital Library
- IEEE80211. IEEE Standard for Wireless LAN-Medium Access Control and Physical Layer Specification, P802.11.Google Scholar
- IEEE802.11b/D3.0. Wireless LAN Medium Access Control(MAC) and Physical (PHY) Layer Specification: High Speed Physical Layer Extensions in the 2.4 GHz Band.Google Scholar
- IEEE802.11i. IEEE Standard for Telecommunications and Information Exchange Between Systems - LAN/MAN Specific Requirements - Part 11: Wireless Medium Access Control (MAC) and physical layer (PHY) specifications -Ammendment 6: Medium Access Control (MAC) Security Enhancements, 2003.Google Scholar
- IEEE802.1X. IEEE Standard for Local and metropolitan area networks, Port-Based Network Access Control, 2004. http://www.ieee802.org/1/pages/802.1x.html.Google Scholar
- S. Kent and R. Atkinson. Security Architecture for the Internet Protocol. IETF RFC 2401, November 1998. http://www.ietf.org/rfc/rfc2401.txt. Google ScholarDigital Library
- D. Kotz and K. Essien. Analysis of a campus-wide wireless network. Wireless Networks, 11:115--133, 2005. Google ScholarDigital Library
- M. Milner. NetStumbler WLAN detection software, 2004. http://www.stumbler.net.Google Scholar
- M. Raya, J.-P. Hubaux, and I. Aad. DOMINO: A System to Detect Greedy behavior in IEEE 802.11 Hotspots. In Proceedings of the Annual ACM/USENIX International Conference on Mobile Systems, Applications and Services (MobiSys), May 2004. Google ScholarDigital Library
Index Terms
- Enhancing the security of corporate Wi-Fi networks using DAIR
Recommendations
Bio-Inspired Topology Maintenance Protocols for Secure Wireless Sensor Networks
Bio-Inspired Computing and CommunicationWe analyze the security vulnerabilities of some well-known topology maintenance protocols (TMPs) for wireless sensor networks. These protocols aim to increase the lifetime of the sensor network by only maintaining a subset of nodes in an active or awake ...
Towards clock skew based services in wireless sensor networks
Clock skew, an inherent property of clock crystals of physical devices, is defined as the rate of deviation of a device clock from the true time. The frequency of a device's clock actually depends on its environment, such as the temperature, humidity, ...
Security Solutions for Wireless Sensor Networks
ACCT '12: Proceedings of the 2012 Second International Conference on Advanced Computing & Communication TechnologiesWireless Sensor Network (WSN) is a talented technology that shows great assurance for a variety of ultramodern applications both for mass public and military. The appearance of sensor networks as one of the central technology trends in the coming ...
Comments