The Experts below are selected from a list of 360 Experts worldwide ranked by ideXlab platform
Raheem Beyah - One of the best experts on this subject based on the ideXlab platform.
-
Rogue-Access-Point Detection: Challenges, Solutions, and Future Directions
IEEE Security & Privacy Magazine, 2011Co-Authors: Raheem Beyah, A. VenkataramanAbstract:Rogue devices are an increasingly dangerous reality in the insider threat problem domain. Industry, government, and academia need to be aware of this problem and promote state-of-the-art detection methods.
-
SecureComm - Rogue Access Point Detection Using Innate Characteristics of the 802.11 MAC
Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering, 2009Co-Authors: Aravind Venkataraman, Raheem BeyahAbstract:Attacks on wireless networks can be classified into two categories: external wireless and internal wired. In external wireless attacks, an attacker uses a wireless device to target the Access Point (AP), other wireless nodes or the communications on the network. In internal wired attacks, an attacker or authorized insider inserts an unauthorized (or Rogue) AP into the wired backbone for malicious activity or misfeasance. This paper addresses detecting the internal wired attack of inserting Rogue APs (RAPs) in a network by monitoring on the wiredside for characteristics of wireless traffic. We focus on two 802.11 medium Access control (MAC) layer features as a means of fingerprinting wireless traffic in a wired network. In particular, we study the effect of the Distributed Coordination Function (DCF) and rate adaptation specifications on wireless traffic by observing their influence on arrival delays. By focusing on fundamental traits of wireless communications, unlike existing techniques, we demonstrate that it is possible to extract wireless components from a flow without having to train our system with network-specific wired and wireless traces. Unlike some existing anomaly based detection schemes, our approach is generic as it does not assume that the wired network is inherently faster than the wireless network, is effective for networks that do not have sample wireless traffic, and is independent of network speed/type/protocol. We evaluate our approach using experiments and simulations. Using a Bayesian classifier we show that we can correctly identify wireless traffic on a wired link with 86-90% accuracy. This coupled with an appropriate switch port policy allows the identification of RAPs.
-
Rogue Access Point detection using innate characteristics of the 802 11 mac
International Conference on Security and Privacy in Communication Systems, 2009Co-Authors: Aravind Venkataraman, Raheem BeyahAbstract:Attacks on wireless networks can be classified into two categories: external wireless and internal wired. In external wireless attacks, an attacker uses a wireless device to target the Access Point (AP), other wireless nodes or the communications on the network. In internal wired attacks, an attacker or authorized insider inserts an unauthorized (or Rogue) AP into the wired backbone for malicious activity or misfeasance. This paper addresses detecting the internal wired attack of inserting Rogue APs (RAPs) in a network by monitoring on the wiredside for characteristics of wireless traffic. We focus on two 802.11 medium Access control (MAC) layer features as a means of fingerprinting wireless traffic in a wired network. In particular, we study the effect of the Distributed Coordination Function (DCF) and rate adaptation specifications on wireless traffic by observing their influence on arrival delays. By focusing on fundamental traits of wireless communications, unlike existing techniques, we demonstrate that it is possible to extract wireless components from a flow without having to train our system with network-specific wired and wireless traces. Unlike some existing anomaly based detection schemes, our approach is generic as it does not assume that the wired network is inherently faster than the wireless network, is effective for networks that do not have sample wireless traffic, and is independent of network speed/type/protocol. We evaluate our approach using experiments and simulations. Using a Bayesian classifier we show that we can correctly identify wireless traffic on a wired link with 86-90% accuracy. This coupled with an appropriate switch port policy allows the identification of RAPs.
-
a passive approach to Rogue Access Point detection
Global Communications Conference, 2007Co-Authors: Lanier Watkins, Raheem Beyah, Cherita CorbettAbstract:Unauthorized or Rogue Access Points (APs) produce security vulnerabilities in enterprise/campus networks by circumventing inherent security mechanisms. We propose to use the round trip time (RTT) of network traffic to distinguish between wired and wireless nodes. This information coupled with a standard wireless AP authorization policy allows the differentiation (at a central location) between wired nodes, authorized APs, and Rogue APs. We show that the lower capacity and the higher variability in a wireless network can be used to effectively distinguish between wired and wireless nodes. Further, this detection is not dependant upon the wireless technology (802.11a, 802.11b, or 802.11g), is scalable, does not contain the inefficiencies of current solutions, remains valid as the capacity of wired and wireless links increase, and is independent of the signal range of the Rogue APs.
-
GLOBECOM - A Passive Approach to Rogue Access Point Detection
IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference, 2007Co-Authors: Lanier Watkins, Raheem Beyah, Cherita CorbettAbstract:Unauthorized or Rogue Access Points (APs) produce security vulnerabilities in enterprise/campus networks by circumventing inherent security mechanisms. We propose to use the round trip time (RTT) of network traffic to distinguish between wired and wireless nodes. This information coupled with a standard wireless AP authorization policy allows the differentiation (at a central location) between wired nodes, authorized APs, and Rogue APs. We show that the lower capacity and the higher variability in a wireless network can be used to effectively distinguish between wired and wireless nodes. Further, this detection is not dependant upon the wireless technology (802.11a, 802.11b, or 802.11g), is scalable, does not contain the inefficiencies of current solutions, remains valid as the capacity of wired and wireless links increase, and is independent of the signal range of the Rogue APs.
Don Towsley - One of the best experts on this subject based on the ideXlab platform.
-
passive online Rogue Access Point detection using sequential hypothesis testing with tcp ack pairs
Internet Measurement Conference, 2007Co-Authors: Wei Wei, Kyoungwon Suh, Bing Wang, Jim Kurose, Don TowsleyAbstract:Rogue (unauthorized) wireless Access Points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect Rogue Access Points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring Point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online Rogue-Access-Point detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detection and is extremely accurate (the detection is mostly within 10 seconds, with very low false positive and false negative ratios); the algorithm that does not require training detects 60%-76% of the wireless hosts without any false positives; both algorithms are light-weight (with computation and storage overhead well within the capability of commodity equipment).
-
Internet Measurement Comference - Passive online Rogue Access Point detection using sequential hypothesis testing with TCP ACK-pairs
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement - IMC '07, 2007Co-Authors: Wei Wei, Kyoungwon Suh, Bing Wang, Jim Kurose, Don TowsleyAbstract:Rogue (unauthorized) wireless Access Points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect Rogue Access Points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring Point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online Rogue-Access-Point detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detection and is extremely accurate (the detection is mostly within 10 seconds, with very low false positive and false negative ratios); the algorithm that does not require training detects 60%-76% of the wireless hosts without any false positives; both algorithms are light-weight (with computation and storage overhead well within the capability of commodity equipment).
Xiuzhen Cheng - One of the best experts on this subject based on the ideXlab platform.
-
secure authentication scheme using dual channels in Rogue Access Point environments
Wireless Algorithms Systems and Applications, 2014Co-Authors: Arwa Alrawais, Abdulrahman Alhothaily, Xiuzhen ChengAbstract:The ubiquitous deployment of Rogue Access Points (RAPs) presents security issues in Wireless LAN (WLAN) environments. Therefore, authentication plays a crucial role in protecting mobile users in WLAN communications. Some implementations of the existing wireless authentication schemes rely on weak authentication methods such as a username and password. Other vulnerable implementations of wireless authentication schemes do not resist Rogue Access Point attacks such as man-in-the-middle attacks and phishing attacks. In addition, the risk of these attacks is high since they could cause sensitive information disclosure for mobile users. In this paper, we introduce a new authentication scheme using mutual authentication that leverages two different communication channels to thwart various attacks. Our scheme uses a novel approach based on dual channels that add an extra security level to the authentication process. The proposed scheme utilizes the idea of Call before visiting which could prevent many different security attacks. This paper argues that the proposed design mitigates or removes several popular security attacks that are claimed to be effective in the existing wireless authentication schemes. Furthermore, the proposed method does not require any major modification in the wireless network architecture or any computational device to be used and deployed.
-
WASA - Secure Authentication Scheme Using Dual Channels in Rogue Access Point Environments
Wireless Algorithms Systems and Applications, 2014Co-Authors: Arwa Alrawais, Abdulrahman Alhothaily, Xiuzhen ChengAbstract:The ubiquitous deployment of Rogue Access Points (RAPs) presents security issues in Wireless LAN (WLAN) environments. Therefore, authentication plays a crucial role in protecting mobile users in WLAN communications. Some implementations of the existing wireless authentication schemes rely on weak authentication methods such as a username and password. Other vulnerable implementations of wireless authentication schemes do not resist Rogue Access Point attacks such as man-in-the-middle attacks and phishing attacks. In addition, the risk of these attacks is high since they could cause sensitive information disclosure for mobile users. In this paper, we introduce a new authentication scheme using mutual authentication that leverages two different communication channels to thwart various attacks. Our scheme uses a novel approach based on dual channels that add an extra security level to the authentication process. The proposed scheme utilizes the idea of Call before visiting which could prevent many different security attacks. This paper argues that the proposed design mitigates or removes several popular security attacks that are claimed to be effective in the existing wireless authentication schemes. Furthermore, the proposed method does not require any major modification in the wireless network architecture or any computational device to be used and deployed.
-
INFOCOM - A Hybrid Rogue Access Point Protection Framework for Commodity Wi-Fi Networks
IEEE INFOCOM 2008 - The 27th Conference on Computer Communications, 2008Co-Authors: Amin Y. Teymorian, Xiuzhen ChengAbstract:We develop a practical and comprehensive hybrid Rogue Access Point (AP) detection framework for commodity Wi- Fi networks. It is the first scheme that combines the distributed wireless media surveillance and the centralized wired end socket level traffic "fingerprinting" The former is designed not only to detect various types of Rogue APs, but also to discover suspicious activities so as to prevent the adversaries from turning victim APs into Rogue devices. Moreover, the socket level traffic fingerprinting helps our frame work to achieve a finer granularity on Rogue AP detection among the existing schemes. This framework has the following nice properties: i) it requires neither specialized hardware nor modification to existing standards; ii) the proposed mechanism greatly improves the Rogue AP detection probability so that network resilience is improved; iii) it provides a cost-effective solution to Wi-Fi network security enhancement by incorporating free but mature software tools; iv) it can protect the network from adversaries capable of using customized equipment and/or violating the IEEE 802.11 standard; v) its open architecture allows extra features to be easily added on in the future. Our analysis and evaluation demonstrate that this hybrid Rogue AP protection framework is capable of reliably revealing Rogue devices and preempting potential attacks.
-
A hybrid Rogue Access Point protection framework for commodity Wi-Fi networks
Proceedings - IEEE INFOCOM, 2008Co-Authors: Liran Ma, Amin Y. Teymorian, Xiuzhen ChengAbstract:We develop a practical and comprehensive hybrid Rogue Access Point (AP) detection framework for commodity Wi- Fi networks. It is the first scheme that combines the distributed wireless media surveillance and the centralized wired end socket level traffic "fingerprinting" The former is designed not only to detect various types of Rogue APs, but also to discover suspicious activities so as to prevent the adversaries from turning victim APs into Rogue devices. Moreover, the socket level traffic fingerprinting helps our frame work to achieve a finer granularity on Rogue AP detection among the existing schemes. This framework has the following nice properties: i) it requires neither specialized hardware nor modification to existing standards; ii) the proposed mechanism greatly improves the Rogue AP detection probability so that network resilience is improved; iii) it provides a cost-effective solution to Wi-Fi network security enhancement by incorporating free but mature software tools; iv) it can protect the network from adversaries capable of using customized equipment and/or violating the IEEE 802.11 standard; v) its open architecture allows extra features to be easily added on in the future. Our analysis and evaluation demonstrate that this hybrid Rogue AP protection framework is capable of reliably revealing Rogue devices and preempting potential attacks.
-
A Hybrid Rogue Access Point Protection Framework for Commodity Wi-Fi Networks
2008Co-Authors: Amin Y. Teymorian, Xiuzhen ChengAbstract:Abstract—We develop a practical and comprehensive hybrid Rogue Access Point (AP) detection framework for commodity Wi-Fi networks. It is the first scheme that combines the distributed wireless media surveillance and the centralized wired end socket level traffic “fingerprinting. ” The former is designed not only to detect various types of Rogue APs, but also to discover suspicious activities so as to prevent the adversaries from turning victim APs into Rogue devices. Moreover, the socket level traffic fingerprinting helps our frame work to achieve a finer granularity on Rogue AP detection among the existing schemes. This framework has the following nice properties: i) it requires neither specialized hardware nor modification to existing standards; ii) the proposed mechanism greatly improves the Rogue AP detection probability so that network resilience is improved; iii) it provides a cost-effective solution to Wi-Fi network security enhancement by incorporating free but mature software tools; iv) it can protect the network from adversaries capable of using customized equipment and/or violating the IEEE 802.11 standard; v) its open architecture allows extra features to be easily added on in the future. Our analysis and evaluation demonstrate that this hybri
Wei Wei - One of the best experts on this subject based on the ideXlab platform.
-
Passive Online Rogue Access Point Detection Using Sequential Hypothesis Testing with TCP ACK-Pairs ∗ ABSTRACT
2008Co-Authors: Wei Wei, Kyoungwon Suh, Jim KuroseAbstract:Rogue (unauthorized) wireless Access Points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect Rogue Access Points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring Point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online Rogue-AccessPoint detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detection and is extremely accurate (the detection is mostly within 10 seconds, with very low false positive and false negative ratios); the algorithm that does not require training detects 60%-76 % of the wireless hosts without any false positives; both algorithms are light-weight (with computation and storage overhead well within the capability of commodity equipment)
-
passive online Rogue Access Point detection using sequential hypothesis testing with tcp ack pairs
Internet Measurement Conference, 2007Co-Authors: Wei Wei, Kyoungwon Suh, Bing Wang, Jim Kurose, Don TowsleyAbstract:Rogue (unauthorized) wireless Access Points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect Rogue Access Points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring Point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online Rogue-Access-Point detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detection and is extremely accurate (the detection is mostly within 10 seconds, with very low false positive and false negative ratios); the algorithm that does not require training detects 60%-76% of the wireless hosts without any false positives; both algorithms are light-weight (with computation and storage overhead well within the capability of commodity equipment).
-
Internet Measurement Comference - Passive online Rogue Access Point detection using sequential hypothesis testing with TCP ACK-pairs
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement - IMC '07, 2007Co-Authors: Wei Wei, Kyoungwon Suh, Bing Wang, Jim Kurose, Don TowsleyAbstract:Rogue (unauthorized) wireless Access Points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect Rogue Access Points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring Point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online Rogue-Access-Point detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detection and is extremely accurate (the detection is mostly within 10 seconds, with very low false positive and false negative ratios); the algorithm that does not require training detects 60%-76% of the wireless hosts without any false positives; both algorithms are light-weight (with computation and storage overhead well within the capability of commodity equipment).
Jim Kurose - One of the best experts on this subject based on the ideXlab platform.
-
Passive Online Rogue Access Point Detection Using Sequential Hypothesis Testing with TCP ACK-Pairs ∗ ABSTRACT
2008Co-Authors: Wei Wei, Kyoungwon Suh, Jim KuroseAbstract:Rogue (unauthorized) wireless Access Points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect Rogue Access Points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring Point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online Rogue-AccessPoint detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detection and is extremely accurate (the detection is mostly within 10 seconds, with very low false positive and false negative ratios); the algorithm that does not require training detects 60%-76 % of the wireless hosts without any false positives; both algorithms are light-weight (with computation and storage overhead well within the capability of commodity equipment)
-
passive online Rogue Access Point detection using sequential hypothesis testing with tcp ack pairs
Internet Measurement Conference, 2007Co-Authors: Wei Wei, Kyoungwon Suh, Bing Wang, Jim Kurose, Don TowsleyAbstract:Rogue (unauthorized) wireless Access Points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect Rogue Access Points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring Point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online Rogue-Access-Point detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detection and is extremely accurate (the detection is mostly within 10 seconds, with very low false positive and false negative ratios); the algorithm that does not require training detects 60%-76% of the wireless hosts without any false positives; both algorithms are light-weight (with computation and storage overhead well within the capability of commodity equipment).
-
Internet Measurement Comference - Passive online Rogue Access Point detection using sequential hypothesis testing with TCP ACK-pairs
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement - IMC '07, 2007Co-Authors: Wei Wei, Kyoungwon Suh, Bing Wang, Jim Kurose, Don TowsleyAbstract:Rogue (unauthorized) wireless Access Points pose serious security threats to local networks. In this paper, we propose two online algorithms to detect Rogue Access Points using sequential hypothesis tests applied to packet-header data collected passively at a monitoring Point. One algorithm requires training sets, while the other does not. Both algorithms extend our earlier TCP ACK-pair technique to differentiate wired and wireless LAN TCP traffic, and exploit the fundamental properties of the 802.11 CSMA/CA MAC protocol and the half duplex nature of wireless channels. Our algorithms make prompt decisions as TCP ACK-pairs are observed, and only incur minimum computation and storage overhead. We have built a system for online Rogue-Access-Point detection using these algorithms and deployed it at a university gateway router. Extensive experiments in various scenarios have demonstrated the excellent performance of our approach: the algorithm that requires training provides rapid detection and is extremely accurate (the detection is mostly within 10 seconds, with very low false positive and false negative ratios); the algorithm that does not require training detects 60%-76% of the wireless hosts without any false positives; both algorithms are light-weight (with computation and storage overhead well within the capability of commodity equipment).
