A Framework for Protecting Against Wireless Network Misuse
Dr. Raheem
Beyah
Communications Systems Center
Georgia Institute of Technology
Abstract
Wireless local area networks (WLANs) have seen explosive growth in the last several years. This growth is a result of standardization (802.11 protocols), improved data rates, improved ease of use, as well as a sharp decline in prices. The wireless revolution has created new businesses, business models, and arguably, for some, a better quality of life. Wireless hotspots have now popped up in many locations, including: coffee shops, hotels, airports, restaurants, book stores, etc. As is the case with most technologies once they gain widespread use, people will attempt misuse.
WLANs have been under attack for years, thus the hackers have commoditized tools to break into networks which are easily downloaded from the web. A significant amount of research has been done in defending wireless networks. That is, keeping unauthorized users from accessing the wireless network and protecting authorized users on the wireless network. The rush to standardize WLANs led to flaws in their security. To correct this, the community has developed the 802.11i standard which provides, among other needed additions, stronger encryption and authentication. Though we have made significant progress in defending wireless networks and protecting authorized users from unauthorized users, little has been done to protect authorized users from other authorized users. In this talk, I will discuss two types of malicious attacks that can be exercised primarily by authorized users and my proposed defenses to such attacks. The first attack is one where access points (APs) are inserted into a network without approval. These rogue APs expose the network to a barrage of security vulnerabilities in that they are typically connected to a network port behind the firewall. I propose the use of temporal traffic characteristics to detect rogue APs at a central location. The second type of attack can occur when a knowingly or unknowingly malevolent authorized user spreads a malicious payload covertly via wireless hotspots. Using a previously unknown exploit (zero-day), this spread can grow quickly as infected users migrate to different hotspots. I propose an inexpensive, lightweight, client/server embedded intrusion detection system (IDS) that can provide on-site defenses and the necessary cross-correlation of malicious behavior needed to stop an impending epidemic of worms spreading via wireless hotspots.
Biography
Dr. Raheem Beyah received his Bachelor of Science in Electrical
Engineering from