Scribd
Upload
79 views24 pages

Wireless Security Vulnerabilities Overview

Wireless networks are vulnerable to various security attacks such as Sybil attacks, denial-of-service (DoS) attacks, and eavesdropping. The document discusses specific DoS attacks like resource consumption attacks, routing disruption attacks, and intrusion detection techniques for mobile ad hoc networks. It proposes a cooperative intrusion detection model where nodes participate in local and cooperative detection, and analyzes anomaly detection methods like analyzing changes in routing patterns and traffic flows. The document concludes by discussing focusing experiments on the effects of attacks on their wireless mesh network and developing detection and reputation systems.

Uploaded by

Suvir Singh
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
79 views24 pages

Wireless Security Vulnerabilities Overview

Wireless networks are vulnerable to various security attacks such as Sybil attacks, denial-of-service (DoS) attacks, and eavesdropping. The document discusses specific DoS attacks like resource consumption attacks, routing disruption attacks, and intrusion detection techniques for mobile ad hoc networks. It proposes a cooperative intrusion detection model where nodes participate in local and cooperative detection, and analyzes anomaly detection methods like analyzing changes in routing patterns and traffic flows. The document concludes by discussing focusing experiments on the effects of attacks on their wireless mesh network and developing detection and reputation systems.

Uploaded by

Suvir Singh
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Wireless Security Tutorial

TFA, Rice Elec 438


Tara Hong
Joel Khan
Prabhu Metgud
Introduction- Terminology
Attacks
• Sybil attacks – subvert reputation system
• DoS – routing disruption, resource
consumption
Intrusion Detection-on adhock networks
Wireless Disadvantages in Security
• attackers can listen in on transmitted data –
Visitors network unencrypted
• Harder to limit access
• Existence of network is known to anybody
within range
• Radio jamming in channel
• Shared with wired- bruit force hacking,
spoofing
Terminology
• DoS- Denial of Service (network)
• MaC- Media Access Control (physical) address
• Spoofing- mask identity as another on the
network
• Bot Nets- hidden autonomous system in a
network controlled by malicious attacker
– DDOS- multiple computers simultaneously flood
– Email spam/ bomb
• AP-access point
Sybil Attack
• Reputation System: a type of collaborative
filtering algorithm which attempts to
determine ratings for a collection of entities
– Ex: torrents, p2p scheemes
• Sybil Attacks: attacker takes advantage of
reputation system by creating false identities
– Stuff the ballot
– Simple-start fresh with each identity
DoS Attacks on Routing Protocol
• Resource consumption attack
- injects packets into the network to consume valuable
network resources (bandwidth, memory, power)

• Routing disruption
- attempts to cause legitimate data packets to be
routed in dysfunctional ways (blackhole, jellyfish)
Resource Consumption
• De-authentication
– Clients- decide upon an AP and authenticate with it.
– Attacker- spoofs the client or AP and sends a de authentication
signal.
• De-authentication signals do not require any type of authentication.
– Client will try to find another access point or continue to re-
authenticate. (cycle continues)
• Disassociation – follows authentication
– association protocols- allow pathing/ tunneling to the gateway
• Power saving- attacker spoofs a client and sends the sleep
mode message to an access point causing the access point
to disregard the client
Resource Consumption
802.11 Media Access Vulnerabilities
Take advantage of collision avoidance
– Carrier-sense mechanism- the RTS/CTS protocol
• Has a duration field that determines the time the channel is
reserved (programs all nodes Navigational vector (NAV)
when =0 you can transmit again)
• Attacker During RTS asks for a very large duration frame
(inefficiently sized compared to normal), The AP sends the
CTS signal and updates all clients NAV vectors.
• Sending back to back RTS precisely can lock out the AP to all
clients.
• RTS/CTS not authenticated in 802.11
– Similar to Rushing Attack (node routing stage)
Security Vulnerabilities of WMN
• Wireless Mesh Network lack efficient security
solutions
• The distributed network architecture
• Vulnerability of channels and nodes in the
shared wireless medium
• Dynamic change of network topology
• No central authority; no central
authentication server
Rushing Attack
• A type of routing disruption attack
• Effective against all currently proposed on-demand
ad hoc network routing protocols (WMN)
• Each node forwards only one ROUTE REQUEST
packet originating from any Route Discovery
• In on-demand routing protocols, they only forward
the REQUEST packet that arrive first
• An attacker forward ROUTE REQUESTs more quickly
than legitimate nodes
• Good nodes drop the real ROUTE REQUESTS due to
the duplicate suppression
Black Hole Attack
• A type of routing disruption attack
• Nodes participate in the routing protocol to
establish routes through themselves
• Once paths are established, nodes simply drop
all packets without informing the source that
the data did not reach its destination
JellyFish Attack
• Protocol-compliant DoS attack
• Passive and hard to detect
• Reduce the goodput of flows to near-zero
• Misordering packets
• Periodic dropping at relay nodes
• Delay-variance
• Devastating effect on throughput of closed-
loop flows such as TCP and UDP
Implementing Example
• Make a small network group compsed of 7
machines: 1 attacker, 1 access point, 1
monitoring station, and 4 legitimate clients
• The access point was built using Linux HostAP
driver
• Each client tries to transfer a large file through
the access point machine
• iPAQ H3600 with Dlink DWL-650 card running
with Linux attack testing tool
Intrusion Detection Techniques for
Mobile Wireless Networks
• Vulnerabilities of mobile network wireless
networks
• The need for intrusion detection
• An architecture for intrusion detection
• Anomaly detection mobile Ad-Hoc networks
Vulnerabilities of mobile network
wireless networks
• No firewall
• No physical protection for the nodes
• infected nodes can spread the worm
so no nodes can be trusted
• sometimes, no central authority
• Less resources for nodes, hence attackers may find it
convenient
The need for intrusion detection

• Preventive measures such as encryption and


authentication are not enough
• So, intrusion detection will be second line of
defense against the attacks
• A new model for intrusion detection is
discussed
An architecture for intrusion
detection
• Assuming that user activities are observable
and that normal and intrusion activities have
distinct behavior
• Misuse detection and anomaly detection
• Network based or host based
(Continued)
• Network based IDS are not suitable
• Difficult to differentiate between anomaly and
normalcy
Model
Model(continued)
• Every node participates
• Local detection
• Cooperative detection
• % of confidence
• Not all data from nodes can be trusted
Model(continued)
• Intrusion response
• Multi-layer IDS and response
Anomaly detection
• Building an anomaly detection model
• Route logic compromise
• Traffic pattern distortion
• Audit data
• Training runs
Algorithm to detect anomaly
• Percentage of changed routes (PCR)
• Percentage of changed sum of all hops (PCH)
• Distance
• Velocity
• Use a classification algorithm to differentiate
between the classes to probably detect an
anomaly
Wrap Up
• Focus more on the effects of attacks on our
WMA network at TFA.
– DoS attacks
• Repetitive poling (authenticating request)
• De-authentication/ de-association
• Simulate nodal Black Holes and jelly fish attacks
• Try to develop a reputation system/ sybil
attack
• Detection systems – go into traffic engineering

You might also like