Detail publikace

A Concept of Behavioral Reputation System in Wireless Networks

Originální název

A Concept of Behavioral Reputation System in Wireless Networks

Anglický název

A Concept of Behavioral Reputation System in Wireless Networks

Jazyk

en

Originální abstrakt

Nowadays wireless networks are becoming more important in personal and public communication. Most of them is secured by 802.11i standard with strong AES cipher - WPA2. In many cases an attacker has the ability to listen to all encrypted network traffic which becoming a potential intrusion. Each client in wireless network is vulnerable to a variety of threats and attacks. Many attacks especially in corporate networks are realized from internal environment. Identity theft is next serious problem of wireless networks. We should able to precisely identify every entity in wireless network, and then determine malicious behavior of these entities. Many research in this area usually focuses on explicit identifiers such as MAC address, which can be changed easily. Thus it is challenging to track users and their behavior with always changing identifiers. In this paper, first we analyzed in detail security issues of the newest standard (WPA2), then we propose a concept of reputation system in 802.11i networks in order to achieve correct identification of wireless entities and detection malicious behavior of these entities. Basement for reputation system is creation of behavior model for each entity in system (all devices and access points). This model is created by the algorithm which select right attributes (signal strength, MAC address, FromDS, destination IP address, etc.) contained in on-the-fly frame. These attributes are used in number of metrics able to detect or describe entity behavior. Our approach work across network layers; we take some attributes from radiotap header, all attributes from 802.11 frame, and many attributes from network, transport and application layer. Algorithm take advantages from combination of radio-fingerprinting, link layer and all possible upper layers. Obtaining data from upper than link layer is very complicated, because they are encrypted. We developed two different ways to gain data from upper layers. First approach is pairing communication in wireless system with communication in wired segment of access point. Another approach is extraction cryptographic keys from access point a then use these keys to real-time decryption of 802.11 frames captured by wireless probe. Created model provides a behavior pattern of each entity in wireless system, which is important step for identification of entity. An artificial intelligence can take this model to detect potential malicious behavior and then raise or lower the value of reputation of entity. Entities with lower reputation than defined threshold are marked as intruders

Anglický abstrakt

Nowadays wireless networks are becoming more important in personal and public communication. Most of them is secured by 802.11i standard with strong AES cipher - WPA2. In many cases an attacker has the ability to listen to all encrypted network traffic which becoming a potential intrusion. Each client in wireless network is vulnerable to a variety of threats and attacks. Many attacks especially in corporate networks are realized from internal environment. Identity theft is next serious problem of wireless networks. We should able to precisely identify every entity in wireless network, and then determine malicious behavior of these entities. Many research in this area usually focuses on explicit identifiers such as MAC address, which can be changed easily. Thus it is challenging to track users and their behavior with always changing identifiers. In this paper, first we analyzed in detail security issues of the newest standard (WPA2), then we propose a concept of reputation system in 802.11i networks in order to achieve correct identification of wireless entities and detection malicious behavior of these entities. Basement for reputation system is creation of behavior model for each entity in system (all devices and access points). This model is created by the algorithm which select right attributes (signal strength, MAC address, FromDS, destination IP address, etc.) contained in on-the-fly frame. These attributes are used in number of metrics able to detect or describe entity behavior. Our approach work across network layers; we take some attributes from radiotap header, all attributes from 802.11 frame, and many attributes from network, transport and application layer. Algorithm take advantages from combination of radio-fingerprinting, link layer and all possible upper layers. Obtaining data from upper than link layer is very complicated, because they are encrypted. We developed two different ways to gain data from upper layers. First approach is pairing communication in wireless system with communication in wired segment of access point. Another approach is extraction cryptographic keys from access point a then use these keys to real-time decryption of 802.11 frames captured by wireless probe. Created model provides a behavior pattern of each entity in wireless system, which is important step for identification of entity. An artificial intelligence can take this model to detect potential malicious behavior and then raise or lower the value of reputation of entity. Entities with lower reputation than defined threshold are marked as intruders

BibTex


@inproceedings{BUT103485,
  author="Matej {Kačic} and Petr {Hanáček} and Martin {Henzl} and Ivan {Homoliak}",
  title="A Concept of Behavioral Reputation System in Wireless Networks",
  annote="Nowadays wireless networks are becoming more important in personal and public
communication. Most of them is secured by 802.11i standard with strong AES cipher
- WPA2. In many cases an attacker has the ability to listen to all encrypted
network traffic which becoming a potential intrusion. Each client in wireless
network is vulnerable to a variety of threats and attacks. Many attacks
especially in corporate networks are realized from internal environment. Identity
theft is next serious problem of wireless networks. We should able to precisely
identify every entity in wireless network, and then determine malicious behavior
of these entities. Many research in this area usually focuses on explicit
identifiers such as MAC address, which can be changed easily. Thus it is
challenging to track users and their behavior with always changing identifiers.
In this paper, first we analyzed in detail security issues of the newest standard
(WPA2), then we propose a concept of reputation system in 802.11i networks in
order to achieve correct identification of wireless entities and detection
malicious behavior of these entities. Basement for reputation system is creation
of behavior model for each entity in system (all devices and access points). This
model is created by the algorithm which select right attributes (signal strength,
MAC address, FromDS, destination IP address, etc.) contained in on-the-fly frame.
These attributes are used in number of metrics able to detect or describe entity
behavior. Our approach work across network layers; we take some attributes from
radiotap header, all attributes from 802.11 frame, and many attributes from
network, transport and application layer. Algorithm take advantages from
combination of radio-fingerprinting, link layer and all possible upper layers.
Obtaining data from upper than link layer is very complicated, because they are
encrypted. We developed two different ways to gain data from upper layers. First
approach is pairing communication in wireless system with communication in wired
segment of access point. Another approach is extraction cryptographic keys from
access point a then use these keys to real-time decryption of 802.11 frames
captured by wireless probe. Created model provides a behavior pattern of each
entity in wireless system, which is important step for identification of entity.
An artificial intelligence can take this model to detect potential malicious
behavior and then raise or lower the value of reputation of entity. Entities with
lower reputation than defined threshold are marked as intruders",
  address="Institute of Electrical and Electronics Engineers",
  booktitle="The 47th Annual International Carnahan Conference on Security Technology",
  chapter="103485",
  edition="NEUVEDEN",
  howpublished="print",
  institution="Institute of Electrical and Electronics Engineers",
  year="2013",
  month="september",
  pages="86--90",
  publisher="Institute of Electrical and Electronics Engineers",
  type="conference paper"
}