Michael J. Ocean
Azer Bestavros
ABSTRACT
Wireless Intrusion Detection Systems (WIDS) monitor 802.11 wireless frames(Layer-2) in an attempt to detect misuse. What distinguishes a WIDS from a traditional Network IDS is the ability to utilize the broadcast nature of the medium to reconstruct the physical location of the offending party, as opposed to its possibly spoofed (MAC addresses) identity in cyber space. Traditional Wireless Network Security Systems are still heavily anchored in the digital plane of cyber space and hence cannot be used reliably or effectively to derive the physical identity of an intruder in order to prevent further malicious wireless broadcasts, for example by escorting an intruder off the premises based on physical evidence. In this paper, we argue that Embedded Sensor Networks could be used effectively to bridge the gap between digital and physical security planes, and thus could be leveraged to provide reciprocal benefit to surveillance and security tasks on both planes. Toward that end, we present our recent experience integrating wireless networking security services into the SNBENCH (SensorNetwork workBench). The SNBENCH provides an extensible framework that enables the rapid development and automated deployment of Sensor Network applications on a shared, embedded sensing and actuation infrastructure. The SNBENCH's extensible architecture allows an engineer to quickly integrate new sensing and response capabilities into the SNBENCH framework, while high-level languages and compilers allow novice SN programmers to compose SN service logic, unaware of the lower-level implementation details of tools on which their services rely. In this paper we convey the simplicity of the service composition through concrete examples that illustrate the power and potential of Wireless Security Services that span both the physical and digital plane.
- OpenWRT Project Homepage, http://openwrt.org/.Google Scholar
- Frank Adelstein, Prasanth Alla, Rob Joyce, and Golden G. Richard III, Physically Locating Wireless Intruders, ITCC'04: Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 (Washington, DC, USA), IEEE Computer Society, 2004, p. 482. Google ScholarDigital Library
- AirDefense, Inc., AirDefense Enterprise Product Homepage, http://www.airdefense.net/products/enterprise.php.Google Scholar
- Paramvir Bahl and Venkata N. Padmanabhan, RADAR: An In-Building RF-Based User Location and Tracking System, INFOCOM (2), 2000, pp. 775--784.Google Scholar
- John Bellardo and Stefan Savage, 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions, SSYM'03: Proceedings of the 12th Conference on USENIX Security Symposium (Berkeley, CA, USA), USENIX Association, 2003, pp. 2--2. Google ScholarDigital Library
- Azer Bestavros, Adam Bradley, Assaf Kfoury, and Michael Ocean, SNBENCH: A Development and Run-Time Platform for Rapid Deployment of Sensor Network Applications, IEEE International Workshop on Broadband Advanced Sensor Networks (Basenets), October, 2005.Google ScholarCross Ref
- Boston University, Department of Computer Science, Sensorium Research Homepage, http://www.cs.bu.edu/groups/sensorium/.Google Scholar
- Christophe Devine, Aircrack-ng Homepage, http://www.aircrack-ng.org/.Google Scholar
- Ekahau, Inc., Ekahau Positioning Engine 4.0 Product Homepage, http://www.ekahau.com/products/positioningengine/.Google Scholar
- Jamil Farshchi, Wireless Intrusion Detection Systems, http://www.securityfocus.com/infocus/1742, 2003-11-05.Google Scholar
- IBM Internet Security Systems, Wireless Products Homepage, http://www.iss.net/documents/whitepapers/wireless_LAN_security.pdf.Google Scholar
- James Goddard Joshua Lackey, Andrew Roths, Wireless Intrusion Detection, http://www-935.ibm.com/services/us/bcrs/pdf/wp_wireless-intrusion-detection.pdf, 2003.Google Scholar
- Mike Kershaw, Kismet User Forum, http://www.kismetwireless.net/Forum/General/Messages/1142522037.4893529.Google Scholar
- _______, Kismet (version 2007-01-r1b), http://www.kismetwireless.net/documentation.shtml.Google Scholar
- Andrew Lockhart, Snort-wireless Homepage, http://snort-wireless.org/.Google Scholar
- "loud-fat bloke", WIDZ (Wireless Intrusion Detection System) Homepage, http://freshmeat.net/projects/widz/.Google Scholar
- Michael Lynn, AirIDS Project Homepage, http://airids.sourceforge.net/.Google Scholar
- Michael J. Ocean, Azer Bestavros, and Assaf J. Kfoury, SNBENCH: Programming and Virtualization Framework for Distributed Multitasking Sensor Networks, VEE '06: Proceedings of the 2nd International Conference on Virtual Execution Environments (New York, NY, USA), ACM Press, 2006, pp. 89--99. Google ScholarDigital Library
- Martin Roesch, Snort - Lightweight Intrusion Detection for Networks, LISA '99: Proceedings of the 13th USENIX Conference on System Administration (Berkeley, CA, USA), USENIX Association, 1999, pp. 229--238. Google ScholarDigital Library
- Cisco Systems, Wi-Fi Based Real-Time Location Tracking: Solutions and Technology, http://www.cisco.com/application/pdf/en/us/guest/products/ps6386/c1244/cdccont_0900aecd80477957.pdf, 2006.Google Scholar
- P. Tao, A. Rudys, A. Ladd, and D. Wallach, Wireless LAN Location Sensing for Security Application, 2003. Google ScholarDigital Library
- Nathan True, Wi-viz: Wireless Network Environment Visualization, http://devices.natetrue.com/wiviz/.Google Scholar
- Giovanni Vigna, Fredrik Valeur, and Richard A. Kemmerer, Designing and Implementing a Family of Intrusion Detection Systems, SIGSOFT Softw. Eng. Notes 28 (2003), no. 5, 88--97. Google ScholarDigital Library
- Yoann Vandoorselaere, et. el., Prelude Hybrid IDS, http://www.prelude-ids.org/.Google Scholar
- Moustafa Youssef, Ashok Agrawala, and Udaya Shankar, WLAN Location Determination via Clustering and Probability Distributions, March 2003.Google Scholar
Index Terms
Wireless and physical security via embedded sensor networks
Recommendations
k-Barrier Coverage for Physical Security in Stealthy Lattice Wireless Sensor Networks
EWSN ’18: Proceedings of the 2018 International Conference on Embedded Wireless Systems and NetworksAny unauthorized access to a critical space is a physical breach in our society that can be viewed as a physical security problem. It is essential to build a barrier that prevents any intruder’s attempt to cross it and access a critical area. In this ...
Investigating physical security in stealthy lattice wireless sensor networks using k-barrier coverage
AbstractAny unauthorized access to a critical space is a physical breach in our society that can be viewed as a physical security problem. It is essential to build a barrier that prevents any intruder's attempt to cross it and access a ...
Security for wireless sensor networks
Wireless sensor networksThis chapter identifies the vulnerabilities associated with the operational paradigms currently employed by Wireless Sensor Networks. A survey of current WSN security research is presented. The security issues of Mobile Ad-Hoc Networks and ...
Comments