Detection and Localization of Multiple Spoofing

Attackers in Wireless Networks

ABSTRACT
Wireless spoofing attacks are easy to launch and can significantly impact the
performance of networks. Although the identity of a node can be verified through
cryptographic authentication, conventional security approaches are not always desirable
because of their overhead requirements. In this paper, we propose to use spatial information,
a physical property associated with each node, hard to falsify, and not reliant on
cryptography, as the basis for 1) detecting spoofing attacks !) determining the number of
attackers when multiple adversaries masquerading as the same node identity and ")
locali#ing multiple adversaries. We propose to use the spatial correlation of received signal
strength $%&&) inherited from wireless nodes to detect the spoofing attacks. We then
formulate the problem of determining the number of attackers as a multiclass detection
problem. 'luster(based mechanisms are developed to determine the number of attackers.
When the training data are available, we e)plore using the &upport *ector +achines $&*+)
method to further improve the accuracy of determining the number of attackers. In addition,
we developed an integrated detection and locali#ation system that can locali#e the positions
of multiple attackers. We evaluated our techniques through two test beds using both an
,-!.11 $Wi(.i) network and an ,-!.1/.0 $1ig2ee) network in two real office buildings. 3ur
e)perimental results show that our proposed methods can achieve over 4- percent 5it %ate
and 6recision when determining the number of attackers. 3ur locali#ation results using a
representative set of algorithms provide strong evidence of high accuracy of locali#ing
multiple adversaries.
1
1!NTR"D#CT!"N
7ue to the openness of the wireless transmission medium, adversaries can monitor any
transmission. .urther, adversaries can easily purchase low(cost wireless devices and use these
commonly available platforms to launch a variety of attacks with little effort. Among various types of
attacks, identity(based spoofing attacks are especially easy to launch and can cause significant
damage to network performance. .or instance, in an ,-!.11 network, it is easy for an attacker to
gather useful +A' address information during passive monitoring and then modify its +A' address
by simply issuing an ifconfig command to masquerade as another device. In spite of e)isting ,-!.11
security techniques including Wired 8quivalent 6rivacy $W86), Wi(.i 6rotected Access $W6A), or
,-!.11i $W6A!), such methodology can only protect data frames9an attacker can still spoof
management or control frames to cause significant impact on networks.
&poofing attacks can further facilitate a variety of traffic in:ection attacks, such as attacks on
access control lists, rogue access point $A6) attacks, and eventually 7enialof( &ervice $7o&) attacks.
A broad survey of possible spoofing attacks can be found in this system. +oreover, in a large(scale
network, multiple adversaries may masquerade as the same identity and collaborate to launch
malicious attacks such as network resource utili#ation attack and denial(of(service attack quickly.
;herefore, it is important to 1) detect the presence of spoofing attacks, !) determine the number of
attackers, and ") locali#e multiple adversaries and eliminate them.
+ost e)isting approaches to address potential spoofing attacks employ cryptographic
schemes. 5owever, the application of cryptographic schemes requires reliable key distribution,
management, and maintenance mechanisms. It is not always desirable to apply these cryptographic
methods because of its infrastructural, computational, and management overhead. .urther,
cryptographic methods are susceptible to node compromise, which is a serious concern as most
wireless nodes are easily accessible, allowing their memory to be easily scanned. In this work, we
propose to use received signal strength $%&&)(based spatial correlation, a physical property associated
with each wireless node that is hard to falsify and not reliant on cryptography as the basis for
detecting spoofing attacks. &ince we are concerned with attackers who have different locations than
legitimate wireless nodes, utili#ing spatial information to address spoofing attacks has the unique
power to not only identify the presence of these attacks but also locali#e adversaries. An added
advantage of employing spatial correlation to detect spoofing attacks is that it will not require any
additional cost or modification to the wireless devices themselves.
2
We focus on static nodes in this work, which are common for spoofing scenarios. We addressed
spoofing detection in mobile environments in our other work. ;he works that are closely related to us
are in these systems. .aria and 'heriton proposed the use of matching rules of signal prints for
spoofing detection, &heng et al. modeled the %&& readings using a <aussian mi)ture model and 'hen
et al. used %&& and =(means cluster analysis to detect spoofing attacks. 5owever, none of these
approaches have the ability to determine the number of attackers when multiple adversaries use the
same identity to launch attacks, which is the basis to further locali#e multiple adversaries after attack
detection. Although 'hen et al. studied how to locali#e adversaries, it can only handle the case of a
single spoofing attacker and cannot locali#e the attacker if the adversary uses different transmission
power levels.
;he main contributions of our work are> 1) <A78> a generali#ed attack detection model $<A78)
that can both detect spoofing attacks as well as determine the number of adversaries using cluster
analysis methods grounded on %&&(based spatial correlations among normal devices and adversaries
and !) I73?> an integrated detection and locali#ation system that can both detect attacks as well as
find the positions of multiple adversaries even when the adversaries vary their transmission power
levels.
In <A78, the 6artitioning Around +edoids $6A+) cluster analysis method is used to perform
attack detection. We formulate the problem of determining the number of attackers as a multiclass
detection problem. We then applied cluster(based methods to determine the number of attacker. We
further developed a mechanism called &I?8@'8 for testing &ilhouette 6lot and &ystem 8volution
with minimum distance of clusters, to improve the accuracy of determining the number of attackers.
Additionally, when the training data are available, we propose to use the &upport *ector +achines
$&*+) method to further improve the accuracy of determining the number of attackers. +oreover, we
developed an integrated system, I73?, which utili#es the results of the number of attackers returned
by <A78 to further locali#e multiple adversaries. As we demonstrated through our e)periments using
both an ,-!.11 network as well as an ,-!.1/.0 network in two real office building environments,
<A78 is highly effective in spoofing detection with over 4- percent hit rate and precision.
.urthermore, using a set of representative locali#ation algorithms, we show that I73? can achieve
similar locali#ation accuracy when locali#ing adversaries to that of under normal conditions. 3ne key
observation is that I73? can handle attackers using different transmission power levels, thereby
providing strong evidence of the effectiveness of locali#ing adversaries when there are multiple
attackers in the network.
3
$%&!ST!N' S(ST%M
;he e)isting approaches to address potential spoofing attacks employ cryptographic
schemes ABC. 5owever, the application of cryptographic schemes requires reliable key
distribution, management, and maintenance mechanisms. It is not always desirable to apply
these cryptographic methods because of its infrastructural, computational, and management
overhead. .urther, cryptographic methods are susceptible to node compromise, which is a
serious concern as most wireless nodes are easily accessible, allowing their memory to be
easily scanned. In this work, we propose to use received signal strength $%&&)(based spatial
correlation, a physical property associated with each wireless node that is hard to falsify and
not reliant on cryptography as the basis for detecting spoofing attacks. &ince we are
concerned with attackers who have different locations than legitimate wireless nodes,
utili#ing spatial information to address spoofing attacks has the unique power to not only
identify the presence of these attacks but also locali#e adversaries. An added advantage of
employing spatial correlation to detect spoofing attacks is that it will not require any
additional cost or modification to the wireless devices themselves.
Disad)antages
;he large(scale network, multiple adversaries may masquerade as the same identity
and collaborate to launch malicious attacks such as network resource utili#ation attack
and denial(of(service attack quickly.
;he accuracy of determining the number of attackers. Additionally, when the training
data are available, we propose to use the &upport *ector +achines $&*+) method to
further improve the accuracy of determining the number of attackers.
*+R"+"S%D S(ST%M
;he path loss e)ponent is set to !./ and the standard deviation of shadowing is ! d2.
.rom the figure, we observed that the %3' curves shift to the upper left when increasing the
distance between two devices. ;his indicates that the farther away the two nodes are
separated, the better detection performance that our method can achieve. ;his is because the
detection performance is proportional to the no centrality parameter which is represented by
the distance between two wireless nodes together with the landmarks. &ince under a spoofing
attack, the %&& readings from the victim node and the spoofing attackers are mi)ed together,
this observation suggests that we may conduct cluster analysis on top of %&&(based spatial
4
correlation to find out the distance in signal space and further detect the presence of spoofing
attackers in physical space. ;he &ystem 8volution is a new method to analy#e cluster
structures and estimate the number of clusters. ;he &ystem 8volution method uses the twin(
cluster model, which are the two closest clusters among = potential clusters of a data set. ;he
twin(cluster model is used for energy calculation. ;he 6artition 8nergy denotes the border
distance between the twin clusters, whereas the +erging 8nergy is calculated as the average
distance between elements in the border region of the twin clusters.
Ad)antages
;he basic idea behind using the &ystem 8volution method to determine the number of
attackers is that all the rest of clusters are separated if the twin clusters are separable.
;he 5it %ate is lower when treating four attackers as errors than treating two attackers
as errors. ;his indicates that the probability of misclassifying three attackers as four
attackers is higher than that of misclassifying three attackers as two attackers.
;he advantage of &ilhouette 6lot is that it is suitable for estimating the best partition.
Whereas the &ystem 8volution method performs well under difficult cases such as
when there e)ists slightly overlapping between clusters and there are smaller clusters
near larger clusters.
5
,S(ST%M C"N-!'#RAT!"N
,1 .ARDWAR% R%/#!R%M%NTS
6rocessor ( Intel core! 7uo
&peed ( !.4" <h#
%A+ ( !<2 %A+
5ard 7isk ( /-- <2
=ey 2oard ( &tandard Windows =eyboard
+ouse ( ;wo or ;hree 2utton +ouse
+onitor ( ?87
,$ S"-TWAR% S(ST%M C"N-!'#RAT!"N
3perating &ystem ( D6 and windows E
.ront 8nd> Fava$ AW;,&wings,@etworking)
2ack 8nd ( +& Access !--"
6
0 1A2A T%C.N"L"'(
Fava technology is both a programming language and a platform.
T3e 1a)a +rogra44ing Language
;he Fava programming language is a high(level language that can be characteri#ed by
all of the following bu##words>
&imple
Architecture neutral
3b:ect oriented
6ortable
7istributed
5igh performance
Interpreted
+ultithreaded
%obust
7ynamic
&ecure
With most programming languages, you either compile or interpret a program so that
you can run it on your computer. ;he Fava programming language is unusual in that a
program is both compiled and interpreted. With the compiler, first you translate a program
into an intermediate language called Java byte codes 9the platform(independent codes
interpreted by the interpreter on the Fava platform. ;he interpreter parses and runs each Fava
byte code instruction on the computer. 'ompilation happens :ust once interpretation occurs
each time the program is e)ecuted. ;he following figure illustrates how this works.
7
Gou can think of Fava byte codes as the machine code instructions for the Java
Virtual Machine $Fava *+). 8very Fava interpreter, whether itHs a development tool or a Web
browser that can run applets, is an implementation of the Fava *+. Fava byte codes help
make Iwrite once, run anywhereJ possible. Gou can compile your program into byte codes on
any platform that has a Fava compiler. ;he byte codes can then be run on any implementation
of the Fava *+. ;hat means that as long as a computer has a Fava *+, the same program
written in the Fava programming language can run on Windows !---, a &olaris workstation,
or on an i+ac.
T3e 1a)a +latfor4
A platform is the hardware or software environment in which a program runs.
WeHve already mentioned some of the most popular platforms like Windows !---,
?inu), &olaris, and +ac3&. +ost platforms can be described as a combination of the
operating system and hardware. ;he Fava platform differs from most other platforms
in that itHs a software(only platform that runs on top of other hardware(based
platforms.
;he Fava platform has two components>
;he Java Virtual Machine $Fava *+)
;he Java Application Programming Interface $Fava A6I)
GouHve already been introduced to the Fava *+. ItHs the base for the Fava
platform and is ported onto various hardware(based platforms.
8
;he Fava A6I is a large collection of ready(made software components that
provide many useful capabilities, such as graphical user interface $<KI) widgets. ;he
Fava A6I is grouped into libraries of related classes and interfaces these libraries are
known as packages. ;he ne)t section, What 'an Fava ;echnology 7oL 5ighlights
what functionality some of the packages in the Fava A6I provide.
;he following figure depicts a program thatHs running on the Fava platform. As the
figure shows, the Fava A6I and the virtual machine insulate the program from the
hardware.
@ative code is code that after you compile it, the compiled code runs on a
specific hardware platform. As a platform(independent environment, the Fava
platform can be a bit slower than native code. 5owever, smart compilers, well(tuned
interpreters, and :ust(in(time byte code compilers can bring performance close to that
of native code without threatening portability.
What Can Java Technology Do?
;he most common types of programs written in the Fava programming language are
applets and applications. If youHve surfed the Web, youHre probably already familiar
with applets. An applet is a program that adheres to certain conventions that allow it
to run within a Fava(enabled browser.
5owever, the Fava programming language is not :ust for writing cute, entertaining
applets for the Web. ;he general(purpose, high(level Fava programming language is
also a powerful software platform. Ksing the generous A6I, you can write many types
of programs.
An application is a standalone program that runs directly on the Fava platform. A
special kind of application known as a server serves and supports clients on a
network. 8)amples of servers are Web servers, pro)y servers, mail servers, and print
servers. Another speciali#ed program is a servlet. A servlet can almost be thought of
9
as an applet that runs on the server side. Fava &ervlets are a popular choice for
building interactive web applications, replacing the use of '<I scripts. &ervlets are
similar to applets in that they are runtime e)tensions of applications. Instead of
working in browsers, though, servlets run within Fava Web servers, configuring or
tailoring the server.
5ow does the A6I support all these kinds of programsL It does so with packages of
software components that provides a wide range of functionality. 8very full
implementation of the Fava platform gives you the following features>
T3e essentials> 3b:ects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
Applets> ;he set of conventions used by applets.
Networking> K%?s, ;'6 $;ransmission 'ontrol 6rotocol), K76 $Kser 7ata
gram 6rotocol) sockets, and I6 $Internet 6rotocol) addresses.
!nternationalization> 5elp for writing programs that can be locali#ed for
users worldwide. 6rograms can automatically adapt to specific locales and be
displayed in the appropriate language.
Securit5> 2oth low level and high level, including electronic signatures,
public and private key management, access control, and certificates.
Software co4ponents> =nown as Fava2eans
;+
, can plug into e)isting
component architectures.
"67ect serialization> Allows lightweight persistence and communication via
%emote +ethod Invocation $%+I).
1a)a Data6ase Connecti)it5 81DBC
TM
9> 6rovides uniform access to a wide
range of relational databases.
;he Fava platform also has A6Is for !7 and "7 graphics, accessibility, servers,
collaboration, telephony, speech, animation, and more. ;he following figure depicts
what is included in the Fava ! &7=.
10
"DBC
+icrosoft 3pen 7atabase 'onnectivity $372') is a standard programming interface
for application developers and database systems providers. 2efore 372' became a de facto
standard for Windows programs to interface with database systems, programmers had to use
proprietary languages for each database they wanted to connect to. @ow, 372' has made the
choice of the database system almost irrelevant from a coding perspective, which is as it
should be. Application developers have much more important things to worry about than the
synta) that is needed to port their program from one database to another when business needs
suddenly change.
;hrough the 372' Administrator in 'ontrol 6anel, you can specify the particular
database that is associated with a data source that an 372' application program is written to
use. ;hink of an 372' data source as a door with a name on it. 8ach door will lead you to a
particular database. .or e)ample, the data source named &ales .igures might be a &M? &erver
database, whereas the Accounts 6ayable data source could refer to an Access database. ;he
physical database referred to by a data source can reside anywhere on the ?A@.
;he 372' system files are not installed on your system by Windows 4/. %ather, they
are installed when you setup a separate database application, such as &M? &erver 'lient or
*isual 2asic 0.-. When the 372' icon is installed in 'ontrol 6anel, it uses a file called
372'I@&;.7??. It is also possible to administer your 372' data sources through a stand(
alone program called 372'A7+.8D8. ;here is a 1B(bit and a "!(bit version of this
program and each maintains a separate list of 372' data sources.
.rom a programming perspective, the beauty of 372' is that the application can be
written to use the same set of function calls to interface with any data source, regardless of
the database vendor. ;he source code of the application doesnHt change whether it talks to
3racle or &M? &erver. We only mention these two as an e)ample. ;here are 372' drivers
available for several do#en popular database systems. 8ven 8)cel spreadsheets and plain te)t
11
files can be turned into data sources. ;he operating system uses the %egistry information
written by 372' Administrator to determine which low(level 372' drivers are needed to
talk to the data source $such as the interface to 3racle or &M? &erver). ;he loading of the
372' drivers is transparent to the 372' application program. In a clientNserver
environment, the 372' A6I even handles many of the network issues for the application
programmer.
;he advantages of this scheme are so numerous that you are probably thinking there
must be some catch. ;he only disadvantage of 372' is that it isnHt as efficient as talking
directly to the native database interface. 372' has had many detractors make the charge that
it is too slow. +icrosoft has always claimed that the critical factor in performance is the
quality of the driver software that is used. In our humble opinion, this is true. ;he availability
of good 372' drivers has improved a great deal recently. And anyway, the criticism about
performance is somewhat analogous to those who said that compilers would never match the
speed of pure assembly language. +aybe not, but the compiler $or 372') gives you the
opportunity to write cleaner programs, which means you finish sooner. +eanwhile,
computers get faster every year.
1DBC
In an effort to set an independent database standard A6I for Fava &un +icrosystems
developed Fava 7atabase 'onnectivity, or F72'. F72' offers a generic &M? database access
mechanism that provides a consistent interface to a variety of %72+&s. ;his consistent
interface is achieved through the use of Iplug(inJ database connectivity modules, or drivers.
If a database vendor wishes to have F72' support, he or she must provide the driver for each
platform that the database and Fava run on.
;o gain a wider acceptance of F72', &un based F72'Hs framework on 372'. As
you discovered earlier in this chapter, 372' has widespread support on a variety of
platforms. 2asing F72' on 372' will allow vendors to bring F72' drivers to market much
faster than developing a completely new connectivity solution.
F72' was announced in +arch of 144B. It was released for a 4- day public review
that ended Fune ,, 144B. 2ecause of user input, the final F72' v1.- specification was
released soon after.
;he remainder of this section will cover enough information about F72' for you to know
what it is about and how to use it effectively. ;his is by no means a complete overview of
F72'. ;hat would fill an entire book.
12
1DBC 'oals
.ew software packages are designed without goals in mind. F72' is one that, because
of its many goals, drove the development of the A6I. ;hese goals, in con:unction with early
reviewer feedback, have finali#ed the F72' class library into a solid framework for building
database applications in Fava.
;he goals that were set for F72' are important. ;hey will give you some insight as to
why certain classes and functionalities behave the way they do. ;he eight design goals for
F72' are as follows>
1. SQL Level API
;he designers felt that their main goal was to define a &M? interface for Fava.
Although not the lowest database interface level possible, it is at a low enough level for
higher(level tools and A6Is to be created. 'onversely, it is at a high enough level for
application programmers to use it confidently. Attaining this goal allows for future tool
vendors to IgenerateJ F72' code and to hide many of F72'Hs comple)ities from the end
user.
2. SQL Conformance
&M? synta) varies as you move from database vendor to database vendor. In an effort
to support a wide variety of vendors, F72' will allow any query statement to be passed
through it to the underlying database driver. ;his allows the connectivity module to
handle non(standard functionality in a manner that is suitable for its users.
". JDBC m!t "e #m$lemental on to$ of common %ata"a!e #nterface!
;he F72' &M? A6I must IsitJ on top of other common &M? level A6Is. ;his goal
allows F72' to use e)isting 372' level drivers by the use of a software interface.
;his interface would translate F72' calls to 372' and vice versa.
&. Prov#%e a Java #nterface that #! con!#!tent '#th the re!t of the Java !y!tem
2ecause of FavaHs acceptance in the user community thus far, the designers feel that
they should not stray from the current design of the core Fava system.
(. )ee$ #t !#m$le
;his goal probably appears in all software design goal listings. F72' is no e)ception.
&un felt that the design of F72' should be very simple, allowing for only one method of
13
completing a task per mechanism. Allowing duplicate functionality only serves to confuse
the users of the A6I.
*. +!e !trong, !tat#c ty$#ng 'herever $o!!#"le
&trong typing allows for more error checking to be done at compile time also, less
error appear at runtime.
-. )ee$ the common ca!e! !#m$le
2ecause more often than not, the usual &M? calls used by the programmer are simple
SELECTHs, INSERTHs, DELETEHs and UPDATEHs, these queries should be simple to perform
with F72'. 5owever, more comple) &M? statements should also be possible.
Gou can think of Fava byte codes as the machine code instructions for the Fava
*irtual +achine $Fava *+). 8very Fava interpreter, whether itHs a Fava
development tool or a Web browser that can run Fava applets, is an implementation
of the Fava *+. ;he Fava *+ can also be implemented in hardware.
Fava byte codes help make Iwrite once, run anywhereJ possible. Gou can
compile your Fava program into byte codes on my platform that has a Fava
compiler. ;he byte codes can then be run any implementation of the Fava *+. .or
e)ample, the same Fava program can run Windows @;, &olaris, and +acintosh.
14
Java
Program
Compilers
Interpreter
My Program
: N%TW"R;!N'
TC+<!+ stack
;he ;'6NI6 stack is shorter than the 3&I one>
;'6 is a connection(oriented protocol K76 $Kser 7atagram 6rotocol) is a
connectionless protocol.
!+ datagra4=s
;he I6 layer provides a connectionless and unreliable delivery system. It
considers each datagram independently of the others. Any association between
datagram must be supplied by the higher layers. ;he I6 layer supplies a checksum
that includes its own header. ;he header includes the source and destination
addresses. ;he I6 layer handles routing through an Internet. It is also responsible for
breaking up large datagram into smaller ones for transmission and reassembling
them at the other end.
15
#D+
K76 is also connectionless and unreliable. What it adds to I6 is a checksum for
the contents of the datagram and port numbers. ;hese are used to give a
clientNserver model ( see later.
TC+
;'6 supplies logic to give a reliable connection(oriented protocol above I6. It
provides a virtual circuit that two processes can use to communicate.
!nternet addresses
In order to use a service, you must be able to find it. ;he Internet uses an
address scheme for machines so that they can be located. ;he address is a "! bit
integer which gives the I6 address. ;his encodes a network I7 and more addressing.
;he network I7 falls into various classes according to the si#e of the network
address.
Network address
'lass A uses , bits for the network address with !0 bits left over for other
addressing. 'lass 2 uses 1B bit network addressing. 'lass ' uses !0 bit network
addressing and class 7 uses all "!.
Su6net address
Internally, the K@ID network is divided into sub networks. 2uilding 11 is
currently on one sub network and uses 1-(bit addressing, allowing 1-!0 different
hosts.
16
.ost address
, bits are finally used for host addresses within our subnet. ;his places a limit of
!/B machines that can be on the subnet.
Total address
;he "! bit address is usually written as 0 integers separated by dots.
+ort addresses
A service e)ists on a host, and is identified by its port. ;his is a 1B bit number.
;o send a message to a server, you send it to the port for that service of the host that
it is running on. ;his is not location transparencyO 'ertain of these ports are Pwell
knownP.
Sockets
A socket is a data structure maintained by the system to handle network
connections. A socket is created using the call socket. It returns an integer that is
like a file descriptor. In fact, under Windows, this handle can be used with %ead
.ile and Write .ile functions.
17
Qinclude RsysNtypes.hS
Qinclude RsysNsocket.hS
int socket$int family, int type, int protocol)
5ere PfamilyP will be A.TI@8; for I6 communications, protocol will be #ero,
and type will depend on whether ;'6 or K76 is used. ;wo processes wishing to
communicate over a network create a socket each. ;hese are similar to two ends of
a pipe ( but the actual pipe does not yet e)ist.
1-ree C3art
F.ree'hart is a free 1--U Fava chart library that makes it easy for developers
to display professional quality charts in their applications. F.ree'hartVs e)tensive
feature set includes>
A consistent and well(documented A6I, supporting a wide range of chart
types
A fle)ible design that is easy to e)tend, and targets both server(side and client(
side applications
&upport for many output types, including &wing components, image files
$including 6@< and F68<), and vector graphics file formats $including 67., 86& and
&*<)
F.ree'hart is Popen sourceP or, more specifically, free software. It is
distributed under the terms of the <@K ?esser <eneral 6ublic ?icence $?<6?), which
permits use in proprietary applications.
1. .a$ /#!al#0at#on!
'harts showing values that relate to geographical areas. &ome e)amples
include> $a) population density in each state of the Knited &tates, $b) income per
capita for each country in 8urope, $c) life e)pectancy in each country of the world.
;he tasks in this pro:ect include>
&ourcing freely redistributable vector outlines for the countries of the world,
statesNprovinces in particular countries $K&A in particular, but also other areas)
18
'reating an appropriate dataset interface $plus default implementation), a
rendered, and integrating this with the e)isting DG6lot class in F.ree'hart
;esting, documenting, testing some more, documenting some more.
2. T#me Ser#e! Chart Interact#v#ty
Implement a new $to F.ree'hart) feature for interactive time series charts ((( to display a
separate control that shows a small version of A?? the time series data, with a sliding
PviewP rectangle that allows you to select the subset of the time series data to display in
the main chart.
1. Da!h"oar%!
;here is currently a lot of interest in dashboard displays. 'reate a fle)ible dashboard
mechanism that supports a subset of F.ree'hart chart types $dials, pies, thermometers,
bars, and linesNtime series) that can be delivered easily via both Fava Web &tart and an
applet.
&. Pro$erty 2%#tor!
;he property editor mechanism in F.ree'hart only handles a small subset of
the properties that can be set for charts. 8)tend $or reimplement) this mechanism to
provide greater end(user control over the appearance of the charts.
19
> L!T%RAT#R% S#R2%(
?1 Detecting and Localizing Wireless Spoofing Attacks
Wireless networks are vulnerable to spoofing attacks, which allows for many other
forms of attacks on the networks. Although the identity of a node can be verified through
cryptographic authentication, authentication is not always possible because it requires key
management and additional infrastructural overhead. In this paper we propose a method for
both detecting spoofing attacks, as well as locating the positions of adversaries performing
the attacks. We first propose an attack detector for wireless spoofing that utili#es =(means
cluster analysis. @e)t, we describe how we integrated our attack detector into a real time
indoor locali#ation system, which is also capable of locali#ing the positions of the attackers.
We then show that the positions of the attackers can be locali#ed using either area(based or
point(based locali#ation algorithms with the same relative errors as in the normal case. We
have evaluated our methods through e)perimentation using both an ,-!.11 $Wi.i) network as
well as an ,-!.1/.0 $1ig2ee) network. 3ur results show that it is possible to detect wireless
spoofing with both a high detection rate and a low false positive rate, thereby providing
strong evidence of the effectiveness of the =(means spoofing detector as well as the attack
locali#er.
As more wireless and sensor networks are deployed,they will increasingly become
tempting targets for malicious attacks. 7ue to the openness of wireless and sensor networks,
they are especially vulnerable to spoofing attacks where an attacker forges its identity to
masquerade as another device, or even creates multiple illegitimate identities. &poofing
attacks are a serious threat as they represent a form of identity compromise and can facilitate
a variety of traffic in:ection attacks, such as evil twin access point attacks. It is thus desirable
to detect the presence of spoofing and eliminate them from the network.
;he traditional approach to address spoofing attacks is to apply cryptographic
authentication. 5owever, authentication requires additional infrastructural overhead and
computational power associated with distributing, and maintaining cryptographic keys. 7ue
to the limited power and resources available to the wireless devices and sensor nodes, it is not
always possible to deploy authentication. In addition, key management often incurs
20
significant human management costs on the network. In this paper, we take a different
approach by using the physical properties associated with wireless transmissions to detect
spoofing. &pecifically, we propose a scheme for both detecting spoofing attacks, as well as
locali#ing the positions of the adversaries performing the attacks. 3ur approach utili#es the
%eceived &ignal &trength $%&&) measured across a set of access points to perform spoofing
detection and locali#ation. 3ur scheme does not add any overhead to the wireless devices and
sensor nodes.
2y analy#ing the %&& from each +A' address using =(means cluster algorithm, we
have found that the distance between the centroids in signal space is a good test statistic for
effective attack detection. We then describe how we integrated our =(means spoofing
detector into a real(time indoor locali#ation system. 3ur =(means approach is general in that
it can be applied to almost all %&&(based locali#ation algorithms. .or two sample algorithms,
we show that using the centroids of the clusters in signal space as the input to the locali#ation
system, the positions of the attackers can be locali#ed with the same relative estimation errors
as under normal conditions.
;o evaluate the effectiveness of spoofing detector and attack locali#er, we conducted
e)periments using both an ,-!.11 network as well as an ,-!.1/.0 network in a real office
building environment. In particular, we have built an indoor locali#ation system that can
locali#e any transmitting devices on the floor in real(time. We evaluated the performance of
the =(means spoofing detector using detection rates and receiver operating characteristic
curve. We have found that our spoofing detector is highly effective with over 4/U detection
rates and under /U false positive rates. .urther, we observed that, when using the centroids in
signal space, a broad family of locali#ation algorithms achieve the same performance as when
they use the averaged %&& in traditional locali#ation attempts.
21
?$ Access points )ulnera6ilities to DoS attacks in @A$11 networks
;he possible denial of service attacks to infrastructure wireless ,-!.11 networks are
discussed here. ;o carry out such attacks only commodity hardware and software
components are required. ;he results show that serious vulnerabilities e)ist in different
access points and that a single malicious station can easily hinder any legitimate
communication within a basic service set. ;he peculiar features of wireless networks suggest
a greater e)posure to 7enial of &ervice $7o&) attacks than wired networks. &ince the wireless
medium does not have well defined physical bounds, a malicious station can appear in the
range of such a network and launch an attack in order to stop any legitimate communication
;he ,-!.11 protocol is based on the e)change of requestNresponse messages> each
request sent by a station $&;A) in the network triggers a corresponding response on its
counterpart, which can be, in turn, another station or an Access 6oint $A6).
22
Infrastructure networks rely on an access point $or a set of them) as a central node through
which every communication is routed, thus an A6 can easily become a bottleneck for the
entire network $or, at least, for the 2asic &ervice &et it defines1). An A6 failure causes the
block of the entire network or a part of it. Attack patterns should be as simple as possible, in
order to apply both to open systems and W86(protected networks. .rom this viewpoint, a
malicious station should be able to launch an attack even if it is neither associated nor
authenticated to the target network
6robe request frames are used by stations to actively scan an area in order to discover e)isting
wireless networksany A6 receiving a probe request frame must respond with a proper probe
response frame that contains information about the network, to allow the station to associate.
2y sending a burst of probe request frames very quickly, each with a different +A' address
$+A' spoofing) to simulate the presence of a large number of scanning stations in the area,
we can induce a heavy workload on the A6, resulting in a wasting of computing and memory
resources which can not be used for normal operations.
A6 response to an authentication request frame depends on the authentication settings of the
network> open s5ste4 networks> no cryptography is involved, the A6 processes each
request, possibly comparing the +A' addresswith an access control list, then it responds
with a frame containing the authentication process results3ared ke5 networks> after
receiving an authentication request by a station, the A6 generates a random challenge te)t
and sends it to the station in a second authentication framethe challenge te)t has to be
encrypted with a proper W86 key by the station to gain access to the network.In both cases
the A6 must allocate memory to keep information about each new station that successfully
authenticates.As in the previous case, by sending a burst of authentication request frames,
using +A' spoofing,it should be possible to bring A6Hs resources close to the saturation
level.
According to the protocol .&+, a!!oc#at#onre3e!t frames should not be sent by
stations in unauthenticatedNunassociated state, so such requests should never receive an
answer by the A6. Actually we discovered that many A6s respond to IillegalJ
a!!oc#at#onre3e!t frames by sending a disassociation or deauthentication frame. As a
consequence, even a burst of association request frames is able to consume computational
resources on an A6.
23
?* Detecting !dentit5 Based Attacks in Wireless Networks #sing Signal prints
Wireless networks are vulnerable to many identity(based attacks in which a malicious device
uses forged +A' addresses to masquerade as a specific client or to create multiple
illegitimate identities. .or e)ample, several link(layer services in I888 ,-!.11 networks have
been shown to be vulnerable to such attacks even when ,-!.11iN1D and other security
mechanisms are deployed.
A transmitting device can be robustly identified by its signal print, a tuple of signal
strength values reported by access points acting as sensors. We show that, different from
+A' addresses or other packet contents, attackers do not have as much control regarding the
signalprints they produce .+oreover, using measurements in a testbed network, we
demonstrate that signalprints are strongly correlated with the physical location of clients, with
similar values found mostly in close pro)imity. 2y tagging suspicious packets with their
corresponding signalprints, the network is able to robustly identify each transmitter
independently of packet contents, allowing detection of a large class of identity(based attacks
with high probability.
&everal 7o& attacks in wireless ?A@s are possible because these networks lack
reliable client identifiers before upper( layer authentication mechanisms are evoked and user
credentials are securely established. After a client authenticates successfully and session keys
are used to encrypt and authenticate packets sent over wireless links, the network can
securely verify if the source +A' address in a packet is correct. Without this mechanism,
however, wireless installations have to rely solely on +A' addresses for client identication>
two devices in a network using the same address are treated as a single client, even if they
generate inconsistent requests.
As +A' addresses can be easily changed through device drivers, simple yet effective
identity(based attacks can be implemented with off(the(shelf equipment against multiple link(
layer services. I888 ,-!.11 networks, for instance, have been shown to be vulnerable to a
24
class of attacks we refer to as masquerading attacks, in which a malicious device targets a
specific client by spoofing its +A' address or the address of its current access point.
2ellardo and &avage have demonstrated that a 1-(second deauthentication attack can
immediately knock a client of the network and possibly incur minute(long outages given the
interaction between ,-!.11 and ;'6 A/C. With such tools, a malicious user could render a Wi(
.i hotspot unusable by targeting all active clients or simply ma)imi#e the throughput
achieved by his own laptop by periodically deauthenticating devices using the same access
point as him. ;hese attacks can be currently implemented even if networks deploy recent
security standards such as I888 ,-!.11i A!C. Another class of identity(based attacks target
resource depletion> an attacker can generate high rates of requests with random +A' values
in order to consume shared resources. .or e)ample, authentication protocols such as ;?&
$popular with ,-!.11iN,-!.1D) demand milliseconds of processing time, making servers
vulnerable to attacks that consume in the order of !-- =bps of attack bandwidth AEC. As
another e)ample, the attack could target a 75'6 server in a publicly available part of the
network and consume all I6 addresses reserved for visitors. A 67A device left behind inside
a corporation could act as a Wwireless grenadeP, going off at a programmed time and coding
the authentication server with random requests, possibly affecting clients well beyond its
communication range.
'onceptually, a signalprint is the signal strength characteri#ation of a packet
transmission. 8ach signalprint is represented as a vector of signal strength measurements,
with one entry for each access point acting as sensor. *alues insignalprints always appear in
the same order, i.e., position is always contains the signal strength level $in d2m) reported by
the ith A6. We use the notation &AiC to refer to the entry in a signal print. If an access point
does not report an %&&I level for a given packet, a default value equal to its sensitivity is
used. $;he sensitivity of a receiver with respect to a given data rate is defined as the
minimum signal strength level needed to achieve a target packet error rate.).;he si#e of a
signal print is the number of non(default elements it contains, i.e., the number of entries
created fromactual %&&I measurements.
25
&ignal print creation
26
?, Secure and %fficient ;e5 Manage4ent in Mo6ile Ad .oc Networks
In mobile ad hoc networks, due to unreliable wireless media, host mobility and lack of
infrastructure, providing secure communications is a big challenge in this unique network
environment. Ksually cryptography techniques are used for secure communications in wired
and wireless networks. ;he asymmetric cryptography is widely used because of its
versatileness $authentication, integrity, and confidentiality) and simplicity for key
distribution. 5owever, this approach relies on a centrali#ed framework of public key
infrastructure $6=I). ;he symmetric approach has computation efficiency, yet it suffers from
potential attacks on key agreement or key distribution. In fact, any cryptographic means is
ineffective if the key management is weak. =ey management is a central aspect for security
in mobile ad hoc networks. In mobile ad hoc networks, the computational load and
comple)ity for key management is strongly sub:ect to restriction of the nodeHs available
resources and the dynamic nature of network topology.
In this paper, we propose a secure and efficient key management framework $&8=+) for
mobile ad hoc networks. &8=+ builds 6=I by applying a secret sharing scheme and an
underlying multicast server group. In &8=+, the server group creates a view of the
certification authority $'A) and provides certificate update service for all nodes, including
the servers themselves. A ticket scheme is introduced for efficient certificate service. In
addition, an efficient server group updating scheme is proposed.
+obile ad hoc networks are special type of wireless networks in which a collection of
mobile hosts with wireless network interfaces may form a temporary network, without the aid
of any fi)ed infrastructure or centrali#ed administration.In mobile ad hoc networks, nodes
within their wireless transmitter ranges can communicate with each other directly$assume
that all nodes have the same transmission range),while nodes outside the range have to rely
on some other nodesto relay messages. ;hus a multi(hop scenario occurs, where the packets
sent by the source host are relayed by several intermediate hosts before reaching the
destination host. 8very node functions as a router. ;he success of communication highly
27
depends on the other nodesH cooperation. While mobile ad hoc networks can be quickly and
ine)pensively setup as needed, security is a critical issue compared to wired or other wireless
counterparts. +any passive and active security attacks could be launched from the outside
by malicious hosts or from the inside by compromised hostsA1-CA1!C.
Cryptography is an important and powerful tool for security services, namely
authentication, confidentiality, integrity, and non(repudiation. It converts readable data
$plaintext) into
meaningless data $ciphertext). 'ryptography has two dominant flavors, namely symmetric-
key $secret(key) and asymmetrickey $public(key) approach. In symmetric(key cryptography,
the same key is used to encrypt and decrypt the information, while in the asymmetric(key
approach, different keys are used to convert and recover the information. Although the
asymmetric cryptography approach possesses versatileness $authentication, integrity, and
confidentiality) and simplicity for key distribution, symmetric(key algorithms are generally
more computation(efficient than the public(key approach. ;here is a variety of symmetric or
asymmetric algorithms available, such as 78&, A8&, I78A, %&A, and 8I<amal A1CA!CA11C.
hreshold cryptography A"C is a scheme quite different from the above two approaches. In
&hamirHs $k! n) secret sharing scheme, a secret is split into n pieces according to a random
polynomial. ;he secret can be recovered by combining k pieces based on "agrange
interpolation. &ecret splitting, reconstruction, and verification is quickly reviewed in &ection
". ;hese cryptography tools are widely used in wired and wireless networks, obviously they
could also be used in mobile ad hoc networks. =ey management is a basic part of any secure
communication. +ost cryptosystems rely on some underlying secure, robust, and efficient
key management system. =ey management deals with key generation, storage, distribution,
updating, revocation, and certificate service, in accordance with security policies. =ey
management primitives and a trust model are presented in &ection ". ;he outline of key
management is described below. .irst, secrecy of key itself must be assured in the local host
system. &econd, secure network communications involve key distribution procedure between
communication parties, in which the key may be transmitted through insecure channels. =ey
confidentiality, integrity, and ownership must be enforced in the whole procedure. ;hird, a
framework of trust relationships needs to be built for authentication of key ownership. While
some frameworks are based on a centrali#ed rusted hird Party $;;6), others could be fully
distributed. .or e)ample, a Certificate Authority is the ;;6 in 6=I, #ey $istribution Center
28
$=7') is the ;;6 in the symmetric system, meanwhile in 6<6, no such a trusted entity is
assumed.
A secure and efficient key management scheme $&8=+) is used here. In &8=+, the
system public key is distributed to the whole network.Iin &8=+, the trust of the central
authority $'A) is distributed to a subset of nodes $not all nodes), which could be nodes with
normal or better equipment. ;he ma:or contribution of our scheme is that &8=+ is designed
to provide efficient share updating among servers and to quickly respond to certificate
updating, which are two ma:or challenges in a distributed 'A scheme. ;he basic idea is that
server nodes form the underlying service group for efficient communication. .or efficiency,
only a subset of the server nodes initiates the share update phase in each round. A ticket
based scheme is introduced for efficient certificate updating. @ormally, because of share
updating, recently :oining servers could be isolated from the system if they carry outdated
certificates. 3ur scheme does not isolate new servers, and is open for regular nodes for easy
:oining and departing. &8=+ creates a view of 'A and provides secure and efficient
certificate service in the mobile and ad hoc environment.
In &8=+ framework, #%1ca is distributed to m shareholders. @ormally, the number
of shareholders is significantly less than the total number of nodes $n) in the network. .or
e)ample !-U % "-U nodes are secret shareholders. We name these, shareholders as CA-vie&
or server nodes in short. ;hey are basically normal nodes e)cept holding a system private key
share and are capable to produce partial certificate. Muorum of k$1 ' k ( m) servers can
produce a valid certificate. It is quite straightforward to connect all servers and form a special
group rather than to search each one of them separately and frequently. It is communication
efficient, bandwidth saving, and easy for management. .rom a node point of view it is easy
to locate the server IblockJ rather than each IpointJ . .rom the server point of view it is easy
to coordinate within the group
?0 Spatial Signatures for Lig3tweig3t Securit5 in Wireless Sensor Networks
29
;his paper e)perimentally investigates the feasibility of crypto(free communications in
resource constrained wireless sensor networks. We e)ploit the spatial signature induced by
the radio communications of a node on its neighboring nodes. We design a primitive that
robustly and efficiently reali#es this concept, even at the level of individual packets and when
the network is relatively sparse. Ksing this primitive, we design a protocol that robustly and
efficiently validates the authenticity of the source of messages> authentic messages incur no
communication overhead whereas masqueraded communications are detected cooperatively
by the neighboring nodes. ;he protocol enables lightweight collusion(resistant methods for
broadcast authentication, unicast authentication, non(repudiation and integrity of
communication. We have implemented our primitive and protocol, and quantified the high(
level of accuracy of the protocol via.
;estbed e)periments with CC)*** radio(enabled motes and +*,-).-/ radio(enabled motes.
Authenticity of information is critical to wireless sensor applications. In event detection, for
instance, a message may bring critical information about a particular region. 8vent handlers
would need assurance that the location information in the message is authentic and that its
content has not been modified. ;hey may even wish to reconfirm the occurrence of the event.
&cenarios like this motivate the need for properties such as broadcastNuncast message
authentication, integrity, and non(repudiation. In essence, the need is for an efficient basis for
one(hop message authentication, as hop(by(hop security is typically preferred when resources
are constrained. We envision that the need for such security properties will only grow as
applications start dealing with control scenarios.
;he conventional approach to message authentication relies on using secrets. 5owever,
cryptography with even symmetric secrets can consume significant overhead in wireless
sensor networks, especially low power ones. 3ther complications include the ease of
eavesdropping given the broadcast nature of the medium, which makes applications
vulnerable to malicious behavior. +oreover, the potentially large number and dynamic nature
of nodes pose a key management challenge A1-C.;hese challenges lead us to investigate the
feasibility of crypto(free communications in resource(constrained wireless sensor networks.
;owards establishing trust among a set of nodes without using secrets, we turn towards
e)ploiting physical features of nodes that have the potential for being unique
30
;he specific concept we propose is that of theIspatial signatureJ of a node, which is a
physical characteri#ation of the signal that the node induces at each of its neighbors. In this
paper, we show e)perimentally that a spatial signature of nodes based on physical features
such as %eceived &ignal &trength Indicator $%&&I) or ?ink Muality Indicator $?MI) is unique
with high probability, in multiple radio platforms and in diverse network topologies that
range from rather sparse to very dense. It also en:oys desirable properties of stability and ease
of learning.
It is able to design a lightweight and robust primitive that validates the spatial signature of
messages at run(time. ;he primitive, being statistical in nature, can produce both false
positives and false negatives our e)periments however show that we can efficiently
instrument it so that there are no false positive and rare false negatives in diverse networks.
;he memory and latency requirements of our primitive are substantially less than those of
e)tant secret processing methods in wireless sensornetworks. 2ased on the primitive, we
design a cooperative protocol that uses the primitive to perform message source
authentication. ;he central idea of our cooperative protocol is this> a succinct representation
of the spatial signature induced by a node on its neighbor is stored at the neighbor. If the
adversary
sends a message masquerading as the node, a spatial signature anomaly is detected and
reported by the intended receiver$s) of the message, some neighbors of the node, andNor some
neighbors of the adversary. 'onversely, if a message is authentic, the spatial signature
matches at each neighbor and no anomaliesare reported. We show that if nodes are embedded
in a !(dimensional plane then " $and, in most all cases,!) neighbors are sufficient for
accurately validating spatial signatures. ;his implies that our protocol works in even
relatively sparse networks. It also implies that in dense graphs it can work by designating
only a small constant number of neighbors per node $as opposed to all neighbors) to reali#e
the spatial
signature validation primitive. ;hus, in our protocol, authentic communications do not incur
additional communication, whereas masqueraded communications can incur up to a small
bounded number of communications.
31
&patial(signature based message source authentication offers several benefits. .irst, a
large amount of overhead incurred by cryptography operations and key management
protocols is saved by the network. &econd, it enables simple and efficient protocols for
authentication, non(repudiation and integrity. ;hird, attacks created by compromised content(
dependent signatures are not possible. ?ast but not least, it is resilient to node compromise
and to node collusion. 'onventionally, after more than a certain number of nodes are
compromised, the security of the network is substantially decreased, whereas if the trust
relationship is built only on spatial signatures, the damage caused by compromised nodes is
regionally limited likewise, collusion resistance can be achieved based on simple density
arguments. ;o the best of our knowledge, we are the first to use the concept of spatial
signature for authentication and related security properties.
?: +re)ention of Spoofing Attacks in t3e !nfrastructure Wireless Networks
&poofing Attack is one of the vulnerabilities in the wireless networks, which is a situation in
which the intruder successfully masquerades as legal one. &poofing Attacks will decrease the
performance of the network and violate many security issues. In the networks that use +A'
address based filtering approach to authenticate the clients, the spoofer :ust needs to get a
valid +A' address that belong to some authori#ed client in the network in order to gain an
illegitimate advantage. In this mechanism, an additional authentication process beside +A'
addresses filtering and periodically re(authenticates the client after sending every specific
number of 7ata frames. ;he proposed additional authentication process is based on two parts.
.irst> Ksing unique information that belongs to every client in the network such as computer
name, '6K I7 and the current time as inputs to a hash function $one(way function), then
insert the hash value in the slack fields of the header of the frame $&teganography). &econd>
+ake a modification to the access point access control list by adding that unique information
belong to each client in addition to its +A' address in the access control list. ;hus, when the
A6 receives an Authentication frame from a client, it will first check the +A' address, if it is
legal the A6 will recomputed the 5ash value depending on the corresponding identifiers
stored in the access control list and the time of creating the frame, then compare the resulted
32
hash value with the received one and decide whether to re:ect or accept the access. 8ven the
attacker is spoofed the +A' address heNshe cannot communicate with the network because
the attacker will fail in computing the hash value that depends on the 'omputer name and
'6K I7. Also the attacker will be prevented even if heNshe enters the network after the legal
client finished the authentication process successfully because the attacker will fail in the
reauthentication process.
?> !dentit5BBased Attack Detection in Mo6ile Wireless Networks
Wireless networks are susceptible to various types of attacks due to the Iopen airJ nature of
the wireless medium. Identity based attacks $I2As) are one of the most serious threats to
wireless networks, and they are easy to launch A1C. .or instance, in I888 ,-!.11 networks, an
attacker can sniff the traffic in the network and get to know the +A' addresses of the
legitimate users, and then masquerade as a legitimate user by modifying its own +A'
address simply using an ifconfig command. I2As are considered to be an important first step
in an intruderHs attempt to launch a variety of other attacks on ,-!.11 networks, such as
session hi:acking, man(in(the( middle, data modification, and authentication(based denial of
service.'ertain I2As, such as deauthenticationNdisassociation attacks, are feasible mainly due
to the fact that management and control frames are not protected in ,-!.11 networks.
Although I888 ,-!.11w adds protection to the management frames, it fails to protect against
7o& attacks that are equivalent to the deauthentication and disassociation attacks A!C.
.urthermore, even with cryptographic mechanisms, the authentication key can still be
compromised. If the key is broken, the cryptography(based mechanism will fail and I2As are
still possible. Knder the above circumstances, there is an increasing interest in using the
physical(layer information or characteristics to detect I2As in wireless networks A"CXA11C.
%eceived signal strength $%&&) information has been used for I2A detection due to its
location distinction property and availability in the network interface card $@I') of the off(
the(shelf devices.%&& profiles are location specific and can be used to flag I2As in static
environments. Although the e)isting I2A detection schemes work well in a static network,
they tend to raise e)cessive false alarms in a mobile environment where the %&& profiles
change over time due to node mobility. Although mobility is an inherent property of wireless
networks, little work has addressed I2As in mobile scenarios.
33
5ere a %eciprocal 'hannel *ariation(based Identification $%'*I) technique to detect I2As in
mobile wireless networks is proposed. ;his technique can work even when the attacker is
very close to the genuine node and the attacking packets are arbitrarily interleaved with the
genuine packets. In %'*I, we assume the sender and receiver can record the %&&
information of the bidirectional frames $such as 7A;A(A'=) with short time interval. 2ased
on the reciprocity of the wireless channel A1!C, the sender and receiver should observe similar
temporal %&& variations of the received frames. &ince the %&& variation is mainly caused by
channel fading, it is random and unpredictable. +oreover, based on the location decorrelation
property of the wireless channel,an attacker cannot observe the same channel variation
$which induces the %&& variation) as the sender(receiver channel if it is located several
wavelengths away A1!C. In %'*I, the receiver asks the sender $associated with an identity) to
report the %&& records during their past communication. When there is no I2A, the reported
%&& variation should be correlated with the receiverHs observation. In case there is an I2A,
the %&& records observed by a victim node should be a mi)ture of the %&& induced by the
genuine user and the attacker. &ince the attacker cannot figure out the %&& variations
observed by the genuine user, its reported records should be less correlated with the victim
nodeHs, and the attack can be detected. %'*I can make use of the readily available %&&
measurement of 7A;A and A'= frames, so it can be implemented in the current ,-!.11
systems with minimal overhead. We evaluate %'*I through theoretical analysis, and validate
it through e)periments using off(the(shelf ,-!.11 devices under different attacking patterns in
real indoor and outdoor mobile scenarios. %'*I achieves desirable detection performance in
the tested scenarios. ;o the best of our knowledge, this isthe first work on using reciprocal
temporal %&& variations for detecting I2As in mobile wireless networks. 3ur technique can
be generally applied to any wireless networks, as long as there are bi(directional frames
e)changed between the communication parties within a time interval shorter than the channel
coherence time.
@ +R%L!M!NAR( !N2%ST!'AT!"N
;he first and foremost strategy for development of a pro:ect starts from the thought of
designing a mail enabled platform for a small firm in which it is easy and convenient of
34
sending and receiving messages, there is a search engine ,address book and also including
some entertaining games. When it is approved by the organi#ation and our pro:ect guide the
first activity, ie. preliminary investigation begins. ;he activity has three parts>
ReCuest Clarification
-easi6ilit5 Stud5
ReCuest Appro)al
@1R%/#%ST CLAR!-!CAT!"N
After the approval of the request to the organi#ation and pro:ect guide, with an
investigation being considered, the pro:ect request must be e)amined to determine precisely
what the system requires.
5ere our pro:ect is basically meant for users within the company whose
systems can be interconnected by the ?ocal Area @etwork$?A@). In todayHs busy schedule
man need everything should be provided in a readymade manner. &o taking into
consideration of the vastly use of the net in day to day life, the corresponding development of
the portal came into e)istence.
@$ -%AS!B!L!T( ANAL(S!S
An important outcome of preliminary investigation is the determination that the system
request is feasible. ;his is possible only if it is feasible within limited resource and time. ;he
different feasibilities that have to be analy#ed are
"perational -easi6ilit5
%cono4ic -easi6ilit5
Tec3nical -easi6ilit5
"perational -easi6ilit5
35
3perational .easibility deals with the study of prospects of the system to be
developed. ;his system operationally eliminates all the tensions of the Admin and helps him
in effectively tracking the pro:ect progress. ;his kind of automation will surely reduce the
time and energy, which previously consumed in manual work. 2ased on the study, the system
is proved to be operationally feasible.
%cono4ic -easi6ilit5
8conomic .easibility or 'ost(benefit is an assessment of the economic :ustification
for a computer based pro:ect. As hardware was installed from the beginning Y for lots of
purposes thus the cost on pro:ect of hardware is low. &ince the system is a network based,
any number of employees connected to the ?A@ within that organi#ation can use this tool
from at anytime. ;he *irtual 6rivate @etwork is to be developed using the e)isting resources
of the organi#ation. &o the pro:ect is economically feasible.
Tec3nical -easi6ilit5
According to %oger &. 6ressman, ;echnical .easibility is the assessment of the
technical resources of the organi#ation. ;he organi#ation needs I2+ compatible machines
with a graphical web browser connected to the Internet and Intranet. ;he system is developed
for platform Independent environment. Fava &erver 6ages, Fava&cript, 5;+?, &M? server
and Web?ogic &erver are used to develop the system. ;he technical feasibility has been
carried out. ;he system is technically feasible for development and can be developed with
the e)isting facility.
@* R%/#%ST A++R"2AL
@ot all request pro:ects are desirable or feasible. &ome organi#ation receives so many
pro:ect requests from client users that only few of them are pursued. 5owever, those pro:ects
that are both feasible and desirable should be put into schedule. After a pro:ect request is
approved, it cost, priority, completion time and personnel requirement is estimated and used
to determine where to add it to any pro:ect list. ;ruly speaking, the approval of those above
factors, development works can be launched.
36
@, S(ST%M ST#D(
-%AS!B!L!T( ST#D(
;he feasibility of the pro:ect is analy#ed in this phase and business proposal is put
forth with a very general plan for the pro:ect and some cost estimates. 7uring system
analysis the feasibility study of the proposed system is to be carried out. ;his is to ensure
that the proposed system is not a burden to the company. .or feasibility analysis, some
understanding of the ma:or requirements for the system is essential.
;hree key considerations involved in the feasibility analysis are
8'3@3+I'A? .8A&I2I?I;G
;8'5@I'A? .8A&I2I?I;G
&3'IA? .8A&I2I?I;G
%C"N"M!CAL -%AS!B!L!T(
;his study is carried out to check the economic impact that the system will have on
the organi#ation. ;he amount of fund that the company can pour into the research and
development of the system is limited. ;he e)penditures must be :ustified. ;hus the developed
system as well within the budget and this was achieved because most of the technologies
used are freely available. 3nly the customi#ed products had to be purchased.
T%C.N!CAL -%AS!B!L!T(
;his study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the
available technical resources. ;his will lead to high demands on the available technical
resources. ;his will lead to high demands being placed on the client. ;he developed system
37
must have a modest requirement, as only minimal or null changes are required for
implementing this system.
S"C!AL -%AS!B!L!T(
;he aspect of study is to check the level of acceptance of the system by the user.
;his includes the process of training the user to use the system efficiently. ;he user must not
feel threatened by the system, instead must accept it as a necessity. ;he level of acceptance
by the users solely depends on the methods that are employed to educate the user about the
system and to make him familiar with it. 5is level of confidence must be raised so that he is
also able to make some constructive criticism, which is welcomed, as he is the final user of
the system.
38
D S(ST%M D%S!'N AND D%2%L"+M%NT
D1 !N+#T D%S!'N
Input 7esign plays a vital role in the life cycle of software development, it requires
very careful attention of developers. ;he input design is to feed data to the application as
accurate as possible. &o inputs are supposed to be designed effectively so that the errors
occurring while feeding are minimi#ed. According to &oftware 8ngineering 'oncepts, the
input forms or screens are designed to provide to have a validation control over the input
limit, range and other related validations.
;his system has input screens in almost all the modules. 8rror messages are
developed to alert the user whenever he commits some mistakes and guides him in the right
way so that invalid entries are not made. ?et us see deeply about this under module design.
Input design is the process of converting the user created input into a computer(based
format. ;he goal of the input design is to make the data entry logical and free from errors.
;he error is in the input are controlled by the input design. ;he application has been
developed in user(friendly manner. ;he forms have been designed in such a way during the
processing the cursor is placed in the position where must be entered. ;he user is also
provided within an option to select an appropriate input from various alternatives related to
the field in certain cases.
;he input design is the link between the information system and the user. It comprises the developing
specification and procedures for data preparation and those steps are necessary to put transaction data
in to a usable form for processing can be achieved by inspecting the computer to read data from a
written or printed document or it can occur by having people keying the data directly into the system.
;he design of input focuses on controlling the amount of input required, controlling the errors,
avoiding delay, avoiding e)tra steps and keeping the process simple. ;he input is designed in such a
way so that it provides security and ease of use with retaining the privacy. Input 7esign considered
the following things>
What data should be given as inputL
5ow the data should be arranged or codedL
;he dialog to guide the operating personnel in providing input.
39
+ethods for preparing input validations and steps to follow when error occur.
"B1%CT!2%S
1. Input 7esign is the process of converting a user(oriented description of the input into a computer(
based system. ;his design is important to avoid errors in the data input process and show the correct
direction to the management for getting correct information from the computeri#ed system.
!. It is achieved by creating user(friendly screens for the data entry to handle large volume of data.
;he goal of designing input is to make data entry easier and to be free from errors. ;he data entry
screen is designed in such a way that all the data manipulates can be performed. It also provides
record viewing facilities.
". When the data is entered it will check for its validity. 7ata can be entered with the help of screens.
Appropriate messages are provided as when needed so that the user
will not be in mai#e of instant. ;hus the ob:ective of input design is to create an input layout that is
easy to follow
*alidations are required for each data entered. Whenever a user enters an erroneous
data, error message is displayed and the user can move on to the subsequent pages after
completing all the entries in the current page.
D$ "#T+#T D%S!'N
;he 3utput from the computer is required to mainly create an efficient method of
communication within the company primarily among the pro:ect leader and his team
members, in other words, the administrator and the clients. ;he output of *6@ is the system
which allows the pro:ect leader to manage his clients in terms of creating new clients and
assigning new pro:ects to them, maintaining a record of the pro:ect validity and providing
folder level access to each client on the user side depending on the pro:ects allotted to him.
After completion of a pro:ect, a new pro:ect may be assigned to the client. Kser
authentication procedures are maintained at the initial stages itself. A new user may be
created by the administrator himself or a user can himself register as a new user but the task
of assigning pro:ects and validating a new user rests with the administrator only.
40
;he application starts running when it is e)ecuted for the first time. ;he server has to be
started and then the internet e)plorer in used as the browser. ;he pro:ect will run on the local
area network so the server machine will serve as the administrator while the other connected
systems can act as the clients. ;he developed system is highly user friendly and can be easily
understood by anyone using it even for the first time.
A quality output is one, which meets the requirements of the end user and presents the information
clearly. In any system results of processing are communicated to the users and to other system
through outputs. In output design it is determined how the information is to be displaced for
immediate need and also the hard copy output. It is the most important and direct source information
to the user. 8fficient and intelligent output design improves the systemHs relationship to help user
decision(making.
1. 7esigning computer output should proceed in an organi#ed, well thought out manner the right
output must be developed while ensuring that each output element is designed so that people will find
the system can use easily and effectively. When analysis design computer output, they should Identify
the specific output that is needed to meet the requirements.
!.&elect methods for presenting information.
".'reate document, report, or other formats that contain information produced by the system.
;he output form of an information system should accomplish one or more of the following ob:ectives.
'onvey information about past activities, current status or pro:ections of the
.uture.
&ignal important events, opportunities, problems, or warnings.
;rigger an action.
'onfirm an action.
41
1A M"D#L%S
5andling 7ifferent ;ransmission
6erformance of 7etection
;he @umber 3f Attackers
Attacker @umber 7etermination
;he &ilence +echanism
&upport *ector +achines(2ased +echanism
M"D#L% D%SCR!+T!"N
.andling Different Trans4ission
;he spoofing attacker used transmission power of 1- d2 to send packets, whereas the
original node used 1/ d2 transmission power level. We observed that the curve of 7m under
the different transmission power level shifts to the right indicating larger 7m values. ;hus,
spoofing attacks launched by using different transmission power levels will be detected
effectively in <A78.
+erfor4ance of Detection
;he cluster analysis for attack detection, .ig. B presents the %eceiver 3perating
'haracteristic curves of using 7m as a test statistic to perform attack detection for both the
,-!.11 and the ,-!.1/.0 networks. ;able 1 presents the detection rate and false positive rate
for both networks under different threshold settings. ;he results are encouraging, showing
that for false positive rates less than 1- percent, the detection rate are above 4, percent when
the threshold is around , d2. 8ven when the false positive rate goes to #ero, the detection rate
is still more than 4/ percent for both networks.
T3e Nu46er of Attackers
42
;he estimation of the number of attackers will cause failure in locali#ing the multiple
adversaries. As we do not know how many adversaries will use the same node identity to
launch attacks, determining the number of attackers becomes a multiclass detection problem
and is similar to determining how many clusters e)ist in the %&& readings.
Attacker Nu46er Deter4ination
;he &ystem 8volution is a new method to analy#e cluster structures and estimate the
number of clusters. ;he &ystem 8volution method uses the twin(cluster model, which are the
two closest clusters among = potential clusters of a data set. ;he twin(cluster model is used
for energy calculation. ;he 6artition 8nergy denotes the border distance between the twin
clusters, whereas the +erging 8nergy is calculated as the average distance between elements
in the border region of the twin clusters.
T3e Silence Mec3anis4
;he advantage of &ilhouette 6lot is that it is suitable for estimating the best partition.
Whereas the &ystem 8volution method performs well under difficult cases such as when
there e)ists slightly overlapping between clusters and there are smaller clusters near larger
clusters. 5owever, we observed that for both &ilhouette 6lot and &ystem 8volution methods,
the 5it %ate decreases as the number of attackers increases, although the 6recision increases.
Support 2ector Mac3inesBBased Mec3anis4
;he training data collected during the offline training phase, we can further improve
the performance of determining the number of spoofing attackers. In addition, given several
statistic methods available to detect the number of attackers, such as &ystem 8volution and
&I?8@'8, we can combine the characteristics of these methods to achieve a higher detection
rate. In this section, we e)plore using &upport *ector +achines to classify the number of the
spoofing attackers.
11.SYSTEM TESTING
43
111 T%ST!N' M%T."D"L"'!%S
The following are the Testing Methodologies:
o Unit Testing.
o Integration Testing.
o User Acceptance Testing.
o !tp!t Testing.
o "ali#ation Testing.
Unit Testing
Unit testing focuses erification effort on the s!allest unit of "oftware design
that is the !odule# Unit testing e$ercises s%ecific %aths in a !odule&s control
structure to
ensure co!%lete coerage and !a$i!u! error detection# This test focuses on each
!odule indiiduall'( ensuring that it functions %ro%erl' as a unit# )ence( the na!ing
is Unit Testing#
*uring this testing( each !odule is tested indiiduall' and the !odule
interfaces are erified for the consistenc' with design s%ecification# +ll i!%ortant
%rocessing %ath are tested for the e$%ected results# +ll error handling %aths are also
tested#
Integration Testing
,ntegration testing addresses the issues associated with the dual %ro-le!s of
erification and %rogra! construction# +fter the software has -een integrated a set of
high order tests are conducted# The !ain o-.ectie in this testing %rocess is to ta/e
unit tested !odules and -uilds a %rogra! structure that has -een dictated -' design#
44
T$e %ollo&ing are t$e types o% Integration Testing'
1. Top (o&n Integration
;his method is an incremental approach to the construction of program structure.
+odules are integrated by moving downward through the control hierarchy, beginning with
the main program module. ;he module subordinates to the main program module are
incorporated into the structure in either a depth first or breadth first manner.
,n this !ethod( the software is tested fro! !ain !odule and indiidual stu-s
are re%laced when the test %roceeds downwards#
). *ottom+!p Integration
;his method begins the construction and testing with the modules at the lowest level
in the program structure. &ince the modules are integrated from the bottom up, processing
required for modules subordinate to a given level is always available and the need for stubs is
eliminated. ;he bottom up integration strategy may be implemented with the following steps>
The low0leel !odules are co!-ined into clusters into clusters that
%erfor! a s%ecific "oftware su-0function#
+ drier 1i#e#2 the control %rogra! for testing is written to coordinate test
case in%ut and out%ut#
The cluster is tested#
*riers are re!oed and clusters are co!-ined !oing u%ward in the
%rogra! structure
The -otto! u% a%%roaches tests each !odule indiiduall' and then each !odule is
!odule is integrated with a !ain !odule and tested for functionalit'#
User Acceptance Testing
45
User +cce%tance of a s'ste! is the /e' factor for the success of an' s'ste!#
The s'ste! under consideration is tested for user acce%tance -' constantl' /ee%ing
in touch with the %ros%ectie s'ste! users at the ti!e of deelo%ing and !a/ing
changes whereer re3uired# The s'ste! deelo%ed %roides a friendl' user interface
that can easil' -e understood een -' a %erson who is new to the s'ste!#
!tp!t Testing
After performing the validation testing, the ne)t step is output testing of the proposed
system, since no system could be useful if it does not produce the required output in the
specified format. Asking the users about the format required by them tests the outputs
generated or displayed by the system under consideration. 5ence the output format is
considered in ! ways X one is on screen and another in printed format.
"ali#ation C$ec,ing
4alidation chec/s are %erfor!ed on the following fields#
Te-t .iel#'
;he te)t field can contain only the number of characters lesser than or equal to its
si#e. ;he te)t fields are alphanumeric in some tables and alphabetic in other tables. Incorrect
entry always flashes and error message.
N!meric .iel#'
;he numeric field can contain only numbers from - to 4. An entry of any character
flashes an error messages. ;he individual modules are checked for accuracy and what it has
to perform. 8ach module is sub:ected to test run along with sample data. ;he individually
tested modules are integrated into a single system. ;esting involves e)ecuting the real data
information is used in the program the e)istence of any program defect is inferred from the
output. ;he testing should be planned so that all the requirements are individually tested.
A successful test is one that gives out the defects for the inappropriate data and
produces and output revealing the errors in the system.
46
Preparation o% Test (ata
Ta/ing arious /inds of test data does the a-oe testing# 5re%aration of test
data %la's a ital role in the s'ste! testing# +fter %re%aring the test data the s'ste!
under stud' is tested using that test data# 6hile testing the s'ste! -' using test data
errors are again uncoered and corrected -' using a-oe testing ste%s and
corrections are also noted for future use#
Using /ive Test (ata'
?ive test data are those that are actually e)tracted from organi#ation files. After a
system is partially constructed, programmers or analysts often ask users to key in a set of data
from their normal activities. ;hen, the systems person uses this data as a way to partially test
the system. In other instances, programmers or analysts e)tract a set of live data from the files
and have them entered themselves.
It is difficult to obtain live data in sufficient amounts to conduct e)tensive testing.
And, although it is realistic data that will show how the system will perform for the typical
processing requirement, assuming that the live data entered are in fact typical, such data
generally will not test all combinations or formats that can enter the system. ;his bias toward
typical values then does not provide a true systems test and in fact ignores the cases most
likely to cause system failure.
Using Arti%icial Test (ata'
+rtificial test data are created solel' for test %ur%oses( since the' can -e generated
to test all co!-inations of for!ats and alues# ,n other words( the artificial data(
which can 3uic/l' -e %re%ared -' a data generating utilit' %rogra! in the infor!ation
47
s'ste!s de%art!ent( !a/e %ossi-le the testing of all login and control %aths through
the %rogra!#
The !ost effectie test %rogra!s use artificial test data generated -' %ersons
other than those who wrote the %rogra!s# 7ften( an inde%endent tea! of testers
for!ulates a testing %lan( using the s'ste!s s%ecifications#
The %ac/age 84irtual 5riate 9etwor/: has satisfied all the re3uire!ents
s%ecified as %er software re3uire!ent s%ecification and was acce%ted#
USE0 T0AINING
6heneer a new s'ste! is deelo%ed( user training is re3uired to educate
the! a-out the wor/ing of the s'ste! so that it can -e %ut to efficient use -' those
for who! the s'ste! has -een %ri!aril' designed# ;or this %ur%ose the nor!al
wor/ing of the %ro.ect was de!onstrated to the %ros%ectie users# ,ts wor/ing is
easil' understanda-le and since the e$%ected users are %eo%le who hae good
/nowledge of co!%uters( the use of this s'ste! is er' eas'#
MAINTAINENCE
This coers a wide range of actiities including correcting code and design
errors# To reduce the need for !aintenance in the long run( we hae !ore accuratel'
defined the user&s re3uire!ents during the %rocess of s'ste! deelo%!ent#
*e%ending on the re3uire!ents( this s'ste! has -een deelo%ed to satisf' the
needs to the largest %ossi-le e$tent# 6ith deelo%!ent in technolog'( it !a' -e
%ossi-le to add !an' !ore features -ased on the re3uire!ents in future# The coding
and designing is si!%le and eas' to understand which will !a/e !aintenance
easier#

48
1).TESTING ST0ATEGY '
+ strateg' for s'ste! testing integrates s'ste! test cases and design
techni3ues into a well %lanned series of ste%s that results in the successful
construction of software# The testing strateg' !ust co0o%erate test %lanning( test
case design( test e$ecution( and the resultant data collection and ealuation #+
strateg' for software testing !ust acco!!odate low0leel tests that are
necessar' to erif' that a s!all source code seg!ent has -een correctl'
i!%le!ented as well as high leel tests that alidate !a.or s'ste! functions
against user re3uire!ents#
"oftware testing is a critical ele!ent of software 3ualit' assurance and
re%resents the ulti!ate reiew of s%ecification design and coding# Testing re%resents
an interesting ano!al' for the software# Thus( a series of testing are %erfor!ed
for the %ro%osed s'ste! -efore the s'ste! is read' for user acce%tance testing#
SYSTEM TESTING'
"oftware once alidated !ust -e co!-ined with other s'ste! ele!ents 1e#g#
)ardware( %eo%le( data-ase2# "'ste! testing erifies that all the ele!ents are %ro%er
and that oerall s'ste! function %erfor!ance is
achieed# ,t also tests to find discre%ancies -etween the s'ste! and its original
o-.ectie( current s%ecifications and s'ste! docu!entation#
UNIT TESTING'
49
,n unit testing different are !odules are tested against the s%ecifications
%roduced during the design for the !odules# Unit testing is essential for erification
of the code %roduced during the coding %hase( and hence the goals to test the
internal logic of the !odules# Using the detailed design descri%tion as a guide(
i!%ortant <onrail %aths are tested to uncoer errors within the -oundar' of the
!odules# This testing is carried out during the %rogra!!ing stage itself# ,n this t'%e
of testing ste%( each !odule was found to -e wor/ing satisfactoril' as regards to the
e$%ected out%ut fro! the !odule#
,n *ue <ourse( latest technolog' adance!ents will -e ta/en into
consideration# +s %art of technical -uild0u% !an' co!%onents of the networ/ing
s'ste! will -e generic in nature so that future %ro.ects can either use or interact with
this# The future holds a lot to offer to the deelo%!ent and refine!ent of this %ro.ect#
R%-%R%NC%S
A1C F. 2ellardo and &. &avage, I,-!.11 7enial(of(&ervice Attacks> %eal *ulnerabilities and
6ractical &olutions,J 6roc. K&8@ID &ecurity &ymp., pp. 1/(!,, !--".
50
A!C .. .erreri, +. 2ernaschi, and ?. *alcamonici, IAccess 6oints *ulnerabilities to 7os
Attacks in ,-!.11 @etworks,J 6roc. I888 Wireless 'omm. and @etworking 'onf., !--0.
A"C 7. .aria and 7. 'heriton, I7etecting Identity(2ased Attacks in Wireless @etworks Ksing
&ignalprints,J 6roc. A'+ Workshop Wireless &ecurity $Wi&e), &ept. !--B.
A0C M. ?i and W. ;rappe, I%elationship(2ased 7etection of &poofing( %elated Anomalous
;raffic in Ad 5oc @etworks,J 6roc. Ann. I888 'omm. &oc. on I888 and &ensor and Ad
5oc 'omm. and @etworks $&8'3@), !--B.
A/C 2. Wu, F. Wu, 8. .ernande#, and &. +agliveras, I&ecure and 8fficient =ey +anagement
in +obile Ad 5oc @etworks,J 6roc. I888 IntHl 6arallel and 7istributed 6rocessing &ymp.
$I676&), !--/.
ABC A. Wool, I?ightweight =ey +anagement for I888 ,-!.11 Wireless ?ans With =ey
%efresh and 5ost %evocation,J A'+N&pringer Wireless @etworks, vol. 11, no. B, pp. BEE(
B,B, !--/.
AEC G. &heng, =. ;an, <. 'hen, 7. =ot#, and A. 'ampbell, I7etecting ,-!.11 +A' ?ayer
&poofing Ksing %eceived &ignal &trength,J 6roc. I888 I@.3'3+, Apr. !--,.
51