0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
40 Ansichten51 Seiten
The document proposes a system called GADS for detecting spoofing attacks in wireless networks. GADS uses received signal strength (RSS)-based spatial correlation, which is hard to falsify and does not require cryptography. GADS can detect spoofing attacks, determine the number of attackers masquerading as the same identity, and localize multiple adversaries. It formulates determining the number of attackers as a multiclass detection problem solved using cluster analysis. An integrated detection and localization system called IDEA is also developed to localize multiple attackers using results from GADS. Experiments show GADS can achieve over 90% accuracy in determining the number of attackers, and IDEA can accurately localize adversaries.
The document proposes a system called GADS for detecting spoofing attacks in wireless networks. GADS uses received signal strength (RSS)-based spatial correlation, which is hard to falsify and does not require cryptography. GADS can detect spoofing attacks, determine the number of attackers masquerading as the same identity, and localize multiple adversaries. It formulates determining the number of attackers as a multiclass detection problem solved using cluster analysis. An integrated detection and localization system called IDEA is also developed to localize multiple attackers using results from GADS. Experiments show GADS can achieve over 90% accuracy in determining the number of attackers, and IDEA can accurately localize adversaries.
The document proposes a system called GADS for detecting spoofing attacks in wireless networks. GADS uses received signal strength (RSS)-based spatial correlation, which is hard to falsify and does not require cryptography. GADS can detect spoofing attacks, determine the number of attackers masquerading as the same identity, and localize multiple adversaries. It formulates determining the number of attackers as a multiclass detection problem solved using cluster analysis. An integrated detection and localization system called IDEA is also developed to localize multiple attackers using results from GADS. Experiments show GADS can achieve over 90% accuracy in determining the number of attackers, and IDEA can accurately localize adversaries.
ABSTRACT Wireless spoofing attacks are easy to launch and can significantly impact the performance of networks. Although the identity of a node can be verified through cryptographic authentication, conventional security approaches are not always desirable because of their overhead requirements. In this paper, we propose to use spatial information, a physical property associated with each node, hard to falsify, and not reliant on cryptography, as the basis for 1) detecting spoofing attacks !) determining the number of attackers when multiple adversaries masquerading as the same node identity and ") locali#ing multiple adversaries. We propose to use the spatial correlation of received signal strength $%&&) inherited from wireless nodes to detect the spoofing attacks. We then formulate the problem of determining the number of attackers as a multiclass detection problem. 'luster(based mechanisms are developed to determine the number of attackers. When the training data are available, we e)plore using the &upport *ector +achines $&*+) method to further improve the accuracy of determining the number of attackers. In addition, we developed an integrated detection and locali#ation system that can locali#e the positions of multiple attackers. We evaluated our techniques through two test beds using both an ,-!.11 $Wi(.i) network and an ,-!.1/.0 $1ig2ee) network in two real office buildings. 3ur e)perimental results show that our proposed methods can achieve over 4- percent 5it %ate and 6recision when determining the number of attackers. 3ur locali#ation results using a representative set of algorithms provide strong evidence of high accuracy of locali#ing multiple adversaries. 1 1!NTR"D#CT!"N 7ue to the openness of the wireless transmission medium, adversaries can monitor any transmission. .urther, adversaries can easily purchase low(cost wireless devices and use these commonly available platforms to launch a variety of attacks with little effort. Among various types of attacks, identity(based spoofing attacks are especially easy to launch and can cause significant damage to network performance. .or instance, in an ,-!.11 network, it is easy for an attacker to gather useful +A' address information during passive monitoring and then modify its +A' address by simply issuing an ifconfig command to masquerade as another device. In spite of e)isting ,-!.11 security techniques including Wired 8quivalent 6rivacy $W86), Wi(.i 6rotected Access $W6A), or ,-!.11i $W6A!), such methodology can only protect data frames9an attacker can still spoof management or control frames to cause significant impact on networks. &poofing attacks can further facilitate a variety of traffic in:ection attacks, such as attacks on access control lists, rogue access point $A6) attacks, and eventually 7enialof( &ervice $7o&) attacks. A broad survey of possible spoofing attacks can be found in this system. +oreover, in a large(scale network, multiple adversaries may masquerade as the same identity and collaborate to launch malicious attacks such as network resource utili#ation attack and denial(of(service attack quickly. ;herefore, it is important to 1) detect the presence of spoofing attacks, !) determine the number of attackers, and ") locali#e multiple adversaries and eliminate them. +ost e)isting approaches to address potential spoofing attacks employ cryptographic schemes. 5owever, the application of cryptographic schemes requires reliable key distribution, management, and maintenance mechanisms. It is not always desirable to apply these cryptographic methods because of its infrastructural, computational, and management overhead. .urther, cryptographic methods are susceptible to node compromise, which is a serious concern as most wireless nodes are easily accessible, allowing their memory to be easily scanned. In this work, we propose to use received signal strength $%&&)(based spatial correlation, a physical property associated with each wireless node that is hard to falsify and not reliant on cryptography as the basis for detecting spoofing attacks. &ince we are concerned with attackers who have different locations than legitimate wireless nodes, utili#ing spatial information to address spoofing attacks has the unique power to not only identify the presence of these attacks but also locali#e adversaries. An added advantage of employing spatial correlation to detect spoofing attacks is that it will not require any additional cost or modification to the wireless devices themselves. 2 We focus on static nodes in this work, which are common for spoofing scenarios. We addressed spoofing detection in mobile environments in our other work. ;he works that are closely related to us are in these systems. .aria and 'heriton proposed the use of matching rules of signal prints for spoofing detection, &heng et al. modeled the %&& readings using a <aussian mi)ture model and 'hen et al. used %&& and =(means cluster analysis to detect spoofing attacks. 5owever, none of these approaches have the ability to determine the number of attackers when multiple adversaries use the same identity to launch attacks, which is the basis to further locali#e multiple adversaries after attack detection. Although 'hen et al. studied how to locali#e adversaries, it can only handle the case of a single spoofing attacker and cannot locali#e the attacker if the adversary uses different transmission power levels. ;he main contributions of our work are> 1) <A78> a generali#ed attack detection model $<A78) that can both detect spoofing attacks as well as determine the number of adversaries using cluster analysis methods grounded on %&&(based spatial correlations among normal devices and adversaries and !) I73?> an integrated detection and locali#ation system that can both detect attacks as well as find the positions of multiple adversaries even when the adversaries vary their transmission power levels. In <A78, the 6artitioning Around +edoids $6A+) cluster analysis method is used to perform attack detection. We formulate the problem of determining the number of attackers as a multiclass detection problem. We then applied cluster(based methods to determine the number of attacker. We further developed a mechanism called &I?8@'8 for testing &ilhouette 6lot and &ystem 8volution with minimum distance of clusters, to improve the accuracy of determining the number of attackers. Additionally, when the training data are available, we propose to use the &upport *ector +achines $&*+) method to further improve the accuracy of determining the number of attackers. +oreover, we developed an integrated system, I73?, which utili#es the results of the number of attackers returned by <A78 to further locali#e multiple adversaries. As we demonstrated through our e)periments using both an ,-!.11 network as well as an ,-!.1/.0 network in two real office building environments, <A78 is highly effective in spoofing detection with over 4- percent hit rate and precision. .urthermore, using a set of representative locali#ation algorithms, we show that I73? can achieve similar locali#ation accuracy when locali#ing adversaries to that of under normal conditions. 3ne key observation is that I73? can handle attackers using different transmission power levels, thereby providing strong evidence of the effectiveness of locali#ing adversaries when there are multiple attackers in the network. 3 $%&!ST!N' S(ST%M ;he e)isting approaches to address potential spoofing attacks employ cryptographic schemes ABC. 5owever, the application of cryptographic schemes requires reliable key distribution, management, and maintenance mechanisms. It is not always desirable to apply these cryptographic methods because of its infrastructural, computational, and management overhead. .urther, cryptographic methods are susceptible to node compromise, which is a serious concern as most wireless nodes are easily accessible, allowing their memory to be easily scanned. In this work, we propose to use received signal strength $%&&)(based spatial correlation, a physical property associated with each wireless node that is hard to falsify and not reliant on cryptography as the basis for detecting spoofing attacks. &ince we are concerned with attackers who have different locations than legitimate wireless nodes, utili#ing spatial information to address spoofing attacks has the unique power to not only identify the presence of these attacks but also locali#e adversaries. An added advantage of employing spatial correlation to detect spoofing attacks is that it will not require any additional cost or modification to the wireless devices themselves. Disad)antages ;he large(scale network, multiple adversaries may masquerade as the same identity and collaborate to launch malicious attacks such as network resource utili#ation attack and denial(of(service attack quickly. ;he accuracy of determining the number of attackers. Additionally, when the training data are available, we propose to use the &upport *ector +achines $&*+) method to further improve the accuracy of determining the number of attackers. *+R"+"S%D S(ST%M ;he path loss e)ponent is set to !./ and the standard deviation of shadowing is ! d2. .rom the figure, we observed that the %3' curves shift to the upper left when increasing the distance between two devices. ;his indicates that the farther away the two nodes are separated, the better detection performance that our method can achieve. ;his is because the detection performance is proportional to the no centrality parameter which is represented by the distance between two wireless nodes together with the landmarks. &ince under a spoofing attack, the %&& readings from the victim node and the spoofing attackers are mi)ed together, this observation suggests that we may conduct cluster analysis on top of %&&(based spatial 4 correlation to find out the distance in signal space and further detect the presence of spoofing attackers in physical space. ;he &ystem 8volution is a new method to analy#e cluster structures and estimate the number of clusters. ;he &ystem 8volution method uses the twin( cluster model, which are the two closest clusters among = potential clusters of a data set. ;he twin(cluster model is used for energy calculation. ;he 6artition 8nergy denotes the border distance between the twin clusters, whereas the +erging 8nergy is calculated as the average distance between elements in the border region of the twin clusters. Ad)antages ;he basic idea behind using the &ystem 8volution method to determine the number of attackers is that all the rest of clusters are separated if the twin clusters are separable. ;he 5it %ate is lower when treating four attackers as errors than treating two attackers as errors. ;his indicates that the probability of misclassifying three attackers as four attackers is higher than that of misclassifying three attackers as two attackers. ;he advantage of &ilhouette 6lot is that it is suitable for estimating the best partition. Whereas the &ystem 8volution method performs well under difficult cases such as when there e)ists slightly overlapping between clusters and there are smaller clusters near larger clusters. 5 ,S(ST%M C"N-!'#RAT!"N ,1 .ARDWAR% R%/#!R%M%NTS 6rocessor ( Intel core! 7uo &peed ( !.4" <h# %A+ ( !<2 %A+ 5ard 7isk ( /-- <2 =ey 2oard ( &tandard Windows =eyboard +ouse ( ;wo or ;hree 2utton +ouse +onitor ( ?87 ,$ S"-TWAR% S(ST%M C"N-!'#RAT!"N 3perating &ystem ( D6 and windows E .ront 8nd> Fava$ AW;,&wings,@etworking) 2ack 8nd ( +& Access !--" 6 0 1A2A T%C.N"L"'( Fava technology is both a programming language and a platform. T3e 1a)a +rogra44ing Language ;he Fava programming language is a high(level language that can be characteri#ed by all of the following bu##words> &imple Architecture neutral 3b:ect oriented 6ortable 7istributed 5igh performance Interpreted +ultithreaded %obust 7ynamic &ecure With most programming languages, you either compile or interpret a program so that you can run it on your computer. ;he Fava programming language is unusual in that a program is both compiled and interpreted. With the compiler, first you translate a program into an intermediate language called Java byte codes 9the platform(independent codes interpreted by the interpreter on the Fava platform. ;he interpreter parses and runs each Fava byte code instruction on the computer. 'ompilation happens :ust once interpretation occurs each time the program is e)ecuted. ;he following figure illustrates how this works. 7 Gou can think of Fava byte codes as the machine code instructions for the Java Virtual Machine $Fava *+). 8very Fava interpreter, whether itHs a development tool or a Web browser that can run applets, is an implementation of the Fava *+. Fava byte codes help make Iwrite once, run anywhereJ possible. Gou can compile your program into byte codes on any platform that has a Fava compiler. ;he byte codes can then be run on any implementation of the Fava *+. ;hat means that as long as a computer has a Fava *+, the same program written in the Fava programming language can run on Windows !---, a &olaris workstation, or on an i+ac. T3e 1a)a +latfor4 A platform is the hardware or software environment in which a program runs. WeHve already mentioned some of the most popular platforms like Windows !---, ?inu), &olaris, and +ac3&. +ost platforms can be described as a combination of the operating system and hardware. ;he Fava platform differs from most other platforms in that itHs a software(only platform that runs on top of other hardware(based platforms. ;he Fava platform has two components> ;he Java Virtual Machine $Fava *+) ;he Java Application Programming Interface $Fava A6I) GouHve already been introduced to the Fava *+. ItHs the base for the Fava platform and is ported onto various hardware(based platforms. 8 ;he Fava A6I is a large collection of ready(made software components that provide many useful capabilities, such as graphical user interface $<KI) widgets. ;he Fava A6I is grouped into libraries of related classes and interfaces these libraries are known as packages. ;he ne)t section, What 'an Fava ;echnology 7oL 5ighlights what functionality some of the packages in the Fava A6I provide. ;he following figure depicts a program thatHs running on the Fava platform. As the figure shows, the Fava A6I and the virtual machine insulate the program from the hardware. @ative code is code that after you compile it, the compiled code runs on a specific hardware platform. As a platform(independent environment, the Fava platform can be a bit slower than native code. 5owever, smart compilers, well(tuned interpreters, and :ust(in(time byte code compilers can bring performance close to that of native code without threatening portability. What Can Java Technology Do? ;he most common types of programs written in the Fava programming language are applets and applications. If youHve surfed the Web, youHre probably already familiar with applets. An applet is a program that adheres to certain conventions that allow it to run within a Fava(enabled browser. 5owever, the Fava programming language is not :ust for writing cute, entertaining applets for the Web. ;he general(purpose, high(level Fava programming language is also a powerful software platform. Ksing the generous A6I, you can write many types of programs. An application is a standalone program that runs directly on the Fava platform. A special kind of application known as a server serves and supports clients on a network. 8)amples of servers are Web servers, pro)y servers, mail servers, and print servers. Another speciali#ed program is a servlet. A servlet can almost be thought of 9 as an applet that runs on the server side. Fava &ervlets are a popular choice for building interactive web applications, replacing the use of '<I scripts. &ervlets are similar to applets in that they are runtime e)tensions of applications. Instead of working in browsers, though, servlets run within Fava Web servers, configuring or tailoring the server. 5ow does the A6I support all these kinds of programsL It does so with packages of software components that provides a wide range of functionality. 8very full implementation of the Fava platform gives you the following features> T3e essentials> 3b:ects, strings, threads, numbers, input and output, data structures, system properties, date and time, and so on. Applets> ;he set of conventions used by applets. Networking> K%?s, ;'6 $;ransmission 'ontrol 6rotocol), K76 $Kser 7ata gram 6rotocol) sockets, and I6 $Internet 6rotocol) addresses. !nternationalization> 5elp for writing programs that can be locali#ed for users worldwide. 6rograms can automatically adapt to specific locales and be displayed in the appropriate language. Securit5> 2oth low level and high level, including electronic signatures, public and private key management, access control, and certificates. Software co4ponents> =nown as Fava2eans ;+ , can plug into e)isting component architectures. "67ect serialization> Allows lightweight persistence and communication via %emote +ethod Invocation $%+I). 1a)a Data6ase Connecti)it5 81DBC TM 9> 6rovides uniform access to a wide range of relational databases. ;he Fava platform also has A6Is for !7 and "7 graphics, accessibility, servers, collaboration, telephony, speech, animation, and more. ;he following figure depicts what is included in the Fava ! &7=. 10 "DBC +icrosoft 3pen 7atabase 'onnectivity $372') is a standard programming interface for application developers and database systems providers. 2efore 372' became a de facto standard for Windows programs to interface with database systems, programmers had to use proprietary languages for each database they wanted to connect to. @ow, 372' has made the choice of the database system almost irrelevant from a coding perspective, which is as it should be. Application developers have much more important things to worry about than the synta) that is needed to port their program from one database to another when business needs suddenly change. ;hrough the 372' Administrator in 'ontrol 6anel, you can specify the particular database that is associated with a data source that an 372' application program is written to use. ;hink of an 372' data source as a door with a name on it. 8ach door will lead you to a particular database. .or e)ample, the data source named &ales .igures might be a &M? &erver database, whereas the Accounts 6ayable data source could refer to an Access database. ;he physical database referred to by a data source can reside anywhere on the ?A@. ;he 372' system files are not installed on your system by Windows 4/. %ather, they are installed when you setup a separate database application, such as &M? &erver 'lient or *isual 2asic 0.-. When the 372' icon is installed in 'ontrol 6anel, it uses a file called 372'I@&;.7??. It is also possible to administer your 372' data sources through a stand( alone program called 372'A7+.8D8. ;here is a 1B(bit and a "!(bit version of this program and each maintains a separate list of 372' data sources. .rom a programming perspective, the beauty of 372' is that the application can be written to use the same set of function calls to interface with any data source, regardless of the database vendor. ;he source code of the application doesnHt change whether it talks to 3racle or &M? &erver. We only mention these two as an e)ample. ;here are 372' drivers available for several do#en popular database systems. 8ven 8)cel spreadsheets and plain te)t 11 files can be turned into data sources. ;he operating system uses the %egistry information written by 372' Administrator to determine which low(level 372' drivers are needed to talk to the data source $such as the interface to 3racle or &M? &erver). ;he loading of the 372' drivers is transparent to the 372' application program. In a clientNserver environment, the 372' A6I even handles many of the network issues for the application programmer. ;he advantages of this scheme are so numerous that you are probably thinking there must be some catch. ;he only disadvantage of 372' is that it isnHt as efficient as talking directly to the native database interface. 372' has had many detractors make the charge that it is too slow. +icrosoft has always claimed that the critical factor in performance is the quality of the driver software that is used. In our humble opinion, this is true. ;he availability of good 372' drivers has improved a great deal recently. And anyway, the criticism about performance is somewhat analogous to those who said that compilers would never match the speed of pure assembly language. +aybe not, but the compiler $or 372') gives you the opportunity to write cleaner programs, which means you finish sooner. +eanwhile, computers get faster every year. 1DBC In an effort to set an independent database standard A6I for Fava &un +icrosystems developed Fava 7atabase 'onnectivity, or F72'. F72' offers a generic &M? database access mechanism that provides a consistent interface to a variety of %72+&s. ;his consistent interface is achieved through the use of Iplug(inJ database connectivity modules, or drivers. If a database vendor wishes to have F72' support, he or she must provide the driver for each platform that the database and Fava run on. ;o gain a wider acceptance of F72', &un based F72'Hs framework on 372'. As you discovered earlier in this chapter, 372' has widespread support on a variety of platforms. 2asing F72' on 372' will allow vendors to bring F72' drivers to market much faster than developing a completely new connectivity solution. F72' was announced in +arch of 144B. It was released for a 4- day public review that ended Fune ,, 144B. 2ecause of user input, the final F72' v1.- specification was released soon after. ;he remainder of this section will cover enough information about F72' for you to know what it is about and how to use it effectively. ;his is by no means a complete overview of F72'. ;hat would fill an entire book. 12 1DBC 'oals .ew software packages are designed without goals in mind. F72' is one that, because of its many goals, drove the development of the A6I. ;hese goals, in con:unction with early reviewer feedback, have finali#ed the F72' class library into a solid framework for building database applications in Fava. ;he goals that were set for F72' are important. ;hey will give you some insight as to why certain classes and functionalities behave the way they do. ;he eight design goals for F72' are as follows> 1. SQL Level API ;he designers felt that their main goal was to define a &M? interface for Fava. Although not the lowest database interface level possible, it is at a low enough level for higher(level tools and A6Is to be created. 'onversely, it is at a high enough level for application programmers to use it confidently. Attaining this goal allows for future tool vendors to IgenerateJ F72' code and to hide many of F72'Hs comple)ities from the end user. 2. SQL Conformance &M? synta) varies as you move from database vendor to database vendor. In an effort to support a wide variety of vendors, F72' will allow any query statement to be passed through it to the underlying database driver. ;his allows the connectivity module to handle non(standard functionality in a manner that is suitable for its users. ". JDBC m!t "e #m$lemental on to$ of common %ata"a!e #nterface! ;he F72' &M? A6I must IsitJ on top of other common &M? level A6Is. ;his goal allows F72' to use e)isting 372' level drivers by the use of a software interface. ;his interface would translate F72' calls to 372' and vice versa. &. Prov#%e a Java #nterface that #! con!#!tent '#th the re!t of the Java !y!tem 2ecause of FavaHs acceptance in the user community thus far, the designers feel that they should not stray from the current design of the core Fava system. (. )ee$ #t !#m$le ;his goal probably appears in all software design goal listings. F72' is no e)ception. &un felt that the design of F72' should be very simple, allowing for only one method of 13 completing a task per mechanism. Allowing duplicate functionality only serves to confuse the users of the A6I. *. +!e !trong, !tat#c ty$#ng 'herever $o!!#"le &trong typing allows for more error checking to be done at compile time also, less error appear at runtime. -. )ee$ the common ca!e! !#m$le 2ecause more often than not, the usual &M? calls used by the programmer are simple SELECTHs, INSERTHs, DELETEHs and UPDATEHs, these queries should be simple to perform with F72'. 5owever, more comple) &M? statements should also be possible. Gou can think of Fava byte codes as the machine code instructions for the Fava *irtual +achine $Fava *+). 8very Fava interpreter, whether itHs a Fava development tool or a Web browser that can run Fava applets, is an implementation of the Fava *+. ;he Fava *+ can also be implemented in hardware. Fava byte codes help make Iwrite once, run anywhereJ possible. Gou can compile your Fava program into byte codes on my platform that has a Fava compiler. ;he byte codes can then be run any implementation of the Fava *+. .or e)ample, the same Fava program can run Windows @;, &olaris, and +acintosh. 14 Java Program Compilers Interpreter My Program : N%TW"R;!N' TC+<!+ stack ;he ;'6NI6 stack is shorter than the 3&I one> ;'6 is a connection(oriented protocol K76 $Kser 7atagram 6rotocol) is a connectionless protocol. !+ datagra4=s ;he I6 layer provides a connectionless and unreliable delivery system. It considers each datagram independently of the others. Any association between datagram must be supplied by the higher layers. ;he I6 layer supplies a checksum that includes its own header. ;he header includes the source and destination addresses. ;he I6 layer handles routing through an Internet. It is also responsible for breaking up large datagram into smaller ones for transmission and reassembling them at the other end. 15 #D+ K76 is also connectionless and unreliable. What it adds to I6 is a checksum for the contents of the datagram and port numbers. ;hese are used to give a clientNserver model ( see later. TC+ ;'6 supplies logic to give a reliable connection(oriented protocol above I6. It provides a virtual circuit that two processes can use to communicate. !nternet addresses In order to use a service, you must be able to find it. ;he Internet uses an address scheme for machines so that they can be located. ;he address is a "! bit integer which gives the I6 address. ;his encodes a network I7 and more addressing. ;he network I7 falls into various classes according to the si#e of the network address. Network address 'lass A uses , bits for the network address with !0 bits left over for other addressing. 'lass 2 uses 1B bit network addressing. 'lass ' uses !0 bit network addressing and class 7 uses all "!. Su6net address Internally, the K@ID network is divided into sub networks. 2uilding 11 is currently on one sub network and uses 1-(bit addressing, allowing 1-!0 different hosts. 16 .ost address , bits are finally used for host addresses within our subnet. ;his places a limit of !/B machines that can be on the subnet. Total address ;he "! bit address is usually written as 0 integers separated by dots. +ort addresses A service e)ists on a host, and is identified by its port. ;his is a 1B bit number. ;o send a message to a server, you send it to the port for that service of the host that it is running on. ;his is not location transparencyO 'ertain of these ports are Pwell knownP. Sockets A socket is a data structure maintained by the system to handle network connections. A socket is created using the call socket. It returns an integer that is like a file descriptor. In fact, under Windows, this handle can be used with %ead .ile and Write .ile functions. 17 Qinclude RsysNtypes.hS Qinclude RsysNsocket.hS int socket$int family, int type, int protocol) 5ere PfamilyP will be A.TI@8; for I6 communications, protocol will be #ero, and type will depend on whether ;'6 or K76 is used. ;wo processes wishing to communicate over a network create a socket each. ;hese are similar to two ends of a pipe ( but the actual pipe does not yet e)ist. 1-ree C3art F.ree'hart is a free 1--U Fava chart library that makes it easy for developers to display professional quality charts in their applications. F.ree'hartVs e)tensive feature set includes> A consistent and well(documented A6I, supporting a wide range of chart types A fle)ible design that is easy to e)tend, and targets both server(side and client( side applications &upport for many output types, including &wing components, image files $including 6@< and F68<), and vector graphics file formats $including 67., 86& and &*<) F.ree'hart is Popen sourceP or, more specifically, free software. It is distributed under the terms of the <@K ?esser <eneral 6ublic ?icence $?<6?), which permits use in proprietary applications. 1. .a$ /#!al#0at#on! 'harts showing values that relate to geographical areas. &ome e)amples include> $a) population density in each state of the Knited &tates, $b) income per capita for each country in 8urope, $c) life e)pectancy in each country of the world. ;he tasks in this pro:ect include> &ourcing freely redistributable vector outlines for the countries of the world, statesNprovinces in particular countries $K&A in particular, but also other areas) 18 'reating an appropriate dataset interface $plus default implementation), a rendered, and integrating this with the e)isting DG6lot class in F.ree'hart ;esting, documenting, testing some more, documenting some more. 2. T#me Ser#e! Chart Interact#v#ty Implement a new $to F.ree'hart) feature for interactive time series charts ((( to display a separate control that shows a small version of A?? the time series data, with a sliding PviewP rectangle that allows you to select the subset of the time series data to display in the main chart. 1. Da!h"oar%! ;here is currently a lot of interest in dashboard displays. 'reate a fle)ible dashboard mechanism that supports a subset of F.ree'hart chart types $dials, pies, thermometers, bars, and linesNtime series) that can be delivered easily via both Fava Web &tart and an applet. &. Pro$erty 2%#tor! ;he property editor mechanism in F.ree'hart only handles a small subset of the properties that can be set for charts. 8)tend $or reimplement) this mechanism to provide greater end(user control over the appearance of the charts. 19 > L!T%RAT#R% S#R2%( ?1 Detecting and Localizing Wireless Spoofing Attacks Wireless networks are vulnerable to spoofing attacks, which allows for many other forms of attacks on the networks. Although the identity of a node can be verified through cryptographic authentication, authentication is not always possible because it requires key management and additional infrastructural overhead. In this paper we propose a method for both detecting spoofing attacks, as well as locating the positions of adversaries performing the attacks. We first propose an attack detector for wireless spoofing that utili#es =(means cluster analysis. @e)t, we describe how we integrated our attack detector into a real time indoor locali#ation system, which is also capable of locali#ing the positions of the attackers. We then show that the positions of the attackers can be locali#ed using either area(based or point(based locali#ation algorithms with the same relative errors as in the normal case. We have evaluated our methods through e)perimentation using both an ,-!.11 $Wi.i) network as well as an ,-!.1/.0 $1ig2ee) network. 3ur results show that it is possible to detect wireless spoofing with both a high detection rate and a low false positive rate, thereby providing strong evidence of the effectiveness of the =(means spoofing detector as well as the attack locali#er. As more wireless and sensor networks are deployed,they will increasingly become tempting targets for malicious attacks. 7ue to the openness of wireless and sensor networks, they are especially vulnerable to spoofing attacks where an attacker forges its identity to masquerade as another device, or even creates multiple illegitimate identities. &poofing attacks are a serious threat as they represent a form of identity compromise and can facilitate a variety of traffic in:ection attacks, such as evil twin access point attacks. It is thus desirable to detect the presence of spoofing and eliminate them from the network. ;he traditional approach to address spoofing attacks is to apply cryptographic authentication. 5owever, authentication requires additional infrastructural overhead and computational power associated with distributing, and maintaining cryptographic keys. 7ue to the limited power and resources available to the wireless devices and sensor nodes, it is not always possible to deploy authentication. In addition, key management often incurs 20 significant human management costs on the network. In this paper, we take a different approach by using the physical properties associated with wireless transmissions to detect spoofing. &pecifically, we propose a scheme for both detecting spoofing attacks, as well as locali#ing the positions of the adversaries performing the attacks. 3ur approach utili#es the %eceived &ignal &trength $%&&) measured across a set of access points to perform spoofing detection and locali#ation. 3ur scheme does not add any overhead to the wireless devices and sensor nodes. 2y analy#ing the %&& from each +A' address using =(means cluster algorithm, we have found that the distance between the centroids in signal space is a good test statistic for effective attack detection. We then describe how we integrated our =(means spoofing detector into a real(time indoor locali#ation system. 3ur =(means approach is general in that it can be applied to almost all %&&(based locali#ation algorithms. .or two sample algorithms, we show that using the centroids of the clusters in signal space as the input to the locali#ation system, the positions of the attackers can be locali#ed with the same relative estimation errors as under normal conditions. ;o evaluate the effectiveness of spoofing detector and attack locali#er, we conducted e)periments using both an ,-!.11 network as well as an ,-!.1/.0 network in a real office building environment. In particular, we have built an indoor locali#ation system that can locali#e any transmitting devices on the floor in real(time. We evaluated the performance of the =(means spoofing detector using detection rates and receiver operating characteristic curve. We have found that our spoofing detector is highly effective with over 4/U detection rates and under /U false positive rates. .urther, we observed that, when using the centroids in signal space, a broad family of locali#ation algorithms achieve the same performance as when they use the averaged %&& in traditional locali#ation attempts. 21 ?$ Access points )ulnera6ilities to DoS attacks in @A$11 networks ;he possible denial of service attacks to infrastructure wireless ,-!.11 networks are discussed here. ;o carry out such attacks only commodity hardware and software components are required. ;he results show that serious vulnerabilities e)ist in different access points and that a single malicious station can easily hinder any legitimate communication within a basic service set. ;he peculiar features of wireless networks suggest a greater e)posure to 7enial of &ervice $7o&) attacks than wired networks. &ince the wireless medium does not have well defined physical bounds, a malicious station can appear in the range of such a network and launch an attack in order to stop any legitimate communication ;he ,-!.11 protocol is based on the e)change of requestNresponse messages> each request sent by a station $&;A) in the network triggers a corresponding response on its counterpart, which can be, in turn, another station or an Access 6oint $A6). 22 Infrastructure networks rely on an access point $or a set of them) as a central node through which every communication is routed, thus an A6 can easily become a bottleneck for the entire network $or, at least, for the 2asic &ervice &et it defines1). An A6 failure causes the block of the entire network or a part of it. Attack patterns should be as simple as possible, in order to apply both to open systems and W86(protected networks. .rom this viewpoint, a malicious station should be able to launch an attack even if it is neither associated nor authenticated to the target network 6robe request frames are used by stations to actively scan an area in order to discover e)isting wireless networksany A6 receiving a probe request frame must respond with a proper probe response frame that contains information about the network, to allow the station to associate. 2y sending a burst of probe request frames very quickly, each with a different +A' address $+A' spoofing) to simulate the presence of a large number of scanning stations in the area, we can induce a heavy workload on the A6, resulting in a wasting of computing and memory resources which can not be used for normal operations. A6 response to an authentication request frame depends on the authentication settings of the network> open s5ste4 networks> no cryptography is involved, the A6 processes each request, possibly comparing the +A' addresswith an access control list, then it responds with a frame containing the authentication process results3ared ke5 networks> after receiving an authentication request by a station, the A6 generates a random challenge te)t and sends it to the station in a second authentication framethe challenge te)t has to be encrypted with a proper W86 key by the station to gain access to the network.In both cases the A6 must allocate memory to keep information about each new station that successfully authenticates.As in the previous case, by sending a burst of authentication request frames, using +A' spoofing,it should be possible to bring A6Hs resources close to the saturation level. According to the protocol .&+, a!!oc#at#onre3e!t frames should not be sent by stations in unauthenticatedNunassociated state, so such requests should never receive an answer by the A6. Actually we discovered that many A6s respond to IillegalJ a!!oc#at#onre3e!t frames by sending a disassociation or deauthentication frame. As a consequence, even a burst of association request frames is able to consume computational resources on an A6. 23 ?* Detecting !dentit5 Based Attacks in Wireless Networks #sing Signal prints Wireless networks are vulnerable to many identity(based attacks in which a malicious device uses forged +A' addresses to masquerade as a specific client or to create multiple illegitimate identities. .or e)ample, several link(layer services in I888 ,-!.11 networks have been shown to be vulnerable to such attacks even when ,-!.11iN1D and other security mechanisms are deployed. A transmitting device can be robustly identified by its signal print, a tuple of signal strength values reported by access points acting as sensors. We show that, different from +A' addresses or other packet contents, attackers do not have as much control regarding the signalprints they produce .+oreover, using measurements in a testbed network, we demonstrate that signalprints are strongly correlated with the physical location of clients, with similar values found mostly in close pro)imity. 2y tagging suspicious packets with their corresponding signalprints, the network is able to robustly identify each transmitter independently of packet contents, allowing detection of a large class of identity(based attacks with high probability. &everal 7o& attacks in wireless ?A@s are possible because these networks lack reliable client identifiers before upper( layer authentication mechanisms are evoked and user credentials are securely established. After a client authenticates successfully and session keys are used to encrypt and authenticate packets sent over wireless links, the network can securely verify if the source +A' address in a packet is correct. Without this mechanism, however, wireless installations have to rely solely on +A' addresses for client identication> two devices in a network using the same address are treated as a single client, even if they generate inconsistent requests. As +A' addresses can be easily changed through device drivers, simple yet effective identity(based attacks can be implemented with off(the(shelf equipment against multiple link( layer services. I888 ,-!.11 networks, for instance, have been shown to be vulnerable to a 24 class of attacks we refer to as masquerading attacks, in which a malicious device targets a specific client by spoofing its +A' address or the address of its current access point. 2ellardo and &avage have demonstrated that a 1-(second deauthentication attack can immediately knock a client of the network and possibly incur minute(long outages given the interaction between ,-!.11 and ;'6 A/C. With such tools, a malicious user could render a Wi( .i hotspot unusable by targeting all active clients or simply ma)imi#e the throughput achieved by his own laptop by periodically deauthenticating devices using the same access point as him. ;hese attacks can be currently implemented even if networks deploy recent security standards such as I888 ,-!.11i A!C. Another class of identity(based attacks target resource depletion> an attacker can generate high rates of requests with random +A' values in order to consume shared resources. .or e)ample, authentication protocols such as ;?& $popular with ,-!.11iN,-!.1D) demand milliseconds of processing time, making servers vulnerable to attacks that consume in the order of !-- =bps of attack bandwidth AEC. As another e)ample, the attack could target a 75'6 server in a publicly available part of the network and consume all I6 addresses reserved for visitors. A 67A device left behind inside a corporation could act as a Wwireless grenadeP, going off at a programmed time and coding the authentication server with random requests, possibly affecting clients well beyond its communication range. 'onceptually, a signalprint is the signal strength characteri#ation of a packet transmission. 8ach signalprint is represented as a vector of signal strength measurements, with one entry for each access point acting as sensor. *alues insignalprints always appear in the same order, i.e., position is always contains the signal strength level $in d2m) reported by the ith A6. We use the notation &AiC to refer to the entry in a signal print. If an access point does not report an %&&I level for a given packet, a default value equal to its sensitivity is used. $;he sensitivity of a receiver with respect to a given data rate is defined as the minimum signal strength level needed to achieve a target packet error rate.).;he si#e of a signal print is the number of non(default elements it contains, i.e., the number of entries created fromactual %&&I measurements. 25 &ignal print creation 26 ?, Secure and %fficient ;e5 Manage4ent in Mo6ile Ad .oc Networks In mobile ad hoc networks, due to unreliable wireless media, host mobility and lack of infrastructure, providing secure communications is a big challenge in this unique network environment. Ksually cryptography techniques are used for secure communications in wired and wireless networks. ;he asymmetric cryptography is widely used because of its versatileness $authentication, integrity, and confidentiality) and simplicity for key distribution. 5owever, this approach relies on a centrali#ed framework of public key infrastructure $6=I). ;he symmetric approach has computation efficiency, yet it suffers from potential attacks on key agreement or key distribution. In fact, any cryptographic means is ineffective if the key management is weak. =ey management is a central aspect for security in mobile ad hoc networks. In mobile ad hoc networks, the computational load and comple)ity for key management is strongly sub:ect to restriction of the nodeHs available resources and the dynamic nature of network topology. In this paper, we propose a secure and efficient key management framework $&8=+) for mobile ad hoc networks. &8=+ builds 6=I by applying a secret sharing scheme and an underlying multicast server group. In &8=+, the server group creates a view of the certification authority $'A) and provides certificate update service for all nodes, including the servers themselves. A ticket scheme is introduced for efficient certificate service. In addition, an efficient server group updating scheme is proposed. +obile ad hoc networks are special type of wireless networks in which a collection of mobile hosts with wireless network interfaces may form a temporary network, without the aid of any fi)ed infrastructure or centrali#ed administration.In mobile ad hoc networks, nodes within their wireless transmitter ranges can communicate with each other directly$assume that all nodes have the same transmission range),while nodes outside the range have to rely on some other nodesto relay messages. ;hus a multi(hop scenario occurs, where the packets sent by the source host are relayed by several intermediate hosts before reaching the destination host. 8very node functions as a router. ;he success of communication highly 27 depends on the other nodesH cooperation. While mobile ad hoc networks can be quickly and ine)pensively setup as needed, security is a critical issue compared to wired or other wireless counterparts. +any passive and active security attacks could be launched from the outside by malicious hosts or from the inside by compromised hostsA1-CA1!C. Cryptography is an important and powerful tool for security services, namely authentication, confidentiality, integrity, and non(repudiation. It converts readable data $plaintext) into meaningless data $ciphertext). 'ryptography has two dominant flavors, namely symmetric- key $secret(key) and asymmetrickey $public(key) approach. In symmetric(key cryptography, the same key is used to encrypt and decrypt the information, while in the asymmetric(key approach, different keys are used to convert and recover the information. Although the asymmetric cryptography approach possesses versatileness $authentication, integrity, and confidentiality) and simplicity for key distribution, symmetric(key algorithms are generally more computation(efficient than the public(key approach. ;here is a variety of symmetric or asymmetric algorithms available, such as 78&, A8&, I78A, %&A, and 8I<amal A1CA!CA11C. hreshold cryptography A"C is a scheme quite different from the above two approaches. In &hamirHs $k! n) secret sharing scheme, a secret is split into n pieces according to a random polynomial. ;he secret can be recovered by combining k pieces based on "agrange interpolation. &ecret splitting, reconstruction, and verification is quickly reviewed in &ection ". ;hese cryptography tools are widely used in wired and wireless networks, obviously they could also be used in mobile ad hoc networks. =ey management is a basic part of any secure communication. +ost cryptosystems rely on some underlying secure, robust, and efficient key management system. =ey management deals with key generation, storage, distribution, updating, revocation, and certificate service, in accordance with security policies. =ey management primitives and a trust model are presented in &ection ". ;he outline of key management is described below. .irst, secrecy of key itself must be assured in the local host system. &econd, secure network communications involve key distribution procedure between communication parties, in which the key may be transmitted through insecure channels. =ey confidentiality, integrity, and ownership must be enforced in the whole procedure. ;hird, a framework of trust relationships needs to be built for authentication of key ownership. While some frameworks are based on a centrali#ed rusted hird Party $;;6), others could be fully distributed. .or e)ample, a Certificate Authority is the ;;6 in 6=I, #ey $istribution Center 28 $=7') is the ;;6 in the symmetric system, meanwhile in 6<6, no such a trusted entity is assumed. A secure and efficient key management scheme $&8=+) is used here. In &8=+, the system public key is distributed to the whole network.Iin &8=+, the trust of the central authority $'A) is distributed to a subset of nodes $not all nodes), which could be nodes with normal or better equipment. ;he ma:or contribution of our scheme is that &8=+ is designed to provide efficient share updating among servers and to quickly respond to certificate updating, which are two ma:or challenges in a distributed 'A scheme. ;he basic idea is that server nodes form the underlying service group for efficient communication. .or efficiency, only a subset of the server nodes initiates the share update phase in each round. A ticket based scheme is introduced for efficient certificate updating. @ormally, because of share updating, recently :oining servers could be isolated from the system if they carry outdated certificates. 3ur scheme does not isolate new servers, and is open for regular nodes for easy :oining and departing. &8=+ creates a view of 'A and provides secure and efficient certificate service in the mobile and ad hoc environment. In &8=+ framework, #%1ca is distributed to m shareholders. @ormally, the number of shareholders is significantly less than the total number of nodes $n) in the network. .or e)ample !-U % "-U nodes are secret shareholders. We name these, shareholders as CA-vie& or server nodes in short. ;hey are basically normal nodes e)cept holding a system private key share and are capable to produce partial certificate. Muorum of k$1 ' k ( m) servers can produce a valid certificate. It is quite straightforward to connect all servers and form a special group rather than to search each one of them separately and frequently. It is communication efficient, bandwidth saving, and easy for management. .rom a node point of view it is easy to locate the server IblockJ rather than each IpointJ . .rom the server point of view it is easy to coordinate within the group ?0 Spatial Signatures for Lig3tweig3t Securit5 in Wireless Sensor Networks 29 ;his paper e)perimentally investigates the feasibility of crypto(free communications in resource constrained wireless sensor networks. We e)ploit the spatial signature induced by the radio communications of a node on its neighboring nodes. We design a primitive that robustly and efficiently reali#es this concept, even at the level of individual packets and when the network is relatively sparse. Ksing this primitive, we design a protocol that robustly and efficiently validates the authenticity of the source of messages> authentic messages incur no communication overhead whereas masqueraded communications are detected cooperatively by the neighboring nodes. ;he protocol enables lightweight collusion(resistant methods for broadcast authentication, unicast authentication, non(repudiation and integrity of communication. We have implemented our primitive and protocol, and quantified the high( level of accuracy of the protocol via. ;estbed e)periments with CC)*** radio(enabled motes and +*,-).-/ radio(enabled motes. Authenticity of information is critical to wireless sensor applications. In event detection, for instance, a message may bring critical information about a particular region. 8vent handlers would need assurance that the location information in the message is authentic and that its content has not been modified. ;hey may even wish to reconfirm the occurrence of the event. &cenarios like this motivate the need for properties such as broadcastNuncast message authentication, integrity, and non(repudiation. In essence, the need is for an efficient basis for one(hop message authentication, as hop(by(hop security is typically preferred when resources are constrained. We envision that the need for such security properties will only grow as applications start dealing with control scenarios. ;he conventional approach to message authentication relies on using secrets. 5owever, cryptography with even symmetric secrets can consume significant overhead in wireless sensor networks, especially low power ones. 3ther complications include the ease of eavesdropping given the broadcast nature of the medium, which makes applications vulnerable to malicious behavior. +oreover, the potentially large number and dynamic nature of nodes pose a key management challenge A1-C.;hese challenges lead us to investigate the feasibility of crypto(free communications in resource(constrained wireless sensor networks. ;owards establishing trust among a set of nodes without using secrets, we turn towards e)ploiting physical features of nodes that have the potential for being unique 30 ;he specific concept we propose is that of theIspatial signatureJ of a node, which is a physical characteri#ation of the signal that the node induces at each of its neighbors. In this paper, we show e)perimentally that a spatial signature of nodes based on physical features such as %eceived &ignal &trength Indicator $%&&I) or ?ink Muality Indicator $?MI) is unique with high probability, in multiple radio platforms and in diverse network topologies that range from rather sparse to very dense. It also en:oys desirable properties of stability and ease of learning. It is able to design a lightweight and robust primitive that validates the spatial signature of messages at run(time. ;he primitive, being statistical in nature, can produce both false positives and false negatives our e)periments however show that we can efficiently instrument it so that there are no false positive and rare false negatives in diverse networks. ;he memory and latency requirements of our primitive are substantially less than those of e)tant secret processing methods in wireless sensornetworks. 2ased on the primitive, we design a cooperative protocol that uses the primitive to perform message source authentication. ;he central idea of our cooperative protocol is this> a succinct representation of the spatial signature induced by a node on its neighbor is stored at the neighbor. If the adversary sends a message masquerading as the node, a spatial signature anomaly is detected and reported by the intended receiver$s) of the message, some neighbors of the node, andNor some neighbors of the adversary. 'onversely, if a message is authentic, the spatial signature matches at each neighbor and no anomaliesare reported. We show that if nodes are embedded in a !(dimensional plane then " $and, in most all cases,!) neighbors are sufficient for accurately validating spatial signatures. ;his implies that our protocol works in even relatively sparse networks. It also implies that in dense graphs it can work by designating only a small constant number of neighbors per node $as opposed to all neighbors) to reali#e the spatial signature validation primitive. ;hus, in our protocol, authentic communications do not incur additional communication, whereas masqueraded communications can incur up to a small bounded number of communications. 31 &patial(signature based message source authentication offers several benefits. .irst, a large amount of overhead incurred by cryptography operations and key management protocols is saved by the network. &econd, it enables simple and efficient protocols for authentication, non(repudiation and integrity. ;hird, attacks created by compromised content( dependent signatures are not possible. ?ast but not least, it is resilient to node compromise and to node collusion. 'onventionally, after more than a certain number of nodes are compromised, the security of the network is substantially decreased, whereas if the trust relationship is built only on spatial signatures, the damage caused by compromised nodes is regionally limited likewise, collusion resistance can be achieved based on simple density arguments. ;o the best of our knowledge, we are the first to use the concept of spatial signature for authentication and related security properties. ?: +re)ention of Spoofing Attacks in t3e !nfrastructure Wireless Networks &poofing Attack is one of the vulnerabilities in the wireless networks, which is a situation in which the intruder successfully masquerades as legal one. &poofing Attacks will decrease the performance of the network and violate many security issues. In the networks that use +A' address based filtering approach to authenticate the clients, the spoofer :ust needs to get a valid +A' address that belong to some authori#ed client in the network in order to gain an illegitimate advantage. In this mechanism, an additional authentication process beside +A' addresses filtering and periodically re(authenticates the client after sending every specific number of 7ata frames. ;he proposed additional authentication process is based on two parts. .irst> Ksing unique information that belongs to every client in the network such as computer name, '6K I7 and the current time as inputs to a hash function $one(way function), then insert the hash value in the slack fields of the header of the frame $&teganography). &econd> +ake a modification to the access point access control list by adding that unique information belong to each client in addition to its +A' address in the access control list. ;hus, when the A6 receives an Authentication frame from a client, it will first check the +A' address, if it is legal the A6 will recomputed the 5ash value depending on the corresponding identifiers stored in the access control list and the time of creating the frame, then compare the resulted 32 hash value with the received one and decide whether to re:ect or accept the access. 8ven the attacker is spoofed the +A' address heNshe cannot communicate with the network because the attacker will fail in computing the hash value that depends on the 'omputer name and '6K I7. Also the attacker will be prevented even if heNshe enters the network after the legal client finished the authentication process successfully because the attacker will fail in the reauthentication process. ?> !dentit5BBased Attack Detection in Mo6ile Wireless Networks Wireless networks are susceptible to various types of attacks due to the Iopen airJ nature of the wireless medium. Identity based attacks $I2As) are one of the most serious threats to wireless networks, and they are easy to launch A1C. .or instance, in I888 ,-!.11 networks, an attacker can sniff the traffic in the network and get to know the +A' addresses of the legitimate users, and then masquerade as a legitimate user by modifying its own +A' address simply using an ifconfig command. I2As are considered to be an important first step in an intruderHs attempt to launch a variety of other attacks on ,-!.11 networks, such as session hi:acking, man(in(the( middle, data modification, and authentication(based denial of service.'ertain I2As, such as deauthenticationNdisassociation attacks, are feasible mainly due to the fact that management and control frames are not protected in ,-!.11 networks. Although I888 ,-!.11w adds protection to the management frames, it fails to protect against 7o& attacks that are equivalent to the deauthentication and disassociation attacks A!C. .urthermore, even with cryptographic mechanisms, the authentication key can still be compromised. If the key is broken, the cryptography(based mechanism will fail and I2As are still possible. Knder the above circumstances, there is an increasing interest in using the physical(layer information or characteristics to detect I2As in wireless networks A"CXA11C. %eceived signal strength $%&&) information has been used for I2A detection due to its location distinction property and availability in the network interface card $@I') of the off( the(shelf devices.%&& profiles are location specific and can be used to flag I2As in static environments. Although the e)isting I2A detection schemes work well in a static network, they tend to raise e)cessive false alarms in a mobile environment where the %&& profiles change over time due to node mobility. Although mobility is an inherent property of wireless networks, little work has addressed I2As in mobile scenarios. 33 5ere a %eciprocal 'hannel *ariation(based Identification $%'*I) technique to detect I2As in mobile wireless networks is proposed. ;his technique can work even when the attacker is very close to the genuine node and the attacking packets are arbitrarily interleaved with the genuine packets. In %'*I, we assume the sender and receiver can record the %&& information of the bidirectional frames $such as 7A;A(A'=) with short time interval. 2ased on the reciprocity of the wireless channel A1!C, the sender and receiver should observe similar temporal %&& variations of the received frames. &ince the %&& variation is mainly caused by channel fading, it is random and unpredictable. +oreover, based on the location decorrelation property of the wireless channel,an attacker cannot observe the same channel variation $which induces the %&& variation) as the sender(receiver channel if it is located several wavelengths away A1!C. In %'*I, the receiver asks the sender $associated with an identity) to report the %&& records during their past communication. When there is no I2A, the reported %&& variation should be correlated with the receiverHs observation. In case there is an I2A, the %&& records observed by a victim node should be a mi)ture of the %&& induced by the genuine user and the attacker. &ince the attacker cannot figure out the %&& variations observed by the genuine user, its reported records should be less correlated with the victim nodeHs, and the attack can be detected. %'*I can make use of the readily available %&& measurement of 7A;A and A'= frames, so it can be implemented in the current ,-!.11 systems with minimal overhead. We evaluate %'*I through theoretical analysis, and validate it through e)periments using off(the(shelf ,-!.11 devices under different attacking patterns in real indoor and outdoor mobile scenarios. %'*I achieves desirable detection performance in the tested scenarios. ;o the best of our knowledge, this isthe first work on using reciprocal temporal %&& variations for detecting I2As in mobile wireless networks. 3ur technique can be generally applied to any wireless networks, as long as there are bi(directional frames e)changed between the communication parties within a time interval shorter than the channel coherence time. @ +R%L!M!NAR( !N2%ST!'AT!"N ;he first and foremost strategy for development of a pro:ect starts from the thought of designing a mail enabled platform for a small firm in which it is easy and convenient of 34 sending and receiving messages, there is a search engine ,address book and also including some entertaining games. When it is approved by the organi#ation and our pro:ect guide the first activity, ie. preliminary investigation begins. ;he activity has three parts> ReCuest Clarification -easi6ilit5 Stud5 ReCuest Appro)al @1R%/#%ST CLAR!-!CAT!"N After the approval of the request to the organi#ation and pro:ect guide, with an investigation being considered, the pro:ect request must be e)amined to determine precisely what the system requires. 5ere our pro:ect is basically meant for users within the company whose systems can be interconnected by the ?ocal Area @etwork$?A@). In todayHs busy schedule man need everything should be provided in a readymade manner. &o taking into consideration of the vastly use of the net in day to day life, the corresponding development of the portal came into e)istence. @$ -%AS!B!L!T( ANAL(S!S An important outcome of preliminary investigation is the determination that the system request is feasible. ;his is possible only if it is feasible within limited resource and time. ;he different feasibilities that have to be analy#ed are "perational -easi6ilit5 %cono4ic -easi6ilit5 Tec3nical -easi6ilit5 "perational -easi6ilit5 35 3perational .easibility deals with the study of prospects of the system to be developed. ;his system operationally eliminates all the tensions of the Admin and helps him in effectively tracking the pro:ect progress. ;his kind of automation will surely reduce the time and energy, which previously consumed in manual work. 2ased on the study, the system is proved to be operationally feasible. %cono4ic -easi6ilit5 8conomic .easibility or 'ost(benefit is an assessment of the economic :ustification for a computer based pro:ect. As hardware was installed from the beginning Y for lots of purposes thus the cost on pro:ect of hardware is low. &ince the system is a network based, any number of employees connected to the ?A@ within that organi#ation can use this tool from at anytime. ;he *irtual 6rivate @etwork is to be developed using the e)isting resources of the organi#ation. &o the pro:ect is economically feasible. Tec3nical -easi6ilit5 According to %oger &. 6ressman, ;echnical .easibility is the assessment of the technical resources of the organi#ation. ;he organi#ation needs I2+ compatible machines with a graphical web browser connected to the Internet and Intranet. ;he system is developed for platform Independent environment. Fava &erver 6ages, Fava&cript, 5;+?, &M? server and Web?ogic &erver are used to develop the system. ;he technical feasibility has been carried out. ;he system is technically feasible for development and can be developed with the e)isting facility. @* R%/#%ST A++R"2AL @ot all request pro:ects are desirable or feasible. &ome organi#ation receives so many pro:ect requests from client users that only few of them are pursued. 5owever, those pro:ects that are both feasible and desirable should be put into schedule. After a pro:ect request is approved, it cost, priority, completion time and personnel requirement is estimated and used to determine where to add it to any pro:ect list. ;ruly speaking, the approval of those above factors, development works can be launched. 36 @, S(ST%M ST#D( -%AS!B!L!T( ST#D( ;he feasibility of the pro:ect is analy#ed in this phase and business proposal is put forth with a very general plan for the pro:ect and some cost estimates. 7uring system analysis the feasibility study of the proposed system is to be carried out. ;his is to ensure that the proposed system is not a burden to the company. .or feasibility analysis, some understanding of the ma:or requirements for the system is essential. ;hree key considerations involved in the feasibility analysis are 8'3@3+I'A? .8A&I2I?I;G ;8'5@I'A? .8A&I2I?I;G &3'IA? .8A&I2I?I;G %C"N"M!CAL -%AS!B!L!T( ;his study is carried out to check the economic impact that the system will have on the organi#ation. ;he amount of fund that the company can pour into the research and development of the system is limited. ;he e)penditures must be :ustified. ;hus the developed system as well within the budget and this was achieved because most of the technologies used are freely available. 3nly the customi#ed products had to be purchased. T%C.N!CAL -%AS!B!L!T( ;his study is carried out to check the technical feasibility, that is, the technical requirements of the system. Any system developed must not have a high demand on the available technical resources. ;his will lead to high demands on the available technical resources. ;his will lead to high demands being placed on the client. ;he developed system 37 must have a modest requirement, as only minimal or null changes are required for implementing this system. S"C!AL -%AS!B!L!T( ;he aspect of study is to check the level of acceptance of the system by the user. ;his includes the process of training the user to use the system efficiently. ;he user must not feel threatened by the system, instead must accept it as a necessity. ;he level of acceptance by the users solely depends on the methods that are employed to educate the user about the system and to make him familiar with it. 5is level of confidence must be raised so that he is also able to make some constructive criticism, which is welcomed, as he is the final user of the system. 38 D S(ST%M D%S!'N AND D%2%L"+M%NT D1 !N+#T D%S!'N Input 7esign plays a vital role in the life cycle of software development, it requires very careful attention of developers. ;he input design is to feed data to the application as accurate as possible. &o inputs are supposed to be designed effectively so that the errors occurring while feeding are minimi#ed. According to &oftware 8ngineering 'oncepts, the input forms or screens are designed to provide to have a validation control over the input limit, range and other related validations. ;his system has input screens in almost all the modules. 8rror messages are developed to alert the user whenever he commits some mistakes and guides him in the right way so that invalid entries are not made. ?et us see deeply about this under module design. Input design is the process of converting the user created input into a computer(based format. ;he goal of the input design is to make the data entry logical and free from errors. ;he error is in the input are controlled by the input design. ;he application has been developed in user(friendly manner. ;he forms have been designed in such a way during the processing the cursor is placed in the position where must be entered. ;he user is also provided within an option to select an appropriate input from various alternatives related to the field in certain cases. ;he input design is the link between the information system and the user. It comprises the developing specification and procedures for data preparation and those steps are necessary to put transaction data in to a usable form for processing can be achieved by inspecting the computer to read data from a written or printed document or it can occur by having people keying the data directly into the system. ;he design of input focuses on controlling the amount of input required, controlling the errors, avoiding delay, avoiding e)tra steps and keeping the process simple. ;he input is designed in such a way so that it provides security and ease of use with retaining the privacy. Input 7esign considered the following things> What data should be given as inputL 5ow the data should be arranged or codedL ;he dialog to guide the operating personnel in providing input. 39 +ethods for preparing input validations and steps to follow when error occur. "B1%CT!2%S 1. Input 7esign is the process of converting a user(oriented description of the input into a computer( based system. ;his design is important to avoid errors in the data input process and show the correct direction to the management for getting correct information from the computeri#ed system. !. It is achieved by creating user(friendly screens for the data entry to handle large volume of data. ;he goal of designing input is to make data entry easier and to be free from errors. ;he data entry screen is designed in such a way that all the data manipulates can be performed. It also provides record viewing facilities. ". When the data is entered it will check for its validity. 7ata can be entered with the help of screens. Appropriate messages are provided as when needed so that the user will not be in mai#e of instant. ;hus the ob:ective of input design is to create an input layout that is easy to follow *alidations are required for each data entered. Whenever a user enters an erroneous data, error message is displayed and the user can move on to the subsequent pages after completing all the entries in the current page. D$ "#T+#T D%S!'N ;he 3utput from the computer is required to mainly create an efficient method of communication within the company primarily among the pro:ect leader and his team members, in other words, the administrator and the clients. ;he output of *6@ is the system which allows the pro:ect leader to manage his clients in terms of creating new clients and assigning new pro:ects to them, maintaining a record of the pro:ect validity and providing folder level access to each client on the user side depending on the pro:ects allotted to him. After completion of a pro:ect, a new pro:ect may be assigned to the client. Kser authentication procedures are maintained at the initial stages itself. A new user may be created by the administrator himself or a user can himself register as a new user but the task of assigning pro:ects and validating a new user rests with the administrator only. 40 ;he application starts running when it is e)ecuted for the first time. ;he server has to be started and then the internet e)plorer in used as the browser. ;he pro:ect will run on the local area network so the server machine will serve as the administrator while the other connected systems can act as the clients. ;he developed system is highly user friendly and can be easily understood by anyone using it even for the first time. A quality output is one, which meets the requirements of the end user and presents the information clearly. In any system results of processing are communicated to the users and to other system through outputs. In output design it is determined how the information is to be displaced for immediate need and also the hard copy output. It is the most important and direct source information to the user. 8fficient and intelligent output design improves the systemHs relationship to help user decision(making. 1. 7esigning computer output should proceed in an organi#ed, well thought out manner the right output must be developed while ensuring that each output element is designed so that people will find the system can use easily and effectively. When analysis design computer output, they should Identify the specific output that is needed to meet the requirements. !.&elect methods for presenting information. ".'reate document, report, or other formats that contain information produced by the system. ;he output form of an information system should accomplish one or more of the following ob:ectives. 'onvey information about past activities, current status or pro:ections of the .uture. &ignal important events, opportunities, problems, or warnings. ;rigger an action. 'onfirm an action. 41 1A M"D#L%S 5andling 7ifferent ;ransmission 6erformance of 7etection ;he @umber 3f Attackers Attacker @umber 7etermination ;he &ilence +echanism &upport *ector +achines(2ased +echanism M"D#L% D%SCR!+T!"N .andling Different Trans4ission ;he spoofing attacker used transmission power of 1- d2 to send packets, whereas the original node used 1/ d2 transmission power level. We observed that the curve of 7m under the different transmission power level shifts to the right indicating larger 7m values. ;hus, spoofing attacks launched by using different transmission power levels will be detected effectively in <A78. +erfor4ance of Detection ;he cluster analysis for attack detection, .ig. B presents the %eceiver 3perating 'haracteristic curves of using 7m as a test statistic to perform attack detection for both the ,-!.11 and the ,-!.1/.0 networks. ;able 1 presents the detection rate and false positive rate for both networks under different threshold settings. ;he results are encouraging, showing that for false positive rates less than 1- percent, the detection rate are above 4, percent when the threshold is around , d2. 8ven when the false positive rate goes to #ero, the detection rate is still more than 4/ percent for both networks. T3e Nu46er of Attackers 42 ;he estimation of the number of attackers will cause failure in locali#ing the multiple adversaries. As we do not know how many adversaries will use the same node identity to launch attacks, determining the number of attackers becomes a multiclass detection problem and is similar to determining how many clusters e)ist in the %&& readings. Attacker Nu46er Deter4ination ;he &ystem 8volution is a new method to analy#e cluster structures and estimate the number of clusters. ;he &ystem 8volution method uses the twin(cluster model, which are the two closest clusters among = potential clusters of a data set. ;he twin(cluster model is used for energy calculation. ;he 6artition 8nergy denotes the border distance between the twin clusters, whereas the +erging 8nergy is calculated as the average distance between elements in the border region of the twin clusters. T3e Silence Mec3anis4 ;he advantage of &ilhouette 6lot is that it is suitable for estimating the best partition. Whereas the &ystem 8volution method performs well under difficult cases such as when there e)ists slightly overlapping between clusters and there are smaller clusters near larger clusters. 5owever, we observed that for both &ilhouette 6lot and &ystem 8volution methods, the 5it %ate decreases as the number of attackers increases, although the 6recision increases. Support 2ector Mac3inesBBased Mec3anis4 ;he training data collected during the offline training phase, we can further improve the performance of determining the number of spoofing attackers. In addition, given several statistic methods available to detect the number of attackers, such as &ystem 8volution and &I?8@'8, we can combine the characteristics of these methods to achieve a higher detection rate. In this section, we e)plore using &upport *ector +achines to classify the number of the spoofing attackers. 11.SYSTEM TESTING 43 111 T%ST!N' M%T."D"L"'!%S The following are the Testing Methodologies: o Unit Testing. o Integration Testing. o User Acceptance Testing. o !tp!t Testing. o "ali#ation Testing. Unit Testing Unit testing focuses erification effort on the s!allest unit of "oftware design that is the !odule# Unit testing e$ercises s%ecific %aths in a !odule&s control structure to ensure co!%lete coerage and !a$i!u! error detection# This test focuses on each !odule indiiduall'( ensuring that it functions %ro%erl' as a unit# )ence( the na!ing is Unit Testing# *uring this testing( each !odule is tested indiiduall' and the !odule interfaces are erified for the consistenc' with design s%ecification# +ll i!%ortant %rocessing %ath are tested for the e$%ected results# +ll error handling %aths are also tested# Integration Testing ,ntegration testing addresses the issues associated with the dual %ro-le!s of erification and %rogra! construction# +fter the software has -een integrated a set of high order tests are conducted# The !ain o-.ectie in this testing %rocess is to ta/e unit tested !odules and -uilds a %rogra! structure that has -een dictated -' design# 44 T$e %ollo&ing are t$e types o% Integration Testing' 1. Top (o&n Integration ;his method is an incremental approach to the construction of program structure. +odules are integrated by moving downward through the control hierarchy, beginning with the main program module. ;he module subordinates to the main program module are incorporated into the structure in either a depth first or breadth first manner. ,n this !ethod( the software is tested fro! !ain !odule and indiidual stu-s are re%laced when the test %roceeds downwards# ). *ottom+!p Integration ;his method begins the construction and testing with the modules at the lowest level in the program structure. &ince the modules are integrated from the bottom up, processing required for modules subordinate to a given level is always available and the need for stubs is eliminated. ;he bottom up integration strategy may be implemented with the following steps> The low0leel !odules are co!-ined into clusters into clusters that %erfor! a s%ecific "oftware su-0function# + drier 1i#e#2 the control %rogra! for testing is written to coordinate test case in%ut and out%ut# The cluster is tested# *riers are re!oed and clusters are co!-ined !oing u%ward in the %rogra! structure The -otto! u% a%%roaches tests each !odule indiiduall' and then each !odule is !odule is integrated with a !ain !odule and tested for functionalit'# User Acceptance Testing 45 User +cce%tance of a s'ste! is the /e' factor for the success of an' s'ste!# The s'ste! under consideration is tested for user acce%tance -' constantl' /ee%ing in touch with the %ros%ectie s'ste! users at the ti!e of deelo%ing and !a/ing changes whereer re3uired# The s'ste! deelo%ed %roides a friendl' user interface that can easil' -e understood een -' a %erson who is new to the s'ste!# !tp!t Testing After performing the validation testing, the ne)t step is output testing of the proposed system, since no system could be useful if it does not produce the required output in the specified format. Asking the users about the format required by them tests the outputs generated or displayed by the system under consideration. 5ence the output format is considered in ! ways X one is on screen and another in printed format. "ali#ation C$ec,ing 4alidation chec/s are %erfor!ed on the following fields# Te-t .iel#' ;he te)t field can contain only the number of characters lesser than or equal to its si#e. ;he te)t fields are alphanumeric in some tables and alphabetic in other tables. Incorrect entry always flashes and error message. N!meric .iel#' ;he numeric field can contain only numbers from - to 4. An entry of any character flashes an error messages. ;he individual modules are checked for accuracy and what it has to perform. 8ach module is sub:ected to test run along with sample data. ;he individually tested modules are integrated into a single system. ;esting involves e)ecuting the real data information is used in the program the e)istence of any program defect is inferred from the output. ;he testing should be planned so that all the requirements are individually tested. A successful test is one that gives out the defects for the inappropriate data and produces and output revealing the errors in the system. 46 Preparation o% Test (ata Ta/ing arious /inds of test data does the a-oe testing# 5re%aration of test data %la's a ital role in the s'ste! testing# +fter %re%aring the test data the s'ste! under stud' is tested using that test data# 6hile testing the s'ste! -' using test data errors are again uncoered and corrected -' using a-oe testing ste%s and corrections are also noted for future use# Using /ive Test (ata' ?ive test data are those that are actually e)tracted from organi#ation files. After a system is partially constructed, programmers or analysts often ask users to key in a set of data from their normal activities. ;hen, the systems person uses this data as a way to partially test the system. In other instances, programmers or analysts e)tract a set of live data from the files and have them entered themselves. It is difficult to obtain live data in sufficient amounts to conduct e)tensive testing. And, although it is realistic data that will show how the system will perform for the typical processing requirement, assuming that the live data entered are in fact typical, such data generally will not test all combinations or formats that can enter the system. ;his bias toward typical values then does not provide a true systems test and in fact ignores the cases most likely to cause system failure. Using Arti%icial Test (ata' +rtificial test data are created solel' for test %ur%oses( since the' can -e generated to test all co!-inations of for!ats and alues# ,n other words( the artificial data( which can 3uic/l' -e %re%ared -' a data generating utilit' %rogra! in the infor!ation 47 s'ste!s de%art!ent( !a/e %ossi-le the testing of all login and control %aths through the %rogra!# The !ost effectie test %rogra!s use artificial test data generated -' %ersons other than those who wrote the %rogra!s# 7ften( an inde%endent tea! of testers for!ulates a testing %lan( using the s'ste!s s%ecifications# The %ac/age 84irtual 5riate 9etwor/: has satisfied all the re3uire!ents s%ecified as %er software re3uire!ent s%ecification and was acce%ted# USE0 T0AINING 6heneer a new s'ste! is deelo%ed( user training is re3uired to educate the! a-out the wor/ing of the s'ste! so that it can -e %ut to efficient use -' those for who! the s'ste! has -een %ri!aril' designed# ;or this %ur%ose the nor!al wor/ing of the %ro.ect was de!onstrated to the %ros%ectie users# ,ts wor/ing is easil' understanda-le and since the e$%ected users are %eo%le who hae good /nowledge of co!%uters( the use of this s'ste! is er' eas'# MAINTAINENCE This coers a wide range of actiities including correcting code and design errors# To reduce the need for !aintenance in the long run( we hae !ore accuratel' defined the user&s re3uire!ents during the %rocess of s'ste! deelo%!ent# *e%ending on the re3uire!ents( this s'ste! has -een deelo%ed to satisf' the needs to the largest %ossi-le e$tent# 6ith deelo%!ent in technolog'( it !a' -e %ossi-le to add !an' !ore features -ased on the re3uire!ents in future# The coding and designing is si!%le and eas' to understand which will !a/e !aintenance easier#
48 1).TESTING ST0ATEGY ' + strateg' for s'ste! testing integrates s'ste! test cases and design techni3ues into a well %lanned series of ste%s that results in the successful construction of software# The testing strateg' !ust co0o%erate test %lanning( test case design( test e$ecution( and the resultant data collection and ealuation #+ strateg' for software testing !ust acco!!odate low0leel tests that are necessar' to erif' that a s!all source code seg!ent has -een correctl' i!%le!ented as well as high leel tests that alidate !a.or s'ste! functions against user re3uire!ents# "oftware testing is a critical ele!ent of software 3ualit' assurance and re%resents the ulti!ate reiew of s%ecification design and coding# Testing re%resents an interesting ano!al' for the software# Thus( a series of testing are %erfor!ed for the %ro%osed s'ste! -efore the s'ste! is read' for user acce%tance testing# SYSTEM TESTING' "oftware once alidated !ust -e co!-ined with other s'ste! ele!ents 1e#g# )ardware( %eo%le( data-ase2# "'ste! testing erifies that all the ele!ents are %ro%er and that oerall s'ste! function %erfor!ance is achieed# ,t also tests to find discre%ancies -etween the s'ste! and its original o-.ectie( current s%ecifications and s'ste! docu!entation# UNIT TESTING' 49 ,n unit testing different are !odules are tested against the s%ecifications %roduced during the design for the !odules# Unit testing is essential for erification of the code %roduced during the coding %hase( and hence the goals to test the internal logic of the !odules# Using the detailed design descri%tion as a guide( i!%ortant <onrail %aths are tested to uncoer errors within the -oundar' of the !odules# This testing is carried out during the %rogra!!ing stage itself# ,n this t'%e of testing ste%( each !odule was found to -e wor/ing satisfactoril' as regards to the e$%ected out%ut fro! the !odule# ,n *ue <ourse( latest technolog' adance!ents will -e ta/en into consideration# +s %art of technical -uild0u% !an' co!%onents of the networ/ing s'ste! will -e generic in nature so that future %ro.ects can either use or interact with this# The future holds a lot to offer to the deelo%!ent and refine!ent of this %ro.ect# R%-%R%NC%S A1C F. 2ellardo and &. &avage, I,-!.11 7enial(of(&ervice Attacks> %eal *ulnerabilities and 6ractical &olutions,J 6roc. K&8@ID &ecurity &ymp., pp. 1/(!,, !--". 50 A!C .. .erreri, +. 2ernaschi, and ?. *alcamonici, IAccess 6oints *ulnerabilities to 7os Attacks in ,-!.11 @etworks,J 6roc. I888 Wireless 'omm. and @etworking 'onf., !--0. A"C 7. .aria and 7. 'heriton, I7etecting Identity(2ased Attacks in Wireless @etworks Ksing &ignalprints,J 6roc. A'+ Workshop Wireless &ecurity $Wi&e), &ept. !--B. A0C M. ?i and W. ;rappe, I%elationship(2ased 7etection of &poofing( %elated Anomalous ;raffic in Ad 5oc @etworks,J 6roc. Ann. I888 'omm. &oc. on I888 and &ensor and Ad 5oc 'omm. and @etworks $&8'3@), !--B. A/C 2. Wu, F. Wu, 8. .ernande#, and &. +agliveras, I&ecure and 8fficient =ey +anagement in +obile Ad 5oc @etworks,J 6roc. I888 IntHl 6arallel and 7istributed 6rocessing &ymp. $I676&), !--/. ABC A. Wool, I?ightweight =ey +anagement for I888 ,-!.11 Wireless ?ans With =ey %efresh and 5ost %evocation,J A'+N&pringer Wireless @etworks, vol. 11, no. B, pp. BEE( B,B, !--/. AEC G. &heng, =. ;an, <. 'hen, 7. =ot#, and A. 'ampbell, I7etecting ,-!.11 +A' ?ayer &poofing Ksing %eceived &ignal &trength,J 6roc. I888 I@.3'3+, Apr. !--,. 51