Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhancing the Security of Corporate Wi-Fi Networks Using DAIR Paramvir Bahl, Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Manpreet Singh, Alec.

Published bySolomon Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "Enhancing the Security of Corporate Wi-Fi Networks Using DAIR Paramvir Bahl, Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Manpreet Singh, Alec."— Presentation transcript:

1 Enhancing the Security of Corporate Wi-Fi Networks Using DAIR Paramvir Bahl, Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Manpreet Singh, Alec Wolman, Brian Zill Presented By: J. Falquez

2 Challenges in Building an Enterprise-scale WiFi Monitoring System Scale of WLAN –Microsoft’s WLAN has over 5000 APs Need to deploy many monitors –Rapid fading of signal in indoor environment –Multiple orthogonal channels –May need observations from multiple vantage points  Pinpoint location of rogue AP

3 Taxonomy of Attacks on Wi-Fi Networks Eavesdropping –Passive snooping (perhaps with high-gain antennas) –Nearly impossible to detect –Cryptographic techniques generally considered sufficient. Intrusion –Rogue AP / Rogue Ad-hoc network Denial of Service –Fake deauthentication/disassociation, NAV attacks, DIFS attacks, Jamming. Phishing –Acquire passwords

4 Example : Rogue AP Careless employee brings AP from home and plugs it into corporate Ethernet Bypasses corporate Wi-Fi security measures –For example: WPA, 802.1X Permits unauthorized users to connect to corporate network –Malicious user outside the building? Widespread Problem –Ongoing concern for MS IT department –Surveyed two major US universities, found multiple rogue APs

5 Need for WiFi Monitoring Systems Preventive measures such as 802.1X do not guarantee full security In addition, need WiFi monitoring system to detect problems in operational WiFi networks –Detect Rogue AP by overhearing packets containing unknown BSSID

6 %0 0% 97% 1.7% 26% 0% Rapid loss of signal strength in indoor environments Complex, time-varying signal propagation Example: Indoor WLAN Monitoring Rogue AP and ClientMonitors Red: Beacon reception rate Blue: Data packet reception rate

7 State of the Art AP-based monitoring [Aruba, AirDefense..] –Pros: Easy to deploy (APs are under central control) –Cons: Single radio APs can not be effective monitors Specialized sensor boxes [Aruba, AirTight, …] –Pros: Can provide detailed signal-level analysis –Cons: Expensive, so can not deploy densely Monitoring by mobile clients [Adya et. al., MobiCom’04] –Pros: Inexpensive, suitable for un-managed environments –Cons:  Coverage not predictable: mobile, battery-powered clients  Only monitor the channel they are connected on

8 Observation Desktop PC’s with good wired connectivity are ubiquitous in enterprises Outfitting a desktop PC with 802.11 wireless is inexpensive –Wireless USB dongles are cheap  As low as $6.99 at online retailers –PC motherboards are starting to appear with built-in 802.11 radios Combine to create a dense deployment of wireless sensors DAIR: Dense Array of Inexpensive Radios +

9 Wired Network Database AirMonitor Land Monitor (1 per subnet) Inference Engine DAIR Architecture Other data: SNMP, Configuration

10 Monitor Architecture

11 Key Characteristics of DAIR High sensor density at low cost –Leverages existing desktop resources –Effective monitoring in indoor environments –Can tolerate loss of a few sensors Sensors are (mostly) stationary –Provides predictable coverage –Permits meaningful historical analysis

12 Applications of the DAIR Platform Security applications –Detecting attacks on Wi-Fi networks –Responding to such attacks Performance management –Monitor RF coverage –Load balancing Location service to support above applications

13 Rogue Wireless Networks An uninformed or careless employee who doesn’t understand (or chooses not to think about) the security implications –Brings AP from home, and attaches it to the corporate network –Configures desktop PC with wireless interface to create a rogue ad-hoc network Bypasses security measures such as WPA, 802.1X

14 Simple Solution Database AirMonitor Inference Engine BSSIDSSID 00:08:AC …MSFT 00:09:3B …MSRLAB Known: Seen: BSSIDSSID 00:08:AC …MSFT 00:09:3B …MSRLAB 0C:3B:5A:Joe’sAP BSSIDSSID 00:08:AC …MSFT 00:09:3B …MSRLAB 0C:3B:5A:Joe’sAP

15 Problem with the Simple Solution False Positives –Multi-office buildings False negatives –Malicious attacker fakes authorized SSID / BSSID DAIR can help reduce both false positives and false negatives –No foolproof way to avoid false positives/negatives completely –DAIR raises bar while generating fewer alarms

16 Reducing False Negatives Suspect is using an “authorized” SSID / BSSID If the “real” AP is still active –Packet sequence numbers not monotonic If real AP is not active –Determine location of suspect –If different than expected, raise alarm

17 Reducing False Positives Detect whether rogue AP is connected to corporate wired network Series of tests: –Association test –Source/destination address test –Replay test

18 Association Test Database AirMonitor Inference Engine 0C:3B:5A:Joe’sAP ? Machine inside corporate firewall If AirMonitor can connect to machine inside firewall via AP then AP is connected to corporate wired network

19 Association Test Test will fail if AP uses WEP or MAC address filtering –People configure home APs with WEP or MAC filtering Failure means we need additional tests …

20 Source / Destination Address Test Database AirMonitor Inference Engine ? Land Monitor 08:5B:3F: … 08:3C:4F:… MAC Addrs Of Subnet Routers Subnet Router

21 Source / Destination Address Test Unencrypted HeaderEncrypted Payload ReceiverTransmitter Destination Access PointClient 802.11 Data Frame (with encryption): MAC Addresses: Known Address? If Destination Address belongs to a subnet router, then AP Is connected to corporate wired network Similar test for Source Address

22 Source / Destination Address Test Test will fail if AP is really a NAT/Router –Many home APs combine AP and NAT/router functionality Failure means that additional tests are needed

23 Replay Test AirMonitor Inference Engine ? Land Monitor 1 2 3 4 X X X X X AirMonitors capture data packets One of the AirMonitors replays captured packets Each packet replayed multiple times At the same time LandMonitors are alerted to watch for duplicate packets on wired network. ?

24 Replay Test AirMonitors replay packets with suspect BSSID –No need to decrypt packet Each packet is replayed multiple times (say 5) LandMonitors detect if duplicate packets are seen on wired network Works for NAT/Routers –Even rogue ad-hoc networks Fails if suspect is using WPA2 or other crypto schemes that are robust against replay attacks

25 Scalability Load on database server Load on individual AirMonitors Additional wired network traffic

26 Load on Database Server 12 AirMonitors AirMonitors submit summarized data every 2 minutes Database Server: MS-SQL 2005, 1.7GHz P4 with 1GB RAM 0 20 40 60 80 100 1AM9PM5PM1PM9AM5AM1AM CPU Load (%)

27

28 Load on Client Machine 0 25 50 75 100 1AM9PM5PM1PM9AM5AM1AM Load (%) Machine not running AirMonitor 0 25 50 75 100 1AM9PM5PM1PM9AM5AM1AM Load (%) Machine running AirMonitor Additional Network Traffic: 2-5Kbps per AirMonitor

29 Summary Built a scalable, cost-effective, dense WLAN monitoring platform in a corporate environment Explored ways to leverage the platform to monitor threats to Wi-Fi networks

30 DAIR ongoing work Which channels should each AirMonitor listen on? –What scanning strategy to use? [Deshpande et. al. 2006] –Depends on density of AirMonitors, environment Building an effective location system Building performance management tools

31 Questions?

Download ppt "Enhancing the Security of Corporate Wi-Fi Networks Using DAIR Paramvir Bahl, Ranveer Chandra, Jitendra Padhye, Lenin Ravindranath, Manpreet Singh, Alec."

Similar presentations

Enterprise Wireless LAN (WLAN) Management and Services

Enterprise Wireless LAN (WLAN) Management and Services
1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl, Jitendra Padhye, Lenin Ravnindranath,

1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl, Jitendra Padhye, Lenin Ravnindranath,
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
Wi-Fi Neighborcast: Enabling communication among nearby clients

Wi-Fi Neighborcast: Enabling communication among nearby clients
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.

Wireless Security. Objective: Understand the benefits of a wireless network Understand security risks Examples of vulnerabilities Methods to protect your.
1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl †, Jitendra Padhye †, Lenin Ravnindranath.

1 DAIR: Dense Array of Inexpensive Radios Managing Enterprise Wireless Networks Using Desktop Infrastructure Victor Bahl †, Jitendra Padhye †, Lenin Ravnindranath.
A Location-Based Management System for Enterprise Wireless LANs Ranveer Chandra, Jitendra Padhye, Alec Wolman and Brian Zill Microsoft Research.

A Location-Based Management System for Enterprise Wireless LANs Ranveer Chandra, Jitendra Padhye, Alec Wolman and Brian Zill Microsoft Research.
A Location-based Management System for Enterprise Wireless LANS Ranveer Chandra, Jitendra Padhye, Alec Wolman, Brian Zill Microsoft Research, NSDI 2007.

A Location-based Management System for Enterprise Wireless LANS Ranveer Chandra, Jitendra Padhye, Alec Wolman, Brian Zill Microsoft Research, NSDI 2007.
 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.

 Any unauthorized device that provides wireless access  Implemented using software, hardware, or a combination of both  It can be intentional or unintentionally.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
A Guide to major network components

A Guide to major network components
1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.
WLAN What is WLAN? Physical vs. Wireless LAN

WLAN What is WLAN? Physical vs. Wireless LAN
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.

Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.

Similar presentations

Ads by Google