SAEW: A Security Assessment and Enhancement System of Wireless Local Area Networks (WLANs)

Aiming at increasingly serious security problems of wireless local area networks (WLANs), this paper analyzes and studies the different security attacks and threats according to the four layer network architecture of WLAN. A WLAN security assessment and enhancement system called SAEW is proposed, which comprises two subsystems of security assessment system of WLAN (SAW) and security enhancement system of WLAN (SEW). The SAW is based on fuzzy logic that combines layering analysis and relevance analysis. The security vulnerabilities of PHY and MAC layer, key management layer and identity authentication layer and relevance of the four layers are analyzed. The security index system of WLAN, fuzzy set and rule base are built based on the WLAN security analysis of the above four layers. Moreover, according to the principles of fuzzy logic, the security level of WLAN is acquired through fuzzy reasoning. Towards the WLAN with low security level, the security enhancement of WLAN is processed. The SEW builds the trusted WLAN to improve the security level of WLAN, which is based on trusted network connect (TNC). By introducing different roles in TNC, such as a metadata access point client defending WPA/WPA2 brute forcer, the security enhancement and defense mechanisms are realized. The results of case study show that the security level is promoted by trusted WLAN.

[1]  Alan J. Marshall,et al.  The Threat-Victim Table: A security prioritisation framework for diverse WLAN network topographies , 2010, 2010 International Conference on Security and Cryptography (SECRYPT).

[2]  Huang Cheng-bo,et al.  Management of aggregated reservation states for RMD based on clock synchronization , 2009 .

[3]  Li Xu,et al.  On the Security of WAI Protocol in the Third Version of WAPI , 2008, 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[4]  Gökhan Dalkiliç,et al.  Analysis of EAP-FAST protocol , 2012, Proceedings of the ITI 2012 34th International Conference on Information Technology Interfaces.

[5]  Jin Zhigang,et al.  Distributed method for cracking WPA/WPA2‐PSK on multi‐core CPU and GPU architecture , 2015 .

[6]  Troels B. Sørensen,et al.  In-Band Interference Effects on UTRA LTE Uplink Resource Block Allocation , 2008, VTC Spring 2008 - IEEE Vehicular Technology Conference.

[7]  Jin Zhigang,et al.  Security analysis of WPS in WLAN , 2013 .

[8]  Jun Chang,et al.  Prevention research of cracking WPA-PSK key based on GPU , 2012, 2012 2nd International Conference on Consumer Electronics, Communications and Networks (CECNet).

[9]  A. Risteski,et al.  Wireless Local Area Network Behavior under RTS Flood DoS attack , 2012, 2012 20th Telecommunications Forum (TELFOR).

[10]  Feng De-min Study and design of access authentication protocol based on TPM , 2009 .

[11]  Jin Wang,et al.  A fuzzy-logic-based approach to qualitative safety modelling for marine systems , 2001, Reliab. Eng. Syst. Saf..

[12]  Gregory B. Brewster,et al.  Empirical studies and queuing modeling of denial of service attacks against 802.11 WLANs , 2010, 2010 IEEE International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[13]  Yonglei Liu Defense of WPA/WPA2-PSK Brute Forcer , 2015 .

[14]  Yu-Lun Huang,et al.  An Analytic Hierarchy Process-Based Risk Assessment Method for Wireless Networks , 2011, IEEE Transactions on Reliability.

[15]  Erik Tews,et al.  Attacks on the WEP protocol , 2007, IACR Cryptol. ePrint Arch..

[16]  Zhe Chen,et al.  ARJ: An IEEE 802.11g All-Channel Jammer with Alterable Jamming Radius: ARJ: An IEEE 802.11g All-Channel Jammer with Alterable Jamming Radius , 2014 .

[17]  Yosuke Todo,et al.  Falsification Attacks against WPA-TKIP in a Realistic Environment , 2012, IEICE Trans. Inf. Syst..

[18]  Francesco Palmieri,et al.  Automatic security assessment for next generation wireless mobile networks , 2011, Mob. Inf. Syst..

[19]  Liu Yong ARJ:An IEEE 802.11g All-Channel Jammer with Alterable Jamming Radius , 2013 .

[20]  Mainak Chatterjee,et al.  Collaborative jamming and collaborative defense in cognitive radio networks , 2013, Pervasive Mob. Comput..

[21]  Tao Xie,et al.  How to Break EAP-MD5 , 2012, WISTP.

[22]  Yu Lu Design of enhanced wireless trusted network accessing attestation model and its protocols , 2010 .

[23]  金志刚,et al.  Security enhancement of WAPI access authentication protocol (WAI) , 2012 .

[24]  Qiang Huang,et al.  Modeling of distributed denial of service attacks in wireless networks , 2003, 2003 IEEE Pacific Rim Conference on Communications Computers and Signal Processing (PACRIM 2003) (Cat. No.03CH37490).

[25]  Young B. Choi,et al.  Corporate wireless LAN security: threats and an effective security assessment framework for wireless information assurance , 2006, Int. J. Mob. Commun..

[26]  Noureddine Zahid,et al.  Security analysis of 3GPP (LTE) — WLAN interworking and a new local authentication method based on EAP-AKA , 2012, The First International Conference on Future Generation Communication Technologies.

[27]  Yang Li Trusted Network Connect Protocol for Wireless Environment , 2010 .

[28]  Lidong Chen,et al.  Where EAP security claims fail , 2007, QSHINE.

[29]  Liu Yong-leib Design and Implementation of 802.11 Jammer Based on Adjacent Channel Interference , 2012 .

[30]  David Q. Liu,et al.  Extensible authentication protocols for IEEE standards 802.11 and 802.16 , 2008, Mobility '08.

[31]  Jason Smith,et al.  Specification-Based Intrusion Detection in WLANs , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[32]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[33]  Srikanth V. Krishnamurthy,et al.  A Measurement-Driven Anti-Jamming System for 802.11 Networks , 2011, IEEE/ACM Transactions on Networking.

[34]  Srikanth V. Krishnamurthy,et al.  On the Efficacy of Frequency Hopping in Coping with Jamming Attacks in 802.11 Networks , 2010, IEEE Transactions on Wireless Communications.

[35]  Ying Wang,et al.  Survey on Security Scheme and Attacking Methods of WPA/WPA2 , 2010, 2010 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM).

[36]  Srikanth V. Krishnamurthy,et al.  Denial of Service Attacks in Wireless Networks: The Case of Jammers , 2011, IEEE Communications Surveys & Tutorials.

[37]  Farrukh Aslam Khan,et al.  A survey of Intrusion Detection Systems for Wireless Sensor Networks , 2012, Int. J. Ad Hoc Ubiquitous Comput..

[38]  Xiaodong Wang,et al.  Jamming Attacks in Wireless Network: Jamming Attacks in Wireless Network , 2012 .

[39]  Michel Barbeau Assessment of the true risks to the protection of confidential information in the wireless home and office environment , 2010, 2010 IEEE International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[40]  Xiao Liu,et al.  Formal Evaluation of Major Authentication Methods for IEEE 802.11i WLAN Standard , 2006, IEEE Vehicular Technology Conference.

[41]  Fu Ming,et al.  Network link layer topology discovery algorithm based on spanning tree , 2010 .

[42]  Valtteri Niemi,et al.  Man-in-the-Middle in Tunneled Authentication Protocols , 2002 .

[43]  Q. I. Ali,et al.  Design and implementation of an embedded intrusion detection system for wireless applications , 2012, IET Inf. Secur..

[44]  Zhao Dongmei,et al.  A risk assessment method of the wireless network security , 2007 .

[45]  Yong Wang,et al.  Smartphone Security Challenges , 2012, Computer.

[46]  Valtteri Niemi,et al.  Man-in-the-Middle in Tunnelled Authentication Protocols , 2003, Security Protocols Workshop.

[47]  Tamma Bheemarjuna Reddy,et al.  On detecting CTS duration attacks using K-means clustering in WLANs , 2012, 2012 IEEE International Conference on Advanced Networks and Telecommunciations Systems (ANTS).