SecureAngle: improving wireless security using angle-of-arrival information (poster abstract)

Wireless local area networks play an important role in our everyday lives, at the workplace and at home. However, wireless networks are also relatively vulnerable: physically located off-premises, attackers can circumvent wireless security protocols such as WEP, WPA, and even to some extent WPA2, presenting a security risk to the entire network. To address this problem, we propose SecureAngle, a system designed to operate alongside existing wireless security protocols, adding defense in depth. SecureAngle employs multiantenna APs to profile the directions at which a client's signal arrives, using this angle-of-arrival information to construct unique signatures that identify each client. With these signatures, we are currently investigating how a SecureAngle enabled AP can enable a "virtual fence" that drops frames injected into the network from a client physically located outside a building, and how a SecureAngle-enabled AP can prevent malicious parties from spoofing the link-layer address of legitimate clients.

[1]  Bruce Schneier,et al.  Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) , 1999, CQRE.

[2]  Mark Handley,et al.  The final nail in WEP's coffin , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[3]  Edward W. Knightly,et al.  Modulation Rate Adaptation in Urban and Vehicular Environments: Cross-Layer Implementation and Experimental Evaluation , 2008, IEEE/ACM Transactions on Networking.

[4]  Wei Wang,et al.  SAM: enabling practical spatial multiple access in wireless LAN , 2009, MobiCom '09.

[5]  Erik Tews,et al.  Practical attacks against WEP and WPA , 2009, WiSec '09.

[6]  Paramvir Bahl,et al.  Towards highly reliable enterprise network services via inference of multi-level dependencies , 2007, SIGCOMM '07.

[7]  Sneha Kumar Kasera,et al.  Robust location distinction using temporal link signatures , 2007, MobiCom '07.

[8]  Mark A Beach,et al.  Dynamics of Spatial Eigen Modes in Measured MIMO Channels with Different Antenna Modules , 2007 .

[9]  Geoffrey G. Messier,et al.  Using WLAN Infrastructure for Angle-of-Arrival Indoor User Location , 2008, 2008 IEEE 68th Vehicular Technology Conference.

[10]  Erik Tews,et al.  Breaking 104 Bit WEP in Less Than 60 Seconds , 2007, WISA.

[11]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[12]  David R. Cheriton,et al.  Detecting identity-based attacks in wireless networks using signalprints , 2006, WiSe '06.

[13]  R. O. Schmidt,et al.  Multiple emitter location and signal Parameter estimation , 1986 .

[14]  Paramvir Bahl,et al.  Detailed diagnosis in enterprise networks , 2009, SIGCOMM '09.

[15]  Donald C. Cox,et al.  Robust frequency and timing synchronization for OFDM , 1997, IEEE Trans. Commun..

[16]  Srinivasan Seshan,et al.  Geo-fencing: Confining Wi-Fi Coverage to Physical Boundaries , 2009, Pervasive.