Proposal Presentation

36
Wireless Intrusion Detection & Response ECE 4006 Group 2: Seng Ooh Toh Varun Kanotra Nitin Namjoshi Yu-Xi Lim

Transcript of Proposal Presentation

Page 1: Proposal Presentation

Wireless Intrusion Detection & Response

ECE 4006 Group 2:Seng Ooh TohVarun KanotraNitin Namjoshi

Yu-Xi Lim

Page 2: Proposal Presentation

Contents Project Description & Demo Competitors & Market Building Blocks & Project Timeline Challenges, Risks and Difficulty Level Product Testing Hardware and Software

Requirements

Page 3: Proposal Presentation

Project Description

Page 4: Proposal Presentation

What is the product? An access point which can detect

intruders and take counter measures Detection of Netstumbler Blocking / Jamming Netstumbler without

affecting network performance Product will be open source and will

integrate several available technologies

Page 5: Proposal Presentation

Project Demo Several computers on a wireless

network Wireless network intruder using

Netstumbler Three Phases

Network setup Netstumbler and intrusion Intrusion detection and counter

measures

Page 6: Proposal Presentation

Phase I – Network Setup 2-3 Linux machines setup with an

access point to form a 802.11b network

Data (packets) routed from linux machines to each other through AP

Access point monitor used to detect source and destination of packets passing through the access point

Page 7: Proposal Presentation

Phase II – Intrusion Intrusion detection and jamming

turned off Netstumbler used to access

information on the wireless network

Netstumbler captured packet information shown

Page 8: Proposal Presentation

Phase III – Intrusion Detection & Counter Measures Netstumbler packet detection Blocking of Netstumbler packets,

RF jamming or fake AP barrage Data rate on wireless network

measured w/ and w/o counter measures

Page 9: Proposal Presentation

User Interface Focus on proving the concept Open source allows end users to

develop UI according to their needs

Basic text-based user interface for testing, debugging and demo

Page 10: Proposal Presentation

Competitors & Market

Page 11: Proposal Presentation

Competitors Fake AP – Product developed by

Black Alchemy. Used for flooding the wireless

network with false AP beacon packets.

Netstumbler gets overwhelmed with thousands of access points.

Open Source, supported by linux.

Page 12: Proposal Presentation

Competitors (contd.) Air Defense – Enterprise/Military

wireless intrusion detection system. Sold as a complete system which

includes AirDefense sensors, server appliance.

Does not take action against intruder, just monitors the network, and informs the administrator of any suspicious activity.

Page 13: Proposal Presentation

Price Fake AP is a freeware. Available

at: http://www.blackalchemy.to/Projects/fakeap/fake-ap.html

AirDefense system costs between $19,000 to $25,000.

Page 14: Proposal Presentation

Our Product No product in the market today

combines both Intrusion detection and response.

Our product shall be freely available.

This makes product unique and attractive to potential users.

Page 15: Proposal Presentation

Building Blocks Setup – Installing network cards on

two linux machines, installing HostAP drivers, installing wireless sniffers, packet sniffer libraries.

Detect NetStumbler – recognize netstumbler signature, UI design for reporting malicious activity.

Page 16: Proposal Presentation

Building Blocks (contd.) Counter-measures – - Logging event information (MAC, time,

physical location)- Sending bogus AP information.- DoS

Port to Open AP – combine detection and countermeasure and run it on an AP.

Page 17: Proposal Presentation

Building Blocks (contd.) OpenAP PC interface – write a TCP

sockets client-server program.

Allow network administrator to remotely configure and acquire information from Access Point.

Page 18: Proposal Presentation

Projected Timeline 12 weeks to complete.

Page 19: Proposal Presentation

Task Assignments

Page 20: Proposal Presentation

Challenges, Risks and Difficulty Level

Page 21: Proposal Presentation

Initial Setup – Challenges and Difficulty Lack of resources for experimental

drivers Recompilation of kernel and other

support packages Compatibility and interoperability

of hardware

Page 22: Proposal Presentation

Initial Setup - Risk Project could be severely delayed

if we are plagued with compatibility issues

Incompatible hardware might require extra expenses to get different cards

Page 23: Proposal Presentation

Wardriving Detection – Challenges and Difficulty Limited storage memory Libpcap vs. low-level syscalls Development of algorithm for

heuristic Wardriving detection

Page 24: Proposal Presentation

Wardriving Detection – Risks Inability to differentiate between

Wardriver and legitimate client renders module useless

Forced to resort to low-level syscalls without availability of experimental driver documentation

Page 25: Proposal Presentation

Countermeasure – Challenges and Difficulty Limited storage memory Countermeasures without affecting

normal network performance Discovering new denial-of-service

attacks attains Wardriving client

Page 26: Proposal Presentation

Porting to Access Point Different development framework Inaccessibility of access point Limited debug tools

Page 27: Proposal Presentation

Product Testing

Page 28: Proposal Presentation

Stage 1 : Wardriver Detection Reliable Wardriver detection Does not pick up legitimate traffic

from a variety of wireless cards Logging

Page 29: Proposal Presentation

Stage 2 : Countermeasure Executed in parallel with Stage 1 Sufficiently confuses Wardriver Disables Wardriver Does not affect normal network

traffic

Page 30: Proposal Presentation

Stage 3 : Access Point Remote deployment Durability (uptime) Status monitored remotely

Page 31: Proposal Presentation

Hardware and Software Requirements

Page 32: Proposal Presentation

Hardware Required 2x Linksys Wireless PC Card 1x Orinoco Gold Wireless Card 2x PCI-PC Card adapter USR 2450 Access Point Pretec 4MB Linear Mapped Card

Page 33: Proposal Presentation

Software Required Host AP Open AP Net Stumbler Ethereal Other scanners Other sniffers

Page 34: Proposal Presentation

Parts Designed and Adapted

Page 35: Proposal Presentation

Parts Adapted or Reused Host AP Open AP Fake AP

Page 36: Proposal Presentation

Parts Designed Intrusion detection algorithm Integration on Host AP Integration on Open AP