With the rise of Voice over wireless LAN (VoWLAN), any complete WiFi security solution must address denial of service attacks, such as kicking off other clients, consuming excessive bandwidth, or spoofing access points, to the detriment of legitimate clients. Even an authorized client may be able to sufficiently disrupt service quality to make the network ineffective for legitimate clients.
We take a three-point, MAP (Measure, Analyze, Protect) approach to develop an integrated and extensible framework to address existing and future attacks on WiFi networks. Specifically, we focus our efforts on an integrated set of new components that allow a WiFi network operator to measure and analyze WiFi and VoWLAN activity, and in real-time to identify and defend against MAC-layer attacks on that infrastructure. Our plan includes three overlapping phases: research, prototype development, and deployment on a large portion of Dartmouth's campus-wide wireless network.
Measurement: we have developed novel and scalable techniques to collect multi-channel MAC-layer traces of the wireless environment, building on our wireless-measurement infrastructure. Our independant and coordinated channel sampling strategies dynamically adapt to current channel conditions. These are augmented by our refocusing mechanism which takes input from the analysis engines to further improve relevant frame capture.
Analysis: We have developed novel anomaly and signature detection techniques. Our MAC spoofing detection algorithm is based on RSSI observed at the air monitors.
Protection: we will develop a policy-driven protection engine that leverages existing defense mechanisms; the R&D challenge here is to integrate them into our analysis framework and to evaluate the impact of automated defenses on well-behaved users in a network.
With our partner, Aruba Networks, we will develop and deploy prototypes for testing in Phase 1-2, and in the third phase we are deploying our prototypes across Dartmouth' next-generation campus-wide WiFi network; this testbed provides valuable data for the research team and valuable input into Aruba's product pipeline.
We plan significant, novel extensions to existing technology; these techniques have never been applied to WiFi networks, to VoWLAN applications, or at the scale necessary for large deployment. Our integrated end-to-end MAP approach is new, and our proposed campus-wide deployment is unprecedented in scope and scale.
Our MAP approach provides a new foundation for wireless network security, able to dynamically measure, analyze and protect a WiFi network against existing and novel threats, including rogue clients and access points, with a focus on VoWLAN use cases.