RIPPS: Rogue Identifying Packet Payload Slicer Detecting Unauthorized Wireless Hosts Through Network Traffic Conditioning

Authors:
Chad D. Mano;Andrew Blaich;Qi Liao;Yingxin Jiang;David A. Cieslak;David C. Salyers;Aaron Striegel
Affiliations:
University of Notre Dame;University of Notre Dame;University of Notre Dame;University of Notre Dame;University of Notre Dame;University of Notre Dame;University of Notre Dame
Venue:
ACM Transactions on Information and System Security (TISSEC)
Year:
2008

Citing 7
Cited 7

Improving round-trip time estimates in reliable transport protocols

ACM Transactions on Computer Systems (TOCS)
A technique for counting natted hosts

Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Vulnerability Assessment in Wireless Networks

SAINT-W '03 Proceedings of the 2003 Symposium on Applications and the Internet Workshops (SAINT'03 Workshops)
Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks

Proceedings of the 10th annual international conference on Mobile computing and networking
Network intrusion detection: evasion, traffic normalization, and end-to-end protocol semantics

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Sting: a TCP-based network measurement tool

USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
Defending against malicious rogue system threats

Defending against malicious rogue system threats

Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Rogue access point detection using segmental TCP jitter

Proceedings of the 17th international conference on World Wide Web
On fast and accurate detection of unauthorized wireless access points using clock skews

Proceedings of the 14th ACM international conference on Mobile computing and networking
Using link RTT to passively detect unapproved wireless nodes

International Journal of Security and Networks
Using RTT variability for adaptive cross-layer approach to multimedia delivery in heterogeneous networks

IEEE Transactions on Multimedia - Special issue on quality-driven cross-layer design for multimedia communications
WiFiHop - mitigating the Evil twin attack through multi-hop detection

ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Identifying 802.11 traffic from passive measurements using iterative Bayesian inference

IEEE/ACM Transactions on Networking (TON)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Wireless network access has become an integral part of computing both at home and at the workplace. The convenience of wireless network access at work may be extremely beneficial to employees, but can be a burden to network security personnel. This burden is magnified by the threat of inexpensive wireless access points being installed in a network without the knowledge of network administrators. These devices, termed Rogue Wireless Access Points, may allow a malicious outsider to access valuable network resources, including confidential communication and other stored data. For this reason, wireless connectivity detection is an essential capability, but remains a difficult problem. We present a method of detecting wireless hosts using a local RTT metric and a novel packet payload slicing technique. The local RTT metric provides the means to identify physical transmission media while packet payload slicing conditions network traffic to enhance the accuracy of the detections. Most importantly, the packet payload slicing method is transparent to both clients and servers and does not require direct communication between the monitoring system and monitored hosts.