EPSON: enhanced physical security in OFDM networks
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
| Hi-index | 0.00 |
This dissertation presents a location-based approach to wireless security. It differs from current solutions in that it uses information about the physical location of clients to leverage physical security measures instead of relying on long-term secrets such as passwords and private keys. Our approach adapts to the wireless scenario an intuitive security model that is effective and already commonplace in wired LANs. We show that it addresses three problems with current solutions. First is the inability of network administrators to define geographical boundaries for wireless coverage. While access to Ethernet ports can be controlled by locking them inside buildings, wireless links extend connectivity beyond physical boundaries, making networks reachable to users across the street or in nearby buildings, therefore more vulnerable to attacks. We show that our services allow networks to provide connectivity to clients located within the intended service area (SA). Moreover, we show that malicious devices located outside the SA either need to get physically close to it---running afoul of physical security measures---or are faced with impractical hardware demands.The second problem is the lack of proper accountability. Without additional mechanisms, wireless networks are unable to accurately locate and securely identify traffic sources because clients are no longer physically connected to network ports. Even with user authentication and cryptographic packet protection, some link-layer services still rely on MAC addresses to identify clients, making networks vulnerable to denial-of-service attacks that are both effective and easy to implement. We show that our services allow wireless devices to be distinguished and located accurately, making misbehaving clients again physically exposed and accountable for their acts.Finally, most solutions that increase security to acceptable levels incur substantial management costs. Unlike these, our approach is to improve security in a cost-effective manner. Our architecture takes advantage of higher numbers of access points not only to improve accuracy but also to configure itself autonomously, with minimal operator participation. We use extensive measurements in a real setting to show that such automatic calibration provides for accurate services while also allowing networks to scale to large numbers of access points.