Title: Norwich University David Crawford School of Engineering
1Secure Wireless Communications Deployment Tool
Natalie Deslandes Nathan Bailey Senior Project
Presentation December 8, 2003
Norwich University David Crawford School of
Engineering
2Presentation Outline
- Project Motivation and Goals
- Technical Background
- Wireless Networks
- Ray Tracing
- Proposed Work
- Project Benefits
3Project Motivation
- Increased popularity of wireless networks
- Wireless signals can be intercepted outside the
building (big security problem) - Ray tracing can predict the strength of wireless
signals in and outside of a building - Ray tracing results can be used to determine the
best locations to place wireless network
equipment to avoid signals getting outside the
building
4Project Goals
- To learn more on current wireless network
security flaws and solutions - To perform measurements of wireless signals in
and outside the Partridge building - To create a ray tracing model of the Partridge
building and verify ray tracing predictions
against measurements - To design a software tool based on ray tracing
that optimizes the location of wireless network
equipment for max inside coverage and minimal
outside leakage of wireless signals - To verify that it works
5Technical BackgroundWireless Networks
- Wireless Networks
- IEEE 802.11 first draft standard completed in
1997, still being augmented - They serve mainly as an extension to an existing
wired networks
6Wireless Network Overview
7Equipment from ARL
8Wireless Access Points
- It is a station that transmits and receives data
through frequencies. - Wireless Ethernet Port
- The Ethernet cable is connected to the access
point instead of the computer to allow access.
9Wireless Network Card
- Hardware device in a client computer (most often
a card that fits in a PCMCIA Type II slot in a
notebook computer) that communicates with an
Access Point via radio signals (i.e., without
wires). - Wireless Client Adapter".
10IEEE 802.11 Standard
- Summary table
- II. Security
11Security
- Security option
- Wired Equivalent
- Privacy (WEP)
- 128 Bit encryption
12Vulnerabilities
- Eavesdropping (Netstumbler, Ethereal, Bogus AP)
- DoS
- WEP cracking
13Eavesdropping
14Eavesdropping (contd)
15Eavesdropping (contd)
16DOS
- "flooding" a network with packets, thereby
preventing legitimate network traffic - Transmitting with a transmitter (ie. Cordless
phone) at the frequency of 2.4 G Hz
17WEP Cracking
- Using a bogus access point to gather information
on the key. - Dictionary-building attack that, after analysis
of about a day's worth of traffic, allows
real-time automated decryption of all traffic. - WEPCrack (software)
18Protection
- Firewalls
- IDS
- IEEE 802.11 i
19Firewalls
20Intrusion Detection Systems
- Ethereal
- Used in
- Monitoring
- traffic
21IEEE 802.11 i
- The encryption method Advanced Encryption
Standard (AES) looking to fix the WEP problems
in the 802.11 a and b.
22Measurement System
To be moved
Stationary
23Diagnostic Software
- Recorded Data
- Signal Strength
- Transmit Rate
- Receive Rate
- Distance according
- to blueprints
24Spectrum Analyzer
25Technical BackgroundRay Tracing
- Requires an ASCII floor plan of the building
- Computes the geometrical paths (bouncing off
walls) - Computes the electromagnetic properties of the
paths
26Ray TracingGeometrical Engine
27Ray TracingElectromagnetic Engine
28Optimization of Parameters
29Proposed Work
- Measurements in Partridge
- Ray Tracing Partridge Model
- RT/MS Comparisons and Parameter Optimization
- Access Point Map
- Coverage Map
30Measurements
- AP fixed at a few locations
- Laptop moved to several positions (both inside
and outside Partridge first floor ) - AP and laptop positions carefully measured with
respect to building blue prints - Few test measurements to verify procedures
- Massive measurements done in a few days
31Model of Partridge
32RT/MS Comparison
- Create a calibration curve between diagnostic
software readings and spectrum analyzer power
values - Run RT on corresponding AP and laptop positions
- Extract RT peak power predictions for each
measurement case - Tabulate the MS and RT data and examine the
results
33Comparison with Measurements
34Optimization of RT Parameters
- Verify that measurement and RT power predictions
are within 3 dB - If not, use the optimization procedures defined
during summer 2003 by running the optimization of
the RT floor plan material electromagnetic
properties - Repeat until 3 dB tolerance is met
35Coverage Map
- Add an option for 100 receiver locations look up
file and a loop in the ray tracing program - Add a save to file in the RT to produce a data
file with receiver position and peak power - Create a MATLAB script that reads in the data
file and the floor plan file and produces a 2D
(position) top view color map of the power levels
36Power Coverage Maps
37Access Point Map
- Construct a command file to run the current RT
engines to compute the peak power for 5 to 10
relevant receiver locations and a single AP
location. - Augment the command file to move both x and y
coordinates of the AP. Define error criterion to
be used. - Adjust the MATLAB engines to accommodate more
receiver locations and access points.
38Access Point Map
39Proposed Work Timeline
40Project Benefits
- To raise awareness and find solutions to WLAN
security issues - To report on the exact leakage of WLAN signals
outside a typical office building - To use summer research results in optimization
for a useful and accurate AP deployment tool - To help ARL and others considering the deployment
of WLANs
41Questions ?