unapproved access point elimination in wlan using multiple agents

UNAPPROVED ACCESS POINT ELIMINATION IN WLAN USING MULTIPLE AGENTS AND SKEW

INTERVALS Prof.S.B.Vanjale (Ph.D Student)

Department of Computer Engg

Bharati Vidyapeeth Deemed University College of Engineering Pune.

[email protected]

J.A.Dave(M.Tech. Student)

Department of Computer Engg

Bharati Vidyapeeth Deemed University College of Engineering Pune

[email protected]

Prof.P.B.Mane

AISSMS IOIT,PUNE-1

[email protected]

I. ABSTRACT

For the Wireless Networks, presence of unapproved access points is becoming the major security issue. If this kind of network threats are not detected and mitigated on time, those will lead to the serious network damage and data loss. There are many researchers proposed solutions to overcome this security problem of WLAN, but those proposed tools having limitations or maybe they not automated to adopt the frequent changes in WLAN. We are into this research to present the new approach based on Master and Slave agents. This proposed approach not only looking for fast detection of Rough Access points in the network but also presenting the solution to mitigate the WLAN from them. In short new framework is dealing with detecting as well as eliminating the Unapproved Access Points in the network. In proposed approach, the Master and slave agents are automatically scanning the networks for any unauthorized access points using the skew intervals. This Methodology has the following outstanding properties: (1) it doesn’t require any specialized hardware; (2) the proposed algorithm detects and completely eliminates the unapproved aps from network; (3) it provides a cost-effective solution; (4) due to multiple master agents possibility of network congestion or delays is reduced. The proposed technique can block unapproved APs as well as remove them from the networks both in form of Unauthorized APs or as a Rogue Clients Acting as APs.

Index Terms— Unapproved Access Point, Master Agent, Slave Agent, DHCP, Wireless Security, WLAN.

II. Introduction

Now days the WLAN communication and data sharing is growing approach rapidly. Connecting with devices anywhere in the network is demanded everywhere. Wireless networks are being driven by the need for providing network access to mobile or nomadic computing devices. Many of such benefits of mobility, greater flexibility, portability and freedom of access come with significant security and performance requirements. However such wireless network communication imposes the new possibilities for network security threat and eavesdropping. Signals from wireless networks are usually unidirectional and emanate beyond the intended

Prof.S.B.Vanjale et al. / International Journal of Engineering Science and Technology (IJEST)

ISSN : 0975-5462 Vol. 4 No.02 February 2012 581

coverage area. Such properties make the physical security of the network mostly impractical. Anyone with an appropriate wireless receiver can eavesdrop, and this kind of eavesdropping is virtually undetected. Various research paper discuss about the most common security protocol, Wired Equivalent Privacy (WEP), has been shown to be breakable even when correctly configured.

In WLAN, most promising security concern is the presence of unapproved access points which is also called as rogue access points [6]. The reason why it’s the most challenging is that nearly all of the other security threats either require a very high-level of technical knowledge or very sophisticated & costly intrusion devices, but these types of devices supporting RAPs could be easily accomplished by people with limited security backgrounds. A Rogue Access Point is typically referred to as an unauthorized AP in the literature. It is a wireless access point that has either been installed on a secure network without explicit authorization from a local administrator [15], or has been created to allow a cracker to conduct a man-in –the middle attack or can be used by adversaries for committing espionage and launching attacks.

On the basis of Gartner research, we can claim that 20% of WLAN word wide having unapproved access points. Often these “Rogue” APs might be installed by valid user attempting to increase the range of the network but doing so without proper authorization. This usually results in a security hole that may be exploited by intruders, or intruder himself planting an AP with a higher broadcast power than normal to masquerade as a legitimate AP. There are various different classes of Rogue APs like unauthorized, improperly configured, phishing and compromised APs and related possible scenarios. Although there are many commercial products of detecting RAPs are available on the market [6-8], there is still very less specific research work is been performed and published on unapproved detection and even less on its complete elimination/blocking.

Thus in this approach we are presenting the new automated and multi agent based framework for efficient and fast detection and elimination of rough access points from the WLAN.

Existing tools and their disadvantages

1. AirDefense:

This is a complete hardware and software system consisting of sensors deployed throughout the network, which are interfaced to a management appliance and administered by a management console. Their starter kit provides five sensors and can guard up to ten APs. AirDefense detects intruders and attacks and also diagnoses potential vulnerabilities in the network like misconfigurations. The manufacturer claims that AirDefense can detect most of the threats mentioned above. Also, AirDefense offers other management functions such as fault tracking and inventory auditing. The company is also launching a new product that offers active responses to intrusion attempts and can integrate with the AirDefense product. Their system forces an intruder to dissociate from the valid network and optionally re-associate with a “honey pot” AP. The combined AirDefense and ActiveDefense systems would come closest to our proposed approach.

Disadvantage: The main disadvantage of this system is response time is very slow in order to detect the fake AP’s or any of attacks which makes system vulnerable for some other problems. In addition to this tool is not available freely. This is commercial product not open source.

2. AirMagnet

Another commercial product is AirMagnet which runs on laptops or handhelds and also includes a Cisco wireless card in the package. Like AirDefense, it incorporates detection of vulnerabilities and intrusions. For intrusions, AirMagnet detects unauthorized APs and clients and DoS attacks by flooding. A similar product is Surveyor Wireless.

Disadvantage: These software products require a technician to move around the network to detect possible security threats. Interestingly, this software may also be used by an intruder, though such use is unlikely because of the high price. Higher cost is problem.



3. Fake AP:

One non-commerical product is Fake AP. Fake AP is a simple Linux program that simulates a user-specified list of APs by broadcasting IEEE 802.11b beacon frames.

Disadvantage: This potentially confuses an intruder passively sniffing the network. This is centrally dependent approach, hence it might take time to respond or confuses on multiple requests.

4. AirSnare

AirSnare is a program for Windows that detects DHCP requests or unauthorized MAC addresses attempting to connect to an AP. Intrusion response consists of an alert to the administrator and optional message is sent to the intruder via Windows netmessage. AirSnare has a non-commercial license.

Disadvantage: Once the main server of detection is hanged due to the excessive network accesses, this tool stops working. This will not more useful in case of large number of DHCP requests. For such cases we must need load balancing approach to handle all the requests concurrently which we are addressing in our proposed approach using master and slave concepts as well as multi agents approach to monitor requests.

III. Recent Algorithm

The recent research on detecting and eliminating the rough access point based master and slave agents is given below along with its limitation.

Proposed Approach Features:

1. Not requiring any specialized hardware in any manner.

2. Includes both detection as well as prevention of RAP’s from wireless networks.

3. Cost effective solution.

4. Use of Mobile agents in order to detect the RAP’s.

5. Based on Multi Agent approach.

System Major Components:

-DHCP-M: This is central repository which is responsible for monitoring the authentication process of active wireless networks.

-Master Agent: Generated at DHCP Server.

-Slave Agent: Generated at every access point in network

-Access Point: Connected with DHCP sever

-Client: Connected with AP.

-Clone Agent: Resided at client side.

Recent Algorithm Steps:

- Generation of Master agent at DHCP Sever or repository.

- Generation of Slave Agent by master agents.



- Dispatching slave agents to all access points.

- Clone of slave agents created at all access points.

- On detection of new access point in the network by client, clone agent at client side build automatically INFO packet and send it to related slave agent.

- Slave agent forwards it to Master Agent.

- Master Agent forwards it to DHCP server for authentication.

- Various conditions checked for matching. If matches, then new slave agent generated for that new access point by Master Agent, else it is detected as rough access point.

- If it’s not match, then following steps are taken to block that fake access point.

1. Extract the MAC address from INFO packet.

2. Extract the network switch address based on that extract MAC address

3. Extract the connected port number based on MAC and Switch address.

4. Finally block that port number from any other wireless LAN traffic.

Following figure 1 shows the recent approach architecture:



Thus the above figure 1 shows the recent paper based proposed approach. Now we have following points which will be the limitation for this work:

- Due to the multi-agent system performance of proposed system and overall network may be down. Performance like overall throughput of wireless networks, packet drop ratio, end to end delay etc.

- Heavy load on one master agent may take unnecessarily extra time while authenticating the new access point in the network, and hence this will may increase extra network overhead and decrease the network throughput.

IV. Proposed algorithm

We propose an additional route to the intermediate node that replies the RREQ message to check whether the route from

Basically for proposed approach we have to ways to verify and rectify the performance related issues:

1) Performance Measurement: We have to do the following measurements

- Finding out the throughput, end to end delay, network load ratio etc. when the wireless network operating at normal mode.

- Finding out the throughput, end to end delay, network load ratio etc when new access point is discovered by client or rough access point detection process.

- Performance comparison between normal mode network and presence of rough access point detection and avoidance process.

2) Generation of Multiple Master Agents: We have to generate two master agents, and if the access points are more means more than 10, then it will automatically generates the third master agent for the same. This will be the completely automated process. Here we are using the completely distributed architecture. If any master agent gets loaded with incoming traffic, then automatic handover is done to the master agent which is idle or having less traffic by discovering the network. Following figure shows the complete architecture for this approach.

3) Skew Intervals: This approach is used to continuously updating the master and slave agents for scanning the unapproved access points.

Thus performance of this approach is taken and compared with performance of previous approach under the similar network conditions. Following figure 2 showing the architecture of new approach:



V. PRACTICAL APPROACH

The details of the process used in the project to build the application which is used to detect the fake access points in the network. The main aim of the application is to detect the fake access points that are present in the network. The major concepts used while developing this application is as follows:

The technology used to develop the application is .Net and language used is C#.Net. The namespace using MetaGeek. WiFi was used to make it possible to use WiFi connections.

The timer graph component was used to generate the graphs according to the time. We build the multiple master and slave agents with this framework for monitoring the unapproved access points in the network. The clock skew was generated by taking out the difference between the last frame received and the first frame received. Keeping in mind the WPA (WiFi Protected Access) standards the application identifies the fake and the real access points.

The timestamp method is called in the file to generate the clockscew for each master and slave agent. The wireless tools usually perform the following activities:

. Wi-Fi Discovery Tool

· Raw Packet Capture Tool

· Traffic Analyzer

· Monitoring Tools

· Visualization tools

· Auditing

· Security

As a capture tool we have used a search engine which scans the whole network and lists the available access points in the network.



For analyzing the traffic the parameters like filters are used.

Monitoring and visualization tools are used as the namespaces which are built in functions that have libraries that help us to use the controls.

For security we have considered the WPA concept so that we can distinguish between the fake and the real access points.

Result: Following snapshots showing the framework:

Figure 3: Main Screen for Framework

Above figure showing that your access point scanning windows is ready to capture all the available access points’ networks in your area.

Figure 4: Results after detecting unapproved AP.

Above figure 4 is showing the graphical performance of network after detecting the unapproved access point in the wireless network.



Following figure showing the filters settings for skew used in order to perform the efficient working of framework.

Figure 5: Filters used for skew settings.

Based on above results, we got the better performances in case of rate of detection, cost required as presented in below figure 6.

Figure 6: Performance Graph.

VI. CONCLUSION

In the research work, we extended the previous approach for detecting and mitigating the presence of unapproved access points in the wireless network. This new approach is also based on multi agent architecture. Here we added the concept of multiple master agents as well as clock skews in order overcome the limitations of single master and multiple slave agents. This approach reduces the possibilities of congestion control in case of large networks and detection of multiple unapproved access points at same time. Eventually this increases the efficiency and accuracy of framework. Concept of clock skews adopts the automatic updates of all master and slave agents in the network, which results into fast detection of unapproved access points.

0

2

4

6

8

Proposed Approach

Existing Approach

Average Detection time

Cost Required

Hardware Ruired



VII. REFERENCE [1] "On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews" Suman Jana and Sneha K. Kasera, March

2010. [2] “AirDefense, Wireless Lan Security,” http://airdefense.net, 2009. [3] “AirWave Management Platform,” http://airwave.com, 2009. [4] “Cisco Wireless LAN Solution Engine (WLSE),” http:// [5] www.cisco.com, 2009. [6] “Rogue Access Point Detection: Automatically Detect and Manage Wireless Threats to Your Network,” http://www.proxim.com, 2009. [7] "Detecting and Eliminating Rogue Access Points in IEEE-802.11 WLAN - A Multi-Agent Sourcing [8] Methodology", V. S. Shankar Sriram, G.Sahoo,Krishna Kant Agrawal, 2010. [9] Songrit Srilasak, Kitti Wongthavarawat, Anan Phonphoem “Integrated Wireless Rogue Access Point Detection and

Counterattack System” 2008 International Conference on Information Security and Assurance. [10] “Rogue Access Point Detection” Automatically Detect and Manage Wireless Threats to Your Network-www.wavelink.com. [11] [9] Manage Engine White Paper: Wireless Network Rogue Access Point Detection & Blocking [12] “AirDefense enterprise: a wireless intrusion prevention system.” [Online] Available: http://www.airdefense.net/ [13] “AirMagnet:EnterpriseWLANmanagement.”[Online] Available: http://www.airmagnet.com/ [14] “Airwave: Wireless network management.” [Online] Available: http://www.airwave.com/ [15] NetStumbler, http://www.netstumbler.com.



unapproved access point elimination in wlan using multiple agents

Documents