Due to the broadcast nature of radio propagation, the wireless air interface is open and accessible to both authorized and illegitimate users. This completely differs from a wired network, where communicating devices are physically connected through cables and a node without direct association is unable to access the network for illicit activities. The open communications environment makes wireless transmissions more vulnerable than wired communications to malicious attacks, including both the passive eavesdropping for data interception and the active jamming for disrupting legitimate transmissions. Therefore, this paper is motivated to examine the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity, and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state of the art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. Several physical-layer security techniques are reviewed and compared, including information-theoretic security, artificial-noise-aided security, security-oriented beamforming, diversity-assisted security, and physical-layer key generation approaches. Since a jammer emitting radio signals can readily interfere with the legitimate wireless users, we also introduce the family of various jamming attacks and their countermeasures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer, and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.

/pdf/a-survey-on-wireless-security-technical-challenges-recent-3uamoalvot.pdf

A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends

A large number of distributed applications requires continuous and timely processing of information as it flows from the periphery to the center of the system. Examples include intrusion detection systems which analyze network traffic in real-time to identify possible attacks; environmental monitoring applications which process raw data coming from sensor networks to identify critical situations; or applications performing online analysis of stock prices to identify trends and forecast future values.Traditional DBMSs, which need to store and index data before processing it, can hardly fulfill the requirements of timeliness coming from such domains. Accordingly, during the last decade, different research communities developed a number of tools, which we collectively call Information flow processing (IFP) systems, to support these scenarios. They differ in their system architecture, data model, rule model, and rule language. In this article, we survey these systems to help researchers, who often come from different backgrounds, in understanding how the various approaches they adopt may complement each other.In particular, we propose a general, unifying model to capture the different aspects of an IFP system and use it to provide a complete and precise classification of the systems and mechanisms proposed so far.

Processing flows of information: From data stream to complex event processing

Vehicular Ad Hoc Networks: A New Challenge for Localization-Based Systems

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.

/pdf/a-survey-on-wireless-security-technical-challenges-recent-k705wofne7.pdf

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

The vast majority of security professionals would agree that real-time ID systems are not technically advanced enough to detect sophisticated cyberattacks by trained professionals. For example, during the Langley cyberattack the ID systems failed to detect substantial volumes of email bombs that crashed critical email servers. Coordinated efforts from various international locations were observed as hackers worked to understand the rules-based filter used in counterinformation operations against massive email bomb attacks [1]. At the other end of the technical spectrum, false alarms from ID systems are problematic, persistent, and preponderant. Numerous systems administrators have been the subject of an ID system reporting normal work activities as hostile actions. These types of false alarms result in financial losses to organizations when technical resources are denied access to computer systems or security resources are misdirected to investigate nonintrusion events. In addition, when systems are prone to false alarms, user confidence is marginalized and misused systems are poorly maintained and underutilized. ID systems that examine operating system audit trails, or network traffic [3, 8] and other similar detection systems, have not matured to a level where sophisticated attacks are reliably detected, verified, and assessed. Comprehensive and reliable systems are complex and the technological designs of these advanced

Intrusion detection systems and multisensor data fusion

Defense-in-depth (2000) concepts for global information operations are physical boundary-centric. However, network-centric operations are multidimensional, layered and often virtual. The interconnection of defensive operational elements, including the fixed and deployed base, runways, fighter planes, bombers, bombs, tankers, tents and individuals are logically and virtually connected. For this reason, traditional physical boundaries are minimally effective and often constraining. This paper extends the defense-in-depth boundary protection construct to a uniform qualitative risk management perspective that is tightly coupled with network implementation, resources, mission criticality, security policies and network-centric mission operations. The suggested risk management framework is applied to an operational example.

Defense-in-depth revisited: qualitative risk analysis methodology for complex network-centric operations

The simplicity of SMTP mail can be combined with the robustness of the sendmail MTA program and misused in numerous ways to create extraordinary and powerful e-mail bombs. These e-mail bombs can be launched in many different attack scenarios which can easily flood and shut down chains of SMTP mail servers. Sendmail-based SMTP mail relays also can be used covertly to distribute messages and files that could be very damaging to the integrity and brands of victims. This article discusses mail-bombing techniques, automated attack tools, and countermeasures. Also discussed is an actual Internet-based attack that was launched in 1997 on the Langley AFB SMTP e-mail infrastructure. The authors also present an analysis of the cyber attack, graphs illustrating the attack volume, and a statistical e-mail bomb early warning system.

E-mail bombs and countermeasures: cyber attacks on availability and brand integrity

Cyberspace is a complex dimension of both enabling and inhibiting data flows in electronic data networks. Current-generation intrusion-detection systems (IDSes) are not technologically advanced enough to create the situational knowledge required to monitor and protect these networks effectively. Next-generation IDSes will fuse data, combining short-term sensor with long-term knowledge databases to create cyberspace situational awareness. This article offers a glimpse into the foggy crystal ball of the future ID systems.

A glimpse into the future of id

Pre-information age military battlefields are based on the traditional land, sea, air, and space paradigm. Global internetworking is causal to the creation of a dangerously real 5th dimension of warfare-cyberspace. This paper describes an Internet based assault, commonly referred to as e-mail spam, on the Langley AFB internetworking infrastructure. We discuss the cyber-attack, a framework for defending against the attack, and the results of the campaign. The countermeasure was accomplished by running the MTA in a mode which accepts and queues SMTP mail; processes the messages with a rules-based filter; and then forwards mail after filtering. The filtering framework is simple and effective for a large subset of e-mail bombs. The prototype filter scripts may be obtained from the authors.

T. Bass

Papers

Intrusion detection systems and multisensor data fusion

Defense-in-depth revisited: qualitative risk analysis methodology for complex network-centric operations

E-mail bombs and countermeasures: cyber attacks on availability and brand integrity

A glimpse into the future of id

A simple framework for filtering queued SMTP mail (cyberwar countermeasures)