Wireless Network Security Virtual Lab Team sdDec11-10 Shishir Gupta, Anthony Lobono, Mike Steffen Client Dr. George Amariucai Advisor Dr. Doug Jacobson.

Slides:



Advertisements
Similar presentations
Cybersecurity Training in a Virtual Environment By Chinedum Irrechukwu.
Advertisements

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.
Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Router Components Semester 2 Chapter 4. Table of Contents More on Components The Show Command Network Neighbor Routers Basic Network Testing.
Institute of Technology Sligo - Dept of Computing Router Components Semester 2 Chapter 4 Paul Flynn.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
COEN 252: Computer Forensics Router Investigation.
Introducing VMware vSphere 5.0
Wireless Network Security Virtual Laboratory Anthony LoBono, Mike Steffen, and Shishir Gupta Advisor: Doug Jacobson Client: George Amariucai.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
5205 – IT Service Delivery and Support
Virtual Machine Management
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Existing Network Study CPIT 375 Data Network Designing and Evaluation.
1 The SpaceWire Internet Tunnel and the Advantages It Provides For Spacecraft Integration Stuart Mills, Steve Parkes Space Technology Centre University.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
IGEL UMS Product Marketing Manager October 2011 Florian Spatz Universal Management Suite.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
COEN 252 Computer Forensics
Introduction to VMware Virtualization
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.
Computing on the Cloud Jason Detchevery March 4 th 2009.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
PRESENTATION ON WI-FI TECHNOLOGY
Computer Emergency Notification System (CENS)
The group will focus on the design of a “smart” device. This includes researching the best method of design and fabricating the design to create a working.
Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
Design Through Curriculum on Embedded Systems Team:Aisha Grieme, Jeff Melvin, Dane Seaberg Advisors: Dr. Tyagi and Jason Boyd Client: Dept. of Electrical.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
NETWORKING COMPONENTS Buddy Steele Assignment 3, Part 1 CECS-5460: Summer 2014.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
Topic 5a Operating System Fundamentals. What is an operating system? a computer is comprised of various types of software device drivers (storage, I/O,
Network Operating Systems : Tasks and Examples Instructor: Dr. Najla Al-Nabhan
Network Components David Blakeley LTEC HUB A common connection point for devices in a network. Hubs are commonly used to connect segments of a LAN.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Full and Para Virtualization
Module 10: Windows Firewall and Caching Fundamentals.
TOPIC 1.3 INTRODUCTION TO NETWORKING. Router – A netwok interconnection device & associated software that links two networks. The networks being linked.
Hands-On Virtual Computing
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
Wireless Network Security Virtual Lab Team sdDec11-10 Shishir Gupta, Anthony Lobono, Mike Steffen Client Dr. George Amariucai Advisor Dr. Doug Jacobson.
ECpE Student Database Team 21 Adviser: Tien Nguyen ECpE and Tony Moore.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
2.2 Interfacing Computers MR JOSEPH TAN CHOO KEE TUESDAY 1330 TO 1530
Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.
Lecture 1: Network Operating Systems (NOS)
VMware ESX and ESXi Module 3.
Chapter 6: Securing the Cloud
Network Operating Systems (NOS)
A Secure Wireless Interface between Personal Digital Assistants (PDAs)
Introduction to Networking
Java Embedded Network Intrusion Security
Intro to Ethical Hacking
Chapter 2: The Linux System Part 1
Low Level Architecture
Resources and Schedule
Presentation transcript:

Wireless Network Security Virtual Lab Team sdDec11-10 Shishir Gupta, Anthony Lobono, Mike Steffen Client Dr. George Amariucai Advisor Dr. Doug Jacobson Dept. of Electrical & Computer Engineering Iowa State University

Project Details Concept: CprE 537: Wireless Network Security has no lab element Potential for enhanced learning by way of hands-on experimentation with live Wi-Fi, Bluetooth, RFID and/or GSM networks Problem: Course is popular among distance education students Distance ed. students unable to use physical labs Curriculum best suited to physical equipment Goal: Create a remote access wireless security sandbox environment and develop engaging course-relevant experiments to be run within it.

CONCEPT SKETCH

Functional Requirements Remote access for both on and off campus students Support for up to four concurrent users Support for Bluetooth and Wi-Fi communication Basic labs to demonstrate the lab environment Comprehensive documentation for both administrating the lab and using the lab

Functional Requirements Users should have full control over their machines Lab machines must communicate over the correct channels Users should be able to see what resources are available

Functional Requirements Each user should be able to use the system without interference from other users. Requires non-overlapping channels

Functional Requirements A way to attack the carrier sense multiple access with collision avoidance (CSMA/CA) Requires packet injections at the Data Link layer.

Non-Functional Requirements Sufficient network bandwidth Sufficient system resources Each user will be allowed a single backup of their machines Lab machines should be configured to simulate real world situations User friendly

Constraints b/g channel bandwidth Space in Nuclear Engineering Hardware support for custom drivers

Hardware Constraints Limited USB ports Limited PCI slots 4 PCI/USB cards for malicious users 4 USB Wi-FI dongles for clients At least 2 Bluetooth dongles

Market Survey Similar wireless environments: Arizona State, Northeastern University, St. Mary’s University, others No other remote labs specific to wireless communication. Academic pursuit; marketability largely irrelevant

Potential Risks & Mitigations Risk: The virtualization plan requires specialized and sparsely documented hardware features which may be vulnerable to instability under extreme conditions- –Mitigation: We have set up a test environment and testing will remain an important part of the implementation process; preliminary testing results have been encouraging and potential scale-back or alternate architecture may be implemented as backup if needed. Risk: Feasibility of executing jamming exploits at the installation location without disrupting near-by networks- –Mitigation: Extensive testing will also be undertaken after installation of the hardware at the final location. If necessary, interface power may need to be reduced or special antennas may need to be employed.

Risk: Feasibility and/or legality of GSM-based and RFID –based security experiments- –Mitigation: These technologies will be re-evaluated for feasibility and remain an optional part of the functional requirements for this project till then. Risk: A major aim of the project is to ensure that students have access to a safe platform where they can run many different types of experiments without limitation of low level hardware access. This means that there is always a risk that advanced experiments will go wrong sometimes and break a machine or mess up with the configuration. –Mitigation: We will keep back-up images for the entire setup of the lab environment and provide documentation such that an administrator can handle such a situation and quickly reboot the environment setup.

Cost Estimate VM Host Servers $950 (approx) Wireless Cards $200 ($20 x 10) Routers / Switch $100 Extra Hardware $250 - $500 Total $ $1750 Jamming / Sniffing Spectrum Analysis GSM RFID

Schedule  Preliminary hardware setup by the end of February  Preliminary lab design by the end of March  Wi-Fi demo lab setup by the end of the first semester  Bluetooth  GSMsecond semester  RFID  Final lab setup and testing by the end of the second semester

Task Responsibility As a small team of three members, each member will be involved with each and every aspect of project. However, here is a very basic work breakdown- Michael Steffen – Hardware Specialist Michael will lead the design and setup of the entire hardware architecture for the lab Anthony Lobono - System Specialist Anthony will lead the design and setup of the entire system architecture for the lab Shishir Gupta - Security Specialist Shishir will lead the design and implementation of the wireless security experiments for the lab

Functional Decomposition  Hardware/Software/Net Architecture  Administrative Setup  Wireless Experiments  Laboratory Documentation

Design: Hardware Architecture Commodity x86 server hardware –Two machines for I/O requirements USB wireless dongles (Ralink) Consumer-grade routers Wireless camera Custom RF analysis tools USB Bluetooth/RFID/etc tools

Design: Software Architecture Multilevel –Hypervisor –OS –Software tools –Scripts Mostly invisible to end user

Design: Software Architecture Hypervisor –Vmware vSphere Hypervisor 4.1 Free license Robust platform Team familiarity Ease of configuration –Custom scripted via console SSH Virtual machines –Four transmit client nodes –One receive client node –Four attack nodes –Two host config nodes (one per host) –One administration node –Each transmit/attack node assigned a physical network adapter

Design: Software Architecture Operating system –Client machines: Arch Linux Lightweight, configurable –Attack machines: BackTrack Preinstalled and preconfigured exploit tools –Administrative machines: Arch Linux Resource-friendly background machines –Operating systems tuned for efficiency and scripted for environment compatibility

Design: Software Architecture Dilemma: How to ensure environment is equally available to all? Solution: Each user has own VM –Remains off until requested –Radio config patched before boot and stripped after logoff –Result: greater uptime for all users

Design: Software Architecture Drivers –Experiments based on nonconforming packet transmission –Direct buffer writing Firmware –Embedded implementation of full and/or baseband spectrum analysis

Design: Software Architecture Scripts –Backend: Hypervisor scripted to allow statistics gathering, power state mods, file operations –Frontend: Transmitters scripted to generate traffic, all machines scripted to behave properly when user logs out –Scripts for environment user management, administration User interface –Web portal Access to system status, user file operations, documentation –Terminal or X server access to user’s attack and transmit nodes X access via Nomachine NX

Design: Network Architecture Intent: user environments separate from each other –Users MAC-locked to router Can be bypassed –Transmit nodes blocked from communicating via firewall Routing of HTTP versus SSH traffic achieved via firewall, routing tables Radio separation achieved by manual channel configuration

Wireless Security Experiments  Wi – Fi(3 - 4 Experiments)  Bluetooth(1 - 2 Experiments)  GSM(1 - 2 Experiments) (optional)  RFID(1 - 2 Experiments) (optional) Jamming Attacks Sniffing Attacks Spoofing Attacks Header Based Protocol Based Traffic Based Authentication

Test Plan Each component of the sandbox environment will be tested to ensure it is functional Administrative scripts must be tested Administrative virtual machines must be secured and tested System benchmarks will be preformed on all virtual machines Preliminary test case

Problems How to route network traffic correctly over two different wireless interfaces No support for VMware Snapshots while using hardware I/O redirection No command line interface support for the free version of ESXi hypervisor. Lack of documentation

Current Status Preliminary test case is open to the current Computer Engineering 537 class Wireless hardware has been ordered System architecture is in final stages of planning Starting the documentation process

Second Semester Plan Evaluate and implement security plan Finish administrative scripts Plan and/or implement Bluetooth, other network protocols Expand documentation wiki Write laboratory experiments and administrative docs Determine feasibility of / implement dongle buffer writing Assemble and configure final hardware

QUESTIONS