Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Network Security Virtual Laboratory Anthony LoBono, Mike Steffen, and Shishir Gupta Advisor: Doug Jacobson Client: George Amariucai.

Published byOctavia Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Wireless Network Security Virtual Laboratory Anthony LoBono, Mike Steffen, and Shishir Gupta Advisor: Doug Jacobson Client: George Amariucai."— Presentation transcript:

1 Wireless Network Security Virtual Laboratory Anthony LoBono, Mike Steffen, and Shishir Gupta Advisor: Doug Jacobson Client: George Amariucai

2 Introduction Problem: Iowa State University’s CPRE537: Wireless Network Security course does not provide a laboratory environment in which students, which include both distance education and on campus students, can conduct wireless security experiments. Solution: Create an environment which is accessible from anywhere in the world using real wireless hardware and a virtual machine server, and provide the software tools necessary forconducting experiments on wireless security.

3 Conceptual Sketch

4 Functional Requirements Remote access for both on campus and off campus students Support for at least four concurrent users Support for WiFi and Bluetooth experiments A web interface to manage hardware access Non – interference between users Comprehensive documentation for both administrators and students

5 Non-Functional Requirements User friendly access interface Adequate network bandwidth Adequate system resources Real world network simulation Extension to support other wireless technology GSM RFID

6 Schedule 1st Semester Preliminary hardware setup Preliminary laboratory design Wi-Fi demo laboratory setup 2nd Semester Final implementation Hardware interface Web interface GSM / RFID experimentation Final setup and final testing

7 Task Responsibility As a small team of three members, each member is equally involved with all aspects of project. However, here is a very basic work breakdown: Michael Steffen – Hardware Specialist Michael leads the design and setup of the hardware architecture and virtual machine server Anthony LoBono - System Specialist Anthony leads the design and setup of the software architecture and the web interface Shishir Gupta - Security Specialist Shishir leads the design and setup of wireless security hardware and software

8 System Architecture

9 Implementation Hardware Architecture Commodity x86 server hardware USB wireless dongles (Ralink) Consumer-grade routers USB Bluetooth/RFID/etc tools

10 Implementation Software Architecture Multilevel – Hypervisor – OS – Software tools – Scripts Mostly invisible to end user

11 Implementation Software Architecture Hypervisor – Vmware vSphere Hypervisor 4.1 Free license Robust platform Team familiarity Ease of configuration – Custom scripted via console SSH Virtual machines – Four transmit client nodes – Four attack nodes – One host config node – One administration node

12 Implementation Software Architecture Dilemma: How to ensure environment is equally available to all? Solution: Each user has own VM –Remains off until requested –Radio config patched before boot and stripped after logoff –Result: greater uptime for all users

13 Implementation Software Architecture Scripts –Backend: Hypervisor scripted to allow statistics gathering, power state mods, file operations –Frontend: Configuration upon creation of machines –Scripts for environment user management, administration User interface –Web portal –Access to system status, user file operations, documentation –Terminal or X server access to user’s attack and transmit nodes X access via Nomachine NX

14

15 Implementation Network Architecture Intent: user environments separate from each other –Users MAC-locked to router Can be bypassed Transmit nodes blocked from communicating via firewall Routing of HTTP versus SSH traffic achieved via firewall, routing tables Radio separation achieved by manual channel configuration

16 Cost Estimate VM Host Server$1250 (approx) Wireless Adapters$80 ($10 x 8) Bluetooth Adapters $160 ($40 x 4) Routers / Switches$130 Total $1620 (approx)

17 Start Environment 1.User asks the web portal to attach radios and power on user machines. 2.Web portal check the PHP session to confirm the user is logged in and get the user’s username. 3.Web portal tells the hypervisor communication class to power on the users machines. 4.Hypervisor class invokes the provision and boot script on the host machine through an SSH connection.

18 Adding A User 1.User requests to add user 2.Web portal check to make sure user is an administrator 3.Web portal checks to see if user already exists 4.Web portal tells hypervisor communication class to verify that the datastore has enough disk space 5.Hypervisor class tells host machine to verify and create user machines 6.Web portal saves username and password temporarily.

19 Adding A User 7.Web portal tells the control machine to add the configuration script to crontab 8.Configuration script checks to see if the host machine is done creating user machines every five minuts 9.When ready, the script reads the username and password from the control machine 10.The script tells the hypervisor class to power on the user’s machines 11.The script runs commands over SSH to configure the virtual machines 12. User gets added to the database

20 Web Interface

21

22

23

24

25 Creating Users Results – Both creating individual user’s virtual machines and batch creating user’s virtual machines was successful Known Issues – Better functionality should be implemented for alerting and administrator when this process is completed. – If the portdef table in the MYSQL database becomes corrupt new virtual machines will not be configured correctly, nor will they be accessible from outside the firewall.

26 Removing Users Results – Tests for removing virtual machines were successful Known Issues – When removing individual users from the pordef table in the MYSQL Database their assigned ports will not be able to be used again until all users are removed.

27 Change Account Passwords Results – The system was able to catch all combinations of characters we tested without error. Known Issues – None

28 Powering Down Machines Results – The system was able to power down a user’s machines. The web interface was also successful in powering down machines from both the user session and the admin session. Known Issues – Powering down a user’s machine while it is being backed up fails.

29 Backing Up And Restoring Machines Results – The system was mostly successful in this process. A few test resulted in failure however the failures were not reproducible. Known Issues – If a user restores his or her working image from a backup after being assigned new ports on the firewall the machine will no longer function properly. However the current implementation should not allow a users ports to be redefined.

30 Attaching Radios And Booting Results – All tests for the system resulted in success. Known Issues – With the current implementation only non- cascading USB hubs can be used with the server. Cascading hubs cause the ‘getavailibleusbdevices.sh’ script to fail.

31 Wireless Experimentation Environment Each user -> Remote access to two virtual machines Attack Machine -Backtrack 5 R1 -NX Server -SSH Server -Attack Tools Client Machine -Ubuntu 10.04 (LTS) -NX Server -SSH Server -Traffic Generators

32 Wi- Fi + Bluetooth The laboratory currently supports experimentation for Wi-Fi and Bluetooth. Wi-Fi Bluetooth Hardware USB Wi-Fi Adapter (Rosewill RTL-8187) Wireless Router (D - Link XXXXX) Software Backtrack Tools Lorcon (packet injection) Airpwn (Wi-Fi spoofing) Scapy (packet injection) coWPAtty (WPA cracking) Hardware USB Bluetooth Adapter (Linksys BT100) Software Backtrack Tools

33 Laboratory Extension The coursework for the class does not limit to a specific wireless technology and instead touches different wireless technology. Wi-Fi Bluetooth GSM RFID As part of this senior design project, client requirements insisted initial integration of at least Wi-Fi and Bluetooth and optional extension or preparatory work for future extension to other technology. The team researched and performed experiments with a SDR platform to potentially integrate GSM, RFID and maybe other technology in the future.

34 Hardware Universal Software Radio Peripheral (USRP) USRP version 1 Daughterboards LF RX (DC-30 MHz RX) TV RX (50-870MHz RX) DBSRX (800MHz-2.4GHz RX) RFX2400 (2.3-2.9 GHz RX+TX) Antennas USB Connector Software GNU Radio + Universal Hardware Driver(UHD) Core Framework AirProbe (GSM decoder) RIDAC(RFID toolkit) DSP Buttler (signal processing)

35 Experiments Performed Wireless jamming GNU Radio Signal Generator GSM receiving/decoding AirProbe GSM RX/sniffer RFID capture RIDAC RFID audit toolkit Wireless RF spectrum analysis DSP Buttler Baudline RF spectrum analyzer *Note – All experiments were conducted using open source software available on the internet.

36 Spectrum Analysis

37 GSM Capture

38 Additional Problems / Notes The RSA private key for the web user must remain unencrypted. Before the configure machines script can work, the web user must accept the RSA id from the SSH server on the stock images. Before the configure machines script can work the RSA public key for the web user must be added to the root users ‘authorized_keys’ file on both stock images. When restoring user images from the stock image, the image was no longer functional. The solution was to edit the configuration script to see if the user already exits. If the user does exist the script looks up the user in the portdef table in the MYSQL database and configures the machine accordingly. Currently for a new user to be created there must be at least 70 gigabytes of free space on the requested datastore. This is to account for user backups. A more space efficient method should be investigated.

39 Additional Problems / Notes Currently the firewall is only configured to allow 100 users on the system. Given the diskspace constraint listed above this is not really an issue. However, the firewall should be reconfigured and the machine configuration script should be modified to allow more than 100 users on the system. Currently when a user’s allotted session time comes to an end, the user’s machines are powered down. Since we made the switch from PCI cards to USB devices it is now possible to ‘hot plug’ the devices. Now when a user’s session comes to an end, the devices attached should be removed and the machines remain powered on. This change would prevent data loss. To allow for the PHP scripts to write log files to ‘/var/log/wseclab.d/FILENAME’ the web user Apache server runs as needed to be added to the log group. To allow for the web user Apache server runs as to schedule cron jobs, the web user had to be added to the user group.

40 Testing Our original plan was to have a closed beta test for this semester’s Computer Engineering 537 class. However, Computer Engineering 537 was not offered this semester so we acted as the test subjects. We test all the use cases in appendix A with a large amount of success.

41 Questions

Download ppt "Wireless Network Security Virtual Laboratory Anthony LoBono, Mike Steffen, and Shishir Gupta Advisor: Doug Jacobson Client: George Amariucai."

Similar presentations

Chapter 20 Oracle Secure Backup.

Chapter 20 Oracle Secure Backup.
Support for Windows 7 Chapter 2 Securing and Troubleshooting Windows 7.

Support for Windows 7 Chapter 2 Securing and Troubleshooting Windows 7.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.

Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Introducing VMware vSphere 5.0

Introducing VMware vSphere 5.0
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
SP2 Mikael Nystrom. Agenda Översikt Installation.

SP2 Mikael Nystrom. Agenda Översikt Installation.
Virtual Machine Management

Virtual Machine Management
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge

NovaBACKUP 10 xSP Technical Training By: Nathan Fouarge
Wireless Network Security Virtual Lab Team sdDec11-10 Shishir Gupta, Anthony Lobono, Mike Steffen Client Dr. George Amariucai Advisor Dr. Doug Jacobson.

Wireless Network Security Virtual Lab Team sdDec11-10 Shishir Gupta, Anthony Lobono, Mike Steffen Client Dr. George Amariucai Advisor Dr. Doug Jacobson.
Additional SugarCRM details for complete, functional, and portable deployment.

Additional SugarCRM details for complete, functional, and portable deployment.
Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.

Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.

Similar presentations

Ads by Google