A Review on Intrusion Detection techniques for Wireless Local Area Network

Transcription

1 A Review on Intrusion Detection techniques for Wireless Local Area Network Mrs Smita Parte 1,Ms Noumita Dehariya 2 12 Assistant Professor (CSE) TIT College Bhopal MP India ABSTRACT: Wireless LANs continue to gain market popularity. Higher speed larger bandwidth and improved quality of service are helping business benefits that wireless networking delivers. A wireless local area network (LAN) is a Radio Frequency (RF) data communication system. This provides wireless access to remotely located and distributed enterprises now with this growing adoption of Wireless LANs security has become a vital and focal issue regarding the decision to deploy a Wireless LAN. Wireless LANs are become popular as cost effective general purpose solution in providing high speed real time access to information. Beside all this advantages WLANs are also facing the major problem of the security. Mobility, flexibility, scalability are distinctive benefits of WLAN. So it can be used to replace Wired LAN Keywords: WLAN, RF, SRI, IDS 1. INTRODUCTION An intrusion detection system (IDS) is a program that analyses what happens or has happened during an execution and tries to find indication that the computer has been misused. IDSs can be classified as the tools and method that monitors computer system and network traffic to identify and report possible hostile attacks originating from outside that organization and also for system misuse or attack originating from within the organization. The genesis of intrusion detection dates from 1980 commencing with James Anderson s technical report, computer security threat monitoring and surveillance for the U.S air force. In 1985, Stanford research institute (SRI) was funded by the U.S. Conceptually a wireless IDS is similar to wired IDS but marked differences wireless and wired line networks, particularly the structural and behavioral differences render current IDS designs unsuitable for wireless networks. Wired intrusion detection system operates at layer 3(IP layer) and above of the OSI model whereas WLANs generally refer to the physical and data link layers of the OSI model. A wireless IDS must therefore function at the data link layer or even possibly the physical layer if optimal security is required. 1.1Why use IDS for Wireless LAN Wireless intrusion detection is challenging research area that is considerably different to and much less understood than, intrusion detection is wired networks. The first challenging facing wireless intrusion detection system (WIDSs) is the broad cast nature of the physical layer, which makes passive access to the medium a trivial undertaking.secondly the limited bandwidth available to wireless physical layers efficient restriction on intrusion detection techniques. Finally a wireless network typically consist of mobile client station like laptops and handheld computers which has limited battery life and computing resources, introducing further constraints on the technique that may be adopted by a WIDS. The traditional wired IDS are a great system, but unfortunately it does little for the wireless world. The problem with wireless in that in addition to attacks that may be performed on a wired network, the medium itself has to be protected. To do this there are many measures which can be taken,however there are even more tools designed to break them. Due to the nature of wireless LANs (WLAN), it can be difficult to control the area of access. Often the range of a wireless network reaches outside there physical boundaries of an organization. This creates limited ISSN: Page 22

2 control because it means an attacker can now sit in a car miles away while he attempts to penetrate your network. With such a problem with wireless security, developing and implementing WIDS systems is definitely a step in the right direction. If you have wireless and are concerned about attacks and intruders, a WIDS may be a great idea. 1.2 Function of a wireless IDS system The functionality that wired IDS must possess can well be extended to wireless IDS. Therefore, a wireless IDS must be capable of- 1) Monitoring and analyzing both user and system activities. 2) Recognizing patters of known attacks. 3) Identifying abnormal network activity. 4) Detecting policy violation. 5) Providing an audit trail to ascertain how far the intruder got and the origin of the attack. 6) Assessing the integrity of crucial system and data files. 7) Auditing system configurations and vulnerabilities. 1.3 Security Goals Every security system must provide a bundle of security functions that can assure the secrecy of the system. These functions are usually referred to as the goals of security system. These goals can be listed under the following five main categories- 1) Authentication: This means that before sending and receiving data using the system the receiver and sender identify should be verified. 2) Confidentiality: Usually this function is how much people identify a secure system it means that only the authenticated people are able to interpret the message content and one else. 3) Integrity: Integrity means that the content of the communicated data is be free from any type of modification between the end points (sender and receiver). The basic form of integrity is packet check sum in IPv4 packets. 4) Non Repudiation: This function implies that neither the sender nor the receiver can falsely deny that they have sent a certain message. 1.4 Service reliability and availability Since secure systems usually get attached by intruders, which may affect their availability and type of service to their users. Such system should provide a way to grant their users the quality of service they expect 2. RELATED WORK IDSs have existed since the 1970 s, and therefore many papers have been written about them. A lot of research has been done in exploring threats, vulnerabilities, attacks and a variety of counter measures to overcome the same has been proposed.to protect the wormhole, each node shares a secret key with every other node and maintains an updated list of its neighbors. Neighbor list are built in a secure manner by using the direction in which a signal is heard from a neighbor with the assumption that the antennas on all the nodes are aligned. To provide the security to WLANs, it requires five main security requirements to be achieved which are data integrity, confidentiality, authentication, access control & non repudiation. The Attack in Wireless Network is introduced by S. Capkun,L.Buttyan [6], Deng,,W. Li,Agrawal [7], J. P. HuBaux,L.Buttyamand S. Capkun [8], H. Hsieh and R Sivakumar [9], in IEEE Std i/d30 [14], in book Stalling, W., Cryptography and Network Security [16].Several peoples have reviewed the state of the IDS, including: the best reviews are those that present an unbiased, through reviews of the literature, and/or provide a good taxonomy for describing different intrusion detection. Organization of this paper is as follows: Introduction in section 1, Related work in section 2, need of study in section 3, section 4 described the objective of study, finally section 6 and 7 are conclusion and references respectively ISSN: Page 23

3 3. NEED OF THE STUDY Every environment is susceptible to risks, and WLANs are no exceptions. The broadcasting nature of WLANs,which is the transmission of signal through the open air rather than in protected cables, has made WLANs more prone to hacker attacks,this in turn, has brought about an array of unique security risks not encountered with traditional fixed-wired networks. The flexibility, capability, and economics of wireless local area networks (WLANs) make them an attractive communication asset. These intrusion security risks must therefore be addressed which means that the information security risk analysis and risk management need to be considers as the integral elements of organization s business plan. The current wireless LAN standards offers very unsatisfactory level of security and one could not truly trust them.when using product based on these standards must the security issue been taken care in the upper layers. Some commonly used attacks are more stressed in wireless environment and some additional effort should be used to prevent those. When the wireless networks are used in the strategic applications, like manufacturing the possibility of this kind of attack should be taken into account with a great care. Local area networks (LANs) have become a major tool to many organizations in meeting data processing and data communication needs. Prior to the use of LANs, most processing and communication were centralized; the information and control of that information were centralized as well. NowLANs logically and physically extend data, processing and communication facilities across the organization. Security services that protect the data, processing and communication facilities must also be distributed throughout the LAN. For example, sending sensitive files that are protected with stringent access controls on one system, over a LAN to another system that has no control access protection, defeats the efforts made on the first system; users must ensure that their data and the LAN itself are adequately protected.lan security should be integral part of the whole LAN, and should be important to all users. A security policy is a concise statement of top management s position on information values, protection responsibilities, and organizational commitment. A strong LAN security policy should be in place to provide direction and support from the highest level of management. The policy should identify the role that each employee has in assuring that the LAN and the information it carries are adequately protected. LAN management should be given the necessary funding, time, and resources.poor LAN management may result in security setting becoming too lax, security procedures not being performed correctly, even the necessary security mechanisms not being implemented. 3.1 Issues of current IDS techniques The vast difference between the fixed networks where current intrusion detection technique development for one environment to another. The most important difference is perhaps that the latter does not have a fixed infrastructure, and today s network-based IDSs which rely on real time traffic analysis, can no longer function well in the communication pattern in mobile computing environment.a significant big difference is in the communication pattern in a mobile computing environment.wireless users can be stingy about communication and often adopt new operation modes such as disconnected operation [18] and [19].This suggests that the anomaly models for wired networks cannot be used as is. Furthermore,there may not be a clear separation between normalcy and anomaly in WLAN environment. Intrusion detection may find it increasingly difficult to distinguish false alarms from intrusions. Clearly, Intrusion detection system offers a number of advantages in terms of network security and management. However, IDS does not offer a complete solution to network security. In particular, there are number of limitations and problems that restrict the usefulness of current IDSs. New attacks forms are continually being discovered. Current IDS systems have limited capabilities for detecting attacks that differ significantly from previously known attacks-exactly those attack that ISSN: Page 24

4 system are most vulnerable to IDS may have some success in detecting such attacks, but IDS tools must be updated and maintained continually to ensure that their coverage remains intact. 3.2 Types of attacks on WLAN Security Before examining the security solutions available today, it is important to define some of the security risks faced by WLANs. All LANs, wired or wireless, are vulnerable to two types of attack: 1) Active attack: Hackers gain access to the LAN to destroy data. Types are as-denial of service, Malicious association, Spooling, Accidental association, Replay attacks 2) Passive attack: hackers gain access to the LAN, but can only eavesdrop to transmitted data. Wireless LANs are more susceptible to both types of attack because hackers do not require a physical connection to the premises. Types are as- Ad Hoc Networks, Man in the middle, Network Injection, War-driving 4. OBJECTIVE OF THE STUDY Wireless local area network i.e ssecurity problems are well known and the threats are also well published. However so far, no known studies have been conducted to assess the risk faced by organization and the full extend of unauthorized use of wireless LAN s. This study seeks to investigate intrusion detection in the wireless LAN. To maintain the confidentiality, integrity and availability of data transmitted on a LAN. The purpose of my study is to study different security problems or flaws in wireless networks and to detect some of these attacks using an Intrusion detection system. It is known the wireless networks are prone to more attacks than wired networks because there is no need of any physical access to wireless networks. The following are the major objective of our study 1) To develop a new efficient technique for monitoring, detecting and responding to the various security breaches to the WLAN. 2) To analyze the various techniques based on misuse detection or anomaly detection for securing wireless LAN. 3) To study the some of the existing security methods used for securing WLAN and explore the possibility of improvements in the same. 4) To study the number of commercial available Intrusion detection tools that are capable of monitoring wireless traffic. 5) To study the various vulnerabilities and attacks (such as invasion & resource stealing traffic redirection, denial of services, vulnerability etc) on WLANs are their detection using the Intrusion detection system. 5. CONCLUSION In the light of objectives proposed for this study, the following methodology will be adapted to study and analysis of the Intrusion detection technologies for wireless LAN. In addition, a number of lesser classification are possible based on the location of sensor, the nature of events reviewed, the execution timing of monitors, and the correlation of result between resolver units. A human studies an attack and identifies the characteristics (e.g., behavior and/or content) that distinguish it from normal data or traffic all commercial anti-virus products make use of signature detection, as does the network IDS snort. In most of the Intrusion detection system, the dominant form of misuse detection used in the signature analysis, due to simplicity of representation and efficiency of implementation possible. In addition as more attacks become available, the number of rules against which an event stream must be checked becomes larger leading to scaling difficulties. REFERENCES [1] Prasad, N. R., and A. R. Prasad (eds.), WLAN Systems and Wireless Ip for Next Gereration Communications, Norwood, MA: Artech House. January 2002 [2] IEEE Std , part 3:Carrier Sense Multiple Access with Collision detection(csma/cd) Access Method and Physical Layer Specification.1985 ISSN: Page 25

5 [3] IEEE std ,Token Ring Access method and Physical Layer Specification [4] IEEE Std a, Supplement to part 11: Wireless LAn Medium Access Control(MAC) and Physical Layer (PHY) Specification: Higher Speed Physical Layer Extension in the 5 GHz band [5] IEEE Std b, Supplement to part 11: Wireless LAn Medium Accesss Control(MAC) and Physical Layer (PHY) Specification: Higher Speed Physical Layer Extension in the 2.4 GHz band [18] L. Zhou, Z. J. Hass, Cornell Univ., Securing Ad hoc networks IEEE Networks, Nov/Dec 1999, Vol 13, PP.2430, ISSN: [19]B. Wu. J. Chen, J. WU. M. Cardei. A Survey of Attack and Countermeasures in Mobile Ad Hoc Networks Department of Computer Science and Engineering. [20] A. Perrig. R. Canetti, J. Tyger and D. Song, The TESLA Broadcast authentication Protocol, Internet Draft [6] S. Capkun,L.Buttyan, and J. HUBAUX, Sector: secure Tracking of Node Encounters in Multi-hop Wireless Networks.proc.of Acm Workshop on Security of Ad Hoc and Sensor Networks, 2003 [7] Deng,,W. Li,Agrawal,D P., Routing Security in Wireless Ad Hoc Networks, Cincimmati Uni.,OH,USA;IEEE Communication Magazine,Oct. 2002, vol. 40,pp.70-75,ISSn : [8] J. P. HuBaux,L.Buttyam and S. Capkun., The Quest for Security Immobile Ad Hoc Network, In Proc. ACM MOBICOM, Oct.2001 [9] H. Hsieh and R Sivakumar, Transport over Wireless networks, Handbook of wireless Networks and mobile computing [10] Y. Hu, A. Perrig, and D Johnson packet Leashes: A defence Against WormHole Attacks in Wireless Ad Hoc networks, Proc. Of IEEE INFORCOM [11] J. Kong et al., Providing Robust and Ubiquitous Security Support for Mobile AdHoc Networks, Prentice Hall PTR, A Division of Pearson Education Inc 2002 [12] Kyasanur, and N. Vaidya, Detaction and handling of MAC layer Misbehaviour in Wireless Networks, DCC,2003 [13] P. Michiardi. R. Molva, Ad Hoc Netwoks Security, IEEE press Wiley, New York, 2003 [14] IEEE Std i/d30, Wireless Medium Access Control(MAC) and physical Layer(PHY)Specification for enhanced Security, 2002 [15] Black, U., Internet Security Protocol: Protecting Traffic, Upper Saddle River, NJ: Prentice Hall 2000 [16] Stalling, W., Cryptography and Network Security: Principles and Practice,Upper Saddle River, NJ: Prentice Hall 2000 [17] E. Ferro and F. Potorti, Blutooth and Wi-fi Wireless protocol: A survey and a Comparision, IEEE Wireless Commmun., Vol 12, No 1, pp, 12-16, Feb 2005 ISSN: Page 26