Hacker’s Toolbox: Detecting Software-Based 802.11 Evil Twin Access Points

in Proceedings of the 12th Annual IEEE Consumer Communications & Networking Conference (CCNC 2015) (2015)

The usage of public Wi-Fi hotspots has become a common routine in our everyday life. They are ubiquitous and offer fast and budget-friendly connectivity for various client devices. However, they are ... [more ▼]

The usage of public Wi-Fi hotspots has become a common routine in our everyday life. They are ubiquitous and offer fast and budget-friendly connectivity for various client devices. However, they are exposed to a severe security threat: since 802.11 identifiers (SSID, BSSID) can be easily faked, an attacker can setup an evil twin, i.e., an access point (AP) that users are unable to distinguish from a legitimate one. Once a user connects to the evil twin, he inadvertently creates a playground for various attacks such as collection of sensitive data (e.g., credit card information, passwords) or man-in-the-middle attacks even on encrypted traffic. It is particularly alarming that this security flaw has led to the development of several tools that are freely available, easy to use and allow mounting the attack from commodity client devices such as laptops, smartphones or tablets without attracting attention. In this paper we provide a detailed overview of tools that have been developed (or can be misused) to set up evil twin APs. We inspect them thoroughly in order to identify characteristics that allow them to be distinguished from legitimate hardware-based access points. Our analysis has discovered three methods for detecting software-based APs. These exploit accuracy flaws due to emulation of hardware behavior or peculiarities of the client Wi-Fi hardware they operate on. Our evaluation with 60 hardware APs and a variety of tools on different platforms reveals enormous potential for reliable detection. Furthermore, our methods can be performed on typical client hardware within a short period of time without even connecting to a potentially untrustworthy access point. [less ▲]

PhishStorm: Detecting Phishing With Streaming Analytics

in IEEE Transactions on Network and Service Management (2014), 11(December), 458-471

Despite the growth of prevention techniques, phishing remains an important threat since the principal countermeasures in use are still based on reactive URL blacklisting. This technique is inefficient due ... [more ▼]

Despite the growth of prevention techniques, phishing remains an important threat since the principal countermeasures in use are still based on reactive URL blacklisting. This technique is inefficient due to the short lifetime of phishing Web sites, making recent approaches relying on real-time or proactive phishing URL detection techniques more appropriate. In this paper, we introduce PhishStorm, an automated phishing detection system that can analyze in real time any URL in order to identify potential phishing sites. PhishStorm can interface with any email server or HTTP proxy. We argue that phishing URLs usually have few relationships between the part of the URL that must be registered (low-level domain) and the remaining part of the URL (upper-level domain, path, query). We show in this paper that experimental evidence supports this observation and can be used to detect phishing sites. For this purpose, we define the new concept of intra-URL relatedness and evaluate it using features extracted from words that compose a URL based on query data from Google and Yahoo search engines. These features are then used in machine-learning-based classification to detect phishing URLs from a real dataset. Our technique is assessed on 96 018 phishing and legitimate URLs that result in a correct classification rate of 94.91% with only 1.44% false positives. An extension for a URL phishingness rating system exhibiting high confidence rate ( $>$ 99%) is proposed. We discuss in this paper efficient implementation patterns that allow real-time analytics using Big Data architectures such as STORM and advanced data structures based on the Bloom filter. [less ▲]

An Event-Driven Inter-Vehicle Communication Protocol to Attenuate Vehicular Shock Waves

in International Conference on Connected Vehicles and Expo (2014, November)

In this paper we investigate an event-driven Inter-Vehicle Communication protocol to mitigate shock waves in dense traffic situation. From previous work we know that flooding or frequent beaconing require ... [more ▼]

In this paper we investigate an event-driven Inter-Vehicle Communication protocol to mitigate shock waves in dense traffic situation. From previous work we know that flooding or frequent beaconing require excessive network resources. To overcome this limitation we focus on an efficient message exchange mechanism requiring as few network resources as possible, while still providing timely and accurate traffic information. We designed Density Redistribution through Intelligent Velocity Estimation (DRIVE), an event-driven Inter-Vehicle Communication protocol that learns about traffic conditions ahead and recommends optimal velocities in order to prevent the formation of vehicular shock waves. We demonstrate that our approach of reacting in case of traffic fluctuations leads to significant improvements in overall traffic flow. Furthermore we show that even a low number of equipped vehicles is sufficient to achieve this target. [less ▲]

Scilab Modelling and Simulation of Communication Networks: Car Traffic Analysis in Luxembourg

in Abstract book of 30th International CAE Conference, CAE'14 (2014)

Network Analysis and Routing eVALuation, referenced as NARVAL has been designed on top of the Scilab environment. It has been created at the University of Luxembourg within the Interdisciplinary Centre ... [more ▼]

Network Analysis and Routing eVALuation, referenced as NARVAL has been designed on top of the Scilab environment. It has been created at the University of Luxembourg within the Interdisciplinary Centre for Security, Reliability and Trust (SnT). The Centre carries out interdisciplinary research and graduate education in secure, reliable, and trustworthy ICT systems and services. This Scilab External Module is focusing on the analysis of network protocols and algorithms. Each network of communicating devices such as computers, phones or sensors, needs to follows specific rules in order to organize and control the data exchange between source and destination nodes. Communication protocols enable to discover the network topology, and to propagate the data traffic between network entities. The main goal of our toolbox is to provide a complete software environment enabling the understanding of available communication algorithms, but also the design of new schemes in order to evaluate and improve the traffic behavior and distribution on network topologies defined by the user. NARVAL permits to generate random topologies according to various algorithms such as Locality, Waxman, Barabasi-Albert and hierarchical models. The user can also design his own topology by providing nodes' coordinates, visualization parameters, and also links' information that are necessary for path calculation. The combination of these functions enables to build a large range of topologies with distinct routing properties. The NARVAL module permits to study the impact of routing algorithms on the effectiveness of transmission protocols used by data communications on a defined network topology. We provide a set of basic functions in order to create network graphs, compute routing algorithms (AODV, BFS, DFS, Bellman-Ford, Dijkstra, Flood, Floyd-Warshall, Multiple Paths, RPL, ARC, etc.) on them and finally make statistical analysis on the efficiency of data communications. The mobility of nodes (Mobile/Vehicular Ad hoc NETwork MANET/ VANET) is also supported according to models such as Random Direction, Random Walk, Random Way Point, etc. The target audience of this external module includes academics, students, engineers and scientists. We put some efforts to build detailed help files. The description of each function has been carefully done in order to facilitate the end users' comprehension. It is often accompanied with explicit diagrams. Our simulations and results obtained with NARVAL have been published in several IEEE international conferences and journals. This research contribution was partially supported by the following European FP7 projects: U2010 (http://www.u2010.eu), EFIPSANS (http://www.efipsans.org), IoT6 (http://www.iot6.eu) and BUTLER (http://www.iot-butler.eu). [less ▲]

Traffic Routing in Urban Environments: the Impact of Partial Information

in Proceedings of 17th Internatonal IEEE Conference on Intelligent Transportation Systems (2014, October)

There are many studies concerning the problem of traffic congestion in cities. One of the best accepted solutions to relieving congestion involves optimization of resources already available, by means of ... [more ▼]

There are many studies concerning the problem of traffic congestion in cities. One of the best accepted solutions to relieving congestion involves optimization of resources already available, by means of balancing traffic flows to minimize travel delays. To achieve this optimization, it is necessary to collect and process Floating Car Data (FCD) from vehicles. In this paper we evaluate the repercussions of partial information on the overall traffic view, and consequently on the outcome of the optimization. Our study focuses on the role of the user participation rate and the availability of Road Side Units to collect the FCD. By means of simulation we quantify the impact of partially-available information on the computation of route optimization, and how it impedes traffic flows. Our results show that even minor uncertainties can significantly impact routing strategies and lead to deterioration in the overall traffic situation. [less ▲]

Towards a New Way of Reliable Routing: Multiple Paths over ARCs

in Towards a New Way of Reliable Routing: Multiple Paths over ARCs (2014, September 24)

The Available Routing Construct (ARC), recently proposed at IETF, provides a promising model for achieving highly reliable routing in large-scale networks. Among its features, ARC offers multi-path ... [more ▼]

The Available Routing Construct (ARC), recently proposed at IETF, provides a promising model for achieving highly reliable routing in large-scale networks. Among its features, ARC offers multi-path routing by design. In the present work, we introduced ARC for the first time to the research community. Then, we showed, by means of simulation results, how ARC over-performs classical multi-path routing algorithms, by building disjoint multiple paths without extra-cost due to new route computation. [less ▲]

Triple Graph Grammars in the Large for Translating Satellite Procedures - Extended Version

Report (2014)

Software translation is a challenging task. Several requirements are important - including automation of the execution, maintainability of the translation patterns, and, most importantly, reliability ... [more ▼]

Software translation is a challenging task. Several requirements are important - including automation of the execution, maintainability of the translation patterns, and, most importantly, reliability concerning the correctness of the translation. Triple graph grammars (TGGs) have shown to be an intuitive, wellde ned technique for model translation. In this paper, we leverage TGGs for industry scale software translations. The approach is implemented using the Eclipse-based graph transformation tool Henshin and has been successfully applied in a large industrial project with the satellite operator SES on the translation of satellite control procedures. We evaluate the approach regarding requirements from the project and performance on a complete set of procedures of one satellite. [less ▲]

Triple Graph Grammars in the Large for Translating Satellite Procedures

in Theory and Practice of Model Transformations (2014, July)

Software translation is a challenging task. Several requirements are important – including automation of the execution, maintainability of the translation patterns, and, most importantly, reliability ... [more ▼]

Software translation is a challenging task. Several requirements are important – including automation of the execution, maintainability of the translation patterns, and, most importantly, reliability concerning the correctness of the translation. Triple graph grammars (TGGs) have shown to be an intuitive, well-defined technique for model translation. In this paper, we leverage TGGs for industry scale software translations. The approach is implemented using the Eclipse-based graph transformation tool Henshin and has been successfully applied in a large industrial project with the satellite operator SES on the translation of satellite control procedures. We evaluate the approach regarding requirements from the project and performance on a complete set of procedures of one satellite. [less ▲]

Network Analysis and Routing eVALuation V3.0

Scientific Conference (2014, May 15)

Correctness of source code extension for fault detection in openflow based networks

Report (2014)

Software Defined Networks using OpenFlow have to provide a re- liable way to detect network faults and attacks. This technical report shows a formal analysis of correctness for an automated code extension ... [more ▼]

Software Defined Networks using OpenFlow have to provide a re- liable way to detect network faults and attacks. This technical report shows a formal analysis of correctness for an automated code extension technique used to extend OpenFlow networks with a logging mecha- nism that is used for the detection of faults and attacks. As presented in a companion paper, we applied the code extension techniques for a framework that can extend controller programs transparently, making possible on-line fault management, debugging as well as off-line and forensic analysis. [less ▲]