1 / 15

A Study of the Geographic Spread and Security of Wireless Access Points

A Study of the Geographic Spread and Security of Wireless Access Points. Stuart Cunningham & Vic Grout Centre for Applied Internet Research ( CAIR ) University of Wales, NEWI Plas Coch Campus, Mold Road, Wrexham, LL11 2AW, UK contact@cair-uk.org www.cair-uk.org.

gustav
Download Presentation

A Study of the Geographic Spread and Security of Wireless Access Points

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Study of the Geographic Spread and Security of Wireless Access Points Stuart Cunningham & Vic Grout Centre for Applied Internet Research (CAIR) University of Wales, NEWI Plas Coch Campus, Mold Road, Wrexham, LL11 2AW, UK contact@cair-uk.org www.cair-uk.org NEWINorth East Wales Institute of Higher Education - Centre for Applied Internet Research

  2. Introduction • Large uptake of Wi-Fi • Home (especially significant) • Business / Industry • Academic • …everywhere! • Increased scope for research • Service utilisation • Roaming • Behavioural studies

  3. Wi-Fi Studies: Security • Less work done in determining implementation of secure services • Nature of wireless means physical boundaries are (almost) insignificant • Given large uptake, especially of non-technical, home users, poses questions: • Just how big is the Wi-Fi uptake? • What is the uptake / awareness of security? • Are there any differences between areas?

  4. Real-World Case Study • 16km2 representative area • Residential, industrial, commercial sectors • Equipment • GPS to fix locations • Wi-Fi enabled laptop • Coverage of area via road network • Carried out during ‘working hours’ • ~10 hours total to cover area • Detection of Access Points • Secure and non-secure

  5. Real-World Case Study • Reflection of ‘war driving’ scenario • ‘Parking Lot Attack’(Arbaugh et al., 2002)

  6. Mapping Results • 1153Access Points detected

  7. Mapping Results (Secure Vs. Unsecure)

  8. Cluster Analysis Attempt to identify any correlation between ‘areas’ and groups of Access Points 3 clusters don’t identify areas in this case…

  9. Cluster Analysis Attempt to identify any correlation between ‘areas’ and groups of Access Points Broad identification achieved

  10. Discussion of Results • Majority of APs are secure (77%) • Notional study in 2002 revealed ~66% unsecure (Ward, 2002) • Still, almost a quarter not secure(!) • Similar spread across area • Large uptake within residential zones • 89% using IEEE 802.11g (rest 802.11b) • Clustering useful in zone identification • High number of residential vs. other areas skew results • Beyond 4 clusters proved ineffective

  11. Security Indexing (ongoing work) • Requires formal zone definition • (Z1, Z2, …, Zm ) • Recognition of Access Point a within a Zone • (a  Z) • Denote, by Aj, set, {a : a Zj }, of access points in zone Zj. • For any set of access points, A, denote the set of secure points by S(A) and the set of unsecure points by U(A). • Can then calculate security index, SIj, for zone Zj as:

  12. Security Indexing (ongoing work) • Then require scoring or ordering from features • Of the Zone: • Level of industrial activity, property value, etc. • Or of the access points: • Density, type, etc. • Each such scoring or ordering will give a value, Vjor rank, Rj, for each zone, Zj • Calculating coefficients of correlation or rank correlation across zones will show different levels of dependence between features

  13. Omni-directional Uni-directional Security Configuration • Physically Reducing threats • Antenna positioning • Aerial Footprint • Not always practical / suitable… • Software-based • WEP Encryption • Shown to have shortcomings (Arbaugh et al., 2002) • Wi-Fi Protected Access (WPA) • Smart cards, USB and software tokens • Hiding SSID • ACL’s based on MAC or IP addresses • Hybrid mixtures of techniques is more robust • Revisions to IEEE standards pertinent

  14. Conclusions & Future Work • Large uptake of Wi-Fi • Awareness of security • Reflection of zones / communities • Data collection • Mapping limited by road network • Biased GPS accuracy • Areas with no road access • Future Work • How to optimise data collection in future? (Route Inspection Problem) • More detailed detection mechanisms • Comparisons with other regions

  15. Thank you …… Any questions? Stuart Cunningham & Vic Grout Centre for Applied Internet Research (CAIR) University of Wales, NEWI Plas Coch Campus, Mold Road, Wrexham, LL11 2AW, UK contact@cair-uk.org www.cair-uk.org NEWINorth East Wales Institute of Higher Education - Centre for Applied Internet Research

More Related