1 / 41

Wireless Network Security Virtual Laboratory

Wireless Network Security Virtual Laboratory. Anthony LoBono , Mike Steffen, and Shishir Gupta Advisor: Doug Jacobson Client: George Amariucai. Introduction.

elina
Download Presentation

Wireless Network Security Virtual Laboratory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Wireless Network Security Virtual Laboratory Anthony LoBono, Mike Steffen, and Shishir Gupta Advisor: Doug Jacobson Client: George Amariucai

  2. Introduction • Problem: Iowa State University’s CPRE537: Wireless Network Security course does not provide a laboratory environment in which students, which include both distance educationand on campus students, can conduct wireless security experiments. • Solution: Create an environment which is accessible from anywhere in the world using real wireless hardware and a virtual machine server, and provide the software tools necessary forconducting experiments on wireless security.

  3. Conceptual Sketch

  4. Functional Requirements •Remote access for both on campus and off campus students •Support for at least four concurrent users •Support for WiFi and Bluetooth experiments •A web interface to manage hardware access •Non – interference between users •Comprehensive documentation for both administrators and students

  5. Non-Functional Requirements •User friendly access interface • Adequate network bandwidth •Adequate system resources • Real world network simulation •Extension to support other wireless technology GSM RFID

  6. Schedule 1st Semester •Preliminary hardware setup •Preliminary laboratory design • Wi-Fi demo laboratory setup 2nd Semester •Final implementation Hardware interface Web interface •GSM / RFID experimentation •Final setup and final testing

  7. Task Responsibility As a small team of three members, each member is equally involved with all aspects of project. However, here is a very basic work breakdown: • Michael Steffen– Hardware Specialist Michael leads the design and setup of the hardware architecture and virtual machine server • Anthony LoBono- System Specialist Anthony leads the design and setup of the software architecture and the web interface • Shishir Gupta - Security Specialist Shishir leads the design and setup of wireless security hardware and software

  8. System Architecture

  9. Implementation Hardware Architecture • Commodity x86 server hardware • USB wireless dongles (Ralink) • Consumer-grade routers • USB Bluetooth/RFID/etc tools

  10. Implementation Software Architecture • Multilevel • Hypervisor • OS • Software tools • Scripts • Mostly invisible to end user

  11. Implementation Software Architecture • Hypervisor • VmwarevSphere Hypervisor 4.1 • Free license • Robust platform • Team familiarity • Ease of configuration • Custom scripted via console SSH • Virtual machines • Four transmit client nodes • Four attack nodes • One host config node • One administration node

  12. Implementation Software Architecture • Dilemma: How to ensure environment is equally available to all? • Solution: Each user has own VM • Remains off until requested • Radio config patched before boot and stripped after logoff • Result: greater uptime for all users

  13. Implementation Software Architecture • Scripts • Backend: Hypervisor scripted to allow statistics gathering, power state mods, file operations • Frontend: Configuration upon creation of machines • Scripts for environment user management, administration • User interface • Web portal • Access to system status, user file operations, documentation • Terminal or X server access to user’s attack and transmit nodes • X access via Nomachine NX

  14. Implementation Network Architecture • Intent: user environments separate from each other • Users MAC-locked to router • Can be bypassed • Transmit nodes blocked from communicating via firewall • Routing of HTTP versus SSH traffic achieved via firewall, routing tables • Radio separation achieved by manual channel configuration

  15. Cost Estimate VM Host Server$1250 (approx) Wireless Adapters$80 ($10 x 8) Bluetooth Adapters $160 ($40 x 4) Routers / Switches$130 Total$1620 (approx)

  16. Start Environment User asks the web portal to attach radios and power on user machines. Web portal check the PHP session to confirm the user is logged in and get the user’s username. Web portal tells the hypervisor communication class to power on the users machines. Hypervisor class invokes the provision and boot script on the host machine through an SSH connection.

  17. Adding A User User requests to add user Web portal check to make sure user is an administrator Web portal checks to see if user already exists Web portal tells hypervisor communication class to verify that the datastore has enough disk space Hypervisor class tells host machine to verify and create user machines Web portal saves username and password temporarily.

  18. Adding A User Web portal tells the control machine to add the configuration script to crontab Configuration script checks to see if the host machine is done creating user machines every five minuts When ready, the script reads the username and password from the control machine The script tells the hypervisor class to power on the user’s machines The script runs commands over SSH to configure the virtual machines User gets added to the database

  19. Web Interface

  20. Web Interface

  21. Web Interface

  22. Web Interface

  23. Web Interface

  24. Creating Users • Results– Both creating individual user’s virtual machines and batch creating user’s virtual machines was successful • Known Issues – Better functionality should be implemented for alerting and administrator when this process is completed. – If the portdef table in the MYSQL database becomes corrupt new virtual machines will not be configured correctly, nor will they be accessible from outside the firewall.

  25. Removing Users • Results–Tests for removing virtual machines were successful • Known Issues – When removing individual users from the pordef table in the MYSQL Database their assigned ports will not be able to be used again until all users are removed.

  26. Change Account Passwords • Results– The system was able to catch all combinations of characters we tested without error. • Known Issues • None

  27. Powering Down Machines • Results– The system was able to power down a user’s machines. The web interface was also successful in powering down machines from both the user session and the admin session. • Known Issues – Powering down a user’s machine while it is being backed up fails.

  28. Backing Up And Restoring Machines • Results– The system was mostly successful in this process. A few test resulted in failure however the failures were not reproducible. • Known Issues – If a user restores his or her working image from a backup after being assigned new ports on the firewall the machine will no longer function properly. However the current implementation should not allow a users ports to be redefined.

  29. Attaching Radios And Booting • Results– All tests for the system resulted in success. • Known Issues – With the current implementation only non-cascading USB hubs can be used with the server. Cascading hubs cause the ‘getavailibleusbdevices.sh’ script to fail.

  30. Wireless Experimentation Environment Each user -> Remote access to two virtual machines Attack Machine -Backtrack 5 R1 -NX Server -SSH Server -Attack Tools Client Machine -Ubuntu 10.04 (LTS) -NX Server -SSH Server -Traffic Generators

  31. Wi- Fi + Bluetooth The laboratory currently supports experimentation for Wi-Fi and Bluetooth. Wi-Fi Bluetooth Hardware USB Bluetooth Adapter (Linksys BT100) Software Backtrack Tools Hardware USB Wi-Fi Adapter (Rosewill RTL-8187) Wireless Router (D - Link XXXXX) Software Backtrack Tools Lorcon (packet injection) Airpwn (Wi-Fi spoofing) Scapy (packet injection) coWPAtty (WPA cracking)

  32. Laboratory Extension The coursework for the class does not limit to a specific wireless technology and instead touches different wireless technology. Wi-Fi Bluetooth GSM RFID As part of this senior design project, client requirements insisted initial integration of at least Wi-Fi and Bluetooth and optional extension or preparatory work for future extension to other technology. The team researched and performed experiments with a SDR platform to potentially integrate GSM, RFID and maybe other technology in the future.

  33. Hardware Universal Software Radio Peripheral (USRP) USRP version 1 Daughterboards LF RX (DC-30 MHz RX) TV RX (50-870MHz RX) DBSRX (800MHz-2.4GHz RX) RFX2400 (2.3-2.9 GHz RX+TX) Antennas USB Connector Software GNU Radio + Universal Hardware Driver(UHD) Core Framework AirProbe (GSM decoder) RIDAC (RFID toolkit) DSP Buttler (signal processing)

  34. Experiments Performed Wireless jamming GNU Radio Signal Generator GSM receiving/decoding AirProbe GSM RX/sniffer RFID capture RIDAC RFID audit toolkit Wireless RF spectrum analysis DSP Buttler Baudline RF spectrum analyzer *Note – All experiments were conducted using open source software available on the internet.

  35. Spectrum Analysis

  36. GSM Capture

  37. Additional Problems / Notes • The RSA private key for the web user must remain unencrypted. • Before the configure machines script can work, the web user must accept the RSA id from the SSH server on the stock images. • Before the configure machines script can work the RSA public key for the web user must be added to the root users ‘authorized_keys’ file on both stock images. • When restoring user images from the stock image, the image was no longer functional. The solution was to edit the configuration script to see if the user already exits. If the user does exist the script looks up the user in the portdef table in the MYSQL database and configures the machine accordingly. • Currently for a new user to be created there must be at least 70 gigabytes of free space on the requested datastore. This is to account for user backups. A more space efficient method should be investigated.

  38. Additional Problems / Notes • Currently the firewall is only configured to allow 100 users on the system. Given the diskspace constraint listed above this is not really an issue. However, the firewall should be reconfigured and the machine configuration script should be modified to allow more than 100 users on the system. • Currently when a user’s allotted session time comes to an end, the user’s machines are powered down. Since we made the switch from PCI cards to USB devices it is now possible to ‘hot plug’ the devices. Now when a user’s session comes to an end, the devices attached should be removed and the machines remain powered on. This change would prevent data loss. • To allow for the PHP scripts to write log files to ‘/var/log/wseclab.d/FILENAME’ the web user Apache server runs as needed to be added to the log group. • To allow for the web user Apache server runs as to schedule cron jobs, the web user had to be added to the user group.

  39. Testing • Our original plan was to have a closed beta test for this semester’s Computer Engineering 537 class. However, Computer Engineering 537 was not offered this semester so we acted as the test subjects. We test all the use cases in appendix A with a large amount of success.

  40. Questions

More Related