150 likes | 269 Views
A Study of the Geographic Spread and Security of Wireless Access Points. Stuart Cunningham & Vic Grout Centre for Applied Internet Research ( CAIR ) University of Wales, NEWI Plas Coch Campus, Mold Road, Wrexham, LL11 2AW, UK contact@cair-uk.org www.cair-uk.org.
E N D
A Study of the Geographic Spread and Security of Wireless Access Points Stuart Cunningham & Vic Grout Centre for Applied Internet Research (CAIR) University of Wales, NEWI Plas Coch Campus, Mold Road, Wrexham, LL11 2AW, UK contact@cair-uk.org www.cair-uk.org NEWINorth East Wales Institute of Higher Education - Centre for Applied Internet Research
Introduction • Large uptake of Wi-Fi • Home (especially significant) • Business / Industry • Academic • …everywhere! • Increased scope for research • Service utilisation • Roaming • Behavioural studies
Wi-Fi Studies: Security • Less work done in determining implementation of secure services • Nature of wireless means physical boundaries are (almost) insignificant • Given large uptake, especially of non-technical, home users, poses questions: • Just how big is the Wi-Fi uptake? • What is the uptake / awareness of security? • Are there any differences between areas?
Real-World Case Study • 16km2 representative area • Residential, industrial, commercial sectors • Equipment • GPS to fix locations • Wi-Fi enabled laptop • Coverage of area via road network • Carried out during ‘working hours’ • ~10 hours total to cover area • Detection of Access Points • Secure and non-secure
Real-World Case Study • Reflection of ‘war driving’ scenario • ‘Parking Lot Attack’(Arbaugh et al., 2002)
Mapping Results • 1153Access Points detected
Cluster Analysis Attempt to identify any correlation between ‘areas’ and groups of Access Points 3 clusters don’t identify areas in this case…
Cluster Analysis Attempt to identify any correlation between ‘areas’ and groups of Access Points Broad identification achieved
Discussion of Results • Majority of APs are secure (77%) • Notional study in 2002 revealed ~66% unsecure (Ward, 2002) • Still, almost a quarter not secure(!) • Similar spread across area • Large uptake within residential zones • 89% using IEEE 802.11g (rest 802.11b) • Clustering useful in zone identification • High number of residential vs. other areas skew results • Beyond 4 clusters proved ineffective
Security Indexing (ongoing work) • Requires formal zone definition • (Z1, Z2, …, Zm ) • Recognition of Access Point a within a Zone • (a Z) • Denote, by Aj, set, {a : a Zj }, of access points in zone Zj. • For any set of access points, A, denote the set of secure points by S(A) and the set of unsecure points by U(A). • Can then calculate security index, SIj, for zone Zj as:
Security Indexing (ongoing work) • Then require scoring or ordering from features • Of the Zone: • Level of industrial activity, property value, etc. • Or of the access points: • Density, type, etc. • Each such scoring or ordering will give a value, Vjor rank, Rj, for each zone, Zj • Calculating coefficients of correlation or rank correlation across zones will show different levels of dependence between features
Omni-directional Uni-directional Security Configuration • Physically Reducing threats • Antenna positioning • Aerial Footprint • Not always practical / suitable… • Software-based • WEP Encryption • Shown to have shortcomings (Arbaugh et al., 2002) • Wi-Fi Protected Access (WPA) • Smart cards, USB and software tokens • Hiding SSID • ACL’s based on MAC or IP addresses • Hybrid mixtures of techniques is more robust • Revisions to IEEE standards pertinent
Conclusions & Future Work • Large uptake of Wi-Fi • Awareness of security • Reflection of zones / communities • Data collection • Mapping limited by road network • Biased GPS accuracy • Areas with no road access • Future Work • How to optimise data collection in future? (Route Inspection Problem) • More detailed detection mechanisms • Comparisons with other regions
Thank you …… Any questions? Stuart Cunningham & Vic Grout Centre for Applied Internet Research (CAIR) University of Wales, NEWI Plas Coch Campus, Mold Road, Wrexham, LL11 2AW, UK contact@cair-uk.org www.cair-uk.org NEWINorth East Wales Institute of Higher Education - Centre for Applied Internet Research