CSE Seminars/Conferences

Colloquia, Seminars and Conference News

Title : MAP: A scalable infrastructure for securing 802.11 wireless networks

Date : November 14, 2008. (2:00 pm) Tea starts half an hour before each seminar

Location: ITEB 336

Speaker : Guanling Chen

Abstract:

The shared medium of 802.11 wireless networks means that they are susceptible to many MAC-layer attacks, such as denial of service, reduction of quality or eavesdropping. To detect such attacks it is necessary to monitor the wireless channel itself--- to ``sniff'' the air--- and examine the timing and content of the 802.11 frames. Sniffing the air is a difficult problem: sniffers may not hear every frame, co-located sniffers may hear identical frames at different or unsynchronized times, or a sniffer may have its radio listening to a different channel to that on which an attack is occurring. Accurate detection of attacks is therefore a difficult challenge. In this talk, I will present MAP (Measure, Analyze, Protect), a scalable monitoring and detection framework that addresses these problems. Using a deployment of 20 sniffers placed over a 3-floor building, we evaluate various channel-sampling strategies using metrics for capture quality and detection accuracy, and a method for merging frames from multiple sniffers that reduces bandwidth requirements for wireless monitoring and reduces detection errors. We also describe our detection techniques and demonstrate that our channel-sampling and merging techniques are sufficient for detecting attacks on a live wireless network. Finally, we evaluate the performance of the various MAP components in the current deployment (in terms of CPU load, bandwidth, and other resources) and demonstrate that our infrastructure is effective and efficient at scale. This is a joint work with researchers at Dartmouth College and Aruba Networks: Andrew Campbell, Udayan Deshpande, Tristan Henderson, David Kotz, Yong Sheng, Keren Tan, Bennet Vance, Joshua Wright, and Hongda Yin. This project is supported under award number NBCH2050002 from the U.S. Department of Homeland Security, Science and Technology Directorate. Points of view in this talk do not necessarily represent the official position of the U.S. Department of Homeland Security or the Science and Technology Directorate.

Bio:Dr. Chen received his PhD of Computer Science at Dartmouth College in 2004. He was a Postdoctoral Fellow at the Institute for Information Infrastructure Protection (I3P) in 2005 before joining UMass Lowell. He is interested in experimental systems research involving computer networks. His current research focuses on monitoring and managing wireless networks, sensing systems, and social interactions.

[Back]


Computer Science & Engineering Department 371 Fairfield Road Unit 2155 Storrs, CT 06269-2155 Phone: (860) 486-3719 Fax: (860) 486-4817	Colloquia, Seminars and Conference News Title : MAP: A scalable infrastructure for securing 802.11 wireless networks Date : November 14, 2008. (2:00 pm) Tea starts half an hour before each seminar Location: ITEB 336 Speaker : Guanling Chen Abstract: The shared medium of 802.11 wireless networks means that they are susceptible to many MAC-layer attacks, such as denial of service, reduction of quality or eavesdropping. To detect such attacks it is necessary to monitor the wireless channel itself--- to ``sniff'' the air--- and examine the timing and content of the 802.11 frames. Sniffing the air is a difficult problem: sniffers may not hear every frame, co-located sniffers may hear identical frames at different or unsynchronized times, or a sniffer may have its radio listening to a different channel to that on which an attack is occurring. Accurate detection of attacks is therefore a difficult challenge. In this talk, I will present MAP (Measure, Analyze, Protect), a scalable monitoring and detection framework that addresses these problems. Using a deployment of 20 sniffers placed over a 3-floor building, we evaluate various channel-sampling strategies using metrics for capture quality and detection accuracy, and a method for merging frames from multiple sniffers that reduces bandwidth requirements for wireless monitoring and reduces detection errors. We also describe our detection techniques and demonstrate that our channel-sampling and merging techniques are sufficient for detecting attacks on a live wireless network. Finally, we evaluate the performance of the various MAP components in the current deployment (in terms of CPU load, bandwidth, and other resources) and demonstrate that our infrastructure is effective and efficient at scale. This is a joint work with researchers at Dartmouth College and Aruba Networks: Andrew Campbell, Udayan Deshpande, Tristan Henderson, David Kotz, Yong Sheng, Keren Tan, Bennet Vance, Joshua Wright, and Hongda Yin. This project is supported under award number NBCH2050002 from the U.S. Department of Homeland Security, Science and Technology Directorate. Points of view in this talk do not necessarily represent the official position of the U.S. Department of Homeland Security or the Science and Technology Directorate. Bio:Dr. Chen received his PhD of Computer Science at Dartmouth College in 2004. He was a Postdoctoral Fellow at the Institute for Information Infrastructure Protection (I3P) in 2005 before joining UMass Lowell. He is interested in experimental systems research involving computer networks. His current research focuses on monitoring and managing wireless networks, sensing systems, and social interactions. [Back] Print \| Email