Results 1 - 10
of
30
Analysis of a local-area wireless network
, 2000
"... To understand better how users take advantage of wireless networks, we examine a twelve-week trace of a building-wide local-area wireless network. We analyze the network for overall user behavior (when and how intensively people use the network and how much they move around), overall network traffic ..."
Abstract
-
Cited by 194 (3 self)
- Add to MetaCart
(Show Context)
To understand better how users take advantage of wireless networks, we examine a twelve-week trace of a building-wide local-area wireless network. We analyze the network for overall user behavior (when and how intensively people use the network and how much they move around), overall network traffic and load characteristics (observed throughput and symmetry of incoming and outgoing traffic), and traffic characteristics from a user point of view (observed mix of applications and number of hosts connected to by users). Amongst other results, we find that users are divided into distinct location-based sub-communities, each with its own movement, activity, and usage characteristics. Most users exploit the network for web-surfing, session-oriented activities and chatoriented activities. The high number of chat-oriented activities shows that many users take advantage of the mobile network for synchronous communication with others. In addition to these user-specific results, we find that peak throughput is usually caused by a single user and application. Also, while incoming traffic dominates outgoing traffic overall, the opposite tends to be true during periods of peak throughput, implying that significant asymmetry in network capacity could be undesirable for our users. While these results are only valid for this local-area wireless network and user community, we believe that similar environments may exhibit similar behavior and trends. We hope that our observations will contribute to a growing understanding of mobile user behavior.
URSA: Ubiquitous and Robust Access Control for Mobile Ad-Hoc Networks
- IEEE/ACM Transactions on Networking
, 2004
"... Restricting network access of routing and packet forwarding to well-behaving nodes, and denying access from misbehaving nodes are critical for the proper functioning of a mobile ad-hoc network where cooperation among all networking nodes is usually assumed. However, the lack of a network infrastruct ..."
Abstract
-
Cited by 77 (1 self)
- Add to MetaCart
(Show Context)
Restricting network access of routing and packet forwarding to well-behaving nodes, and denying access from misbehaving nodes are critical for the proper functioning of a mobile ad-hoc network where cooperation among all networking nodes is usually assumed. However, the lack of a network infrastructure, the dynamics of the network topology and node membership, and the potential attacks from inside the network by malicious and/or non-cooperative selfish nodes make the conventional network access control mechanisms not applicable. We present URSA, a ubiquitous and robust access control solution for mobile ad-hoc networks. URSA implements ticket certification services through multiple-node consensus and fully localized instantiation, and uses tickets to identify and grant network access to well-behaving nodes. In URSA, no single node monopolizes the access decision or is completely trusted, and multiple nodes jointly monitor a local node and certify/revoke its ticket. Furthermore, URSA ticket certification services are fully localized into each node's neighborhood to ensure service ubiquity and resilience. Through analysis, simulations and experiments, we show that our design effectively enforces access control in the highly dynamic, mobile ad-hoc network.
Wireless Hotspots: Current Challenges and Future Directions
, 2003
"... In recent years, wireless Internet service providers (WISPs) have established Wi-Fi hotspots in increasing numbers at public venues, providing local coverage to traveling users and empowering them with the ability to access email, Web, and other Internet applications on the move. In this paper, we o ..."
Abstract
-
Cited by 32 (1 self)
- Add to MetaCart
In recent years, wireless Internet service providers (WISPs) have established Wi-Fi hotspots in increasing numbers at public venues, providing local coverage to traveling users and empowering them with the ability to access email, Web, and other Internet applications on the move. In this paper, we observe that while the mobile computing landscape has changed both in terms of number and type of hotspot venues, there are several technological and deployment challenges remaining before hotspots can become an ubiquitous infrastructure. These challenges include authentication, security, coverage, management, location services, billing, and interoperability. We discuss existing research, the work of standards bodies, and the experience of commercial hotspot providers in these areas, and then describe compelling open research questions that remain.
Secure Wireless Internet Access in Public Places
- In Proc. IEEE ICC’01
, 2001
"... We have built a network, called the CHOICE network, which globally authenticates users and then securely connects them to the Internet via a high-speed local area wireless network. Our network provides easy-to-use, individualcentric, service-oriented wireless Internet access in places other than the ..."
Abstract
-
Cited by 20 (3 self)
- Add to MetaCart
We have built a network, called the CHOICE network, which globally authenticates users and then securely connects them to the Internet via a high-speed local area wireless network. Our network provides easy-to-use, individualcentric, service-oriented wireless Internet access in places other than the traditional corporate offices and homes. Our architecture is hardware and protocol agnostic and is built on an easily deployable software module called the Protocol for Authorization and Negotiation of Services or PANS. PANS provides authorization, access, privacy, security, policy enforcement, quality of service (QoS) and accounting. In this paper, we describe PANS in detail. We discuss our system design and operation, implementation, and performance. We evaluate PANS and show that it is scalable and secure. Our network has been deployed and is operational at a local mall in Bellevue, Washington.
Dynamic Host Configuration for Managing Mobility between Public and Private Networks
- In The 3rd Usenix Internet Technical Symposium
, 2001
"... We would like to acknowledge and thank several individuals who have helped develop the CHOICE network. In particular, Anand Balachandran, and Srinivasan Venkatachary are two of the original designers and implementers of PANS. Stephen Dahl helped us deploy the network at the Crossroads Mall; Pierre D ..."
Abstract
-
Cited by 19 (3 self)
- Add to MetaCart
(Show Context)
We would like to acknowledge and thank several individuals who have helped develop the CHOICE network. In particular, Anand Balachandran, and Srinivasan Venkatachary are two of the original designers and implementers of PANS. Stephen Dahl helped us deploy the network at the Crossroads Mall; Pierre De Vries handled the legal formalities and helped us with usability issues while being our liaison with the product groups Paul Hoeffer designed our web interaction. We also thank Prof. Dave Johnson of Rice University, and Prof. Mary Baker of Stanford University for the well appreciated constructive discussions.
Detecting and Blocking Unauthorized Access in Wi-Fi Networks
- In Proc. Networking’2004, IFIP, Lecture Notes in Computer Science
, 2004
"... Abstract. Academic and commercial 802.11 hotspots often use an SSLsecured captive portal to authenticate clients. Captive portals provide good usability and interoperability, but poor security. After a captive portal has authenticated a client, session hijacking and freeloading allow attackers to ca ..."
Abstract
-
Cited by 10 (2 self)
- Add to MetaCart
(Show Context)
Abstract. Academic and commercial 802.11 hotspots often use an SSLsecured captive portal to authenticate clients. Captive portals provide good usability and interoperability, but poor security. After a captive portal has authenticated a client, session hijacking and freeloading allow attackers to capture or use the client’s session. Freeloading does not require special tools and, surprisingly, is strengthened by the (widely recommended) use of personal firewalls. We propose and evaluate novel defenses against these attacks, session id checking and MAC sequence number tracking, both of which are transparent to clients and do not require changes in client computers. Experiments demonstrate that the proposed defenses are effective against the mentioned attacks and have little overhead. 1
ESCORT: A Decentralized and Localized Access Control System for Mobile Wireless Access to Secured Domains
- SECOND ACM WORKSHOP ON WIRELESS SECURITY (WISE'03), IN CONJUNCTION WITH MOBICOM
, 2003
"... In this work we design and implement ESCORT, a backward compatible, efficient, and secure access control system, to facilitate mobile wireless access to secured wireless LANs. In mobile environments, a mobile guest may frequently roam into foreign domains while demanding critical network services. E ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
In this work we design and implement ESCORT, a backward compatible, efficient, and secure access control system, to facilitate mobile wireless access to secured wireless LANs. In mobile environments, a mobile guest may frequently roam into foreign domains while demanding critical network services. ESCORT provides instant yet secure access to the mobile guest based on the concept of "escort", which refers to a special network object with four distinct properties: (1) The escort is already a trusted permanent or semi-permanent component of the secured wireless LAN; (2) The mobile guest and the escort have established transient but mutual trust; (3) Communication between the escort and its guests is localized. The escort forwards data packets between the mobile guest and the LAN; (4) The implementation of escort can be mobile and tamper-resistant, thus it can roam with the mobile guest without being compromised. Existing network concepts (e.g., router, gateway) and security concepts (e.g., existing access control models and authorities) do not possess at least one of the four essential properties. As a permanent component of wireless LAN, the communication channel between the escort and the LAN can be secured by effective countermeasures like 802.11i TKIP and AES-CCMP. Therefore, ESCORT addresses the challenge of providing efficient mobile privacy support between the escort and its mobile guests. Three aspects of mobile privacy, namely content privacy, identity privacy, and location privacy are covered in ESCORT design to maximize the protection offered to ESCORT's mobile guests. We use actual implementation to demonstrate that ESCORT design is feasible and efficient.
Authenticated Wireless Roaming via Tunnels: Making Mobile Guests Feel at Home
, 2009
"... In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection throu ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection through which all service requests of the mobile device are sent to and answered directly by the home network. Such Wireless Roaming via Tunnels (WRT) offers several (security) benefits but states also new security challenges on authentication and key establishment, as the goal is not only to protect the end-to-end communication between the tunnel peers but also the tunnel itself. In this paper we formally specify mutual authentication and key establishment goals for WRT and propose an efficient and provably secure protocol that can be used to secure such roaming session. Additionally, we describe some modular protocol extensions to address resistance against DoS attacks, anonymity of the mobile device and unlinkability of its roaming sessions, as well as the accounting claims of the foreign network in commercial scenarios.
An Approach to Enhance InterProvider Roaming Through Secret Sharing and its Application to WLANs”, WMASH 2003
- In WMASH’05
, 2005
"... In this paper, we show how secret sharing can be used to address a number of shortcomings in state-of-the-art publickey-based inter-provider roaming. In particular, the new concept does not require costly operations for certificate validation by the mobile device. It furthermore eliminates the need ..."
Abstract
-
Cited by 4 (2 self)
- Add to MetaCart
(Show Context)
In this paper, we show how secret sharing can be used to address a number of shortcomings in state-of-the-art publickey-based inter-provider roaming. In particular, the new concept does not require costly operations for certificate validation by the mobile device. It furthermore eliminates the need for a secure channel between providers upon roaming. We demonstrate the new approach by introducing a new protocol, EAP-TLS-KS, for roaming between 802.11i-protected WLANs. In addition, we show that the properties of EAP-TLS-KS allow for an efficient integration of a micropayment scheme.
Virtual Prepaid Tokens for Wi-Fi Hotspot Access
- In Proc. 29th Intl. Conf. Local Computer Networks (LCN), IEEE
, 2004
"... We introduce virtual prepaid tokens (VPTs), a novel billing scheme that allows users to obtain access at Wi-Fi hotspots without having an account with a hotspot provider or a physical prepaid token (PPT). Upon arrival at a hotspot, a user buys a VPT online, using a third-party payment server with wh ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
(Show Context)
We introduce virtual prepaid tokens (VPTs), a novel billing scheme that allows users to obtain access at Wi-Fi hotspots without having an account with a hotspot provider or a physical prepaid token (PPT). Upon arrival at a hotspot, a user buys a VPT online, using a third-party payment server with which the user already has an account. Experiments show that users can buy a VPT and gain full Internet connectivity in less than 15 seconds, i.e. much less time than it would take to create another account or to buy and activate a PPT. VPTs can be used in hotspots that use a captive portal or 802.1x for user authentication. The latter alternative enables better security. We also contribute a novel technique that allows a single access point to authenticate users by either method. Hotspots can use this solution for migrating to 802.1x without disrupting legacy captive-portal users. Experiments demonstrate that the proposed technique has little overhead and interoperates broadly. 1.
