Automatic security assessment for next generation wireless mobile networks

Wireless networks are more and more popular in our life, but their increasing pervasiveness and widespread coverage raises serious security concerns. Mobile client devices potentially migrate, usually passing through very light access control policies, between numerous and heterogeneous wireless environments, bringing with them software vulnerabilities as well as possibly malicious code. To cope with these new security threats the paper proposes a new active third party authentication, authorization and security assessment strategy in which, once a device enters a new Wi-Fi environment, it is subjected to analysis by the infrastructure, and if it is found to be dangerously insecure, it is immediately taken out from the network and denied further access until its vulnerabilities have been fixed. The security assessment module, that is the fundamental component of the aforementioned strategy, takes advantage from a reliable knowledge base containing semantically-rich information about the mobile node under examination, dynamically provided by network mapping and configuration assessment facilities. It implements a fully automatic security analysis framework, based on AHP, which has been conceived to be flexible and customizable, to provide automated support for real-time execution of complex security/risk evaluation tasks which depends on the results obtained from different kind of analysis tools and methodologies. Encouraging results have been achieved utilizing a proof-of-concept model based on current technology and standard open-source networking tools.

[1]  Matt Bishop,et al.  The Art and Science of Computer Security , 2002 .

[2]  Marianne Swanson,et al.  Security metrics guide for information technology systems , 2003 .

[3]  Azween Abdullah,et al.  Immune Multiagent System for Network Intrusion Detection using Non-linear Classification Algorithm , 2010 .

[4]  Xiuming Shan,et al.  Aggregate Human Mobility Modeling Using Principal Component Analysis , 2010, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[5]  Francesco Palmieri,et al.  Automated detection and containment of worms and viruses into heterogeneous networks: a simple network immune system , 2007, Int. J. Wirel. Mob. Comput..

[6]  P. Mahalanobis On the generalized distance in statistics , 1936 .

[7]  David Levin Lessons learned in using live red teams in IA experiments , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[8]  Paal E. Engelstad,et al.  Routing of internal MANET traffic over external networks , 2009 .

[9]  Dennis J. Sweeney,et al.  Quantitative Methods for Business , 1983 .

[10]  L. Jean Camp,et al.  Using Budget-Based Access Control to Manage Operational Risks Caused by Insiders , 2010, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[11]  Julie Greensmith,et al.  Immune System Approaches to Intrusion Detection - A Review , 2004, ICARIS.

[12]  Gordon F. Royle,et al.  Algebraic Graph Theory , 2001, Graduate texts in mathematics.

[13]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[14]  Marco de Vivo,et al.  A review of port scanning techniques , 1999, CCRV.

[15]  Francesco Palmieri,et al.  Audit-Based Access Control in Nomadic Wireless Environments , 2006, ICCSA.

[16]  Tao Li,et al.  Network Security Situation Prediction Using Artificial Immune System and Phase Space Reconstruction , 2010 .

[17]  Xinyu Xing,et al.  Fault reconnaissance agent for sensor networks , 2010, Mob. Inf. Syst..

[18]  David M. Eyers,et al.  Using trust and risk in role-based access control policies , 2004, SACMAT '04.

[19]  Uwe Aickelin,et al.  Danger Theory: The Link between AIS and IDS? , 2003, ICARIS.

[20]  Sándor Imre,et al.  Accurate mobility modeling and location prediction based on pattern analysis of handover series in mobile networks , 2008, MoMM.

[21]  Charles R. Johnson,et al.  Matrix analysis , 1985, Statistical Inference for Engineers and Data Scientists.

[22]  Niels Karowski,et al.  Automated Protection of End-Systems Against Known Attacks , 2006 .

[23]  Konstantin Knorr,et al.  Dynamic access control through Petri net workflows , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[24]  Ehab Al-Shaer,et al.  A Novel Quantitative Approach For Measuring Network Security , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[25]  Francesco Palmieri,et al.  Network anomaly detection through nonlinear analysis , 2010, Comput. Secur..

[26]  Thomas Kunz,et al.  Extending mobility to publish/subscribe systems using a pro-active caching approach , 2010, Mob. Inf. Syst..

[27]  Gail-Joon Ahn,et al.  Dynamic and risk-aware network access management , 2003, SACMAT '03.

[28]  T. Saaty Decision making — the Analytic Hierarchy and Network Processes (AHP/ANP) , 2004 .

[29]  Thomas L. Saaty,et al.  Decision Making for Leaders: The Analytical Hierarchy Process for Decisions in a Complex World , 1982 .

[30]  Ravi S. Sandhu,et al.  Towards a task-based paradigm for flexible and adaptable access control in distributed applications , 1993, NSPW '92-93.