DOWNLOAD

524 views
455 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
524
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Briefing Point of Contact: E. Paul Ratazzi AFRL/IFGC 525 Brooks Road Rome, NY 13441-4505 Tel. (315) 330-3766, DSN 587-3766 Fax (315) 330-8255, DSN 587-8255 [email_address]
  • May 11, 2010
  • May 11, 2010
  • May 11, 2010
  • May 11, 2010
  • Briefing Point of Contact: E. Paul Ratazzi AFRL/IFGC 525 Brooks Road Rome, NY 13441-4505 Tel. (315) 330-3766, DSN 587-3766 Fax (315) 330-8255, DSN 587-8255 [email_address]
  • May 11, 2010
  • DOWNLOAD

    1. 1. WIRELESS INFORMATION ASSURANCE May 11, 2010 Paul Ratazzi Air Force Research Laboratory Rome NY (315) 330-3766 [email_address] UNCLASSIFIED
    2. 2. Wireless Exposes the Enterprise <ul><li>Cannot contain RF signals without compromising system performance. </li></ul><ul><li>No physical boundaries for conventional firewalls or perimeter defense. </li></ul><ul><li>Cannot prevent receipt of adversarial incident energy without compromising system performance. </li></ul><ul><li>Intruder can easily… </li></ul><ul><ul><li>… gain access to information </li></ul></ul><ul><ul><li>… manipulate/tamper data </li></ul></ul><ul><ul><li>… utilize network resources </li></ul></ul><ul><ul><li>… perform traffic - activity correlation </li></ul></ul><ul><ul><li>… detect communication activity </li></ul></ul><ul><ul><li>… locate network components (T/DOA) </li></ul></ul><ul><ul><li>… deny service </li></ul></ul>
    3. 3. Simplified Network Architecture Firewall PUBLIC WEB SERVER Router Internet PHYSICAL SECURITY BOUNDARY
    4. 4. Basic Wireless Architecture & Vulnerability Firewall PUBLIC WEB SERVER Router Internet ACCESS POINT WIRELESS COMPUTERS PHYSICAL SECURITY BOUNDARY
    5. 5. Information Assurance “ The information operations that protect and defend information and/or information systems by ensuring their availability , integrity , authentication , confidentiality , and non-repudiation . This includes providing for the restoration of the information systems by incorporating protection, detection, and reaction capabilities.” Source: Joint Pub. 3-13, Information Operations Protect information, information systems, and computer networks. Collect information to facilitate future decision making. Analyze, Understand, and Respond quickly to ensure mission critical information is available, correct and secure. Monitor and Detect information warfare attacks in real-time. Detect Protect / Collect Respond
    6. 6. “Full Spectrum” IA Problem Space Protect Detect Respond Data link Physical Network Transport Session Presentation Application Wireless Emphasis ! !
    7. 7. Initial Technology Focus – Commercial Wireless LAN <ul><li>Institute of Electrical & Electronics Engineers (IEEE) 802.11 </li></ul><ul><ul><li>Encryption (Wired Equivalent Privacy – WEP) </li></ul></ul><ul><ul><li>Proprietary and standard security features/enhancements (dynamic WEP, “closed” network, access-control lists) </li></ul></ul><ul><ul><li>Modes of operation (ad-hoc, infrastructure) </li></ul></ul><ul><ul><li>Air interface (antenna, operating frequency) </li></ul></ul><ul><ul><li>Software (driver, utility, application, diagnostic) </li></ul></ul><ul><ul><li>Architecture, CONOPS and integration into corporate infrastructure </li></ul></ul>802.11 Architecture Example 802.11b Hardware Adapter: $130 AP: $560 Distribution System (DS) Extended Service Set (ESS) BSS Basic Service Set (BSS) AP Access Point (AP) Adapter
    8. 8. DoD Applications of Commercial WLAN <ul><li>Flight line </li></ul><ul><ul><li>Maintenance, operations </li></ul></ul><ul><li>Logistics, asset tracking </li></ul><ul><li>Base infrastructure </li></ul><ul><ul><li>Hospitals, offices </li></ul></ul><ul><li>Deployed units </li></ul><ul><ul><li>Air Operations Center </li></ul></ul><ul><ul><li>Forward Operating Location </li></ul></ul><ul><ul><li>Medical </li></ul></ul><ul><li>Small unit operations, Special Forces, TACP, battlefield operations </li></ul><ul><li>Shipboard, sub-board, ship-to-ship, littoral </li></ul><ul><li>Aircraft internal, air-to-air (formation) </li></ul>
    9. 9. Issues – Use of Commercial WLAN <ul><li>RF </li></ul><ul><ul><li>Unlicensed frequency bands of operation </li></ul></ul><ul><ul><li>No use of advanced RF techniques (nulling, steering) </li></ul></ul><ul><ul><li>No electronic protection technology </li></ul></ul><ul><li>Security </li></ul><ul><ul><li>Security features are optional and may impact interoperability </li></ul></ul><ul><ul><li>Weak encryption used and only applied to payload, not network information </li></ul></ul><ul><ul><li>Vendors won’t publicize security problems </li></ul></ul><ul><ul><li>Size of security perimeter depends on adversary’s antenna </li></ul></ul><ul><ul><li>Wireless can “break” the forensics trail </li></ul></ul><ul><li>Standards/Interoperability </li></ul><ul><ul><li>Proprietary extensions to standards and proprietary HW/SW </li></ul></ul><ul><li>Other </li></ul><ul><ul><li>Focus is on operation in a benign environment </li></ul></ul><ul><ul><li>Friendly equipment same as adversary’s equipment </li></ul></ul>
    10. 10. Issues (cont’d) <ul><li>Capstone Requirements Document (CRD) for Global Information Grid (GIG), dated 30 August 2001: </li></ul><ul><li>“ DoD has little or no network management capability to accompany its increasingly widespread use and application of advanced mobile wireless computing and networking which are inherently ad hoc. ” </li></ul>
    11. 11. Issues – “Wardriving” <ul><li>Network Stumbler, Kismet, WinXP, etc. </li></ul><ul><ul><li>Wireless LAN discovery </li></ul></ul><ul><li>AirSnort </li></ul><ul><ul><li>Breaks WEP encryption keys after sufficient traffic is captured </li></ul></ul><ul><li>WEPcrack </li></ul><ul><ul><li>WEP breaker </li></ul></ul><ul><li>AeroSniff </li></ul><ul><ul><li>802.11b sniffer </li></ul></ul><ul><li>AeroPeek </li></ul><ul><ul><li>802.11b sniffer, WEP decoder </li></ul></ul><ul><li>wigle.net, netstumbler.com </li></ul><ul><ul><li>National databases of identified networks </li></ul></ul>
    12. 12. Wireless Geographic Logging Engine (WiGLE) As of 5 Dec: Total unique networks in DB: 191170 Total networks protected (layer 2): 51718 (27%) Chicago
    13. 13. Impact of Commercial WLAN Shortcomings <ul><li>Unprotected physical layer </li></ul><ul><ul><li>Detection, location, activity analysis, jamming, interference </li></ul></ul><ul><li>Poor layer-2 security </li></ul><ul><ul><li>Man-in-the-middle, forgery, unauthorized use, DoS, traffic analysis </li></ul></ul><ul><li>Lack of wireless layer 2 IDS </li></ul><ul><ul><li>Poor forensic capability, lack of situational awareness </li></ul></ul><ul><li>Weak encryption </li></ul><ul><ul><li>Data security compromise </li></ul></ul>
    14. 14. What’s Being Done? Policy DoD Directive 8100.bb: “ Use of Commercial Wireless Devices, Services, and Technologies in the DoD Global Information Grid (GIG)” Status: SD106 Adjudication Draft, 30 Jan 03
    15. 15. What’s Being Done? Technical Risk Mitigation Strategies <ul><li>Only allow access to known clients </li></ul><ul><ul><li>MAC address filtering </li></ul></ul><ul><li>Configure Access Points to “Closed Mode” </li></ul><ul><li>Set strong SSID (Service Set Identifier ~ Wireless Network Name) </li></ul><ul><li>Require Username/Password authentication </li></ul><ul><ul><li>e.g., EAP (802.1x) </li></ul></ul><ul><li>Turn on Wired Equivalent Privacy (WEP), WEP+, Dynamic WEP </li></ul><ul><ul><li>128-bit encryption </li></ul></ul><ul><ul><li>Change session keys at every logon </li></ul></ul><ul><ul><li>Avoid “weak keys” </li></ul></ul><ul><li>Implement VPN encryption, 3DES (168-bit) IPsec </li></ul><ul><ul><li>FIPS 140-2 compliant </li></ul></ul><ul><li>Firewall the WLAN environment (Wireless DMZ) </li></ul>
    16. 16. What’s Being Done? Today’s Wireless Security Architecture Firewall VPN (Cisco 3030) Access Points (Cisco 350) ID Sensors (future) Wireless Computers Secured – 128-bit WEP+ & VPN 3DES 168-bit encrypted INTERNAL NETWORK DMZ Firewall PUBLIC WEB SERVER Router Internet PUBLIC FTP SERVER DOD Policy & AF Implementation Guidance Being Finalized
    17. 17. What’s Being Done? Operational Risk Mitigation Strategies <ul><li>“ War Driving” - Periodic compliance testing </li></ul><ul><li>Tools used </li></ul><ul><ul><li>AiroPeek (passive wireless sniffer, cost: $2K) </li></ul></ul><ul><ul><ul><li>Detects and can decode WEP </li></ul></ul></ul><ul><ul><ul><li>Detects all APs and clients in range </li></ul></ul></ul><ul><ul><li>Network Stumbler (AP interrogator, cost: free) </li></ul></ul><ul><ul><ul><li>If AP is not “closed”: </li></ul></ul></ul><ul><ul><ul><ul><li>Reveals SSID (Wireless Network Name) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Indicates if encrypted (WEP) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Measures signal, location </li></ul></ul></ul></ul><ul><ul><li>Locust (dedicated passive handheld 802.11b receiver, cost: $4K) </li></ul></ul><ul><ul><ul><li>Reveals MAC, WEP usage, signal information </li></ul></ul></ul>“ Parking Lot Attack” CRITICAL NEED: Automated, integrated compliance and intrusion detection capabilities!
    18. 18. Still A Lot More to Do… Policy Security Architecture Manual Security Testing & Monitoring ?? Wireless IA ?? ?? Detect Protect Respond
    19. 19. What Else Can Be Done? RF Protection Advanced Antennas Mobile Authentication Key Management RF Detection & Location Layer 2 Intrusion Detection Host-Based ID Active Response Adaptive Node Key Revocation Wireless IA Detect Protect Respond
    20. 20. AFRL Wireless Detect and Respond Development Capability <ul><li>Development System </li></ul><ul><ul><li>Free and Open Source Software (FOSS) platform </li></ul></ul><ul><ul><ul><li>Linux OS, linux-wlan, hostAP, other community s/w </li></ul></ul></ul><ul><ul><ul><li>Cross-compiler for target sensor platform </li></ul></ul></ul><ul><ul><ul><ul><li>PPC SBC, laptop, etc. </li></ul></ul></ul></ul><ul><li>Intersil ® PRISM® WLAN hardware </li></ul><ul><ul><li>PC Cards, USB adaptors </li></ul></ul><ul><li>Code portable to other platforms </li></ul><ul><ul><li>Wintel </li></ul></ul>
    21. 21. Development Process Wireless Protocol Analysis Anomalous Behavior Identification Embedded Systems Development Intrusion Detection Threshold Intrusion Started Intrusion Stopped
    22. 22. Wireless Intrusion Detection System <ul><li>Layer 2 monitoring of WLAN via wireless NIC </li></ul><ul><li>Distributed coincident with WLAN coverage </li></ul><ul><li>AP-based or host-based </li></ul><ul><li>Uses standard NIC </li></ul><ul><li>Small, low-cost embedded platform </li></ul><ul><li>Free and open source software based </li></ul><ul><li>AFRL in-house developed </li></ul>
    23. 23. WIDS Functional Block Diagram NCC Tools, e.g., Air Force Enterprise Defense (AFED) WIDS SBC Wireless Sensor 5 Wireless Sensor 4 Wireless Sensor 3 Wireless Sensor 2 Wireless Sensor 1 widsd Daemon wland Daemon Access Point syslogd Daemon RF, firmware Ethernet NO Wireless Intrusion Detection or Policy Violation Detection Capability Currently in DoD NCCs
    24. 24. Current WIDS Sensors <ul><li>Policy Compliance </li></ul><ul><ul><li>Rogue AP Detection </li></ul></ul><ul><ul><li>Unauthorized Client Connections </li></ul></ul><ul><ul><li>Unprotected SSIDs </li></ul></ul><ul><ul><li>WEP Usage </li></ul></ul><ul><ul><li>Ad-hoc Networks </li></ul></ul><ul><li>Intrusion Detection </li></ul><ul><ul><li>“ Wardriving” Probes (Network Stumbler, Kismet, WinXP, “survey”/”debug” mode, etc.) </li></ul></ul><ul><ul><li>Connection Hijacks </li></ul></ul>
    25. 25. WIDS Concept Architecture - Fixed FIREWALL PUBLIC SERVERS Router ACCESS POINT WIRELESS COMPUTERS PHYSICAL SECURITY BOUNDARY ACCESS POINT ESM TOOLS INTERNET WIDS-D WIDS-D WIDS Server WIDS-AGENT WIDS WIDS-AGENT WIDS
    26. 26. WIDS Concept Architecture - Mobile WIDS WIDS-AGENT WIDS-AGENT WIDS-AGENT
    27. 27. Additional AFRL R&D Activities <ul><li>Distributed Intrusion Detection and Boundary Control </li></ul><ul><ul><li>Leverage client antenna perspectives </li></ul></ul><ul><li>Adaptive Radio Frequency Processing </li></ul><ul><ul><li>Develop radio front-end with real-time adaptive carrier frequency </li></ul></ul><ul><li>Software Defined Radio Applications </li></ul><ul><ul><li>Allow full reconfigurability at all seven layers </li></ul></ul><ul><li>Waveform Signature Analysis </li></ul><ul><ul><li>Hardware authentication and keying </li></ul></ul><ul><li>RF Watermarking </li></ul><ul><ul><li>“ Invisible” data embedded at physical layer </li></ul></ul>
    28. 28. Adaptive RF Processing In-house Activity <ul><li>Objective: </li></ul><ul><li>Develop adaptive “physical layer” (i.e. RF) techniques to improve signal “robustness” against intentional and unintentional jamming/interference </li></ul><ul><li>Approach: </li></ul><ul><li>Implement “N-Sigma Adaptive Frequency Domain Excision” algorithm </li></ul><ul><li>Utilize FPGA technology for digital implementation of algorithm </li></ul><ul><li>Utilize RFICs for up/down-conversion of 802.11 waveform to baseband </li></ul><ul><li>Summary: </li></ul><ul><li>Expect working N-Sigma Algorithm by 3-4QFY03 </li></ul><ul><li>End-to-end demo, including up/down conversion, 1-2QFY04 </li></ul><ul><li>Progress: </li></ul><ul><li>Purchased Xilinx FPGA boards and RFICs </li></ul><ul><li>Developed Triple Memory Space (TMS) 1024-point Fast Fourier Transform </li></ul><ul><li>Developed various VHDL sub-modules optimized for FPGAs: </li></ul><ul><ul><li>Real/Imaginary Magnitude Function </li></ul></ul><ul><ul><li>Logarithmic Scaling Function </li></ul></ul><ul><ul><li>Mean/Standard Deviation Function </li></ul></ul>Schematic of 1024-point Complex Fast Fourier Transform
    29. 29. Software Defined Radio for Secure Wireless <ul><li>Demonstrate interoperability and ability to P-D-R </li></ul><ul><ul><li>SDR contains all layers of networking and all are reconfigurable </li></ul></ul><ul><li>Develop dynamic node personality concepts – “sense and adapt” </li></ul><ul><ul><li>Multiple modulation formats </li></ul></ul><ul><ul><li>Reconfigurable antennas </li></ul></ul><ul><ul><li>Frequency agility </li></ul></ul><ul><li>Develop enhanced COTS protocols </li></ul><ul><ul><li>Secure LPI/D orderwire </li></ul></ul><ul><ul><li>Automatic key updates </li></ul></ul><ul><li>Develop AJ approaches </li></ul><ul><ul><li>AJ receivers </li></ul></ul><ul><ul><li>Frequency agility </li></ul></ul>SDR COTS Detect Protect Respond
    30. 30. RF Watermarking <ul><li>Objective: Develop techniques to insert watermarking (aka branding) at the physical layer of a wireless network. Demonstrate how various radio equipment can be identified based on its RF signature. Demonstrate RF watermarking in either SDR testbed or 802.11 WLAN environment. </li></ul><ul><li>Approach: Develop approach for RF watermarking of wireless links. Identify platform best suited for implementation (SDR or 802.11). Identify and leverage current work in equipment identification based on RF signatures. Demonstrate RF watermarking and equipment Identification on SDR platform </li></ul>
    31. 31. Authentication & Key Revocation Protocols for WLAN <ul><li>Fast, secure software data encryption </li></ul><ul><li>Scalable mutual authentication protocol between nodes with unequal computing power </li></ul><ul><ul><li>Symmetric key systems on mobile side </li></ul></ul><ul><ul><li>Public key systems on base side </li></ul></ul><ul><li>Efficient group key distribution and update (via broadcast) </li></ul>Lack of mutual authentication Mutually authenticated Attacker base station Base station Mobile units Failed authentication
    32. 32. Comprehensive Intrusion Detection & Recovery for the Tactical Comm. Grid CONOPS CONOPS and and Intrusion Tolerant Programs Intrusion Tolerant Programs Intrusion Intrusion Forecasting Forecasting Programs Programs Real Real - - Time Time Recovery Recovery Programs Programs Attack Attack Mounted Mounted System System Intrusion Intrusion Attacker Attacker Reconnaissance Reconnaissance Damage Damage Inflicted Inflicted Access Access Probe Probe Cover Cover - - Up Up Target Target Analysis Analysis Attack Attack Forecast Forecast Intrusion Intrusion Detection Detection Damage Damage Assessment Assessment Recovery Recovery Defender Defender Reconnaissance Reconnaissance Impact Impact Analysis Analysis Response Response Threat Threat Analysis Analysis Time Fortification Fortification Physical Physical Security Security Entry Entry Control Control System System Reaction Reaction Attacker Defender COTS Solution Defense GAP Legend
    33. 33. Wireless Intrusion Detection: Establishing “Radio Loyalty” Use Patterns & Indicator Classes On/Off Profile Untimely Response Compare with Doctrine, Policy and Procedure Detect & Respond Establishing radio loyalty is an integration of reporting, pattern recognition, mission profile awareness and tracking, and doctrine • • • •
    34. 34. WLAN Security Analytic Tools & Database Use Case WLAN Characterization Threats Defensive Measures D A T A B A S E Taxonomy Occurrence Consequence Effectiveness Cost/Impact ISO SAIC Process (tool) RISK Assessment P D R A B C Tools L I D R
    35. 35. WIRELESS INFORMATION ASSURANCE May 11, 2010 Paul Ratazzi Air Force Research Laboratory Rome NY (315) 330-3766 [email_address]
    36. 37. What Are We Trying to Accomplish? <ul><li>Enhance and extend IA for wireless through synergistic in-house and contractual activities: </li></ul><ul><li>PROTECT: </li></ul><ul><ul><li>Network LPI/LPD/AJ to avoid detection, location, denial </li></ul></ul><ul><ul><li>Distributed, collaborative boundary control </li></ul></ul><ul><li>DETECT: </li></ul><ul><ul><li>Bottom-layer intruder detection and localization techniques </li></ul></ul><ul><ul><li>Continuous authentication </li></ul></ul><ul><ul><li>Wireless network intrusion and anomaly detection techniques </li></ul></ul><ul><li>RESPOND: </li></ul><ul><ul><li>Collaborative, multilayer techniques </li></ul></ul><ul><ul><li>Dynamic node personalities </li></ul></ul><ul><ul><li>Robust, distributed key management </li></ul></ul><ul><ul><li>Adaptive multi-node-based nulling </li></ul></ul><ul><ul><li>Path diversity </li></ul></ul>Detect Protect Respond
    37. 38. Network Stumbler “Proudly Stumbling on a Street Near You” Vendor Encryption? SSID/Name Location (GPS) S/N MAC Coverage
    38. 39. AFOSI Netstumbler.com Database Analysis <ul><li>Webcrawler script to gather entire netstumbler.com database </li></ul><ul><ul><li>BSSID, SSID, Latitude, Longitude, Vendor, S/N </li></ul></ul><ul><li>Position compared to AF Base locations </li></ul><ul><ul><li>10 mile radius </li></ul></ul><ul><li>Results (a/o Dec 01) </li></ul><ul><ul><li>>2,600 APs in database that meet location criteria </li></ul></ul><ul><ul><li>Many have “AF-ish” SSID </li></ul></ul><ul><li>Database now offline, but was probably merged with WiGLE </li></ul>
    39. 40. Forensic Issues Amplified by WLAN <ul><li>Collection problematic or impossible. </li></ul><ul><ul><li>No persistent or latent physical evidence w.r.t. network connection. “Drive away.” </li></ul></ul><ul><ul><li>Latent evidence on network will link attack to unwitting service provider, not ultimate attacker. </li></ul></ul><ul><ul><li>Layer 1 & 2 latent evidence trail stops at AP </li></ul></ul><ul><ul><li> Prevents comprehensive forensic process. </li></ul></ul><ul><li>Attacker not bound by… </li></ul><ul><ul><li>Any service level agreement </li></ul></ul><ul><ul><li>Physical constraints </li></ul></ul><ul><ul><li> Significantly reduces traceability & accountability </li></ul></ul>
    40. 41. Wireless Forensic Spin-Up - Recommendations <ul><li>Covert agents to “see over” layer 1/2 AP “wall” </li></ul><ul><ul><li>Dispatched to attacker’s machine </li></ul></ul><ul><ul><li>Return layer 1/2 info. over covert higher-layer channel </li></ul></ul><ul><li>Wireless-side smart sensors, triggers, logs, etc. </li></ul><ul><ul><li>Tied back to provider’s NMS </li></ul></ul><ul><ul><li>Include feature selection, semi-autonomous </li></ul></ul><ul><li>Improved wireless standards </li></ul><ul><ul><li>Include features that support requirements of IA </li></ul></ul>
    41. 42. CITS CDR Draft Wireless Architecture
    42. 43. Excerpt from SRD for ITS-Wireless <ul><li>4.3.6 Intrusion: Detection and Prevention </li></ul><ul><li>The WLAN shall be integrated within CITS framework to ensure that the following features are provided: </li></ul><ul><ul><li>a) Collecting sufficient data to monitor and document the internal and external threats ; store packets for future recreation and analysis; creating files, which can be analyzed using filters, policy and options (threshold). </li></ul></ul><ul><ul><li>b) Protection in such a manner that the network based Intrusion Detection System (IDS) detects correlated intrusion attempts in space (different sources of intrusion) or in time (long attempts) against a base, against a group of hosts or a single host (objective). </li></ul></ul><ul><ul><li>c) Generation of alerts and alarms and sending them to the IDS manager. False alarm rate is less than 1% of all alarms (threshold). </li></ul></ul><ul><ul><li>d) Anti-IDS avoidance capabilities (objective). </li></ul></ul><ul><ul><li>e) Sniffing and penetrating scanner functions: scanning for the presence of unauthorized APs and clients; maintaining a list of authorized APs; detection of attempts to get connected to an AP, made by unauthorized users; ability to simulate unauthorized access attempts to a legitimate AP (objective); reporting wireless connections, which are not a part of the authorized structure; detecting location of any AP or client using directional antennas and signal strength measurements (objective). </li></ul></ul><ul><ul><li>f) Traps for network scanners and attackers (objective). </li></ul></ul><ul><ul><li>g) Monitoring log files for suspicious activities (threshold). </li></ul></ul><ul><ul><li>h) Capability of presenting the security picture of the whole wireless network (threshold). </li></ul></ul>
    43. 44. WIDS Concept Architecture #1: Collocated Sensors FIREWALL PUBLIC SERVERS Router ACCESS POINT WIRELESS COMPUTERS PHYSICAL SECURITY BOUNDARY ACCESS POINT ESM TOOLS INTERNET WIDS FUSION WIDS WIDS
    44. 45. WIDS Concept Architecture #2: Integrated Sensors FIREWALL PUBLIC SERVERS Router ACCESS POINT WIRELESS COMPUTERS PHYSICAL SECURITY BOUNDARY ACCESS POINT ESM TOOLS INTERNET WIDS FUSION WIDS-i WIDS-i
    45. 46. WIDS Concept Architecture #3: Parasite Sensors FIREWALL PUBLIC SERVERS Router ACCESS POINT WIRELESS COMPUTERS PHYSICAL SECURITY BOUNDARY ACCESS POINT ESM TOOLS INTERNET WIDS FUSION WIDS-USB WIDS-USB
    46. 47. Host-Based Intrusion Detection 100m Authorized Client Unauthorized Client(s) Access Point Client/AP w/ID
    47. 48. Adaptive RF Processing In-house Activity Philips SA1630 IF Transceiver Philips MA1021 Philips SA2420 Internal Antennas DARPA Miniature Radio CODEC { PC Control 2.4 GHz Front End Modified ORiNOCO (Lucent) 11 MBPS “Silver” PC Card

    ×