Please use this identifier to cite or link to this item:
Title: ProActive Trust Establishment in BYOD Wireless Networks
Author: Samba Shiva, Ashwathi
Advisor: E. Locasto, Michael
L. Williamson, Carey
Keywords: Computer Science
Issue Date: 21-Aug-2014
Abstract: This thesis demonstrates the benefits of Active Intrusion Detection (AID). AID is a principled method for generating probes driven by the execution of a custom decision mechanism. AID is different from traditional intrusion detection because it generates probes in an active fashion and engages network entities in dialogues meant to fingerprint and reveal internal or unique characteristics. This thesis demonstrates the detection of suspicious intrusions by dynamically and interactively transmitting network probes. These probes are customized according to the current state of the network, and is called Active Probing[1]. Active probing can detect misconfigured or rogue services on the network. I focus on the feasibility of AID in a Bring-Your-Own-Device (BYOD) scenario, given the intense interest in BYOD, as computing evolves. The work demonstrated here helps a device in the BYOD scenario to establish trust in the network that it enters. Establishment of trust is necessary because of the lack of authentication and authorization at lower levels of the network. Adversaries can exploit this weakness to set up rogue services on a network. They can also configure network services in an incorrect way, in an attempt to exploit an existing vulnerability in any entity on the network. Dearth of trust enables the existence of misconfigured or rogue services on the network, which is described in Williamson et al.[2] as the Deception Surface. I adopt the abstract probing model proposed by Williamson et al. and construct systems called ProActive and AndroidNetApp. I explore elected aspects of the HTTP protocol in a BYOD setting using ProActive, conduct various experiments, and analyze the results obtained. Active probing is slightly more expensive than randomly probing the target entity to determine its identity, but ProActive's accuracy compensates for the extra time it consumes. References: [1]. Douglas E. Comer and John C. Lin. Probing TCP Implementations. In Proceedings of the USENIX Summer 1994 Technical Conference, pages 245-255, Berkeley, CA, USA, 1994. USENIX Association. [2]. John F. Williamson, Sergey Bratus, Michael E. Locasto, and Sean W. Smith. Using Active Intrusion Detection to Recover Network Trust. In Proceedings of the 25th Large Installation System Administration Conference, pages 19-30, Boston, MA, December 2011. LISA'11, USENIX Association.
Appears in Collections:Electronic Theses

Files in This Item:
File Description SizeFormat 
ucalgary_2014_sambashiva_ashwathi.pdf10.5 MBAdobe PDFView/Open

Items in The Vault are protected by copyright, with all rights reserved, unless otherwise indicated.