The hardware & software sensor for wireless security monitoring based on a single-board computer and a set of Wi-Fi adapters

D.S. Burenok

Abstract


If Wi-Fi technology is used in an information system, according to Art. 16 of Russian Federal Law No. 149-FZ dated 27.07.2006, the owner of the information system must implement protection against wireless network threats. The owner also must ensure timely threat detection and logging. Common Wi-Fi security solutions have a few disadvantages. They may require replacing existing access points that enable the Wi-Fi network by single vendor models featuring an attack detection module. Other disadvantage may be the challenge of using autonomous sensors together to detect distributed attacks. To address these disadvantages, the author designed a hardware & software sensor. It supports pairwise network operation mode and centralized management. These features let it detect attacks across a geolocation without replacing Wi‑Fi equipment. The sensor is modular. It scales by changing its hardware and software. This allows it to improve performance and add new features. The paper describes in detail the design of the hardware and software, which include a single-board computer, a set of network interfaces (represented by Wi-Fi adapters in monitor mode), as well as an integrated multithreaded control module in Python. The server side of the solution and the attack detection technique are described in general terms and are within the scope of other author’s papers. The solution is novel. It uses a set of Wi-Fi adapters, allowing the sensor to work on several channels in different modes simultaneously. This ensures timely attack detection. It also uses a system approach to manage the scanning process, allowing for centralized management of such devices. This increases the coverage of attack detection. The designed elements had been patented in Rospatent (Federal Service for Intellectual Property).

Full Text:

PDF (Russian)

References


Bank dannykh ugroz bezopasnosti informatsii (Information Security Threats Database). FSTEC of Russia. Available at: https://bdu.fstec.ru/threat (accessed 12.05.2024).

Jivthesh M. R., Gaushik M. R., Adarsh P., Niranga G. H., Rao N. S.

A Comprehensive survey of WiFi Analyzer Tools // 2022 IEEE 3rd Global Conference for Advancement in Technology (GCAT), Bangalore, India, 2022, pp. 1-8, doi: 10.1109/GCAT55367.2022. 9972040.

Overlay vs. Integrated Wireless Security. The pros and cons of different approaches to wireless intrusion prevention. Airmagnet. Available at: https://airmagnet.netally.com/dynamic_threat_ protection/assets/ AM_WP_Overlay_vs_Integrated_WIPS.pdf (accessed 12.05.2024).

List of WLAN channels. Internet encyclopedia “Wikipedia”. Available at: https://en.wikipedia.org/ wiki/List_of_WLAN_ channels (accessed 12.05.2024).

Wi-Fi: Overview of the 802.11 Physical Layer and Transmitter Measurements. Tektronix. Available at: https://download.tek.com/document/37W-29447-2_LR.pdf (accessed 12.05.2024).

WLAN (IEEE 802.11) capture setup. Wireshark. Available at: https://wiki.wireshark.org/CaptureSetup (accessed 12.05.2024).

OFDM Wi-Fi Scanner Using SDR Preamble Detection. MathWorks MATLAB WLAN Toolbox. Available at: https://www.mathworks.com/help/wireless-testbench/ug/ofdm-wifi-scanner-using-sdr-scanner.html (accessed 12.05.2024).

RSA306 USB Real Time Spectrum Analyzer Datasheet [SignalVu-PC application-specific licenses]. Tektronix. Available at:

https://www.tek.com/en/datasheet/rsa306-usb-real-time-spectrum-analyzer-datasheet-0 (accessed 12.05.2024).

Poisk interferentsii s pomoshchiu portativnogo analizatora spektra R&S®FSH (Interference Hunting with R&S®FSH). Rohde & Schwarz. Available at: https://rohdeschwarz.su/pics/Поиск интерференции с помощью портативного анализатора спектра FSH.pdf (accessed 12.05.2024).

Burenok D. S. Experimental Study of Sequential and Random Channel Hopping for Detecting Wi-Fi Access Points // 2022 International Siberian Conference on Control and Communications (SIBCON), Tomsk, Russian Federation, 2022, pp. 1-8, doi: 10.1109/SIBCON56144.2022.10003009.

Burenok D. S., Voevodin V. A., Cherniaev V. S. Technique for Detecting Computer Attacks on a Wi-Fi Networks // 2022 Conference of Russian Young Researchers in Electrical and Electronic Engineering (ElConRus), 2022, pp. 487-492, doi: 10.1109/ElConRus54750.2022.9755703.

Write a Linux packet sniffer from scratch: part one- PF_PACKET socket and promiscuous mode. Available at: https://organicprogrammer.com/2022/02/22/how-to-implement-libpcap-on-linux-with-raw-socket-part1/ (accessed 12.05.2024).

Burenok D. S. System for detecting attacks on Wi-Fi network // Report on R&D under the Grant of the Federal State Budgetary Institution «Foundation for Assistance to Small Innovative Enterprises in Science and Technology». All-Russian competition of innovative projects «UMNIK». 2023.

Burenok D.S. Programmnyi modul' datchika sistemy obnaruzheniya atak na Wi-Fi set' [Software module of the Wi-Fi network attack detection system's sensor]. RF certificate of state registration of a computer program, no. 2024616189, 2024.

Burenok D.S. Sposob obnaruzheniya nesanktsionirovannykh i poddel'nykh tochek dostupa Wi-Fi [Detecting rogue and unauthorized Wi-Fi access points]. RF patent, no. 2810111, 2023.

Burenok D.S. Voevodin V.A. Result of experimental study on detecting Wi-Fi access points. The scientific heritage, 2021, no. 73-1, pp. 32 – 44 (in Russian). DOI: 10.24412/9215-0365-2021-73-1-32-44

Burenok D.S. Voevodin V.A. On assessing the timeliness of data exchange in a centralized monitoring system for wi-fi networks. German International Journal of Modern Science, 2021, no. 17, pp. 60 – 65 (in Russian). DOI: 10.24412/2701-8369-2021-17-60-65


Refbacks

  • There are currently no refbacks.


Abava  Кибербезопасность MoNeTec 2024

ISSN: 2307-8162