Byungsuk Kim

Security in an insecure WLAN network

Wireless LANs (WLANs) based on IEEE 802.11 standards are becoming increasingly popular for both business and residential use. However, the very nature of wireless networks exposes the risks and vulnerabilities that a malicious user can exploit and severely compromise the network. In this paper, we provide a design of a secure wireless system (SWS) that can not only detect various attacks and misbehaviors of a 802.11 based wireless networks, but also help recover from them. A prototype implementation is also described.

A policy-based approach to wireless LAN security management

Wireless Ethernet (or Wi-Fi) security management is a challenging area of increased interest due to the widespread deployment of Wireless LANs (WLANs) and their well-known vulnerabilities to various types of attacks, as well as stringent scalability requirements in the dynamic wireless domain. Until the adoption of the latest security standards is complete, users and network assets on deployed WLANs, such as 802.11a/b/g networks, need to be protected from existing security threats without depending on the latest features. In addition, while new standards can protect the unauthorized use of network resource for outsiders, they do not deal with the misuse or misbehaviors by insiders. In this paper we present a hierarchically distributed policy-based system architecture and prototype implementation for WLAN security management. The architecture includes a central policy engine that validates policies and computes new configuration settings for network elements when access policies are violated, distributed wireless domain policy managers with consistent local policy autonomy that coordinate dedicated local monitors so as to monitor and control multi-vendor WLAN access points (APs). The local monitors include wireless intrusion detection modules and wireless AP interface adaptors. Although in this paper we focus on wireless security aspects, the overall architecture can be applied to end-to-end security management of wireline and wireless networks.

Dynamic Network Selection using Kernels

We present a new algorithm for vertical handover and dynamic network selection, based on a combination of multi- attribute utility theory, kernel learning and stochastic gradient descent. We show that this new method is able to improve network selection in a non-stationary mobile environment. Furthermore, since the kernel employed is based on the utility functions for attributes such as Availability, Quality and Cost, the kernel regression in fact gives interpretable results. We present simulation results that demonstrate our algorithm being able to dynamically learn utilities and efficiently select networks.

Realizing mobile wireless Internet telephony and streaming multimedia testbed

Streaming real-time multimedia content over the Internet is gaining momentum in the communications, entertainment, music and interactive game industries as well as in the military. In general, streaming applications include IP telephony, multimedia broadcasts and various interactive applications such as multi-party conferences, collaborations and multiplayer games. Successfully realizing such applications in a highly mobile environment, however, presents many research challenges. In order to investigate such challenges and demonstrate viable solutions, we have developed an experimental indoor and outdoor testbed laboratory. By implementing standard IETF protocols into this testbed, we have demonstrated the basic functionalities required of the mobile wireless Internet to successfully support mobile multimedia access. These requirements include signaling, registration, dynamic configuration, mobility binding, location management, Authentication Authorization and Accounting (AAA), and quality of service over a variety of radio access network (RAN) technologies (e.g. 802.11b, CDMA/GPRS). In this paper, we describe this testbed and discuss important design issues and tradeoffs. We detail the incorporation and inter-relation of a wide catalog of IETF protocols-such as SIP, SAP, SDP, RTP/RTCP/RTSP, MGCP, variants of Mobile-IP, DRCP, HMMP, PANA, and DSNP-to achieve our goals. We believe that the results and experiences obtained from this experimental testbed will advance the understanding of the pertinent deployment issues for a Mobile Wireless Internet.

A low-cost robust localization scheme for WLAN

Localization in WLAN networks has been an active area of research recently. However, most of the previous schemes in this area do not consider the presence of any malicious user within the network. The growing interest in location based services would necessitate the development of a low-cost localization scheme which is robust against the attacks from these malicious users. In this paper, we propose such a low-cost secure localization scheme. The proposed scheme is based on the current access point (AP) capability of transmitting at different power levels. The main idea here is to leverage this capability of APs so that a unique set of the messages transmitted by various APs can be received at every location in the system. The client is expected to transmit back the received messages to the AP it is associated with. The location of the client is then estimated using the set of messages received from the client. In this paper we focus more on the performance of this scheme while discussing briefly its inherent security capabilities. We also describe the implementation of this message based scheme. We then perform extensive experiments and observe that this scheme has similar or better localization accuracy as compared to the traditional signal strength based localization schemes.

Experimental analysis of multi interface mobility management with SIP and MIP

We provide an experimental analysis of MIMM (multi-interface mobility management) demonstrated in a heterogeneous network involving 802.11b and CDMA access technologies. We have experimented WAN-LAN handoff for real-time service (voice and video) in the testbed. The subnet handoff managed by MIMM was done seamlessly in this environment and is proved to support real-time application effectively. Both application layer and network layer mobility management were used in the experiment and their results were analyzed for real-time traffic.

An integrated IP QoS architecture - performance

In this paper, we discuss empirical, analytical and simulation-based performance studies for an integrated IP QoS architecture implementing QoS resource management over a heterogeneous wireless and wireline network. The integrated IP QoS architecture is based on Assured Forwarding (class-based) Differentiated Services and admission control of individual flows into each service class by a centralized server, called the Bandwidth Broker (BB) managing the network. The results we present in this paper are used as guidelines in designing the capacity estimation algorithm for admission control and optimizing QoS resource management within our integrated IP QoS architecture. These results serve as an instrument to understanding how to perform effective QoS resource management, using class-based Differentiated Services and admission control to guarantee class-appropriate end-to-end QoS over IP networks.

DiffServ QoS and OLSR MANET Outdoor Demonstration

The CECOM MOSAIC ATD encompasses an integrated set of diverse technologies to demonstrate rapidly deployable, secure, robust, assured-QoS communications among mobile ad hoc nodes. The assured IP QoS technology solution integrates DiffServ based QoS resource management with centralized admission control over a dynamic tactical network environment. We describe an outdoor demonstration of our QoS technology prototype over an on-the-move MANET running OLSR. This demonstration does not include IP mobility support, however provides an alternate route between the ad hoc nodes through the use of two distinct wireless networks. The demonstration exhibits route changes between single and multiple IP hops as the nodes drive, and shows handoff between wireless networks as they move out of range of one radio network to the other. We summarize our observations and empirical performance results for real-time traffic