5. REFERENTES TEÓRICOS
5.2. AMBIENTE COMO OBJETO / SISTEMA / COMPLEJIDAD
5.2.1. El ambiente como objeto Las posturas que explicitan la forma en que se concibe el ambiente como objeto se plantea a través del siguiente esquema (Ver figura 1):
INSENS (Deng, Han, & Mishra, 2003, 2005) can be used to prevent DoS attacks, where individual nodes are not allowed to broadcast routing data.
Only the BS is allowed to broadcast (Deng et al., 2003). It proposes a BS authentication using a hash function. To prevent DoS/distributed denial of service (DDoS) broadcast attacks, unicast packets must first traverse through the BS. Second, the control routing information has to be authenticated and encrypted by using symmetric cryptography. To address the notion of compromised nodes, re- dundant multipath routing is built into INSENS to achieve secure routing.
INSENS proceeds through two phases, route discovery and data forwarding. The first phase discovers the sensor network topology, while the second deals with forwarding data from sensor nodes to the BS, and vice versa. Route discovery is performed in three rounds:
• During the first round, the BS floods a request message to all the reachable sensor nodes in the network. The BS broadcasts a request message that is received by all its neighbors. A sensor, receiving a request message for the first time, records the identity of the sender in its neighbor set and then broadcasts a request message. Two mechanisms are used to counter attacks. The first one identifies the request message initiated by the BS using hash. The second mechanism configures sensors with separate pre-shared keys by applying a keyed MAC algorithm to the complete path (Deng et al., 2005).
• During the second round, the sensor nodes send their local information using a feedback message to the BS. After a node has forwarded its request message, it waits a time period before generating a feedback message. • In the third round, forwarding tables are com-
puted by the BS for each sensor node based on the information received in the second round. Then, it sends them to the respective nodes using a routing update message and waits for a certain period to collect the con- nectivity information received via feedback messages in order to compute possible paths to each other node. The BS then updates the forwarding tables using entries of the form:
(destination, source, and immediate sender).
Destination is the node ID of the destina- tion node, source is the node ID of the node that created this data packet, and immediate sender is the ID of the node that just forwarded this packet. Once the data packet is received, a node searches for a matching entry in its forwarding table. If it finds a match, then it forwards the data packet (Deng et al., 2005).conclusIon
We have shown in this chapter that WIDSs have an important role in securing the network by protect- ing its entities against intrusions and misuse. The protection is performed based on models capable of providing a framework for the description and correlation of attacks. Research works have focused on the development of techniques, approaches, and mechanisms, and WIDS architectures. Archi- tectures include radio frequency fingerprinting, cluster-based detection, mobile devices monitoring, and mobile profile construction. Wireless intru- sion prevention and tolerance are also discussed in this chapter; and systems such as INSENS are developed. In addition, we have shown that several challenges need to be addressed to enhance the efficiency of WIDSs.
rEfErEncEs
Ahmed, E., Samad, K., & Mahmood, W. (2006). Cluster-based intrusion detection (CBID) architec- ture for mobile ad hoc networks. In Proceedings
of AusCERT Asia Pacific Information Technology
Security Conference (AusCERT), Asia.
Aime, M. D., Calandriello, G., & Lioy, A. (2006, June 26-29). A wireless distributed intrusion detection system and a new attack model.In Pro- ceeding of the 11th Symposium in Computers and
Communications (pp. 35- 40). Italy.
Barbeau, M., Hall, J., & Kranakis, E. (2006, Octo- ber 4-6). Detection of rogue devices in Bluetooth networks using radio frequency fingerprinting. In Proceedings of the 3rd IASTED International
Conference on Communications and Computer Networks. Lima, Peru.
Boncella, R. J. (2006). Wireless threats and attacks. In H. Bidgoli (Ed.), Handbook of information se- curity (pp. 165-175). John Wiley & Sons.
Cretu, G. F., Parekh, J. J., Wang, K., & Stolfo, S. J. (2006, January 10-12). Intrusion and anomaly detection model exchange for mobile ad-hoc net- works. In The third IEEE Consumer Communica- tions & Networking Conference(CCNC).
Deng, J., Han, R., & Mishra, S. (2003, May). INSENS: Intrusion-tolerant routing in wireless sensor networks. In The 23rd IEEE International
Conference on Distributed Computing Systems (ICDCS). Providence.
Deng, J., Han, R., & Mishra, S. (2004, June 28- July 1). Intrusion tolerance and anti-traffic analysis strategies for wireless sensor networks. In Pro- ceedings of the 2004 International Conference on Dependable Systems and Networks (DSN’04)
(pp. 637- 646). Italy.
Deng, J., Han, R., & Mishra, S. (2005). INSENS: Intrusion-tolerant routing for wireless sensor net- works. [Special issue]. Computer Communications
Journal, 29(2), 216-230.
Farshchi, J. (2003). Wireless policy development (part 1 & 2), Security focus. Retrieved from http://www.securityfocus.com/print/infocus/1732 Retrieved from http://www.securityfocus.com/ print/infocus/1735
Gupta, V., Krishnamurthy, S., & Faloutsos, M. (2002, October). Denial of service attacks at the MAC layer in wireless ad hoc networks. Anaheim, CA: MILCOM—Network Security.
Hall, J., Barbeau, M., & Kranakis, E. (2005, Fe- bruary 3-4). Using mobility profiles for anomaly- based intrusion detection in mobile networks. Paper presented at the 12th Annual Network and
Distributed System Security Symposium, San
Diego, CA.
Hutchison, K. (2004). Wireless intrusion detec- tion systems. Retrieved October 18, 2004 from http://www.sans.org/reading_room/whitepapers/ wireless/
Kachirski, O., & Guha, R. (2003, January 6-9). Ef- fective intrusion detection using multiple sensors in wireless ad hoc networks. In Proceedings of the
36th Hawaii International Conference on System
Sciences (HICSS’03). Hawaii.
Low, C. (2005). Understanding wireless attacks & detection. Retrieved April 2005, from http://www. hackerscenter.com/public/Library/782_wireat- tacks.pdf
Mateli, P. (2006). Hacking techniques in wireless networks. In H. Bidgoli (Ed.), Handbook of infor- mation security (pp. 83-93). John Wiley& Sons. Nichols, R. K., & Lekkas, P. C. (2002). Telephone
system vulnerabilities. McGraw-Hill.
Phifer, L. (2006). Wireless attacks, A to Z. Retrieved April 10, 2006, from http://searchsecurity.techtar- get.com/generic/0,295582,sid14_gci1167611,00. html
Samad, K., Ahmed, E., & Mahmood, W. (2005, September 15-17). Simplified clustering approach for intrusion detection in mobile ad hoc networks. In 13th International Conference on Software,
Telecommunications and Computer Networks
(SoftCOM 2005). Split, Croatia.
Schäfer, G. (2003). Security in fixed and wireless networks, An introduction to securing data commu- nications. John Wiley and Sons.
Valli, C. (2004, June 28-29). WITS—Wireless in- trusion tracking system. 3rd European Conference
on Information Warfare and Security. UK. Vladimirov, A. A., Gavrilenko, K. V., & Mikhai- lovsky, A. A. (2004). Counterintelligence: Wireless IDS systems. In WI-Foo: The secrets of wireless hacking (pp. 435-456). Pearson/Addison-Wesley.
Zhang, Y., Lee, W., & Huang, Y. (2003). Intrusion detection techniques for mobile wireless networks.
Wireless Networks Journal, 9(5), 545-556.
kEy tErMs
Access Point (AP): Access point in the base station in a wireless LAN. APs are typically stand- alone devices that plug into an Ethernet hub or switch. Like a cellular phone system, users can roam around with their mobile devices and be handed off from one AP to the other.
Ad Hoc Networks: Ad hoc networks are local area networks or other small networks, especially ones with wireless or temporary plug-in connec- tions, in which some of the network devices are part of the network only for the duration of a com- munications session or, in the case of mobile or portable devices, while in some close proximity to the rest of the network.
Intrusion Prevention System (IPS): IPS is the software that prevents an attack on a network or computer system. An IPS is a significant step be- yond an intrusion detection system (IDS), because it stops the attack from damaging or retrieving data. Whereas, an IDS passively monitors traffic by sniffing packets off a switch port, an IPS resides inline like a firewall, intercepting and forwarding packets. It can thus block attacks in real time.
Intrusion Tolerance: Intrusion tolerance is the ability to continue delivering a service when an intrusion occurs.
Wireless Attack: A wireless attack is a mali- cious action against wireless system information or wireless networks; examples can be denial of service attacks, penetration, and sabotage.
Wireless Intrusion Detection System (WIDS): The WIDS is the software that detects an attack on a wireless network or wireless system. A network IDS (NIDS) is designed to support multiple hosts, whereas a host IDS (HIDS) is set up to detect illegal actions within the host. Most
IDS programs typically use signatures of known cracker attempts to signal an alert. Others look for deviations of the normal routine as indications of an attack. Intrusion detection is very tricky.
Wireless Sensors Networks (WSN): WSN is a network of RF transceivers, sensors, machine controllers, microcontrollers, and user interface devices with at least two nodes communicating by means of wireless transmissions.
Wireless Traffic Anomaly: Wireless traffic anomaly is a deviation from the normal wireless
traffic pattern. An intrusion detection system (IDS) may look for unusual traffic activities. Wireless traffic anomalies can be used to identify unknown attacks and DoS floods.
Wireless Vulnerability: Wireless vulnerability is a security exposure in wireless components. Be- fore the Internet became mainstream and exposed every organization in the world to every attacker on the planet, vulnerabilities surely existed, but were not as often exploited.