Abstract
Mobile devices are becoming the most popular way of connection, but protocols supporting mobility represent a serious source of concerns because their initial design did not enforce strong security. This paper introduces a novel class of stealth network attacks, called mobility-based evasion, where an attacker splits a malicious payload in such a way that no part can be recognized by existing defensive mechanisms including the most modern network intrusion detection systems operating in stateful mode. We propose an original cooperative framework for intrusion detection that can prevent mobility-based evasion. The viability and performance of the proposed solution is shown through a prototype applied to Mobile IPv4, Mobile IPv6 and WiFi protocols.
Highlights
Society has become dependent on a wide array of mobile devices
In addition to eavesdropping on wireless transmissions [5, 15, 23], break-in [33, 35], GSM impersonation [16, 13], social engineering [4], we present a novel form of attacks called mobile evasion that can be applied to mobile protocols, such as Mobile IPv4, Mobile IPv6 and WiFi
We describe the mobile evasion attack by considering the most advanced stateful NIDS architectures, because stateless systems can be bypassed by several types of attacks and are deprecated
Summary
Society has become dependent on a wide array of mobile devices. For example, most credit-card swipes at restaurants are performed with mobile devices. To lower infrastructural costs and to appease their employees, companies are seeking to enroll so-called “Bring Your Own Device” (BYOD) policies that allow workers to gain controlled access to the internal network resources through their mobile devices (mainly laptops and phones). Mobile evasion leverages the intrinsic vulnerability of mobile protocols supporting transparent mobility where roaming events do not interrupt established connections [14] This is a mandatory feature for all applications requiring a stable connection, but it exposes mobile nodes and related networks to so called “stealth” network attacks. The overall solution is integrated into a prototype which extends Snort, but it can be adapted to any other NIDS because the implementation is based on a lightweight agent and a set of plugins handling different protocols This modular design guarantees great flexibility in terms of deployment and expandability.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
