Skip to main content

A Framework for Protecting Against Wireless Network Misuse

Dr. Raheem Beyah
Communications Systems Center
Georgia Institute of Technology



Wireless local area networks (WLANs) have seen explosive growth in the last several years. This growth is a result of standardization (802.11 protocols), improved data rates, improved ease of use, as well as a sharp decline in prices. The wireless revolution has created new businesses, business models, and arguably, for some, a better quality of life. Wireless hotspots have now popped up in many locations, including: coffee shops, hotels, airports, restaurants, book stores, etc. As is the case with most technologies once they gain widespread use, people will attempt misuse.


WLANs have been under attack for years, thus the hackers have commoditized tools to break into networks which are easily downloaded from the web. A significant amount of research has been done in defending wireless networks. That is, keeping unauthorized users from accessing the wireless network and protecting authorized users on the wireless network. The rush to standardize WLANs led to flaws in their security. To correct this, the community has developed the 802.11i standard which provides, among other needed additions, stronger encryption and authentication. Though we have made significant progress in defending wireless networks and protecting authorized users from unauthorized users, little has been done to protect authorized users from other authorized users. In this talk, I will discuss two types of malicious attacks that can be exercised primarily by authorized users and my proposed defenses to such attacks. The first attack is one where access points (APs) are inserted into a network without approval. These rogue APs expose the network to a barrage of security vulnerabilities in that they are typically connected to a network port behind the firewall. I propose the use of temporal traffic characteristics to detect rogue APs at a central location. The second type of attack can occur when a knowingly or unknowingly malevolent authorized user spreads a malicious payload covertly via wireless hotspots. Using a previously unknown exploit (zero-day), this spread can grow quickly as infected users migrate to different hotspots. I propose an inexpensive, lightweight, client/server embedded intrusion detection system (IDS) that can provide on-site defenses and the necessary cross-correlation of malicious behavior needed to stop an impending epidemic of worms spreading via wireless hotspots.



Dr. Raheem Beyah received his Bachelor of Science in Electrical Engineering from North Carolina A&T State University in 1998. He received his Masters and Ph.D. in Electrical and Computer Engineering from the Georgia Institute of Technology in 1999 and 2003, respectively.  Dr. Beyah has been a member of the Research Faculty in the Georgia Institute of Technology's Communications Systems Center since August 2001. Prior to joining the Georgia Institute of Technology, he worked as a consultant in Accenture's (formerly Andersen Consulting) Network Solutions group.  Dr. Beyah's research interests include network security, wireless networks, and IP quality of service.  He is a member of IEEE, ACM, and NSBE.