TY - JOUR
T1 - Leveraging SDN and WebRTC for Rogue Access Point Security
AU - Cox, Jacob H.
AU - Clark, Russell
AU - Owen, Henry
N1 - Funding Information:
Manuscript received October 11, 2016; revised March 7, 2017; accepted May 29, 2017. Date of publication June 5, 2017; date of current version September 7, 2017. The work of J. H. Cox was fully supported by the United States Military Academy at West Point and the Army Advanced Civil Schooling (ACS) program. The associate editor coordinating the review of this paper and approving it for publication was A. Clemm. (Corresponding author: Jacob H. Cox.) J. H. Cox and H. Owen are with the Department of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA 30332 USA (e-mail: jacobcox1974@gmail.com).
Publisher Copyright:
© 2004-2012 IEEE.
PY - 2017/9
Y1 - 2017/9
N2 - Rogue access points (RAPs) are unauthorized devices connected to a network, providing unauthorized wireless access to one or more clients. Such devices pose significant risk to organizations, since they provide a convenient means for hackers and insiders to hide malicious or unsanctioned activities on industry, government, and campus networks. Yet, limitations inherent in traditional networks make detecting and removing such devices expensive, time consuming, and difficult to implement. For software-defined networks (SDNs), the risk of a network compromise due to RAPs is equally concerning, and methods for detecting RAPs within SDN architectures are needed. Hence, this paper leverages the capabilities of an SDN along with a trusted agent to detect and deny RAPs access to networks by using both generic and novel methods with minimal impact to performance. Three other contributions are included in this paper. They include: 1) utilizing an emerging Web architecture to detect hidden subnets; 2) developing the first, security-based, use case for Mininet-WiFi, a software-defined wireless network emulator; and 3) enhancing Ryuretic, a modular programming language for SDN application development.
AB - Rogue access points (RAPs) are unauthorized devices connected to a network, providing unauthorized wireless access to one or more clients. Such devices pose significant risk to organizations, since they provide a convenient means for hackers and insiders to hide malicious or unsanctioned activities on industry, government, and campus networks. Yet, limitations inherent in traditional networks make detecting and removing such devices expensive, time consuming, and difficult to implement. For software-defined networks (SDNs), the risk of a network compromise due to RAPs is equally concerning, and methods for detecting RAPs within SDN architectures are needed. Hence, this paper leverages the capabilities of an SDN along with a trusted agent to detect and deny RAPs access to networks by using both generic and novel methods with minimal impact to performance. Three other contributions are included in this paper. They include: 1) utilizing an emerging Web architecture to detect hidden subnets; 2) developing the first, security-based, use case for Mininet-WiFi, a software-defined wireless network emulator; and 3) enhancing Ryuretic, a modular programming language for SDN application development.
KW - intrusion detection prevention system (IDPS)
KW - malicious access point
KW - Network address translation (NAT)
KW - network security
KW - rogue access point (RAP)
KW - Ryu
KW - Ryuretic
KW - software-defined networks (SDN)
KW - trusted agent
KW - WebRTC
UR - http://www.scopus.com/inward/record.url?scp=85029355000&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85029355000&partnerID=8YFLogxK
U2 - 10.1109/TNSM.2017.2710623
DO - 10.1109/TNSM.2017.2710623
M3 - Article
AN - SCOPUS:85029355000
VL - 14
SP - 756
EP - 770
JO - IEEE Transactions on Network and Service Management
JF - IEEE Transactions on Network and Service Management
SN - 1932-4537
IS - 3
M1 - 7937946
ER -