• Journal of Internet Computing and Services
• /
• v.17 no.3
• /
• pp.11-18
• /
• 2016

Accessing unauthorized rogue APs in WiFi environments is a very dangerous behavior which may lead WiFi users to be exposed to the various cyber attacks such as sniffing, phishing, and pharming attacks. Therefore, prompt and precise detection of rogue APs and properly alarming to the corresponding users has become one of most essential requirements for the WiFi security. This paper proposes a new rogue AP detection method which is mainly using the installation information of authorized APs and the DHCP snooping information of the corresponding switches. The proposed method detects rogue APs promptly and precisely, and notify in realtime to the corresponding users. Since the proposed method is simple and does not require any special devices, it is very cost-effective comparing to the wireless intrusion prevention systems which are normally based on a number of detection sensors and servers. And it is highly precise and prompt in rogue AP detection and flexible in deployment comparing to the existing rogue AP detection methods based on the timing information, location information, and white list information.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.10 no.6
• /
• pp.98-107
• /
• 2011

In this paper, we propose the location determination system of an agent mobile device using the information provided by the WLAN(Wireless LAN) infrastructure. This system is configured as a typical ESS(Extended Service Set)-type WLAN structure with real-time location positioning engine and thru AP(Access Point) controller. The positioning engine collects the information of agent devices using SNMP(Small Network Management Protocol) thru AP controller and utilize those information as Cell ID. for LBS(Location Based Service). In the result of a real office environment implementation, the average success rate of inter-AP roaming is measured to 62.5% and the duration time of the device information update within the AP is average of 11 second of time, which means this system is adaptable to the location based service of above average accuracy but somewhat less urgency.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.12C
• /
• pp.1258-1267
• /
• 2003

As the need for stable and high speed wireless Internet service Brows, the wireless LAN service provider hurries to preempt wireless LAN service market. IAPP(InterAccess Point protocol) is defined to be able to provide a secure handoff mechanism of wireless LAN terminal information between AP(Access Point)s, and the related IEEE standard is IEEE 802.11f. For the secure handoff of wireless LAN terminal, it is necessary to transfer terminal's authentication & accounting information securely from old AP to new AP IEEE 802.11f recommends RADIUS server as IAPP server which authenticates AP and provides information for secure channel between APs. This paper proposes IAPP server using Diameter protocol to overcome the limit of RADIUS sewer, and describes about the interaction between server components and integration method with the current IAPP client system.

• The Journal of the Korea Contents Association
• /
• v.6 no.12
• /
• pp.29-39
• /
• 2006

With the increasing popularity of the wireless network, the vulnerability issue on IEEE 802.1x Wireless Local Area Network (WLAN) are more serious than we expected. Security issues range from mis-configured wireless Access Point(AP) such as session hijacking to Denial of Service(DoS) attack. We propose a new system based on intrusion detection or prevention mechanism to protect the wireless network against these attacks. The proposed system has a security solution on AP that includes an intrusion detection and protection system(IDS/IPS) as an embedded module. In this paper, we suggest integrated wireless IDS/IPS module on AP with wireless traffic monitoring, analysis and packet filtering module against malicious wireless attacks. We also present that the system provides both enhanced security and performance such as on the university wireless campus network.

• Review of KIISC
• /
• v.13 no.1
• /
• pp.77-91
• /
• 2003

무선랜에서의 보안문제는 크게 두가지 측면에서 지적할 수 있는데, 첫 번째는 승인된 사용자에게만 접속을 허용하는 접속에 관한 보안이며, 다른 하나는 스니퍼 등을 이용해 무선랜을 통해 전송되는 내용 자체를 몰래 보는 도청 행위를 방어할 수 있는 보안이다. 특히 유선 네트워크와 달리 무선랜에서는 AP(Access Point)만 설치되어 있는 곳이면 누구나 쉽게 AP를 통해 네트워크를 이용할 수 있다. 이에 따라 무선랜에서 보다 중요성이 강조되는 보안문제는 접속에 관한 보안, 즉 사용자 인증이라고 할 수 있다. 그러나 무선랜 표준인 IEEE802.11b에서의 인증은 사용자 인증이 아닌 디바이스 인증에 머물고 있는 실정이며, 이 또한 매우 취약하다. 이에 따라 IEEE802.1x가 강력한 사용자 인증을 제공할 수 있는 메커니즘으로 개발되었다. IEEE802.1x에서는 EAP-TLS, LEAP, PEAP 등의 다양한 사용자 인증 메커니즘의 사용이 가능하다. 이러한 사용자 인증메커니즘은 모두 공개키 암호기술을 이용하고 있어 무선랜 환경에서의 PKI 구축이 요구된다. 본 고에서는 무선랜에서의 사용자 인증 메커니즘에 대해서 알아보고, 유선 네트워크와는 다른 특성을 갖는 무선랜 환경에서 PKI 구축시 고려해야 할 사항들에 대해서 분석하였다.

• Journal of KIISE
• /
• v.42 no.10
• /
• pp.1254-1267
• /
• 2015

Recently, excessive installations of APs have caused WLAN interference, and many techniques have been suggested to solve this problem. The AP aggregation technique serves to reduce active APs by moving station connections to a certain AP. Since this technique forcibly moves station connections, the transmission performance of some stations may deteriorate. The AP transmit power control technique may cause station disconnection or deterioration of transmission performance when power is reduced under a certain level. The combination of these two techniques can reduce interference through AP aggregation and narrow the range of interferences further through detailed power adjustment. However, simply combining these techniques may decrease the probability of power adjustment after aggregation and increase station disconnections upon power control. As a result, improvement in performance may be insignificant. Hence, this study suggests a scheme to combine the AP aggregation and the AP transmit power control techniques in OpenFlow-based WLAN to ameliorate the disadvantages of each technique and to reduce interferences efficiently by performing aggregation for the purpose of increasing the probability of adjusting transmission power. Simulations reveal that the average transmission delay of the suggested scheme is reduced by as much as 12.8% compared to the aggregation scheme and by as much as 18.1% compared to the power control scheme. The packet loss rate due to interference is reduced by as much as 24.9% compared to the aggregation scheme and by as much as 46.7% compared to the power control scheme. In addition, the aggregation scheme and the power control scheme decrease the throughput of several stations as a side effect, but our scheme increases the total data throughput without decreasing the throughput of each station.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.239-241
• /
• 2011

Recently, studies on the indoor positioning system in application of wireless AP have been actively going on. The indoor wireless positioning system can be classified into several types according to the positioning techniques. Among them, the fingerprint technique is a technique that establishes the radio map by collecting MAC information of AP and RSSI (Received Signal Strength Indication) before executing positioning and then determines the position in comparison with the information of AP collected during the course of positioning. In the traditional fingerprint techniques, they control and manage by installing APs that are utilized for positioning. However, in case of specific indoors, the management can be done by installing a small number of APs but, in case of wide outdoors, it's practically impossible to install and manage equipments for positioning. In order to solve such problem, there is an improved fingerprint technique that utilizes the APs that are already scattered around. This technique will allow positioning without additional cost, but even the improved fingerprint positioning technique may incur dropped accuracy as well due to wide fluctuation of the AP information. In this paper, the traditional fingerprint technique and the improved fingerprint technique are explained in comparison, and we will compares difference in performance with the proposed WPS_WS (Wi-Fi Positioning System_Weak Signal) technique.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2011.05a
• /
• pp.418-421
• /
• 2011

Smart Phone 사용자가 증가하고, Smart Phone을 통한 침해사고도 증가되고 있다. 특히 2010년 3분기 국내 Smart Phone의 31%를 차지하고 있는 iPhone은 사용자가 Jailbreak를 통하여 관리자 권한을 스스로 획득함으로서 이를 악용한다면 개인정보 탈취 등 침해사고의 위험이 있다. 본 논문에서는 Jailbreak 한 iPhone을 이용하여 주변의 802.11 Packet Sniffing공격을 실시하고 802.11 AP 취약점을 분석한다. 또한 Google Map을 이용해 주변의 무선 AP 위치를 파악하고 AP의 종류, 위치, 거리, MAC, SSID, RSSI, Channel, 보안설정 정보를 탈취한다. 본 논문을 통하여 스마트폰과 무선 인터넷 보안성 강화를 위한 기초 자료를 제공하게 될 것이다.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.3
• /
• pp.997-1005
• /
• 2010

Recently, there has been a growing interest in the use of WLAN technology due to its easy deployment, flexibility and so on. Examples of WLAN applications range from standard internet services such as Web access to real-time services with strict latency/throughput requirements such as multimedia video and voice over IP on wireless network environments. Fair and efficient distribution of the traffic loads among APs(Access Points) has become an important issue for improved utilization of WLAN. This paper focuses on an AP selection scheme for achieving better load balance, and hence increasing network resource utilization for each user on wireless network environments. This scheme makes use of active scan patterns and the network delay as main parameters of load measurement and AP selection. This scheme attempts to estimate the AP traffic loads by observing the up/down delay and utilize the results to maximize the link resource efficiency through load balancing. We compared the proposed scheme with the original SNR(Signal to Noise Ratio)-based scheme using the NS-2(Network Simulation.2). We found that the proposed scheme improves the throughput by 12.5% and lower the network up/down link delay by 36.84% and 60.42%, respectively. All in all, the new scheme can significantly increase overall network throughput and reduce up/down delay while providing excellent quality for voice and video services.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2003.05b
• /
• pp.1269-1272
• /
• 2003

무선랜은 무선으로 근거리 단말들을 연결하는 통신 기술로, 높은 데이터 전송률을 제공할 수 있다. 무선랜은 보통 하나의 AP와 하나 이상의 단탈 기기가 BSS를 구성하는데 AP에서 거리가 멀리 떨어진 단말은 신호의 세기가 약해지므로 고속 데이터 전송률의 보장을 반을 수 없는 단점을 가지고 있다. 본 논문에서는 무선 단말중 일부를 리피터로 이용함으로써 그룹화를 통해 고속 데이터 전송을 가능하게 하는 방법을 제안하고, 시뮬레이션을 통해 무선 단말의 그룹화를 위한 깊이우선탐색 알고리즘과 넓이우선탐색 알고리즘을 비친, 분석하였다. 그 결과 넓이우선탐색 알고리즘이 무선 단말을 위한 그룹화에 보다 효과적인 알고리즘임을 보였다.