TOPIC:MULTI VECTOR PORTABLE INTRUSION DETECTION TECHNOLOGY

PRESENTED BY RAHUL V RROLL NO:42CT3 S6

CONTENTS

• Introduction

• Battery Sensing Intrusion Protection System (BSIPS)

• MVPIDS Design and Methodology

• MVPIDS Testing and Results

• Conclusions

• References

INTRODUCTION Personal Digital Assistants (PDA’s) and smart phones, also known as Portable Information Devices (PID’s), are less computationally powerful than desktop and laptop Personal Computers (PCs), but possess many of the same features and allow for much of the same functionality. Two defining features included in PID’s are Wi-Fi and Bluetooth capabilities. This research shows that the addition of an Intrusion Detection System (IDS) on PIDs can greatly enhance their security. This research addresses mobile device security and extends the original Battery Sensing Intrusion Protection System (B-SIPS) design by introducing the Multi Vector Portable Intrusion Detection Technology (MVPIDT) and a newly developed research system, Bluetooth Attack Detection and Signature System (BADSS).

MVPIDS Design and Methodology

DESIGN1.B-SIPS Client: B-SIPS client attack detection is based on irregularities in device IC changes. B-SIPS clients poll the smart battery for voltage, current, temperature, percent battery life, battery flag, and AC line status to determine battery consumption status.

2.Snort-based Wi-Fi Module: used for WiFi attack detection

3.BADSS Module: used for Bluetooth attack detection

4.CIDE Server: The CIDE server functions as the supervisor for the system, performing attack correlation and developing grounds for administrative action. The correlation and administrative analysis is done external to the PID by design due to limited memory, battery power, and processing constraints of PIDs.

MVP-IDT Testing and Results

• Attack Tools: The attack tools used for launching Wi‐Fi attacks included hping3, nmap, Nessus3, and Unicorn scan. The Bluetooth attack tools used in this research included: RedFang, Btscanner, BluePrint, PSM Scan, RFCOMM Scan, BlueBug, BlueSnarf, Btcrack, CarWhisperer, BlueSmack, Nasty

vCard, L2CAP Header Overflow, HCIDumpCrash etc.

• Data Collection: To do this, a time logging application was developed that appended the current time to a text file at one second intervals. The time logger could then be used to monitor device lifetimes once deployed to the PIDs. When the PID’s battery resources were fully depleted, the device would shutdown, thus terminating the time logger application.

• Test-Bed Setup: In order to obtain accurate and repeatable results, all tests on MVPIDT were conducted in a closed

laboratory environment.the data collection methods employed used durind testing.Attacks were developed and deployed to gain insight on MVPIDT effectiveness and collection techniques.

• Battery Drain Testing: The main objective of this research was to hinder outside sources from negatively infl.uencing usability device under attack from a SYN flood. Buennemeyer first explored this area by examining battery lifetimes of Dell Axim X30 PDAs under idle conditions and then Battery Drain of PIDs Running the MVPIDS Version of the BSIPS Client.

• Battery Drain of PIDs Under Idle Conditions: The time logger application was allowed to run for the duration of the battery drain trial so that when a PID was fully discharged, a total battery lifetime could be recorded. This process was repeated for 15 trials, using 6 different Dell Axim X51 PDAs.

Two predictions were made regarding the results. 1. Each PID should produce its own consistent data set with very

little deviation. The data set for each device should show a normal distribution with actual time trials clustering around the mean battery lifetime for each device set.

2.The battery lifetimes for each device should vary only slightly from device to device. This means that the difference between battery lifetimes sets for each device should not be statistically

significant within a 95% confidence interval

• Battery Drain of PIDs Running the MVPIDT Version of the B-SIPS Client: PID battery depletion lifetimes under idle conditions were established as a baseline to compare all other successive tests to. With this benchmark in place, the B-SIPS client was then tested for efficiency. The B-SIPS client must not have a significant negative impact on a PIDs battery lifetime for it to be successful in the mobile environment. The test setup used for this set of time trials is similar to that used to obtain battery lifetimes of PIDs under idle conditions. All devices were again fully charged, configured into their maximum performance states, and timed using the time logger application. The MVPIDT version of the B-SIPS client was started and allowed to continually run for the entire duration of the test.

• Battery Drain of PIDs Due to WiFi Attacks: Attack Name Suitability For Battery Lifetime Testing

1 Ping Flood Successful and Repeatable

1 ACK Flood Successful and Repeatable ‐ Used For

3 FIN Flood Replicates ACK Flood

4 PUSH Flood Replicates ACK Flood

5 RST Flood Replicates ACK Flood

• Battery Drain of PIDs Due to Bluetooth Attacks :Attack Suitability For Testing

RedFang Not Applicable

Btscanner Not Applicable

Tbear Not Applicable

BlueBug Not Applicable

BlueSmack Successful and Repeatable

Nasty vCard Not Applicable

HCIDumpCrash Not Applicable

Nokia N70 DoS Not Applicable

Ping of Death Successful and Repeatable

BlueSpam Successful and Repeatable

• Battery Drain Testing Summary: This research has made three significant conclusions from PID battery drain testing. First, Dell Axim X51 PDA batteries drain in a normal distribution fashion, but the drain time across devices is not always statistically similar. Second, it has shown that battery exhaustion attacks should be seen as a significant threat to the field of mobile device security.

Conclusion

MVPIDS creates a viable solution to improve the security of PIDs. Mobile devices have an inherent need to function under stringent hardware constraints, causing the securing of these devices to often be done as an afterthought in the design process. To mitigate this design weakness and greatly enhance the security of PIDs, MVPIDS was created. Using a hybrid approach to intrusion detection, our work confirms that PIDs can be secured in malicious environments by integrating IC anomaly triggers with attack signature correlation for Wi‐Fi and Bluetooth traffic.

References

T.K. Buennemeyer, "Battery‐Sensing Intrusion Protection System (B‐SIPS)," Doctoral Dissertation, Bradley Department of Electrical and Computer Engineering, Virginia Polytechnic Institute and State University, Blacksburg,VA, 2008.

Mobile Tech Review, "What is a PDA?," http://www.mobiletechreview.com/genfaq.shtml, 2009.

http://www.cnn.com/2008/TECH/01/25/bluetooth.legs/index.html, 2008