Visible to the public Biblio

Found 12055 results

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
W
Chen, Chien-An.  2019.  With Great Abstraction Comes Great Responsibility: Sealing the Microservices Attack Surface. 2019 IEEE Cybersecurity Development (SecDev). :144—144.

While the IT industry is embracing the cloud-native technologies, migrating from monolithic architecture to service-oriented architecture is not a trivial process. It involves a lot of dissection and abstraction. The layer of abstraction designed for simplifying the development quickly becomes the barrier of visibility and the source of misconfigurations. The complexity may give microservices a larger attack surface compared to monolithic applications. This talk presents a microservices threat modeling that uncovers the attack vectors hidden in each abstraction layer. Scenarios of security breaches in microservices platforms are discussed, followed by the countermeasures to close these attack vectors. Finally, a decision-making process for architecting secure microservices is presented.

Shah, Syed W., Kanhere, Salil S..  2018.  Wi-Sign: Device-Free Second Factor User Authentication. Proceedings of the 15th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services. :135-144.

Most two-factor authentication (2FA) implementations rely on the user possessing and interacting with a secondary device (e.g. mobile phone) which has contributed to the lack of widespread uptake. We present a 2FA system, called Wi-Sign that does not rely on a secondary device for establishing the second factor. The user is required to sign at a designated place on the primary device with his finger following a successful first step of authentication (i.e. username + password). Wi-Sign captures the unique perturbations in the WiFi signals incurred due to the hand motion while signing and uses these to establish the second factor. Wi-Sign detects these perturbations by measuring the fine-grained Channel State Information (CSI) of the ambient WiFi signals at the device from which log-in attempt is being made. The logic is that, the user's hand geometry and the way he moves his hand while signing cause unique perturbations in CSI time-series. After filtering noise from the CSI data, principal component analysis is employed for compressing the CSI data. For segmentation of sign related perturbations, Wi-Sign utilizes the thresholding approach based on the variance of the first-order difference of the selected principal component. Finally, the authentication decision is made by feeding scrupulously selected features to a One-Class SVM classifier. We implement Wi-Sign using commodity off-the-shelf 802.11n devices and evaluate its performance by recruiting 14 volunteers. Our evaluation shows that Wi-Sign can on average achieve 79% TPR. Moreover, Wi-Sign can detect attacks with an average TNR of 86%.

Ammar, M., Washha, M., Crispo, B..  2018.  WISE: Lightweight Intelligent Swarm Attestation Scheme for IoT (The Verifier’s Perspective). 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :1–8.
The growing pervasiveness of Internet of Things (IoT) expands the attack surface by connecting more and more attractive attack targets, i.e. embedded devices, to the Internet. One key component in securing these devices is software integrity checking, which typically attained with Remote Attestation (RA). RA is realized as an interactive protocol, whereby a trusted party, verifier, verifies the software integrity of a potentially compromised remote device, prover. In the vast majority of IoT applications, smart devices operate in swarms, thus triggering the need for efficient swarm attestation schemes.In this paper, we present WISE, the first intelligent swarm attestation protocol that aims to minimize the communication overhead while preserving an adequate level of security. WISE depends on a resource-efficient smart broadcast authentication scheme where devices are organized in fine-grained multi-clusters, and whenever needed, the most likely compromised devices are attested. The candidate devices are selected intelligently taking into account the attestation history and the diverse characteristics (and constraints) of each device in the swarm. We show that WISE is very suitable for resource-constrained embedded devices, highly efficient and scalable in heterogenous IoT networks, and offers an adjustable level of security.
Yagan, Osman, Makowski, Armand M..  2016.  Wireless Sensor Networks Under the Random Pairwise Key Predistribution Scheme: Can Resiliency Be Achieved With Small Key Rings? IEEE/ACM Trans. Netw.. 24:3383–3396.

We investigate the resiliency of wireless sensor networks against sensor capture attacks when the network uses the random pairwise key distribution scheme of Chan et al. We present conditions on the model parameters so that the network is: 1 unassailable and 2 unsplittable, both with high probability, as the number \$n\$ of sensor nodes becomes large. Both notions are defined against an adversary who has unlimited computing resources and full knowledge of the network topology, but can only capture a negligible fraction \$on\$ of sensors. We also show that the number of cryptographic keys needed to ensure unassailability and unsplittability under the pairwise key predistribution scheme is an order of magnitude smaller than it is under the key predistribution scheme of Eschenauer and Gligor.

Alfaleh, Faleh, Alfehaid, Haitham, Alanzy, Mohammed, Elkhediri, Salim.  2019.  Wireless Sensor Networks Security: Case study. 2019 2nd International Conference on Computer Applications Information Security (ICCAIS). :1–4.
Wireless Sensor Networks (WSNs) are important and becoming more important as we integrate wireless sensor networks and the internet with different things, which has changed our life, and it is affected everywhere in our life like shopping, storage, live monitoring, smart home etc., called Internet of Things (IoT), as any use of the network physical devices that included in electronics, software, sensors, actuators, and connectivity which makes available these things to connect, collect and exchange data, and the most importantly thing is the accuracy of the data that has been collected in the Internet of Things, detecting sensor data with faulty readings is an important issue of secure communication and power consumption. So, requirement of energy-efficiency and integrity of information is mandatory.
Ushakova, Margarita, Ushakov, Yury, Polezhaev, Petr, Shukhman, Alexandr.  2019.  Wireless Self-Organizing Wi-Fi and Bluetooth based Network For Internet Of Things. 2019 International Conference on Engineering and Telecommunication (EnT). :1—5.
Modern Internet of Things networks are often proprietary, although based on open standards, or are built on the basis of conventional Wi-Fi network, which does not allow the use of energy-saving modes and limits the range of solutions used. The paper is devoted to the study and comparison of two solutions based on Wi-Fi and Bluetooth with the functions of a self-organizing network and switching between transmission channels. The power consumption in relation to specific actions and volumes of transmitted data is investigated; a conclusion is drawn on the conditions for the application of a particular technology.
Shinde, P., Karve, A., Mandaliya, P., Patil, S..  2018.  Wireless Security Audit Penetration Test Using Raspberry Pi. 2018 International Conference on Smart City and Emerging Technology (ICSCET). :1-4.

With the advancement in the wireless technology there are more and more devices connected over WiFi network. Security is one of the major concerns about WiFi other than performance, range, usability, etc. WiFi Auditor is a collection of WiFi testing tools and services packed together inside Raspberry Pi 3 module. The WiFi auditor allows the penetration tester to conduct WiFi attacks and reconnaissance on the selected client or on the complete network. WiFi auditor is portable and stealth hence allowing the attacker to simulate the attacks without anyone noticing them. WiFi auditor provides services such as deliberate jamming, blocking or interference with authorized wireless communications which can be done to the whole network or just a particular node.

Pimple, Nishant, Salunke, Tejashree, Pawar, Utkarsha, Sangoi, Janhavi.  2020.  Wireless Security — An Approach Towards Secured Wi-Fi Connectivity. 2020 6th International Conference on Advanced Computing and Communication Systems (ICACCS). :872–876.
In today's era, the probability of the wireless devices getting hacked has grown extensively. Due to the various WLAN vulnerabilities, hackers can break into the system. There is a lack of awareness among the people about security mechanisms. From the past experiences, the study reveals that router security encrypted protocol is often cracked using several ways like dictionary attack and brute force attack. The identified methods are costly, require extensive hardware, are not reliable and do not detect all the vulnerabilities of the system. This system aims to test all router protocols which are WEP, WPA, WPA2, WPS and detect the vulnerabilities of the system. Kali Linux version number 2.0 is being used over here and therefore the tools like airodump-ng, aircrack-ng are used to acquire access point pin which gives prevention methods for detected credulity and aims in testing various security protocols to make sure that there's no flaw which will be exploited.
Li, Bo, Ma, Yehan, Westenbroek, Tyler, Wu, Chengjie, Gonzalez, Humberto, Lu, Chenyang.  2016.  Wireless Routing and Control: A Cyber-physical Case Study. Proceedings of the 7th International Conference on Cyber-Physical Systems. :32:1–32:10.

Wireless sensor-actuator networks (WSANs) are being adopted in process industries because of their advantages in lowering deployment and maintenance costs. While there has been significant theoretical advancement in networked control design, only limited empirical results that combine control design with realistic WSAN standards exist. This paper presents a cyber-physical case study on a wireless process control system that integrates state-of-the-art network control design and a WSAN based on the WirelessHART standard. The case study systematically explores the interactions between wireless routing and control design in the process control plant. The network supports alternative routing strategies, including single-path source routing and multi-path graph routing. To mitigate the effect of data loss in the WSAN, the control design integrates an observer based on an Extended Kalman Filter with a model predictive controller and an actuator buffer of recent control inputs. We observe that sensing and actuation can have different levels of resilience to packet loss under this network control design. We then propose a flexible routing approach where the routing strategy for sensing and actuation can be configured separately. Finally, we show that an asymmetric routing configuration with different routing strategies for sensing and actuation can effectively improve control performance under significant packet loss. Our results highlight the importance of co-joining the design of wireless network protocols and control in wireless control systems.

Leff, D., Maskay, A., Cunha, M. P. da.  2020.  Wireless Interrogation of High Temperature Surface Acoustic Wave Dynamic Strain Sensor. 2020 IEEE International Ultrasonics Symposium (IUS). :1–4.
Dynamic strain sensing is necessary for high-temperature harsh-environment applications, including powerplants, oil wells, aerospace, and metal manufacturing. Monitoring dynamic strain is important for structural health monitoring and condition-based maintenance in order to guarantee safety, increase process efficiency, and reduce operation and maintenance costs. Sensing in high-temperature (HT), harsh-environments (HE) comes with challenges including mounting and packaging, sensor stability, and data acquisition and processing. Wireless sensor operation at HT is desirable because it reduces the complexity of the sensor connection, increases reliability, and reduces costs. Surface acoustic wave resonators (SAWRs) are compact, can operate wirelessly and battery-free, and have been shown to operate above 1000°C, making them a potential option for HT HE dynamic strain sensing. This paper presents wirelessly interrogated SAWR dynamic strain sensors operating around 288.8MHz at room temperature and tested up to 400°C. The SAWRs were calibrated with a high-temperature wired commercial strain gauge. The sensors were mounted onto a tapered-type Inconel constant stress beam and the assembly was tested inside a box furnace. The SAWR sensitivity to dynamic strain excitation at 25°C, 100°C, and 400°C was .439 μV/με, 0.363μV/με, and .136 μV/με, respectively. The experimental outcomes verified that inductive coupled wirelessly interrogated SAWRs can be successfully used for dynamic strain sensing up to 400°C.
Chrysikos, T., Dagiuklas, T., Kotsopoulos, S..  2010.  Wireless Information-Theoretic Security for moving users in autonomic networks. 2010 IFIP Wireless Days. :1–5.
This paper studies Wireless Information-Theoretic Security for low-speed mobility in autonomic networks. More specifically, the impact of user movement on the Probability of Non-Zero Secrecy Capacity and Outage Secrecy Capacity for different channel conditions has been investigated. This is accomplished by establishing a link between different user locations and the boundaries of information-theoretic secure communication. Human mobility scenarios are considered, and its impact on physical layer security is examined, considering quasi-static Rayleigh channels for the fading phenomena. Simulation results have shown that the Secrecy Capacity depends on the relative distance of legitimate and illegitimate (eavesdropper) users in reference to the given transmitter.
Bloch, M., Barros, J., Rodrigues, M. R. D., McLaughlin, S. W..  2008.  Wireless Information-Theoretic Security. IEEE Transactions on Information Theory. 54:2515–2534.
This paper considers the transmission of confidential data over wireless channels. Based on an information-theoretic formulation of the problem, in which two legitimates partners communicate over a quasi-static fading channel and an eavesdropper observes their transmissions through a second independent quasi-static fading channel, the important role of fading is characterized in terms of average secure communication rates and outage probability. Based on the insights from this analysis, a practical secure communication protocol is developed, which uses a four-step procedure to ensure wireless information-theoretic security: (i) common randomness via opportunistic transmission, (ii) message reconciliation, (iii) common key generation via privacy amplification, and (iv) message protection with a secret key. A reconciliation procedure based on multilevel coding and optimized low-density parity-check (LDPC) codes is introduced, which allows to achieve communication rates close to the fundamental security limits in several relevant instances. Finally, a set of metrics for assessing average secure key generation rates is established, and it is shown that the protocol is effective in secure key renewal-even in the presence of imperfect channel state information.
Oswald, David F..  2016.  Wireless Attacks on Automotive Remote Keyless Entry Systems. Proceedings of the 6th International Workshop on Trustworthy Embedded Devices. :43–44.

Modern vehicles rely on a variety of electronic systems and components. One of those components is the vehicle key. Today, a key typically implements at least three functions: mechanical locking with a key blade, the electronic immobilizer to autorise the start of the engine, and the remote keyless entry (RKE) system that allows to wirelessly (un)lock the doors and disable the alarm system. These main components of a vehicle key are shown in Figure 1. For the mechanical part of the vehicle key, it is well known that the key blade can be easily copied and that the locking cylinder can be bypassed with other means (using so-called "decoders" or simply a screwdriver). In contrast, immobilizer and RKE rely on wireless protocols to cryptographically authenticate the vehicle key to the car. Immobilizers employ radio frequency identification (RFID) transponders to carry out a challenge-response protocol over a low-range bidirectional link at a frequency of 125 kHz. In the past, researchers have revealed severe aws in the cryptography and protocols used by immobilizers, leading to the break of the major systems Megamos, Hitag2, and DST40 [7, 6, 1]. In contrast to the immobilizer, the RKE part uses unidirectional communication (the vehicle only receives, the key fob only transmits) over a high-range wireless link with operating distances of tens to one hundred meters. These systems are based on rolling codes, which essentially transmit a counter (that is incremented on each button press) in a cryptographically authenticated manner. Until recently, the security of automotive RKE had been scrutinized to a lesser degree than that of immobilizers, even though vulnerabilities in similar systems have been known since 2008 with the attacks on KeeLoq [3]. Other results reported in the literature include an analytical attack on a single, outdated vehicle [2] and the so-called "RollJam" technique [5], which is based on a combination of replay and selective jamming. In 2016, it was shown that severe aws exist in the RKE systems of major automotive manufacturers [4]. On the one hand, the VWgroup (Volkswagen, Seat, Skoda, Audi) based the security of their RKE system on a few global cryptographic keys, potentially affecting hundreds of million vehicles world-wide. By extracting these global keys from the firmware of electronic controls units (ECUs) once, an adversary is able to create a duplicate of the owner's RKE fob by eavesdropping a single rolling code. The second case study in [4] exposes new cryptographic weaknesses in the Hitag2 cipher when used for RKE. Applying a correlation-based attack, an adversary can recover the 48-bit cryptographic key by eavesdropping four to eight rolling codes and performing a one-minute computation on a standard laptop. Again, this attack affects millions of vehicle world-wide. Manufacturers that used Hitag2 in their RKE system include Alfa Romeo, Peugeot, Lancia, Opel, Renault, and Ford among others. In this keynote talk, we will present the results of [4] and put them in into a broader context by revisiting the history of attacks on RKE systems and automotive electronics.

Ölvecký, M., Gabriška, D..  2018.  Wiping Techniques and Anti-Forensics Methods. 2018 IEEE 16th International Symposium on Intelligent Systems and Informatics (SISY). :000127–000132.

This paper presents a theoretical background of main research activity focused on the evaluation of wiping/erasure standards which are mostly implemented in specific software products developed and programming for data wiping. The information saved in storage devices often consists of metadata and trace data. Especially but not only these kinds of data are very important in the process of forensic analysis because they sometimes contain information about interconnection on another file. Most people saving their sensitive information on their local storage devices and later they want to secure erase these files but usually there is a problem with this operation. Secure file destruction is one of many Anti-forensics methods. The outcome of this paper is to define the future research activities focused on the establishment of the suitable digital environment. This environment will be prepared for testing and evaluating selected wiping standards and appropriate eraser software.

Celia, L., Cungang, Y..  2018.  (WIP) Authenticated Key Management Protocols for Internet of Things. 2018 IEEE International Congress on Internet of Things (ICIOT). :126–129.

The Internet of Things (IoT) provides transparent and seamless incorporation of heterogeneous and different end systems. It has been widely used in many applications such as smart homes. However, people may resist the IOT as long as there is no public confidence that it will not cause any serious threats to their privacy. Effective secure key management for things authentication is the prerequisite of security operations. In this paper, we present an interactive key management protocol and a non-interactive key management protocol to minimize the communication cost of the things. The security analysis show that the proposed schemes are resilient to various types of attacks.

Upadhyay, H., Gohel, H. A., Pons, A., Lagos, L..  2018.  Windows Virtualization Architecture For Cyber Threats Detection. 2018 1st International Conference on Data Intelligence and Security (ICDIS). :119–122.

This is very true for the Windows operating system (OS) used by government and private organizations. With Windows, the closed source nature of the operating system has unfortunately meant that hidden security issues are discovered very late and the fixes are not found in real time. There needs to be a reexamination of current static methods of malware detection. This paper presents an integrated system for automated and real-time monitoring and prediction of rootkit and malware threats for the Windows OS. We propose to host the target Windows machines on the widely used Xen hypervisor, and collect process behavior using virtual memory introspection (VMI). The collected data will be analyzed using state of the art machine learning techniques to quickly isolate malicious process behavior and alert system administrators about potential cyber breaches. This research has two focus areas: identifying memory data structures and developing prediction tools to detect malware. The first part of research focuses on identifying memory data structures affected by malware. This includes extracting the kernel data structures with VMI that are frequently targeted by rootkits/malware. The second part of the research will involve development of a prediction tool using machine learning techniques.

Avallone, S., Di Stasi, G..  2014.  WiMesh: A Tool for the Performance Evaluation of Multi-Radio Wireless Mesh Networks. New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on. :1-5.

In this paper we present WiMesh, a software tool we developed during the last ten years of research conducted in the field of multi-radio wireless mesh networks. WiMesh serves two main purposes: (i) to run different algorithms for the assignment of channels, transmission rate and power to the available network radios; (ii) to automatically setup and run ns-3 simulations based on the network configuration returned by such algorithms. WiMesh basically consists of three libraries and three corresponding utilities that allow to easily conduct experiments. All such utilities accept as input an XML configuration file where a number of options can be specified. WiMesh is freely available to the research community, with the purpose of easing the development of new algorithms and the verification of their performances.

Brinkman, Bo.  2012.  Willing to be fooled: Security and autoamputation in augmented reality. 2012 IEEE International Symposium on Mixed and Augmented Reality - Arts, Media, and Humanities (ISMAR-AMH). :89—90.

What does it mean to trust, or not trust, an augmented reality system? Froma computer security point of view, trust in augmented reality represents a real threat to real people. The fact that augmented reality allows the programmer to tinker with the user's senses creates many opportunities for malfeasance. It might be natural to think that if we warn users to be careful it will lower their trust in the system, greatly reducing risk.

Welk, A., Zielinska, O., Tembe, R., Xe, G., Hong, K. W., Murphy-Hill, E., Mayhorn, C. B..  In Press.  Will the “Phisher-men” Reel you in? Assessing Individual Differences in a Phishing Detection Task International Journal of Cyber Behavior, Psychology, and Learning. .

Phishing is an act of technology-based deception that targets individuals to obtain information. To minimize the number of phishing attacks, factors that influence the ability to identify phishing attempts must be examined. The present study aimed to determine how individual differences relate to performance on a phishing task. Undergraduate students completed a questionnaire designed to assess impulsivity, trust, personality characteristics, and Internet/security habits. Participants performed an email task where they had to discriminate between legitimate emails and phishing attempts. Researchers assessed performance in terms of correctly identifying all email types (overall accuracy) as well as accuracy in identifying phishing emails (phishing accuracy). Results indicated that overall and phishing accuracy each possessed unique trust, personality, and impulsivity predictors, but shared one significant behavioral predictor. These results present distinct predictors of phishing susceptibility that should be incorporated in the development of anti-phishing technology and training.

Niedermayr, Rainer, Juergens, Elmar, Wagner, Stefan.  2016.  Will My Tests Tell Me if I Break This Code? Proceedings of the International Workshop on Continuous Software Evolution and Delivery. :23–29.

Automated tests play an important role in software evolution because they can rapidly detect faults introduced during changes. In practice, code-coverage metrics are often used as criteria to evaluate the effectiveness of test suites with focus on regression faults. However, code coverage only expresses which portion of a system has been executed by tests, but not how effective the tests actually are in detecting regression faults. Our goal was to evaluate the validity of code coverage as a measure for test effectiveness. To do so, we conducted an empirical study in which we applied an extreme mutation testing approach to analyze the tests of open-source projects written in Java. We assessed the ratio of pseudo-tested methods (those tested in a way such that faults would not be detected) to all covered methods and judged their impact on the software project. The results show that the ratio of pseudo-tested methods is acceptable for unit tests but not for system tests (that execute large portions of the whole system). Therefore, we conclude that the coverage metric is only a valid effectiveness indicator for unit tests.

Marchang, Jims, Ibbotson, Gregg, Wheway, Paul.  2019.  Will Blockchain Technology Become a Reality in Sensor Networks? 2019 Wireless Days (WD). :1–4.
The need for sensors to deliver, communicate, collect, alert, and share information in various applications has made wireless sensor networks very popular. However, due to its limited resources in terms of computation power, battery life and memory storage of the sensor nodes, it is challenging to add security features to provide the confidentiality, integrity, and availability. Blockchain technology ensures security and avoids the need of any trusted third party. However, applying Blockchain in a resource-constrained wireless sensor network is a challenging task because Blockchain is power, computation, and memory hungry in nature and demands heavy bandwidth due to control overheads. In this paper, a new routing and a private communication Blockchain framework is designed and tested with Constant Bit rate (CBR). The proposed Load Balancing Multi-Hop (LBMH) routing shares and enhances the battery life of the Cluster Heads and reduce control overhead during Block updates, but due to limited storage and energy of the sensor nodes, Blockchain in sensor networks may never become a reality unless computation, storage and battery life are readily available at low cost.
Onireti, Oluwakayode, Qadir, Junaid, Imran, Muhammad Ali, Sathiaseelan, Arjuna.  2016.  Will 5G See Its Blind Side? Evolving 5G for Universal Internet Access Proceedings of the 2016 Workshop on Global Access to the Internet for All. :1–6.

Internet has shown itself to be a catalyst for economic growth and social equity but its potency is thwarted by the fact that the Internet is off limits for the vast majority of human beings. Mobile phones—the fastest growing technology in the world that now reaches around 80% of humanity—can enable universal Internet access if it can resolve coverage problems that have historically plagued previous cellular architectures (2G, 3G, and 4G). These conventional architectures have not been able to sustain universal service provisioning since these architectures depend on having enough users per cell for their economic viability and thus are not well suited to rural areas (which are by definition sparsely populated). The new generation of mobile cellular technology (5G), currently in a formative phase and expected to be finalized around 2020, is aimed at orders of magnitude performance enhancement. 5G offers a clean slate to network designers and can be molded into an architecture also amenable to universal Internet provisioning. Keeping in mind the great social benefits of democratizing Internet and connectivity, we believe that the time is ripe for emphasizing universal Internet provisioning as an important goal on the 5G research agenda. In this paper, we investigate the opportunities and challenges in utilizing 5G for global access to the Internet for all (GAIA). We have also identified the major technical issues involved in a 5G-based GAIA solution and have set up a future research agenda by defining open research problems.

Durmus, Y., Langendoen, K..  2014.  Wifi authentication through social networks #x2014; A decentralized and context-aware approach. Pervasive Computing and Communications Workshops (PERCOM Workshops), 2014 IEEE International Conference on. :532-538.

With the proliferation of WiFi-enabled devices, people expect to be able to use them everywhere, be it at work, while commuting, or when visiting friends. In the latter case, home owners are confronted with the burden of controlling the access to their WiFi router, and usually resort to simply sharing the password. Although convenient, this solution breaches basic security principles, and puts the burden on the friends who have to enter the password in each and every of their devices. The use of social networks, specifying the trust relations between people and devices, provides for a more secure and more friendly authentication mechanism. In this paper, we progress the state-of-the-art by abandoning the centralized solution to embed social networks in WiFi authentication; we introduce EAP-SocTLS, a decentralized approach for authentication and authorization of WiFi access points and other devices, exploiting the embedded trust relations. In particular, we address the (quadratic) search complexity when indirect trust relations, like the smartphone of a friend's kid, are involved. We show that the simple heuristic of limiting the search to friends and devices in physical proximity makes for a scalable solution. Our prototype implementation, which is based on WebID and EAP-TLS, uses WiFi probe requests to determine the pool of neighboring devices and was shown to reduce the search time from 1 minute for the naive policy down to 11 seconds in the case of granting access over an indirect friend.
 

Pisa, Claudio, Caponi, Alberto, Dargahi, Tooska, Bianchi, Giuseppe, Blefari-Melazzi, Nicola.  2016.  WI-FAB: Attribute-based WLAN Access Control, Without Pre-shared Keys and Backend Infrastructures. Proceedings of the 8th ACM International Workshop on Hot Topics in Planet-scale mObile Computing and Online Social neTworking. :31–36.

Two mainstream techniques are traditionally used to authorize access to a WiFi network. Small scale networks usually rely on the offline distribution of a WPA/WPA2 static pre-shared secret key (PSK); security hence relies on the fact that this PSK is not leaked by end user, and is not disclosed via dictionary or brute-force attacks. On the other side, Enterprise and large scale networks typically employ online authorization using an 802.1X-based authentication service leveraging a backend online infrastructure (e.g. Radius servers/proxies). In this work, we propose a new mechanism which does not require neither online operation nor backend access control infrastructure, but which does not force us to rely on a static pre-shared secret key. The idea is very simple, yet effective: directly broadcast in the WLAN beacons an encrypted version of the secret key required to access the WLAN network, so that only the users which possess suitable authorization credentials can decrypt and use it. This proposed approach clearly decouples the management of authorization credentials, issued offline to the authorized end users, from the actual secret key used in the WLAN network, which can thus be in principle changed at each new user's access. The solution described in the paper relies on attribute-based encryption, and is designed to be compatible with WPA2 and deployable within standard 802.11 management frames. Since no user identification is required (access control is based on attributes rather than on the user identity), the proposed approach further improves privacy. We demonstrate the feasibility of the proposed solution via a concrete implementation in Linux-based devices and via relevant testing in a real-world experimental setup.

Goncalves, J. A., Faria, V. S., Vieira, G. B., Silva, C. A. M., Mascarenhas, D. M..  2017.  WIDIP: Wireless distributed IPS for DDoS attacks. 2017 1st Cyber Security in Networking Conference (CSNet). :1–3.

This paper presents a wireless intrusion prevention tool for distributed denial of service attacks DDoS. This tool, called Wireless Distributed IPS WIDIP, uses a different collection of data to identify attackers from inside a private network. WIDIP blocks attackers and also propagates its information to other wireless routers that run the IPS. This communication behavior provides higher fault tolerance and stops attacks from different network endpoints. WIDIP also block network attackers at its first hop and thus reduce the malicious traffic near its source. Comparative tests of WIDIP with other two tools demonstrated that our tool reduce the delay of target response after attacks in application servers by 11%. In addition to reducing response time, WIDIP comparatively reduces the number of control messages on the network when compared to IREMAC.