TOPIC:MULTI VECTOR PORTABLE INTRUSION DETECTION TECHNOLOGY

PRESENTED BY RAHUL V R ROLL NO:42 CT3 S6

CONTENTS
Introduction Battery Sensing Intrusion Protection System (BSIPS) MVPIDS Design and Methodology MVPIDS Testing and Results Conclusions References

INTRODUCTION
Personal Digital Assistants (PDAs) and smart phones, also known as Portable Information Devices (PIDs), are less computationally powerful than desktop and laptop Personal Computers (PCs), but possess many of the same features and allow for much of the same functionality. Two defining features included in PIDs are Wi-Fi and Bluetooth capabilities. This research shows that the addition of an Intrusion Detection System (IDS) on PIDs can greatly enhance their security. This research addresses mobile device security and extends the original Battery Sensing Intrusion Protection System (B-SIPS) design by introducing the Multi Vector Portable Intrusion Detection Technology (MVPIDT) and a newly developed research system, Bluetooth Attack Detection and Signature System (BADSS).

MVPIDS Design and Methodology

DESIGN
1.B-SIPS Client: B-SIPS client attack detection is based on
irregularities in device IC changes. B-SIPS clients poll the smart battery for voltage, current, temperature, percent battery life, battery flag, and AC line status to determine battery consumption status.

2.Snort-based Wi-Fi Module: used for WiFi attack

detection

3.BADSS Module: used for Bluetooth attack detection 4.CIDE Server: The CIDE server functions as the supervisor
for the system, performing attack correlation and developing grounds for administrative action. The correlation and administrative analysis is done external to the PID by design due to limited memory, battery power, and processing constraints of PIDs.

MVP-IDT Testing and Results

Attack Tools: The attack tools used for launching WiFi
attacks included hping3, nmap, Nessus3, and Unicorn scan. The Bluetooth attack tools used in this research included: RedFang, Btscanner, BluePrint, PSM Scan, RFCOMM Scan, BlueBug, BlueSnarf, Btcrack, CarWhisperer, BlueSmack, Nasty vCard, L2CAP Header Overflow, HCIDumpCrash etc.

Data Collection: To do this, a time logging application was

developed that appended the current time to a text file at one second intervals. The time logger could then be used to monitor device lifetimes once deployed to the PIDs. When the PIDs battery resources were fully depleted, the device would shutdown, thus terminating the time logger application.

 Test-Bed Setup: In order to obtain accurate and repeatable

results, all tests on MVPIDT were conducted in a closed laboratory environment.the data collection methods employed used durind testing.Attacks were developed and deployed to gain insight on MVPIDT effectiveness and collection techniques.

Battery Drain Testing: The main objective of this research

was to hinder outside sources from negatively infl.uencing usability device under attack from a SYN flood. Buennemeyer first explored this area by examining battery lifetimes of Dell Axim X30 PDAs under idle conditions and then Battery Drain of PIDs Running the MVPIDS Version of the BSIPS Client.

 Battery Drain of PIDs Under Idle Conditions: The time

logger application was allowed to run for the duration of the battery drain trial so that when a PID was fully discharged, a total battery lifetime could be recorded. This process was repeated for 15 trials, using 6 different Dell Axim X51 PDAs. Two predictions were made regarding the results. 1. Each PID should produce its own consistent data set with very little deviation. The data set for each device should show a normal distribution with actual time trials clustering around the mean battery lifetime for each device set. 2.The battery lifetimes for each device should vary only slightly from device to device. This means that the difference between battery lifetimes sets for each device should not be statistically significant within a 95% confidence interval

 Battery Drain of PIDs Running the MVPIDT Version of the B-SIPS Client: PID battery depletion lifetimes under idle
conditions were established as a baseline to compare all other successive tests to. With this benchmark in place, the B-SIPS client was then tested for efficiency. The B-SIPS client must not have a significant negative impact on a PIDs battery lifetime for it to be successful in the mobile environment. The test setup used for this set of time trials is similar to that used to obtain battery lifetimes of PIDs under idle conditions. All devices were again fully charged, configured into their maximum performance states, and timed using the time logger application. The MVPIDT version of the B-SIPS client was started and allowed to continually run for the entire duration of the test.


1 1 3 4 5

Battery Drain of PIDs Due to WiFi Attacks:

Attack Name Suitability For Battery Lifetime Testing Ping Flood Successful and Repeatable ACK Flood Successful and Repeatable Used For FIN Flood Replicates ACK Flood PUSH Flood Replicates ACK Flood RST Flood Replicates ACK Flood

 Battery Drain of PIDs Due to Bluetooth Attacks :

Attack RedFang Btscanner Tbear BlueBug BlueSmack Nasty vCard HCIDumpCrash Nokia N70 DoS Ping of Death BlueSpam Suitability For Testing Not Applicable Not Applicable Not Applicable Not Applicable Successful and Repeatable Not Applicable Not Applicable Not Applicable Successful and Repeatable Successful and Repeatable

 Battery Drain Testing Summary: This research has

made three significant conclusions from PID battery drain testing. First, Dell Axim X51 PDA batteries drain in a normal distribution fashion, but the drain time across devices is not always statistically similar. Second, it has shown that battery exhaustion attacks should be seen as a significant threat to the field of mobile device security.

Conclusion
MVPIDS creates a viable solution to improve the security of PIDs. Mobile devices have an inherent need to function under stringent hardware constraints, causing the securing of these devices to often be done as an afterthought in the design process. To mitigate this design weakness and greatly enhance the security of PIDs, MVPIDS was created. Using a hybrid approach to intrusion detection, our work confirms that PIDs can be secured in malicious environments by integrating IC anomaly triggers with attack signature correlation for WiFi and Bluetooth traffic.

References

T.K. Buennemeyer, "BatterySensing Intrusion Protection System (BSIPS)," Doctoral Dissertation, Bradley Department of Electrical and Computer Engineering, Virginia Polytechnic Institute and State University, Blacksburg,VA, 2008. Mobile Tech Review, "What is a PDA?," http://www.mobiletechreview.com/genfaq.shtml, 2009. http://www.cnn.com/2008/TECH/01/25/bluetooth. legs/index.html, 2008