Automatic security assessment for next generation wireless mobile networks

Issue title: Emerging Wireless and Mobile Technologies

Article type: Research Article

Authors: Palmieri, Francesco | Fiore, Ugo | Castiglione, Aniello

Affiliations: Dipartimento di Ingegneria dell'Informazione, Seconda Università degli Studi di Napoli, Aversa (CE), Italy | Università degli Studi di Napoli "Federico II", Napoli, Italy | Dipartimento di Informatica "R. M. Capocelli", Università degli Studi di Salerno, Via Ponte don Melillo, I-84084 Fisciano (SA), Italy

Note: [] Corresponding author: Aniello Castiglione, Dipartimento di Informatica "R.M. Capocelli" – Università degli Studi di Salerno, Via Ponte don Melillo, I-84084 Fisciano (SA), Italy. Tel.: +39 089 969594/+39 089 969594; Fax: +39 089 969821/+39 089 969821; E-mail: castiglione@ieee.org

Abstract: Wireless networks are more and more popular in our life, but their increasing pervasiveness and widespread coverage raises serious security concerns. Mobile client devices potentially migrate, usually passing through very light access control policies, between numerous and heterogeneous wireless environments, bringing with them software vulnerabilities as well as possibly malicious code. To cope with these new security threats the paper proposes a new active third party authentication, authorization and security assessment strategy in which, once a device enters a new Wi-Fi environment, it is subjected to analysis by the infrastructure, and if it is found to be dangerously insecure, it is immediately taken out from the network and denied further access until its vulnerabilities have been fixed. The security assessment module, that is the fundamental component of the aforementioned strategy, takes advantage from a reliable knowledge base containing semantically-rich information about the mobile node under examination, dynamically provided by network mapping and configuration assessment facilities. It implements a fully automatic security analysis framework, based on AHP, which has been conceived to be flexible and customizable, to provide automated support for real-time execution of complex security/risk evaluation tasks which depends on the results obtained from different kind of analysis tools and methodologies. Encouraging results have been achieved utilizing a proof-of-concept model based on current technology and standard open-source networking tools.

Keywords: Dynamic access control, active networks, analytic hierarchy process, multiple criteria decision analysis, nomadic computing, security audit, security assessment, ubiquitous networking

DOI: 10.3233/MIS-2011-0119

Journal: Mobile Information Systems, vol. 7, no. 3, pp. 217-239, 2011