Affiliations: Dipartimento di Ingegneria dell'Informazione, Seconda
Università degli Studi di Napoli, Aversa (CE), Italy | Università degli Studi di Napoli "Federico II",
Napoli, Italy | Dipartimento di Informatica "R. M. Capocelli",
Università degli Studi di Salerno, Via Ponte don Melillo, I-84084 Fisciano
(SA), Italy
Note: [] Corresponding author: Aniello Castiglione, Dipartimento di
Informatica "R.M. Capocelli" – Università degli Studi di Salerno, Via
Ponte don Melillo, I-84084 Fisciano (SA), Italy. Tel.: +39 089 969594/+39 089
969594; Fax: +39 089 969821/+39 089 969821; E-mail: castiglione@ieee.org
Abstract: Wireless networks are more and more popular in our life, but their
increasing pervasiveness and widespread coverage raises serious security
concerns. Mobile client devices potentially migrate, usually passing through
very light access control policies, between numerous and heterogeneous wireless
environments, bringing with them software vulnerabilities as well as possibly
malicious code. To cope with these new security threats the paper proposes a
new active third party authentication, authorization and security assessment
strategy in which, once a device enters a new Wi-Fi environment, it is
subjected to analysis by the infrastructure, and if it is found to be
dangerously insecure, it is immediately taken out from the network and denied
further access until its vulnerabilities have been fixed. The security
assessment module, that is the fundamental component of the aforementioned
strategy, takes advantage from a reliable knowledge base containing
semantically-rich information about the mobile node under examination,
dynamically provided by network mapping and configuration assessment
facilities. It implements a fully automatic security analysis framework, based
on AHP, which has been conceived to be flexible and customizable, to provide
automated support for real-time execution of complex security/risk evaluation
tasks which depends on the results obtained from different kind of analysis
tools and methodologies. Encouraging results have been achieved utilizing a
proof-of-concept model based on current technology and standard open-source
networking tools.