Chapter1IntroductionIt has become very common now days that employees workoutside their organizations premises. Recent survey published by Forresterconsulting on Citrix website claims that 65% of the respondents to have atleast worked remotely a one day per week, 37% said that they worked two or moredays per week 1.In order to get access to their work data servers they needed establishInternet connections from the gateway portals of the places that they aretrying to work in, these places could be Hotels, coffee shops, restaurants,airports , etc.Allowing workers to work remotely can be considered abig risk to organizations’ sensitive data.
Most of big companies uses VPNtechnology in order to allow their employees to access and exchange sensitivedata remotely with minimum risk of exposing this data 2. However, in orderto establish a VPN connection one should connect to the available internetconnection first and wait for few minute until the VPN connection becomes fullyrunning, Leaving his device unsecure for all type of attacks if he isconnecting through open Wi-Fi network 3.One simple way to steal information is that a hackerwould masquerade a network SSID in popular places and tricking people toconnect to him rather than the genuine hot spot. This will enable the attackerto monitor all kind off traffic that is being transferred along with thecapability to transmit malwares to victims devices or even take control ofthese devices. 4. Such attack iscalled Evil-Twin attack, this attack happens mostly for unattended hot spotsfor a long period. Smart homes are considered the a great target for suchattacks.
Attacker can use this technique to launch various attacks 5. The device in thiswill help in overcoming this problem by adding another layer of securitybetween the authentic home’s access point and the home automation controller,which is the heart of any smart home network where all traffic from all smarthome devices are gathered and then retransmitted to outer world through thegateway. 1.1 Problem Area and research questionsThe best way to increase security among publicnetworks is by configuring a VPN tunnel. This will make all traffic to beencrypted before transmission. Some people would think that they could overcomethis problem by just turning the VPN connection on their browser or by enteringtheir credentials to a VPN client authentication window. But all portabledevices are programmed to look for updates for its application (emails,WhatsApp, Facebook and even updates for the OS itself) as soon as they see anestablished Internet connection. Hackers would take advantage of this bymonitoring traffic and acquiring some important information about the device andeven succeed in sending a malware to the device in the few minutes he hasbefore establishing the VPN connection.
6In order to mitigate this problem we need to bring adevice that would ensure blocking all non-VPN traffic until the tunnel is setand configured. This blocking shall be performed physically and by software toensure its efficiency. There are solutions that would mitigate this problem byinstalling a VPN application or VPN browser on the user’s device. But thesesolutions would work on certain OS and still need to be connected to theinternet before establishing the VPN tunnel which brings us back to thementioned earlier problem. We think that our solution would mitigate theproblem by forcing first the VPN tunnel to be established then allowing theencrypted data to be transmitted through the public Wi-Fi or the home’sgateway. Research Questions1. How todesign and Implement an affordable DIY intermediate device that offer protectusers data by blocking all non-encrypted traffic until the VPN tunnel isEstablished ?2. How to makethis device improve smart home’s network security?3.
How tophysically segregate user’s sensitive data from public compromised (breached)Wi-Fi network before encrypting and transmitting it?4. How can thisdevice surpass other existing solution to this problem? 1.2 Proposed solution The Idea of this project is to design and implement anintermediate device that can operate under unsecured Wi-Fi and end user’spersonal devices. It should be usable everywhere where a wireless connection isavailable. Also this device shall be used in a smart home environment. Figure 1 illustrates how the connection is establishedfrom user’s devices to the offices’ servers. In this figure, it is seen howhacker can easily monitor traffic or even interfere with the transmission, asWi-Fi is considered vulnerable to anyone who has the Pre Shared Key (PSK). 7 Fig.
1Our Device is going to act as an intermediate deviceusers device and open Public Wi-Fi, it is provided with two Wi-Fi adaptors toconnect to each side of the network to provide a physical layer of segregationbetween them. It will also be equippedwith OpenVPN software server to provide the security feature needed whilererouting the traffic from one end to the other. Figure 2 shows how the device will be placedin the previous situation and how it will provide resistance to hacker attacks.the Raspberry Pi creates A VPN tunnel connection between the user’s devices andthe Offices’ servers blocking the hacker from spying on the traffic. Fig.
2 Another usage for this device is that it can be usedin smart homes as another secure layer between the home’s gateway and the homeautomation controller. Figure 3 shows how the device can positioned withinsmart home network, it will act the same as described earlier adding anothersecurity layer to the network in case that home Wireless Gateway iscompromised. Fig.3 1.3 Solution requirementTo be able to design, implement and evaluate this newdevice, there are several requirements that needs to be fulfilled if thisprototype shall be classified successful. These requirements were assigned bythe researcher and is based upon his idea of what capabilities this deviceshould have. The requirements were categorized in three categories ofparameters. Operational, Security and characteristic parameter.
Operational ParametersThese parameter need to be fulfilled to make sure thatthis device operates in the desired way.· Quick bootup.The system needs to start quickly so theuser wont need to wait too long to establish the secure VPN tunnel.· Easy to Use.In order not to confuse the end user withmultiple choices the system should require just few steps to make all features andfunctionalities work. · Stablesystem.The system needs to be stable so it wouldperform in the same way each time it is used.
· PlatformIndependency.The device shall work with all types of endusers devices that support Wi-Fi.· Independentsolution.No extra modification or configurationshould be required to use this solution Security Parameters.
These parameters needs to be fulfilled in order to makesure that the device is secured and operates in a secure way.· Securedagainst known weaknesses.The system shall be resistant to all knownweaknesses and flaws that can be exploited. · Block allnon VPN traffic.All non-VPN traffic shall be blocked and notallowed to pass the device until the VPN connection is established.Characteristics Parameter .These parameters need to be fulfilled to make surethat the device is designed in a way to be small, portable since the users mayhave to carry it with him.
· Small size.The device has to be small so it could beeasy to carry.· Light weightIt is important to keep the device light inorder to carry it easily.
· Durable The device must be durable and not easilyharmed. 1.4 Expected outcomeThe expectations of the device are :1. Performwell.2. Be secured3. Securelyconnects the user’s devices to the internet4. Work both asportable and stationary device 1.
5 Research DelimitationsThis section will describe the scope of the projectand the delimitation this research has. The research is limited to a time frame of onesemester and this can have effects of what can be possibly achieved. This studywill not produce a device ready for the market, but rather a prototype, whichwill show how an independent device can be created to solve the researchproblem. The device will focus onsecuring the connection rather than securing the applications on theapplication layer.
The researcher limited the reviewed literature tosolutions and projects that have been published and peer review or solutions that are already successful in the market.Solutions that can be found on blogs or similar websites won’t be dealt withsince there is no way to ensure that these projects work on the way the authorwrites.Another delimitation is that this study due to thetime limitation and finance all development of the device, design and oneresearcher will do test. With more serious testing and group evaluation theprototype can be evaluated in a better way. 1.6 outline of this ThesisFollowing the introduction, chapter 2 will provide fewbackground topics that are related to this research, which would help thereader to get a better understanding of the whole picture. A literature previewis profound in chapter 3. Chapter 4 describes the research methodology that isused for this project.
Chapter 5 illustrates how the device was designed,implemented, and tested and evaluated. In chapter 6 a vulnerability analysiswill be preformed in 3 phases to measure how much the device mitigated thevulnerabilities on the network. While chapter 7 will conclude this research andpossible future work will be discussed. Chapter2BackgroundIn this chapter the most essentialbackground needed to illustrate the basic concept of this research.2.1 Wi-FiAn abbreviation for Wireless Fidelity.
A Technologythat helps in transferring data wirelessly by using radio wave of the range 2.4GHz or 5GHz 8. The first step in developing Wi-Fi was takenin 1985 when the Federal Communication Commission (FCC) allowed access toearlier restricted radio Bands (900MHz, 2.4GHz and 5,8GHz) for communicationenterpreneurs.