WiMaX Based Real Time Cyber Security and Monitoring System. AB .Patki1, Aman Nijhawan2, Sankalp S.Parihar 2 ,Deepali Aneja2 Ministry of Information Technology, Government of India of India. 2 Maharaja Surajmal Institute of Technology, GGSIP University New Delhi 1
Abstract Commonwealth Games scheduled to be held in year 2010 in New Delhi have opened up opportunity for providing cyber security in an unusual perspective. During the games a substantial increase in the Internet traffic is expected due to large inflow of floating tourist population. This floating population may launch cyber attacks or be a target of such attacks. Thus an effective cyber security system is needed to ensure that such attacks do not take place. This paper gives an overview of such a system. The authors plan to use WiMaX as the network and OLPCs running on Ubuntu OS as the tools to implement this new Cyber Security System. .
1. Introduction Commonwealth Games are scheduled to be held in New Delhi in the year 2010. A large increase in the internet traffic is expected due to a temporary increase in the population during the games. Such population is floating population and maybe susceptible to or launch cyber attacks. While major emphasis on sports events like commonwealth games is from games viewpoints, the relevance cyber security cannot be undermined. These cyber attacks may range from activities such as Email Spam or Commercial fraud or even disrupting the schedule of the games. In this context, the recent reports of US government experts regarding terrorists activities from disruptions to bloodshed using Internet medium have special significance from cyber security angle [1]. This new threat bears little resemblance to the already familiar type of cyber attacks which were mostly aimed to create financial disruptions by computer hackers using computer viruses, worms and Trojan horses. Analysts believe that terrorists might try and control the computer systems that control major physical structures like floodgates and substations that control large voltage of electricity. Attacks on these infrastructure systems might be used to inflict large scale damage on life and property. Also these attacks may be used in concurrence with conventional attacks using explosives to bring about a total breakdown of
city infrastructure. Though at the outset, an impression may be created that this is more of security manpower deployment and additional security personnel problem, the technological aspect of the situation with intelligent gadgets is the focus of this paper. To vouchsafe against such attacks a real time cyber security system is proposed which could help the authorities to avert such attacks. This poses challenges to either use the existing devices with more skill set reinforced with training or deploy new devices. We suggest an approach of using Linux Based OLPC devices equipped with a WiMAX modem to implement this System. This paper provides an overview of the system and gives a block design based approach to the design of the system.
2. Issues and Challenges in Cyber Security This section describes some of the major issues faced by the cyber security agencies. A. There are about 1 Million registered and unregistered cyber cafes in India. Internet access in these cyber cafes provides the benefit of anonymity to the antisocial elements. Recently Government of India came up with a legislation requiring Cyber Café and Internet Kiosk owners to have mandatory identity check for all users using internet services [2]. This was met with initial resistance but after sometime due to public awareness programs, the cyber café owners agreed to the terms of the legislation.. B. Internet Service Providers or ISPs have huge volumes of data in terms of network identities as well as usage profile of all users on their network, but this database is enormous in terms of size and no effective software tools exist to extract and analyze useful data in real-time C. All internet data packets in and out of the country are logged at the gateways with the help of netflow routers and attached data storage but again this data log is so huge that searching through it in real time is a complex
task and hence abandoned in practice or only resorted to during crisis handling situations. D. Due to absence of effective portable internet traffic monitoring devices a large number of internet security lapses go undetected. E. All present tools are basically either static such as Intrusion detection tools (Firewalls) or Anomaly Detection tools based on data mining technologies which rely on training data which is complicated as well as expensive to produce. The above mentioned issues provided the main motivation to undertake the project. If the above mentioned issues are tackled in a right manner it would go a long way in ensuring the security of the internet network in the country.
various factors such as browser type, user profile, open network ports, transfer rate, destination of most data packets etc.
3. Proposed System Architecture This section describes the proposed system architecture of the required system to address the above issues. This architecture is shown in Fig 1. It should However be noted that this is just an approximate overview of the basic system. The major components are described briefly in this section. A. Net flow Routers These are special purpose routers that log all outbound data packets passing through them in the attached data storage. B. Database Servers These servers contain enormous amounts of storage capacity of the range of terabytes and are used to store the log of data traffic created by the Netflow router. C. Super Servers These are computer systems which host the intelligent software agent which extracts information from the ISP database and the traffic log in real time. These servers are generally placed in monitoring stations and also have the control to the gateway firewall. Also these server systems have heavy processing power to provide for heavy processing tasks. D. Intelligent Software Agent This is the most important part of the whole system .This agent has two pronged functions of intrusion as well as anomaly detection. This agent acts on the enormous amounts of data in the data log as well as ISP database and extracts the relevant information from these databases in real time .Based on this information the security factor of each user is calculated with
Fig1: System Architecture for the proposed security system.
After all this calculation it creates area wise data packets for the whole city which contain information about the users who have .These data packets contain three basic parameters in the payload: a. IP Address of the rouge system b. Physical Address of the System c. Security Factor. It is observed that the agents based on rough set based Incremental rule generation algorithms are best suited for such software applications.[2] E. Communication System There are some key requirements that were needed to be fulfilled when choosing that communication system, these requirements are listed below. a. City-wide wireless communication with good connectivity b. Fast Real-time Communication is one of the most important requirement of the communication system c. Secure communication channel should exist between the devices and the base station. d. Intelligent broadcasting algorithm should be employed to avoid clogging of the network. e. The protocol used should be able to sense changes in the network topology and be able to adjust accordingly without wasting much time in transition.
f.
Data packet should be small and not much space overhead should be used. g. Based on the above requirements the authors zeroed in on WiMAX protocol [3] to build the communication system. The system consists of: a. Baseband towers at base stations connected to the monitoring station with a high speed Ethernet/ optical fiber link. b. Area-wise subscriber stations connected to the baseband towers using point to multi point links. c. Wireless access points connected to each subscriber station which feed the data packets to the handheld device.
and receive few kilobytes of data at High Speed. g. Also since this is a high security device the device should contain a memory protection unit so that if it gets into wrong hands it cannot be re-flashed to alter its functioning. However our attempts to design such a device from scratch were unsuccessful due to absence of appropriate CAD tools to design such devices .Also since it was an intern project the authors faced a time crunch at their hands. After the initial setback at being unable to design the devices the authors decided to shelve the design project and look for off the shelf devices which would fit requirements as well as cost considerations.
F. Handheld Monitoring Devices. The cyber police officers will be equipped with these devices. These devices will interact with the nearest access point to convey its location to the software agent in the monitoring station. This device will then be supplied with a data packet containing the information about that city block based on which the police officer may take requisite action.The requirements of such a device are described in detail in next section.
4. The Handheld Device The authors propose to use Ubuntu Linux Based OLPC device as the Handheld device. The authors had earlier planned to design the hardware device from scratch as during the conception period of the project none of the off-shelf devices was suitable due to the high cost of such devices. The authors did a requirements analysis of the device to be built and came up with the following requirements. a.
b. c. d. e.
f.
Suitable mobile processing core to process the received data packets and interact with user I/O devices. Internal Memory RAM and ROM to help the processor function. External Memory (FLASH) Input Interface in the form of a scroller / joystick, keypad containing a few keys. Output Interface 5.6 inch 4096 colour trans reflective LCD screen as this device is to be used outdoors during day time Transmitter and Receiver for wireless communication that should be able to send
FIG 2: Block design of the device to be built The authors did an extensive research on such devices and finally zeroed in on OLPC [6] to implement the project. OLPC device runs Linux Operating system and has appropriate wireless network interface. It is openly available in the market and its cheap cost make it an ideal alternative to designing the device. Also its dimensions and high battery life make it possible to be both mounted in vehicles as well as carried around easily
5. Conclusions Specialized portable internet traffic monitoring devices are the need of the hour and this project has immense scope to be implemented successfully not only during the commonwealth games but also during any event in which there is a risk of cyber attack. However this project is on hold due to lack of proper support in terms of manpower and financing of the
project. It is believed that a tool of this kind will help considerably in controlling the cyber crimes and increase security by manifolds.
6. References [1] Billy Barton, Cyber-Attacks by Al Qaeda Feared – Washington Post Thursday, June 27, 2002; Page A01 [2] Patki Tapasya, Khurana Swati, S.Sivasubramanian, Patki A.B.- Product Development for Female Cyber Police Programme, Proceedings of Conflux-2005 e-Governance Conference, October 17-19, 2005, New Delhi, India. [3] Understanding Wi-Fi and WiMAXas Metro-Access Solutions- Intel® Corp. [4] Awad, M., Kuusela, J., and Ziegler, J. (1996). ObjectOriented Technology for Real-Time Systems. Prentice Hall. [5] Ahmad, A., Ruighaver, A.B.., Design of a NetworkAccess Audit Log for Security Monitoring and Forensic Investigation, Proceedings of the 1st Australian Computer Network, Information & Forensics Conference, Perth, Nov 24, 2003. [6] http://laptop.org/laptop/hardware/ for OLPC hardware description of the OLPC device.
