Battery-Sensing Intrusion Protection System (B-SIPS)

Abstract

This dissertation investigates using instantaneous battery current sensing techniques as a means of detecting IEEE 802.15.1 Bluetooth and 802.11b (Wi-Fi) attacks and anomalous activity on small mobile wireless devices. This research explores alternative intrusion detection methods in an effort to better understand computer networking threats. This research applies to Personal Digital Assistants (PDAs) and smart phones, operating with sensing software in wireless network environments to relay diagnostic battery readings and threshold breaches to indicate possible battery exhaustion attack, intrusion, virus, and worm activity detections. The system relies on host-based software to collect smart battery data to sense instantaneous current characteristics of anomalous network activity directed against small mobile devices. This effort sought to develop a methodology, design and build a net-centric system, and then further explore this non-traditional intrusion detection system (IDS) approach. This research implements the Battery-Sensing Intrusion Protection System (B-SIPS) client detection capabilities for small mobile devices, a server-based Correlation Intrusion Detection Engine (CIDE) for attack correlation with Snort's network-based IDS, device power profiling, graph views, security administrator alert notification, and a database for robust data storage. Additionally, the server-based CIDE provides the interface and filtering tools for a security administrator to further mine our database and conduct forensic analysis. A separate system was developed using a digital oscilloscope to observe Bluetooth, Wi-Fi, and blended attack traces and to create unique signatures. The research endeavor makes five significant contributions to the security field of intrusion detection. First, this B-SIPS work creates an effective intrusion detection approach that can operate on small, mobile host devices in networking environments to sense anomalous patterns in instantaneous battery current as an indicator of malicious activity using an innovative Dynamic Threshold Calculation (DTC) algorithm. Second, the Current Attack Signature Identification and Matching System (CASIMS) provides a means for high resolution current measurements and supporting analytical tools. This system investigates Bluetooth, Wi-Fi, and blended exploits using an oscilloscope to gather high fidelity data. Instantaneous current changes were examined on mobile devices during representative attacks to determine unique attack traces and recognizable signatures. Third, two B-SIPS supporting theoretical models are presented to investigate static and dynamic smart battery polling. These analytical models are employed to examine smart battery characteristics to support the theoretical intrusion detection limits and capabilities of B-SIPS. Fourth, a new genre of attack, known as a Battery Polling Cycle Timing Attack, is introduced. Today's smart battery technology polling rates are designed to support Advanced Power Management needs. Every PDA and smart phone has a polling rate that is determined by the device and smart battery original equipment manufacturers. If an attacker knows the precise timing of the polling rate of the battery's chipset, then the attacker could attempt to craft intrusion packets to arrive within those limited time windows and between the battery's polling intervals. Fifth, this research adds to the body of knowledge about non-traditional attack sensing and correlation by providing a component of an intrusion detection strategy. This work expands today's research knowledge towards a more robust multilayered network defense by creating a novel design and methodology for employing mobile computing devices as a first line of defense to improve overall network security and potentially through extension to other communication mediums in need of defensive capabilities. Mobile computing and communications devices such as PDAs, smart phones, and ultra small general purpose computing devices are the typical targets for the results of this work. Additionally, field-deployed battery operated sensors and sensor networks will also benefit by incorporating security mechanisms developed and described here.