Two UA engineers are working towards securing Wi-Fi through collaborative research.
Marwan Krunz, a professor of electrical and computer engineering and principal investigator for this research, said in an email interview that Wi-Fi transmissions are much less secure than people think.
“It has been shown that a malicious eavesdropper can infer with 80 percent accuracy the type of online activities of a Wi-Fi user by monitoring the wireless medium for only five seconds,” Krunz said. “This accuracy goes up with the monitoring time.”
Loukas Lazos, co-principal investigator and an assistant professor in the electrical and computer engineering department, said he disagrees with Krunz on the public awareness of Wi-Fi security.
“I think for the most part, people nowadays are way more aware of the security issues associated with wirelessly accessing the internet,” Lazos said.
Lazos said he recalls when it used to be easy to find a free access point, but now, traffic between devices and access points are encrypted. He said he believes this is a step in the right direction when it comes to remedying security risks.
Although Lazos said it is a good sign that users now are more aware of wireless security issues, he agrees with Krunz that work is still needed to secure Wi-Fi.
“There’s still quite a few dangers that users may not be aware of when they use their wireless devices that cannot be addressed by conventional security measures,” Lazos said.
Lazos said that user privacy can often be violated with identifiers transmitted by a user’s phone, which can help someone discover the user’s whereabouts or identity by utilizing the wireless transmission.
Both engineers said they believe that Wi-Fi security is not where it needs to be and have been working together to remedy that.
“Loukas is a great team partner, and we have been collaborating on security-related projects for many years,” Krunz said. “Our expertise is complementary, which makes us work effectively.”
The project Krunz and Lazos are currently working on is funded by the National Science Foundation. The project is called “Leakage of Communications Signatures: Analysis of Eavesdropping Attacks and Proactive Countermeasures.”
According to the National Science Foundation website, the project “focuses on designing and evaluating privacy-preserving communication methods for mitigating information leakage due to eavesdropping.”
Krunz and Lazos will receive a total of $660,000 in funding from the NSF for four years, starting October 2014.
“We do not know yet the full range of adversarial attacks and privacy breaches malicious hackers may attempt,” Krunz said. “Nonetheless, we hope to at least make substantial progress in this domain in the four-year timeline of this project.”
Lazos said they are working toward three main directions with their research. First, they are looking for methods to ensure that data exchanged over Wi-Fi remains confidential and is not being exposed to outside parties. Secondly, they hope to devise certain methods to prevent someone from tracking users and to ensure one can’t identify the communications belonging to a specific user. Lastly, they hope to preserve availability and not let any attacks render Wi-Fi inoperable.
“We hope to complement existing mechanisms for Wi-Fi traffic encryption with so-called physical layer security techniques,” Krunz said.
He said that implementing techniques at both the application and low level is the best of both worlds.
Krunz stressed the importance of securing Wi-Fi since it is used at home, in offices, on campus, in restaurants and coffee shops, and more.
“The convenience of Wi-Fi, and the fact that they offer a free alternative to 3G/4G cellular communications, makes them so popular,” Krunz said, “and yet from a security point of view, opens the door for various privacy vulnerabilities.”
