DIST: Dartmouth Internet Security Testbed (2009-2014)
This project is no longer active; this page is no longer updated; its last update was April 9, 2009.
Related projects:
[CRAWDAD],
[MAP],
[NetSANI],
[Wi-Fi-measurement]
Related keywords:
[privacy],
[security],
[wifi]
Overview
We developed the Dartmouth Internet Security Testbed (DIST),
a large-scale deployment designed to support research on
wireless-network security challenges. The Institute for Security
Technology Studies (ISTS),
in collaboration with Dartmouth's central Information Technology division,
deployed this integrated testbed comprising a wireless-network
measurement infrastructure and a suite of Wi-Fi capable mobile
devices. This project built on the technology of the MAP project, and supported the work done
in the NetSANI project.
All DIST hardware has been removed from campus.
The following was written before/during the project.
DIST concerns itself with studying campus network usage patterns
and with developing systems for automatically detecting malicious
attempts to disrupt or degrade the network. To support these
activities, DIST has been installing wireless monitors at
various locations around the campus.
The DIST wireless monitors look a lot like the Kiewit access
points that are deployed around the campus to support wireless
Internet access at Dartmouth. In fact, both the Kiewit access points
and the DIST wireless monitors are Aruba AP70s, and they differ only
in the way they are deployed.
One of the differences is physical: the Kiewit access points have
no external antennas (they transmit and receive through antennas
embedded in their antenna flaps), while the DIST wireless monitors are
deployed with twin blade antennas mounted at their sides. A few of
the DIST wireless monitors are mounted with their flaps closed.
Another difference, albeit an invisible one, lies in the software that
is deployed on these devices. The Kiewit access points run
proprietary Aruba software for managing communication on a wireless
network; if you have a laptop computer or other wireless device and
are within range of a Kiewit access point, you can associate with it
and use it to access the Internet. By contrast, the DIST wireless
monitors run our own research software, which monitors wireless
network traffic with the goal of detecting anomalies that suggest
malicious activity. The DIST wireless monitors play no direct role in
supporting Internet communication, and your laptop cannot associate
with them.
A Kiewit access point
|
An open-flap DIST wireless monitor
|
A closed-flap DIST wireless monitor
|
Each DIST wireless monitor is deployed with a label that reads
DIST-XXX, where XXX is a three-digit number. These labels help the
DIST project to identify individual DIST wireless monitors in case any
problems or questions arise in connection with them.
See also the DIST privacy statement and
the DIST Frequently Asked Questions.
People
Chrisil Arackaparambil,
Sergey Bratus,
David Kotz,
Mike Locasto,
Anna Shubina,
Keren Tan,
Punch Taylor, and
Bennet Vance (Computer Science);
Frank Archambeault,
Paul Schmidt (Computing Services);
Guanling Chen and Bo Yan (UMass Lowell);
and
Chris McDonald (Univ. Western Australia).
Funding and acknowledgements
DIST was a research program in
Dartmouth's Institute for Security Technology Studies
(ISTS),
supported by
the US Department of Homeland Security
under award 2006-CS-001-000001.
Sun Microsystems was a contributor to the DIST project.
The views and conclusions contained on this site and in its documents
are those of the authors and should not be interpreted as necessarily
representing the official position or policies, either expressed or
implied, of the sponsor(s). Any mention of specific companies or
products does not imply any endorsement by the authors or by the
sponsor(s).
Papers tagged 'dist'
[Also available in BibTeX]
Papers are listed in reverse-chronological order;
click an entry to pop up the abstract.
For full information and pdf, please click Details link.
Follow updates with RSS.
- 2014:
-
Keren Tan, Chris McDonald, Bennet Vance, Chrisil Arackaparambil, Sergey Bratus, and David Kotz.
From MAP to DIST: the evolution of a large-scale WLAN monitoring system.
IEEE Transactions on Mobile Computing.
January 2014.
[Details]
The edge of the Internet is increasingly becoming wireless. Therefore, monitoring the wireless edge is important to understanding the security and performance aspects of the Internet experience. We have designed and implemented a large-scale WLAN monitoring system, the Distributed Internet Security Testbed (DIST), at Dartmouth College. It is equipped with distributed arrays of “sniffers” that cover 210 diverse campus locations and more than 5,000 users. In this paper, we describe our approach, designs and solutions for addressing the technical challenges that have resulted from efficiency, scalability, security, and management perspectives. We also present extensive evaluation results on a production network, and summarize the lessons learned.
- 2011:
-
Keren Tan.
Large-scale Wireless Local-area Network Measurement and Privacy Analysis.
PhD thesis, August 2011.
Available as Dartmouth Computer Science Technical Report TR2011-703.
[Details]
The edge of the Internet is increasingly becoming wireless. Understanding the wireless edge is therefore important for understanding the performance and security aspects of the Internet experience. This need is especially necessary for enterprise-wide wireless local-area networks (WLANs) as organizations increasingly depend on WLANs for mission-critical tasks. To study a live production WLAN, especially a large-scale network, is a difficult undertaking. Two fundamental difficulties involved are (1) building a scalable network measurement infrastructure to collect traces from a large-scale production WLAN, and (2) preserving user privacy while sharing these collected traces to the network research community. In this dissertation, we present our experience in designing and implementing one of the largest distributed WLAN measurement systems in the United States, the Dartmouth Internet Security Testbed (DIST), with a particular focus on our solutions to the challenges of efficiency, scalability, and security. We also present an extensive evaluation of the DIST system. To understand the severity of some potential trace-sharing risks for an enterprise-wide large-scale wireless network, we conduct privacy analysis on one kind of wireless network traces, a user-association log, collected from a large-scale WLAN. We introduce a machine-learning based approach that can extract and quantify sensitive information from a user-association log, even though it is sanitized. Finally, we present a case study that evaluates the tradeoff between utility and privacy on WLAN trace sanitization.
- 2010:
-
Keren Tan and David Kotz.
Saluki: a High-Performance Wi-Fi Sniffing Program.
Proceedings of the International Workshop on Wireless Network Measurements (WiNMee).
May 2010.
Invited paper.
[Details]
Building a campus-wide wireless LAN measurement system faces many efficiency, scalability and security challenges. To address these challenges, we developed a distributed Wi-Fi sniffing program called Saluki. Compared to our previous implementation and to other available sniffing programs, Saluki has the following advantages: (1) its small footprint makes it suitable for a resource-constrained Linux platform, such as those in commercial Wi-Fi access points; (2) the frame-capture rate increased more than three-fold over tcpdump with minimal frame loss; (3) all traffic between this sniffer and the back-end server was secured using 128-bit encryption; and (4) the traffic load on the backbone network was reduced to only 30% of that in our previous implementation. In this paper, we introduce the design and the implementation details of this high-performance sniffing program, along with preliminary evaluation results.
Chrisil Arackaparambil, Sergey Bratus, Anna Shubina, and David Kotz.
On the Reliability of Wireless Fingerprinting using Clock Skews.
Proceedings of the ACM Conference on Wireless Network Security (WiSec).
March 2010.
[Details]
Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points.
We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.
Chrisil Arackaparambil, Sergey Bratus, Anna Shubina, and David Kotz.
On the Reliability of Wireless Fingerprinting using Clock Skews.
Technical Report, January 2010.
[Details]
Determining whether a client station should trust an access point is a known problem in wireless security. Traditional approaches to solving this problem resort to cryptography. But cryptographic exchange protocols are complex and therefore induce potential vulnerabilities in themselves. We show that measurement of clock skews of access points in an 802.11 network can be useful in this regard, since it provides fingerprints of the devices. Such fingerprints can be used to establish the first point of trust for client stations wishing to connect to an access point. Fingerprinting can also be used in the detection of fake access points. We demonstrate deficiencies of previously studied methods that measure clock skews in 802.11 networks by means of an attack that spoofs clock skews. We then provide means to overcome those deficiencies, thereby improving the reliability of fingerprinting. Finally, we show how to perform the clock-skew arithmetic that enables network providers to publish clock skews of their access points for use by clients.
- 2009:
-
Sergey Bratus, David Kotz, Keren Tan, William Taylor, Anna Shubina, Bennet Vance, and Michael E. Locasto.
Dartmouth Internet Security Testbed (DIST): building a campus-wide wireless testbed.
Proceedings of the Workshop on Cyber Security Experimentation and Test (CSET).
August 2009.
[Details]
We describe our experiences in deploying a campus-wide wireless security testbed. The testbed gives us the capability to monitor security-related aspects of the 802.11 MAC layer in over 200 diverse campus locations. We describe both the technical and the social challenges of designing, building, and deploying such a system, which, to the best of our knowledge, is the largest such testbed in academia (with the UCSD’s Jigsaw infrastructure a close competitor). In this paper we focus on the testbed setup, rather than on the experimental data and results.
[Kotz research]