Wi-Trust: Computational Trust and Reputation Management for Stronger Hotspot 2.0 Security
DOI:
https://doi.org/10.13052/jicts2245-800X.433Keywords:
Wi-Fi, public hotspot, computational trust, reputation managementAbstract
In its list of top ten smartphone risks, the European UnionAgency for Network and Information Security ranks network spoofing attacks as number 6. In this paper, we present how we have validated different computational trust and reputation management techniques by means of implemented prototypes in real devices to mitigate malicious legacy Wi-Fi hotspots including spoofing attacks. Then we explain how some of these techniques could be more easily deployed on a large scale thanks to simply using the available extensions of Hotspot 2.0, which could potentially lead to a new standard to improve Wi-Fi networks trustworthiness.
Downloads
References
ENISA (2015). Top Ten Smartphone Risks – ENISA. Available at: https://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-applications/smartphone-security-1/top-ten-risks [accessed June 28, 2015].
Ferreira, A., Huynen, J.-L., Koenig, V., and Lenzini, G. (2014). “Socio-technical security analysis of wireless hotspots,” in Human Aspects of Information Security, Privacy, and Trust, eds T. Tryfonas, and I. Askoxylakis (Berlin: Springer), 306–317.
Titi, X., Lafuente, C. B., and Seigneur, J.-M. (2011). Trust management for selecting trustworthy access points. IJCSI Int. J. Comput. Sci. 8, 22–31.
Seigneur, J.-M., Lafuente, C. B., and Matos, A. (2013). “Secure user-friendly Wi-Fi access point joining,” in Proceedings of the 2013 IEEE Wireless Communications and Networking Conference (WCNC), Shanghai, 4718–4723.
Lafuente, C. B., and Seigneur, J.-M. (2014). “Extending trust management with cooperation incentives: achieving collaborative Wi-Fi sharing using trust transfer to stimulate cooperative behaviours,” in Trust Management VIII, eds J. Zhou, N. Gal-Oz, J. Zhang, and E. Gudes (Berlin: Springer), 157–172.
Lafuente, C. B., and Seigneur, J.-M. (2012). “Crowd augmented wireless access,” in Proceedings of the 3rd Augmented Human International Conference, New York, NY, 25.
McKnight, D., and Chervany, N. L. (1996). The Meanings of Trust. Technical report MISRC 96-04, University of Minnesota, Management Informations Systems Research Center.
Romano, D. M. (2003). The Nature of Trust: Conceptual and Opera tional Clarification. Ph.D. thesis, Louisiana State University, Baton Rouge, LA.
Marsh, S. (1994). Formalising Trust as a Computational Concept. University of Stirling, Stirling.
Bouvier, M. (1856). “Maxims of Law,” in Law dictionary.
Kuwabara, K. (2003). “Reputation: Signals or incentives?,” presented at the The annual meeting of the american sociological association,
Franklin, B., The Life and Letters of Benjamin Franklin. Milwaukee, WI: E.M. Hale & Company.
Covey, S. R. (1989). The 7 Habits of Highly Effective People. Salt Lake City, UT: Franklin Covey.
Seigneur, J.-M., Abendroth, J., and Jensen, C. D. (2002). “Bank accounting and ubiquitous brokering of trustos,” in Proceedings of the 7th Cabernet Radicals Workshop, Bertinoro.
Seigneur, J.-M. (2013). “Online e-reputation management services,” in Computer and Information Security Handbook, 2nd edn, (Burlington, MA: Morgan Kaufmann).
ENISA (2016). Reputation-Based Systems: A Security Analysis –ENISA. Available at: https://www.enisa.europa.eu/publications/archive/reputati on-based-systems-a-security-analysis [accessed March 23, 2016].
Douceur, J. R., (2002). “The sybil attack,” in Proceedings of the International Workshop on Peer-to-Peer Systems, Cambridge, 251–260.
Seigneur, J.-M. (2005). Trust, Security and Privacy in Global Compu ting. Ph.D. thesis, Trinity College Dublin, Dublin.
CISCO (2012). The Future of Hotspots: Making Wi-Fi as Secure and Easy to Use as Cellular. San Jose, CA: CISCO.
Phifer, L. (2003). Deploying 802.1X for WLANs: EAP Types. Available at: http://www.wi-fiplanet.com/tutorials/article.php/10724_3075481_2/Deploying-8021X-for-WLANs-EAP-Types.htm
El Maliki, T., and Seigneur, J.-M. (2007). “A Survey of User-centric Identity Management Technologies,” in Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies, (Norwood, SA: SecureWare), 12–17.
Dejean, S., Pénard, T., and Suire, R. (2010). Une Première Évaluation des Effets de la loi Hadopi sur les Pratiques des Internautes français. Rennes: University of Rennes 1.
Salem, N. B., Buttyán, L., Hubaux, J.-P., and Jakobsson, M. (2006). Node Cooperation in Hybrid Ad Hoc Networks. IEEE Trans. Mob. Comput. 5, 365–376.
Momani, M., Agbinya, J., Navarrete, G. P., and Akache, M. (2006). “A new algorithm of trust formation in wireless sensor networks,” in Proceedings of the 1st IEEE International Conference on Wireless Broadband and Ultra Wideband Communications (AusWireless’ 06), Sydney. NSW.
Trestian, R., Ormond, O., and Muntean, G.-M. (2011). Reputation-based network selection mechanism using game theory. Phys. Commun. 4, 156–171.
Gray, E., Seigneur, J.-M., Chen, Y., and Jensen, C. D. (2003). “Trust propagation in small worlds,” in Proceedings of the First International Conference on Trust Management, Heraklion.
Lafuente, C. B., and Seigneur, J.-M. (2013). “Dispositional trust adaptation in user-centric networks,” in Proceedings of the The 27th IEEE International Conference on Advanced Information Networking and Applications (AINA-2013), Barcelona, 1121–1128.
Yannuzzi, M., Siddiqui, M. S., Sällström, A., Pickering, B., Serral-Gracià, R., Martínez, A., et al. (2014). TEFIS: a single access point for conducting multifaceted experiments on heterogeneous test facilities. Comput. Netw. 63, 147–172.
FON (2016). The World’s Leading Carrier WiFi Provider. Available at: http://www.fon.com [accessed February 09, 2016].
Open Garden (2016). Open Garden. Available: https://opengarden.com/ [accessed February 09, 2016].
AirMobs (2016). AirMobs. Available at: https://play.google.com/store/apps/details?id=org.eeiiaa.airmobs&hl=en [accessed September 02, 2016].
Hushed (2016). Talk and Message. . . Quietly. Available at: http://www.hushed.com [accessed September 2, 2016].
Doug Bock Clark (2015). Inside a Counterfeit Facebook Farm. Available at: http://theweek.com/articles/560046/inside-counterfeit-facebook-farm [accessed September 02, 2016].
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and Levkowetz, H. (2004). Extensible Authentication Protocol (EAP). Network Working Group, RFC 3748.
Haverinen, H., and Salowey, J. (2015). Extensible Authentication Protocol Method for Global System for Mobile Communications (GSM) Subscriber Identity Modules (EAP-SIM). Available at: https://tools.ietf.org/html/rfc4186 [accessed July 12, 2015].
Fainelli, F. (2008). “The OpenWrt embedded development framework,” in Proceedings of the Free and Open Source Software Developers European Meeting (Brussels: FOSDEM).
