Extensions to RIPPS

Over the course of developing RIPPS, we looked at several derivative areas, both successful and unsuccessful that are listed below:

• Chad Mano's dissertation looked at if it is possible to extend RIPPS for detecting MITM (Man In The Middle) attacks when a wireless node with two wireless NICs is attacking. The end result was inconclusive due to the fact that the MITM node had too much timing control that could game any scheme that we would throw at it (i.e. we would catch the bare minimum of the attackers).
• As noted in the previous page, Cheap Logger is a tool for logging packets at near Gigabit speeds. Currently our cart of Mac minis though is disassembled as the basement of the Hesburgh library is not very condusive to moving a cart in/out for logging.
• We are looking at 802.1X spoofing as the usage of 802.1X was frequently cited by reviewers as reasons why RIPPS is a moot point. Our intuition is that it is not that difficult to share 802.1X credentials with a super NAT, rather there has not been a significant incentive for anyone to develop it at this time since 802.1X is fairly rare. While this is likely to remain the case for some time (the CSI 2007 survey showed a decrease in 802.1X-caliber installations), we believe that the security strength is being incorrectly perceived given how even the best 802.1X implementations will likely have to ignore certain legacy devices. A side project is looking at building an 802.1X NAT as a proof of concept.
• We are investigating porting RIPPS to the Atmel NGW100 reference board. Anyone with an interest in helping is out is free to ping Dr. Striegel.
• While only tangentially related to RIPPS, our recent work on 802.11 packet losses are quite interesting in that it challenges the conventional notion that packet losses are primarily medium based.