It has become very common now days that employees work
outside their organizations premises. Recent survey published by Forrester
consulting on Citrix website claims that 65% of the respondents to have at
least worked remotely a one day per week, 37% said that they worked two or more
days per week 1.
In order to get access to their work data servers they needed establish
Internet connections from the gateway portals of the places that they are
trying to work in, these places could be Hotels, coffee shops, restaurants,
airports , etc.
Allowing workers to work remotely can be considered a
big risk to organizations’ sensitive data. Most of big companies uses VPN
technology in order to allow their employees to access and exchange sensitive
data remotely with minimum risk of exposing this data 2. However, in order
to establish a VPN connection one should connect to the available internet
connection first and wait for few minute until the VPN connection becomes fully
running, Leaving his device unsecure for all type of attacks if he is
connecting through open Wi-Fi network 3.
One simple way to steal information is that a hacker
would masquerade a network SSID in popular places and tricking people to
connect to him rather than the genuine hot spot. This will enable the attacker
to monitor all kind off traffic that is being transferred along with the
capability to transmit malwares to victims devices or even take control of
these devices. 4. Such attack is
called Evil-Twin attack, this attack happens mostly for unattended hot spots
for a long period. Smart homes are considered the a great target for such
attacks. Attacker can use this technique to launch various attacks 5. The device in this
will help in overcoming this problem by adding another layer of security
between the authentic home’s access point and the home automation controller,
which is the heart of any smart home network where all traffic from all smart
home devices are gathered and then retransmitted to outer world through the
1.1 Problem Area and research questions
The best way to increase security among public
networks is by configuring a VPN tunnel. This will make all traffic to be
encrypted before transmission. Some people would think that they could overcome
this problem by just turning the VPN connection on their browser or by entering
their credentials to a VPN client authentication window. But all portable
devices are programmed to look for updates for its application (emails,
WhatsApp, Facebook and even updates for the OS itself) as soon as they see an
established Internet connection. Hackers would take advantage of this by
monitoring traffic and acquiring some important information about the device and
even succeed in sending a malware to the device in the few minutes he has
before establishing the VPN connection. 6
In order to mitigate this problem we need to bring a
device that would ensure blocking all non-VPN traffic until the tunnel is set
and configured. This blocking shall be performed physically and by software to
ensure its efficiency. There are solutions that would mitigate this problem by
installing a VPN application or VPN browser on the user’s device. But these
solutions would work on certain OS and still need to be connected to the
internet before establishing the VPN tunnel which brings us back to the
mentioned earlier problem. We think that our solution would mitigate the
problem by forcing first the VPN tunnel to be established then allowing the
encrypted data to be transmitted through the public Wi-Fi or the home’s
design and Implement an affordable DIY intermediate device that offer protect
users data by blocking all non-encrypted traffic until the VPN tunnel is
How to make
this device improve smart home’s network security?
physically segregate user’s sensitive data from public compromised (breached)
Wi-Fi network before encrypting and transmitting it?
How can this
device surpass other existing solution to this problem?
1.2 Proposed solution
The Idea of this project is to design and implement an
intermediate device that can operate under unsecured Wi-Fi and end user’s
personal devices. It should be usable everywhere where a wireless connection is
available. Also this device shall be used in a smart home environment.
Figure 1 illustrates how the connection is established
from user’s devices to the offices’ servers. In this figure, it is seen how
hacker can easily monitor traffic or even interfere with the transmission, as
Wi-Fi is considered vulnerable to anyone who has the Pre Shared Key (PSK). 7
Our Device is going to act as an intermediate device
users device and open Public Wi-Fi, it is provided with two Wi-Fi adaptors to
connect to each side of the network to provide a physical layer of segregation
between them. It will also be equipped
with OpenVPN software server to provide the security feature needed while
rerouting the traffic from one end to the other. Figure 2 shows how the device will be placed
in the previous situation and how it will provide resistance to hacker attacks.
the Raspberry Pi creates A VPN tunnel connection between the user’s devices and
the Offices’ servers blocking the hacker from spying on the traffic.
Another usage for this device is that it can be used
in smart homes as another secure layer between the home’s gateway and the home
automation controller. Figure 3 shows how the device can positioned within
smart home network, it will act the same as described earlier adding another
security layer to the network in case that home Wireless Gateway is
1.3 Solution requirement
To be able to design, implement and evaluate this new
device, there are several requirements that needs to be fulfilled if this
prototype shall be classified successful. These requirements were assigned by
the researcher and is based upon his idea of what capabilities this device
should have. The requirements were categorized in three categories of
parameters. Operational, Security and characteristic parameter.
These parameter need to be fulfilled to make sure that
this device operates in the desired way.
The system needs to start quickly so the
user wont need to wait too long to establish the secure VPN tunnel.
Easy to Use.
In order not to confuse the end user with
multiple choices the system should require just few steps to make all features and
The system needs to be stable so it would
perform in the same way each time it is used.
The device shall work with all types of end
users devices that support Wi-Fi.
No extra modification or configuration
should be required to use this solution
These parameters needs to be fulfilled in order to make
sure that the device is secured and operates in a secure way.
against known weaknesses.
The system shall be resistant to all known
weaknesses and flaws that can be exploited.
non VPN traffic.
All non-VPN traffic shall be blocked and not
allowed to pass the device until the VPN connection is established.
Characteristics Parameter .
These parameters need to be fulfilled to make sure
that the device is designed in a way to be small, portable since the users may
have to carry it with him.
The device has to be small so it could be
easy to carry.
It is important to keep the device light in
order to carry it easily.
The device must be durable and not easily
1.4 Expected outcome
The expectations of the device are :
connects the user’s devices to the internet
Work both as
portable and stationary device
1.5 Research Delimitations
This section will describe the scope of the project
and the delimitation this research has.
The research is limited to a time frame of one
semester and this can have effects of what can be possibly achieved. This study
will not produce a device ready for the market, but rather a prototype, which
will show how an independent device can be created to solve the research
problem. The device will focus on
securing the connection rather than securing the applications on the
The researcher limited the reviewed literature to
solutions and projects that have been published
and peer review or solutions that are already successful in the market.
Solutions that can be found on blogs or similar websites won’t be dealt with
since there is no way to ensure that these projects work on the way the author
Another delimitation is that this study due to the
time limitation and finance all development of the device, design and one
researcher will do test. With more serious testing and group evaluation the
prototype can be evaluated in a better way.
1.6 outline of this Thesis
Following the introduction, chapter 2 will provide few
background topics that are related to this research, which would help the
reader to get a better understanding of the whole picture. A literature preview
is profound in chapter 3. Chapter 4 describes the research methodology that is
used for this project. Chapter 5 illustrates how the device was designed,
implemented, and tested and evaluated. In chapter 6 a vulnerability analysis
will be preformed in 3 phases to measure how much the device mitigated the
vulnerabilities on the network. While chapter 7 will conclude this research and
possible future work will be discussed.
In this chapter the most essential
background needed to illustrate the basic concept of this research.
An abbreviation for Wireless Fidelity. A Technology
that helps in transferring data wirelessly by using radio wave of the range 2.4
GHz or 5GHz 8. The first step in developing Wi-Fi was taken
in 1985 when the Federal Communication Commission (FCC) allowed access to
earlier restricted radio Bands (900MHz, 2.4GHz and 5,8GHz) for communication