Table of Contents Author Guidelines Submit a Manuscript
Mobile Information Systems
Volume 7 (2011), Issue 3, Pages 217-239

Automatic Security Assessment for Next Generation Wireless Mobile Networks

Francesco Palmieri,1 Ugo Fiore,2 and Aniello Castiglione3

1Dipartimento di Ingegneria dell'Informazione, Seconda Università degli Studi di Napoli, Aversa (CE), Italy
2Università degli Studi di Napoli “Federico II”, Napoli, Italy
3Dipartimento di Informatica “R. M. Capocelli”, Università degli Studi di Salerno, Via Ponte don Melillo, I-84084 Fisciano (SA), Italy

Received 26 August 2011; Accepted 26 August 2011

Copyright © 2011 Hindawi Publishing Corporation. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Wireless networks are more and more popular in our life, but their increasing pervasiveness and widespread coverage raises serious security concerns. Mobile client devices potentially migrate, usually passing through very light access control policies, between numerous and heterogeneous wireless environments, bringing with them software vulnerabilities as well as possibly malicious code. To cope with these new security threats the paper proposes a new active third party authentication, authorization and security assessment strategy in which, once a device enters a new Wi-Fi environment, it is subjected to analysis by the infrastructure, and if it is found to be dangerously insecure, it is immediately taken out from the network and denied further access until its vulnerabilities have been fixed. The security assessment module, that is the fundamental component of the aforementioned strategy, takes advantage from a reliable knowledge base containing semantically-rich information about the mobile node under examination, dynamically provided by network mapping and configuration assessment facilities. It implements a fully automatic security analysis framework, based on AHP, which has been conceived to be flexible and customizable, to provide automated support for real-time execution of complex security/risk evaluation tasks which depends on the results obtained from different kind of analysis tools and methodologies. Encouraging results have been achieved utilizing a proof-of-concept model based on current technology and standard open-source networking tools.