arxiv: 2605.07400 · v1 · submitted 2026-05-08 · 💻 cs.CR

Recognition: 1 theorem link

· Lean Theorem

From Conceptual Scaffold to Prototype: A Standardized Zonal Architecture for Wi-Fi Security Training

Vyron Kampourakis , Efstratios Chatzoglou , Vasileios Gkioulos , Sokratis Katsikas

Authors on Pith no claims yet

Pith reviewed 2026-05-11 02:16 UTC · model grok-4.3

classification 💻 cs.CR

keywords cyber rangeWi-Fi securityIEEE 802.11security trainingzonal architecturemodularitywireless attacksprototype

0 comments

The pith

A five-zone architecture creates a modular cyber range specialized for Wi-Fi security training on IEEE 802.11 threats.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes a conceptual architecture for a dedicated cyber range focused on Wi-Fi vulnerabilities, such as rogue access points and deauthentication attacks, which current general-purpose platforms handle only as one element among many. It divides the system into five zones to make it easier to build, update, and scale training scenarios without rebuilding the entire environment. The authors also provide an open-source prototype that handles the basic tasks of generating, storing, retrieving, and starting these scenarios. A sympathetic reader would care because it offers a practical blueprint for safely experimenting with wireless protocol attacks that are hard to reproduce in conventional training setups.

Core claim

The paper claims that structuring a Wi-Fi-focused cyber range around five distinct zones—core infrastructure, learning management and support, monitoring, management, and access-control—delivers modularity, scalability, and extensibility for IEEE 802.11 security scenarios, with an initial open-source prototype realizing the scenario generation and instantiation workflow as a foundation for future platforms.

What carries the argument

The five-zone zonal architecture (core infrastructure, learning management and support, monitoring, management, and access-control) that organizes the cyber range to enable targeted experimentation on IEEE 802.11 vulnerabilities.

Load-bearing premise

Dividing the platform into these five specific zones will automatically deliver modularity, scalability, and extensibility for Wi-Fi security training.

What would settle it

A working implementation of the five-zone design in which updating tools in the monitoring zone forces changes in the learning management zone or core infrastructure would falsify the claim that the zoning inherently provides modularity and extensibility.

read the original abstract

Wi-Fi is the dominant wireless access technology, but its widespread use also exposes systems to threats such as rogue access points, deauthentication attacks, and other IEEE 802.11-specific vulnerabilities. Although Cyber Ranges (CRs) have become valuable platforms for cybersecurity training and experimentation, existing wireless-oriented solutions mainly target heterogeneous IoT or mobile-network settings, with Wi-Fi typically treated as one among many. As a result, dedicated CR environments for Wi-Fi-specific security experimentation remain limited. This gap is particularly relevant because wireless attacks often require protocol-aware experimentation that is difficult to reproduce in conventional training environments. This paper introduces a conceptual architecture for a Wi-Fi-focused CR tailored to IEEE 802.11 security scenarios and an open-source prototype. The proposed design is grounded in established CR design principles and organized around core infrastructure, learning management and support, monitoring, management, and access-control zones. Structuring the platform into these distinct zones, the architecture supports modularity, scalability, and future extensibility. Part of the design is realized in a prototype publicly available in a GitHub repository that implements the scenario generation, storage, retrieval, and instantiation workflow, offering an initial practical foundation for the proposed architecture. Overall, the paper provides a structured foundation for the future implementation of Wi-Fi-specialized CR platforms for targeted experimentation.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

A design sketch for a Wi-Fi cyber range with a narrow prototype, but the five-zone split is asserted without interface details or any test of the claimed modularity.

read the letter

The paper's main contribution is a five-zone layout for a Wi-Fi-specific cyber range plus a small open-source prototype that handles scenario generation, storage, and launch. The zones cover core infrastructure, learning management, monitoring, management, and access control, and the authors position this as a way to support targeted IEEE 802.11 training that general cyber ranges usually treat as secondary. The prototype is publicly linked and implements the basic workflow, which gives readers something concrete to look at rather than pure diagrams. That specialization to Wi-Fi threats like rogue access points and deauthentication is a reasonable narrowing of the broader cyber-range literature. The work draws on existing CR design ideas without claiming to reinvent them, and the GitHub release is a modest but honest step forward. The soft spot is exactly where the stress test points: the claim that the zones deliver modularity, scalability, and extensibility is stated but not supported by any description of zone boundaries, data flows, isolation methods, or dependency handling. The prototype stops at scenario handling and does not demonstrate or measure any of those properties. No quantitative comparison to prior wireless or general CR efforts appears, and the text offers no error analysis or usage data. This leaves the central architectural argument as an untested assertion rather than a verified design. The paper is aimed at people who build or extend cyber-range platforms for wireless security training. A reader already working on similar tooling could pull the prototype as a starting scaffold and would find the gap identification useful. It is coherent on its own terms and shows straightforward engagement with the literature, so it deserves a serious referee rather than a desk rejection. The authors would need to add concrete interface specifications and at least basic evaluation results before it could stand as a finished piece, but the current version is worth the review cycle to see if they can supply those pieces.

Referee Report

2 major / 2 minor

Summary. The paper proposes a conceptual architecture for a Wi-Fi-specific Cyber Range (CR) tailored to IEEE 802.11 security scenarios. It organizes the platform into five zones (core infrastructure, learning management and support, monitoring, management, and access-control), claims this structure supports modularity, scalability, and future extensibility based on established CR principles, and presents an open-source prototype implementing scenario generation, storage, retrieval, and instantiation as an initial realization of the design.

Significance. If the zonal interfaces and isolation mechanisms were specified and the benefits empirically demonstrated, the work could provide a useful standardized foundation for dedicated Wi-Fi security training environments, addressing a gap where existing CRs treat Wi-Fi as secondary to IoT or mobile networks.

major comments (2)

[Architecture description (Abstract and main design section)] The central claim that structuring the platform into the five named zones inherently supports modularity, scalability, and future extensibility lacks any supporting details. No description of zone boundaries, data-exchange protocols, dependency graphs, or isolation mechanisms (e.g., namespaces or API contracts) is provided to show how the zones are actually decoupled.
[Prototype section] The prototype implements only the scenario generation/storage/retrieval/instantiation workflow and does not instantiate, test, or measure any of the claimed zonal properties such as modularity or scalability, leaving the practical effectiveness of the architecture untested.

minor comments (2)

[Abstract] The abstract states that the design is 'grounded in established CR design principles' but does not cite or summarize which specific principles are applied or how they map to the five zones.
[Abstract and evaluation sections] No quantitative validation, error analysis, or comparison against prior wireless CR efforts is included, which would help contextualize the contribution even for a conceptual paper.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the thoughtful and constructive review. The comments correctly identify that the architecture description remains high-level and that the prototype does not yet provide empirical validation of the zonal properties. We address each point below and indicate planned revisions to strengthen the manuscript without altering its conceptual scope.

read point-by-point responses

Referee: [Architecture description (Abstract and main design section)] The central claim that structuring the platform into the five named zones inherently supports modularity, scalability, and future extensibility lacks any supporting details. No description of zone boundaries, data-exchange protocols, dependency graphs, or isolation mechanisms (e.g., namespaces or API contracts) is provided to show how the zones are actually decoupled.

Authors: We agree that the current presentation of the zonal architecture is primarily descriptive and does not include explicit specifications of boundaries, protocols, or isolation mechanisms. The five zones are derived from standard cyber-range design patterns, with functional separation intended to enable modularity, but the manuscript does not elaborate the interfaces or dependency relations. In revision we will add a dedicated subsection that defines zone boundaries, outlines example data-exchange mechanisms (such as event-driven APIs between the monitoring and management zones), and describes isolation approaches (e.g., network namespaces and container boundaries) as realized in the prototype. This addition will directly support the claims of modularity and extensibility. revision: yes
Referee: [Prototype section] The prototype implements only the scenario generation/storage/retrieval/instantiation workflow and does not instantiate, test, or measure any of the claimed zonal properties such as modularity or scalability, leaving the practical effectiveness of the architecture untested.

Authors: The prototype is explicitly positioned as an initial realization that covers only the scenario lifecycle workflow. It therefore does not yet exercise or measure the full set of zonal properties. We will revise the prototype section to map the implemented components explicitly to the five zones and to include a forward-looking discussion of how the architecture supports future modularity and scalability testing (for example, by adding isolated zone instances). A complete empirical evaluation of all properties lies beyond the current scope and will be noted as planned future work. revision: partial

Circularity Check

0 steps flagged

No circularity: zonal architecture claim is a direct design assertion, not a reduction to inputs

full rationale

The paper grounds its Wi-Fi CR architecture in established external CR design principles and simply partitions the system into five named zones (core infrastructure, learning management and support, monitoring, management, access-control), then states that this structure supports modularity, scalability, and extensibility. No equations, fitted parameters, self-citations, or prior-author uniqueness theorems appear in the derivation; the claim follows from the definitional act of zoning without any loop back to the same inputs or hidden ansatz. The prototype implements only scenario generation/storage/retrieval/instantiation independently of the zonal properties. This is a self-contained conceptual proposal with no load-bearing circular steps.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The design rests on the assumption that established cyber-range principles can be directly partitioned into the five listed zones without additional validation data. No free parameters or new physical entities are introduced.

axioms (1)

domain assumption Established CR design principles provide a sufficient foundation for a Wi-Fi-specific architecture.
Invoked in the abstract when stating the design is grounded in established principles.

invented entities (1)

Five distinct zones (core infrastructure, learning management and support, monitoring, management, access-control) no independent evidence
purpose: To structure the platform for modularity and extensibility in Wi-Fi security training.
The zones are defined by the paper as the organizing structure; no independent falsifiable evidence is provided beyond the conceptual claim.

pith-pipeline@v0.9.0 · 5550 in / 1237 out tokens · 26796 ms · 2026-05-11T02:16:51.469498+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/RealityFromDistinction.lean reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Structuring the platform into these distinct zones, the architecture supports modularity, scalability, and future extensibility.

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

28 extracted references · 28 canonical work pages

[1]

In Numeris Veritas: An Empirical Measurement of Wi-Fi Integration in Industry

Vyron Kampourakis et al. “In Numeris Veritas: An Empirical Measurement of Wi-Fi Integration in Industry”. In: Computer Security. ESORICS 2025 International Workshops . Cham: Springer Nature Switzerland, 2026, pp. 482–502. ISBN : 978-3-032- 16089-8

work page 2025
[2]

AE3GIS—An Agile Emulated Educational Environment for Guided Industrial Security Training

Tollan Berhanu et al. “AE3GIS—An Agile Emulated Educational Environment for Guided Industrial Security Training”. In: Future Internet 18.3 (2026). ISSN : 1999-

work page 2026
[3]

DOI: 10.3390/fi18030166

work page doi:10.3390/fi18030166
[4]

Lessons learned from complex hands-on defence exercises in a cyber range

Jan Vykopal et al. “Lessons learned from complex hands-on defence exercises in a cyber range”. In: 2017 IEEE Frontiers in Education Conference (FIE) . Indianapolis, IN, USA: IEEE, 2017, p. 8. DOI: 10.1109/ FIE.2017.8190713

work page arXiv 2017
[5]

In Defence of the Human Factor

Ciar ´an Mc Mahon. “In Defence of the Human Factor”. In: Frontiers in Psychology 11 (2020), p. 1390. ISSN : 1664-1078. DOI: 10.3389/fpsyg.2020.01390

work page doi:10.3389/fpsyg.2020.01390 2020
[6]

A step-by-step definition of a reference ar- chitecture for cyber ranges

Vyron Kampourakis, Vasileios Gkioulos, and Sokratis Katsikas. “A step-by-step definition of a reference ar- chitecture for cyber ranges”. In: Journal of Information Security and Applications 88 (2025), p. 103917. ISSN : 2214-2126. DOI: 10.1016/j.jisa.2024.103917

work page doi:10.1016/j.jisa.2024.103917 2025
[7]

Towards a Cyber-Physical Range

Georgios Kavallieratos, Sokratis K. Katsikas, and Vasileios Gkioulos. “Towards a Cyber-Physical Range”. In: CPSS ’19. Auckland, New Zealand: Association for Computing Machinery, 2019, pp. 25–34. ISBN : 9781450367875. DOI: 10.1145/3327961.3329532

work page doi:10.1145/3327961.3329532 2019
[8]

Hybrid IoT Cyber Range

Karl Edvard Balto et al. “Hybrid IoT Cyber Range”. In: Sensors 23.6 (2023), p. 3071. ISSN : 1424-8220. DOI: 10.3390/s23063071

work page doi:10.3390/s23063071 2023
[9]

Addressing the Security Gap in IoT: Towards an IoT Cyber Range

Oliver Nock, Jonathan Starkey, and Constantinos Marios Angelopoulos. “Addressing the Security Gap in IoT: Towards an IoT Cyber Range”. In: Sensors 20.18 (2020), p. 5439. ISSN : 1424-8220. DOI: 10.3390/ s20185439

work page 2020
[10]

Using virtual environments for the assessment of cybersecurity issues in IoT scena- rios

Angelo Furfaro et al. “Using virtual environments for the assessment of cybersecurity issues in IoT scena- rios”. In: Simulation Modelling Practice and Theory 73 (2017). Smart Cities and Internet of Things, pp. 43–54. ISSN : 1569-190X. DOI: 10.1016/j.simpat.2016.09.007

work page doi:10.1016/j.simpat.2016.09.007 2017
[11]

NITRO: an Interconnected 5G-IoT Cyber Range

Aristeidis Farao et al. “NITRO: an Interconnected 5G-IoT Cyber Range”. In: Proceedings of the 19th International Conference on Availability, Reliability and Security. ARES ’24. Vienna, Austria: Association for Computing Machinery, 2024. ISBN : 9798400717185. DOI: 10.1145/3664476.3669919

work page doi:10.1145/3664476.3669919 2024
[12]

CyberIoT: An Initial Conceptualization of a Web-based Cyber Range for IoT

Ahmad Zia Sharifi et al. “CyberIoT: An Initial Conceptualization of a Web-based Cyber Range for IoT”. In: 2021 International Conference on Computational Performance Evaluation (ComPE) . Shillong, India: IEEE, 2021, pp. 091–096. DOI: 10 . 1109/ComPE53109.2021.9752401

work page arXiv 2021
[13]

Design and implementation of automated IoT security testbed

Omnia Abu Waraga et al. “Design and implementation of automated IoT security testbed”. In: Computers & Security 88 (2020), p. 101648. ISSN : 0167-4048. DOI: 10.1016/j.cose.2019.101648

work page doi:10.1016/j.cose.2019.101648 2020
[14]

Simultaneous Deauthentication of Equals Attack

Stephan Marais, Marijke Coetzee, and Franz Blauw. “Simultaneous Deauthentication of Equals Attack”. In: Security, Privacy, and Anonymity in Computation, Communication, and Storage . Ed. by Guojun Wang et al. Nanjing, China: Springer International Publishing, 2021, pp. 545–556. ISBN : 978-3-030-68884-4. DOI: 10. 1007/978-3-030-68884-4 45

work page 2021
[15]

Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2

Mathy Vanhoef and Frank Piessens. “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2”. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security . CCS ’17. Dallas, Texas, USA: Association for Computing Machinery, 2017, pp. 1313–1328. ISBN : 9781450349468. DOI: 10.1145/3133956.3134027

work page doi:10.1145/3133956.3134027 2017
[16]

In: 2020 IEEE Symposium on Security and Privacy (SP)

Mathy Vanhoef and Eyal Ronen. “Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd”. In: 2020 IEEE Symposium on Security and Privacy (SP) . San Francisco, CA, USA: IEEE, 2020, pp. 517–533. DOI: 10.1109/SP40000.2020.00031

work page doi:10.1109/sp40000.2020.00031 2020
[17]

Fragment and forge: breaking Wi-Fi through frame aggregation and fragmentation

Mathy Vanhoef. “Fragment and forge: breaking Wi-Fi through frame aggregation and fragmentation”. In: 30th USENIX security symposium (USENIX Security 21) . Vancouver, B.C., Canada: Usenix Association, 2021, pp. 161–178

work page 2021
[18]

A Review of Cyber- Ranges and Test-Beds: Current and Future Trends

Elochukwu Ukwandu et al. “A Review of Cyber- Ranges and Test-Beds: Current and Future Trends”. In: Sensors 20.24 (2020). ISSN : 1424-8220. DOI: 10.3390/ s20247148

work page 2020
[19]

Cyber ranges and security testbeds: Scenarios, functions, tools and architecture

Muhammad Mudassar Yamin, Basel Katt, and Vasileios Gkioulos. “Cyber ranges and security testbeds: Scenarios, functions, tools and architecture”. In: Computers & Security 88 (2020), p. 101636. ISSN : 0167-4048. DOI: 10.1016/j.cose.2019.101636

work page doi:10.1016/j.cose.2019.101636 2020
[20]

Cyber range design fra- mework for cyber security education and training

M. N. Katsantonis et al. “Cyber range design fra- mework for cyber security education and training”. In: International Journal of Information Security 22.4 (2023), pp. 1005–1027. DOI: 10 . 1007 / s10207 - 023 - 00680-4

work page 2023
[21]

WPAxFuzz: Sniffing Out Vulnerabilities in Wi-Fi Implementations

Vyron Kampourakis et al. “WPAxFuzz: Sniffing Out Vulnerabilities in Wi-Fi Implementations”. In: Cryptography 6.4 (2022), p. 53. ISSN : 2410-387X. DOI: 10.3390/cryptography6040053

work page doi:10.3390/cryptography6040053 2022
[22]

Bl0ck: Paralyzing 802.11 Connections Through Block Ack Frames

Efstratios Chatzoglou, Vyron Kampourakis, and Georgios Kambourakis. “Bl0ck: Paralyzing 802.11 Connections Through Block Ack Frames”. In: ICT Systems Security and Privacy Protection . Ed. by Norbert Meyer and Anna Grocholewska- Czuryło. Poznan, Poland: Springer Nature Switzerland, 2024, pp. 250–264. ISBN : 978-3-031-56326-3. DOI: 10.1007/978-3-031-56326-3 18

work page doi:10.1007/978-3-031-56326-3 2024
[23]

Wi-Fi Cyber Range

Vyron Kampourakis. Wi-Fi Cyber Range . https://github.com/byrkam/CR. 2026

work page 2026
[24]

Mininet-WiFi: Emulating software-defined wireless networks

Ramon R. Fontes et al. “Mininet-WiFi: Emulating software-defined wireless networks”. In: 2015 11th International Conference on Network and Service Management (CNSM) . 2015, pp. 384–389. DOI: 10 . 1109/CNSM.2015.7367387

work page arXiv 2015
[25]

Mobile RF Scenario Design for Massive-Scale Wireless Channel Emulators

Riccardo Rusca et al. “Mobile RF Scenario Design for Massive-Scale Wireless Channel Emulators”. In: 2023 Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit) . 2023, pp. 675–680. DOI: 10 . 1109 / EuCNC / 6GSummit58263.2023.10188319

work page arXiv 2023
[26]

Symphony: A Framework for Accurate and Holistic WSN Simulation

Laurynas Riliskis and Evgeny Osipov. “Symphony: A Framework for Accurate and Holistic WSN Simulation”. In: Sensors 15.3 (2015), pp. 4677–4699. ISSN : 1424-8220. DOI: 10.3390/s150304677

work page doi:10.3390/s150304677 2015
[27]

An Ontology-Based Framework for Semantic Representation of the Cyber Range Domain

Vyron Kampourakis et al. “An Ontology-Based Framework for Semantic Representation of the Cyber Range Domain”. In: Journal of Cybersecurity and Privacy 6.2 (2026). ISSN : 2624-800X. DOI: 10.3390/ jcp6020076

work page 2026
[28]

org/abs/2512.10487

Vyron Kampourakis et al. “LLM-Assisted AHP for Explainable Cyber Range Evaluation”. In: arXiv pre- print arXiv:2512.10487 (2025)

work page arXiv 2025