1 / 19

Security Of Wireless Networks:  How Low-Layers Security Can Help

Security Of Wireless Networks:  How Low-Layers Security Can Help. Authors:. Date: 2008-11-11. Abstract.

abram
Télécharger la présentation

Security Of Wireless Networks:  How Low-Layers Security Can Help

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Of Wireless Networks:  How Low-Layers Security Can Help Authors: Date: 2008-11-11 Alex Reznik, InterDigital

  2. Abstract Following up on the authors’ earlier presentation to the WNG (IEEE 802.11-08/0973r0), this contribution reviews the case presented for the need for low-layer security. We then provide additional detail on how low-layer security may be implemented and the potential impact on existing 802.11 specifications and implementations. Alex Reznik, InterDigital

  3. Automation WLAN The NET Local WLAN WLANs in the Emerging World • Usage • Data (IP) access to a broadband network • Streaming applications over IP (e.g. VoIP, Video) • Interactive local application (distributed gaming) • Localized Mesh network with limited/no extra-net access • Machine-to-Machine communication • Home and Small Enterprise Automation • SensorNet-to-DataNet interaction • Distributed Computation • Security requirements • Secure transmitted data • Access control based on • Pre-shared keys (e.g. WPA) • ID (user and device) based access • Enforce network usage policies • Mesh security without a third-party certificate authority • Ensure network availability • Location-based requirements Alex Reznik, InterDigital

  4. Moving Forward On Security • Currently existing security components provide: • End-to-end data protection • Limited or non-existing WLAN security components: • Device security • Device/host identity capability • Combined with trusted computing concepts • Location privacy assurance techniques • Local network security • Protect availability/access/usage of the physical medium • Enable location-based policies • These impact all layers of the architecture • Commonly used higher-layer protocols need to be enhanced with existing and new ones (e.g. IETF’s HIP, PBS, etc.) • Security Manager is needed for integration of higher-layer security policies and requirements with transmission medium capabilities • MAC support is required to make existing protocols attack-proof (e.g. CSMA), provide support for higher layer protocols (e.g. PBS, 802.1X-type authentication, etc.) and interface with PHY • PHY is required to monitor the medium, implement protocols as required by MAC • At all levels, services provided by secure platforms (e.g. via TPM) may be required • In this talk: • Concentrate on protection/access/usage of the physical medium • This is directly in scope for 802.11: as it inherently relies on PHY and MAC mechanisms Alex Reznik, InterDigital

  5. High-Level Threat Analysis for 802.11 Security Attribute Threat These vulnerabilities are broad when viewed from a network perspective and are subject to a broad number of different attacks. These are identified (and in part addressed by 802.1), but not by 802.11 Alex Reznik, InterDigital

  6. Addressing the threats in a wireless setting • Challenges: • Confidentiality/authentication techniques cannot address DoS attacks aimed at the network itself • 802.1AE techniques need to be examined, but are insufficient in a wireless context • Smart Jamming can masquerade as generic interference • Not addressed by 802.1AE as the problem is absent in wired systems • Terminal location is a priori uncertain • No connection to a port that signals can be traced back to • Alternate “secure key source” for confidentiality/authentication of pre-802.11i messages is desirable • 802.1AE calls for cipher suites which, in principle, do not need to rely on 802.1X • None have been proposed to date • A potential approach for wireless systems • Use the richness of the wireless access medium • Enhance PHY/MAC based security tied to the wireless medium • Enhance existing security mechanism • This is commonly called “PHY Layer Security” Alex Reznik, InterDigital

  7. PHY-Layer Security • “PHY-Layer” security may: • Exploit the physical properties of the wireless channel • Typically have PHY and the MAC aspects • Be complementary to other modern techniques for securing wireless nets • PHY-Layer Security may use the physical link as a non-repudiatable, shared, secret resource to: • Provide always-on, link-specific message stream authentication • Classify interference appropriately (malicious/benign) and apply appropriate counter-measures • Distinguish between co-located and distinctly located terminals • Derive and update secret keys based on link properties and without the need to use (and expose) authentication credentials • PHY-Layer Security may further use link and terminal capabilities to: • Null out an identified rogue terminal • Switch away from channels under attack • Proactively hop channels to confuse attacker Alex Reznik, InterDigital

  8. PHY-Layer Security - Examples • Example Attack 1: A Low-Power Jammer • Attacking terminal reverses the CSMA process – transmits whenever it detects energy on the channel • Legitimate terminals forced into even increasing back-off • Average power required for the attack is low • Initial power consumption is relative high • After a fairly short period, most terminals are in a long back-off state • The CSMA protocol assists in the attack • Example Attack 2: Sybil Attack • A terminal uses multiple MAC addresses: • Increases it share of bandwidth utilization • Attempts a service specific DoS (e.g. multiple authentication/association requests) Alex Reznik, InterDigital

  9. Example Attack 1: A Low-Power Jammer • Potential Detection and Mitigation: • Detection: • Continual power measurement during channel clear state and burst reception reveal that burst should be successfully received • When this is violated sufficiently often (i.e. we observe statistically “impossible” collision pattern), an attack is likely • If MIMO is present, direction of interference may be estimated and further found to be non-random • Mitigation: • Alert security policy manager to abnormal condition, its nature, and (if possible) approximate localization • Switch channels. If possible establish a dynamic channel hopping policy. • Change the back-off protocol to eliminate increasing the expected back-off time. This will make the attack costly (in terms of energy) and may drain the battery of a true low-power attacker • If MIMO present, null away interference source. Alex Reznik, InterDigital

  10. Ex. 1: Implementation of Detection: in the PHY Alex Reznik, InterDigital

  11. Ex. 1: Implementation of Detection: in the MAC • Comments: • 2 minor modifications in PHY • Reporting certain quantities (RSSI and Channel Clear) at all times as opposed to as a result of certain event • A new mechanism for providing this report to PHY is therefore required • No new PHY processing is needed • New MAC processing is added, existing functionality not affected Alex Reznik, InterDigital

  12. Ex. 1: Implementation of Mitigation • Notes • Mitigation impacts only the Tx Control SEQR • This involves added functionality only • Currently: single Tx Policy (current CSMA/CD) • New: • a number of policies, of which existing is one • Tx Control/SEQR selects one based on request from Security Manager • No impact in the PHY • Expected for mitigation Alex Reznik, InterDigital

  13. Example Attack 2: Sybil Attack • Potential Detection and Mitigation: • Detection • Using channel-based signatures establish the fact that multiple MAC addresses appear to be from same radio • Mitigation • Alert security policy manager to abnormal condition, its nature, and (if possible) approximate localization • If required by policy, establish that when treated as an aggregate these do not follow the proper protocol for a single terminal • De-associate all MAC addresses with suspect channel signature • If MIMO present, null away transmission from suspect location Alex Reznik, InterDigital

  14. Ex. 2: Implementation of Detection • Notes • PHY Impact: • No new functionality • Reporting of CIR • MAC Impact • Increasing existing address matching functionality to check for signature/address consistency • Addition of “security alert/attribute” to each PDU • As before augmentation, not modification of existing functionality, Alex Reznik, InterDigital

  15. Ex. 2: Implementation of Mitigation • Notes • Primary mitigation strategies involve management-level activities • Additional management procedures added to address security needs • PHY-based (MIMO) countermeasures require minor modifications to PHY beamformer Alex Reznik, InterDigital

  16. Observations • Detection • Requires Physical Measurements to be made available … • SW based “detection” algorithms determine alerts • Mitigation: • Requires MAC Control of Parameters of Existing Protocols …. • Enables MAC to encrypt control frames as follows… • New control/man. Frames to support all this??? Alex Reznik, InterDigital

  17. Review of Previous Straw Poll Results • Do you believe that future 802.11 systems/applications will require security beyond what 802.11 currently has? • Yes \ No \ Need more info \ Don’t care: 21 \ 11 \ 2 \ 1 • Do you believe that protecting against DOS attacks requires security beyond what 802.11 currently has? • Yes \ No \ Need more info \ Don’t care: 8 \ 2 \ 18 \ 0 • Do you believe that protecting against False Identity attacks requires security beyond what 802.11 currently has? • Yes \ No \ Need more info \ Don’t care: 6 \ 3 \ 22 \ 0 • Should 802.11 start a study group to address physical layer security? • Yes \ No \ Need more info \ Don’t care: 2 \ 15 \ 17 \ 0 Alex Reznik, InterDigital

  18. Straw Poll 1 • Is detection of attacks like Example 1 and Example 2 desirable for 802.11? • Yes • No • Need more info • Don’t care Alex Reznik, InterDigital

  19. Straw Poll 2 • Is mitigation of attacks like Example 1 and Example 2 desirable for 802.11? • Yes • No • Need more info • Don’t care Alex Reznik, InterDigital

More Related