1 / 92

Wireless Networks: Challenges, Threats and Solutions

Wireless Networks: Challenges, Threats and Solutions. Shehla Rana Furquan Shaikh. Talk Outline. Introduction to wireless networks How wireless is different Misbehavior in Wireless Networks Security Threats in Wireless Networks IEEE 802.11 Security Tools . Wireless Networks.

erol
Télécharger la présentation

Wireless Networks: Challenges, Threats and Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Networks: Challenges, Threats and Solutions Shehla Rana FurquanShaikh

  2. Talk Outline • Introduction to wireless networks • How wireless is different • Misbehavior in Wireless Networks • Security Threats in Wireless Networks • IEEE 802.11 Security Tools

  3. Wireless Networks • Computing and communication services, over the air, on the move • Infrastructure-based Networks • Ad hoc Networks

  4. Infrastructure Mode • Single hop wireless connectivity • An Access Point is responsible to communicate with end-pointsin its “jurisdiction” Wired Network Wireless AP

  5. Mobile Ad Hoc Networks (MANET) B A A B • No access point • Network formed by multiple wireless end-points • Multi-hop wireless links • Data must be routed via intermediate nodes • Host movement/ topology change may be frequent

  6. Why Ad Hoc Networks ? • Setting up of fixed access points and backbone infrastructure is not always viable • Infrastructure may be absent/destroyedin a disaster area or war zone • Easy, fast deployment • Do not need backbone infrastructure support

  7. Wireless Mesh Networks (WMN) • No Access Point • Multiple, autonomous wireless end-points relaying data for each other • Little or no mobility • Long-term applications • Weaker energy constraints

  8. Wireless Sensor Networks (WSN) • A class of Ad-hoc/mesh networks • Composed of small, inexpensive, resource constrained devices • Sensing data usually directed towards a single “Sink” • Multi-hop wireless links

  9. Talk Outline • Introduction to wireless networks • How is Wireless different • Misbehavior in Wireless Networks • Security Threats in Wireless Networks

  10. How is wireless different? • Can we apply media access methods from fixed networks? • CSMA/CD? • Send when medium is free, listen into the medium for collision • Medium access problems in wireless networks • sender may apply CS and CD, but collisions happen at receiver • sender may not ‘hear’the collision, i.e., CD doesn’t work • CS might not work, e.g.‘hidden’ terminals

  11. MAC: Collision Avoidance • Collision avoidance: Once channel becomes idle, wait for a randomly chosen duration before attempting to transmit • IEEE 802.11 • When transmitting, choose a backoffin range [0,cw]; • Count down backoff when medium is idle • Count-down suspended if medium becomes busy • When backoff interval reaches 0, transmit

  12. Talk Outline • Introduction to wireless networks • How wireless is different • Misbehavior in Wireless Networks • Security Threats in Wireless Networks

  13. Misbehavior in Wireless NWs: Outline • Misbehavior at the MAC layer • Impatient Transmitters • Solutions and Challenges • Misbehavior at the network layer • Drop, corrupt packets • Misroute packets • Solutions and Challenges

  14. Possible Misbehaviors:“Impatient” Transmitters Access Point Wireless channel A B • Choose smaller Backoff • Cause collisions with other hosts’ packets • Those hosts will exponentially backoff on packet loss, giving free channel to the misbehaving host • Must diagnose and discourage!

  15. Solution 1: Passive Observation • Receiver observes sender behavior. Are backoffs too short? • Challenge: Receiver does not know exact backoff value chosen by sender • Sender chooses random backoff • Hard to distinguish between maliciously chosen small values and a legitimate value • How long must receiver observe?

  16. Solution 2: Rx driven Backoff • Remove the non-determinism • Receiver provides backoff values to sender • Receiver specifies backoff for next packet in ACK for current packet • Backoffsof different nodes stillindependent • Uncertainty of senders backoffeliminated

  17. Misbehavior in Wireless NWs: Outline • Misbehavior at the MAC layer • Impatient Transmitters • Solutions and Challenges • Misbehavior at the network layer • Drop, corrupt packets • Misroute packets • Solutions and Challenges

  18. Drop/Corrupt/Misroute • A node “agrees” to join a route(for instance, by forwarding route request/reply) but fails to forward packets correctly • Why: Conserve energy, overload, launch a denial-of-service attack

  19. Solution: Watchdogs • Exploit broadcast nature • Verify whether a node has forwarded a packet or not B sends packet to C E A C D B

  20. Watchdogs at Work • B can ‘hear’ whether C has forwarded packet or not • B can also know whether packet is tampered with if no per-link encryption B overhears C Forwarding the packet C forwards packet to D E A C D B

  21. Watchdog At Work • Forwarding by C may not be immediate: B must buffer packets, and compare them with overheard packets • If packet stays in buffer at B too long, a “failure tally”for node C is incremented • If the failure rate is above a threshold, C is determined as misbehaving, and source node informed

  22. Watchdog Approach:Challenges • Impact of Collisions • If A transmits while C is forwarding to D, B will not know C forwards packet to D E A C D B

  23. Watchdog Approach:Challenges • Reliability of Reception Not Known • Even if B sees the transmission from C, it cannot always tell whether D received the packet reliably  Misbehaving C may reduce power such that B can receive from C, but D does not C forwards packet to D E A C D B

  24. Watchdog Approach:Challenges • Misdirection of Packets • C forwards packets, but to the wrong node! • With DSR, B knows the next hop after C, so this misbehavior may be detected • With other hop-by-hop forwarding protocols, B cannot detect this E A C D B F

  25. Solution 2: Exploiting Path Redundancy • Design routing algorithms that can deliver data despite misbehaving nodes • “Tolerate” misbehavior by using disjoint routes • Prefer routes that deliver packets at a higher “delivery ratio”

  26. Best-Effort Fault Tolerant Routing (BFTR) • The target of a route discovery is required to send multiple route replies (RREP) • The source can discover multiple routes (all are deemed feasible initially) • Source chooses a feasible route based on the “shortest path”metric • Source uses this route until its delivery ratio falls below a threshold (making the route infeasible) • If existing route is deemed infeasible, go to (1)

  27. BFTR: Issues • A route may look infeasible due to temporary overload on that route • The source may settle on a poorer (but feasible) route • No direct mechanism to differentiate misbehavior from lower capacity routes

  28. Solution 3: Micropayments • Provide incentive for relaying packets • A trusted third party: Accounting center • Three phases: • Communication: • Source/dest issue payment receipts to intermediate nodes • Receipt Submission: • Relays claim their payments • Payment Redemption: • AC processes the receipts and issues payment

  29. Route Tampering Attack • A node may make a route appear too long or too short by tampering with RREQ • By making a route appear too long, the node may avoid the route from being used • This would happen if the destination replies to multiple RREQ • By making a route appear too short, the node may make the source use that route, and then drop data packets (denial of service)

  30. Wormhole Attack • Attacker makes a wireless ‘link’appear in the network when there isn’t one • Not necessarily detrimental, since the additional link can improve performance • Attacker assumes control on the fate of the traffic • May analyze traffic • Collect traffic for breaking encryption

  31. Wormhole Attack • Host X can forward packets from F and E unaltered • Hosts F and E will seem ”adjacent”to each other • The fact that AFE really is AFXE will not be detected E F X A D B C

  32. Solution: Packet Leashes • Additional information added to packets to restrict maximum transmission distance of a packet • Geographical leashes • RX checks distance from the sender • Signature to authenticate sender location, timestamp • Distance too large, reject the packet • Temporal Leashes • Sender timestamps the packet, and receiver determines the delay since the packet was sent • If delay too large, reject the packet • Sender cannot know MAC delays

  33. Wireless Misbehavior: Summary • Hosts may be misbehave or try to compromise security at all layers of the protocol stack • MAC Layer • Disobey protocol specifications for selfish gains • Denial-of-service attacks • Network Layer • Disrupt route discovery/maintenance • Force use of poor routes (e.g., long routes) • Delay, drop, corrupt, misroute packets

  34. Talk Outline • Introduction to wireless networks • How wireless is different • Misbehavior in Wireless Networks • Security Threats in Wireless Networks

  35. Wireless Security Vulnerabilities • Traffic Analysis • Passive Eavesdropping • Unauthorized Access • Man-in-the-middle • Session Hijacking • Replay Attack • Rogue AP • DoS Attacks • Pollution Attacks

  36. Traffic Analysis • Need: • A wireless card in promiscuous listening mode • Threats: • Detect activity on the network • Using AoA, get physical location of transmitter • Type of protocols under use

  37. Passive Eavesdropping • No physical security protects against this! • More than 50% APs use no encryption • Attacker can get: • Actual data • Source, destination, timing of packets www.rsa.com/rsalabs/.../kaliski-wireless-security-wwc-2003.ppt

  38. Man-in-the-middle Attack • Real-time attack • Read/modify data in transit • Violate integrity

  39. Session Hijacking • Attacker takes an authenticated session • Target assumes its session is broken/lost • Attacker can use the session for anything, for any amount of time • Real time attack • Integrity of session

  40. Session Hijacking Wired Network Wired Network Target Attacker Target Attacker

  41. Replay • Similar to session hijacking except timing! Wired Network Wired Network Target Attacker Target Attacker

  42. Summary • Introduction to wireless networks • How wireless is different • Misbehavior in Wireless Networks • Security Threats in Wireless Networks

  43. WEP

  44. Introduction to WEP • Original security protocol for IEEE 802.11 standard • Wired Equivalent Privacy – Create the “privacy achieved by a wired network” • Considered as secure as a wired network • Primary Goal: Protect the confidentiality of user data from eavesdropping • Based on RC4 algorithm, which is a symmetric key stream cipher

  45. WEP - Secret Key • Relies on a secret key that is shared between a mobile station and an access point • Encrypt packets before they are transmitted, and an integrity check to ensure that packets are not modified during transition • Same key shared between all mobile stations and an access point in a network

  46. WEP - Authentication Authenticate (request) STA AP Authenticate (challenge) Authenticate (response) Authenticate (success)

  47. Stream Cipher Operation

  48. Electronic Code Book Mode

  49. Initialization Vectors (IV) • Used to alter the key stream • Numeric value that is concatenated to the base key before the key stream is generated • Every time IV changes, so does the key stream • 802.11 standard recommends that IV change on a per-frame basis • If same packet is transmitted twice, the resulting cipher-text will be different for each transmission

  50. Encryption with IV

More Related