1 / 27

Challenges of Wireless Security TCP in Wired-Cum-Wireless Environments

Challenges of Wireless Security TCP in Wired-Cum-Wireless Environments. Presented by – Vijaiendra Singh Bhatia CSCI 5939 Independent Study – Wireless Security . Introduction . Most of the wireless technologies were not designed with security as top priority.

norwood
Télécharger la présentation

Challenges of Wireless Security TCP in Wired-Cum-Wireless Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Challenges of Wireless SecurityTCP in Wired-Cum-Wireless Environments Presented by – Vijaiendra Singh Bhatia CSCI 5939 Independent Study – Wireless Security

  2. Introduction • Most of the wireless technologies were not designed with security as top priority. • It is challenging to implement security in wireless devices due to device characteristics. • Difficult to consider various security related issues like integrity, confidentiality, authentication and access control at the same time.

  3. Security approaches in - • LAN 802.11 standard • The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from interception and to prevent unauthorized access to wireless network . • WEP relies on a secret key which is used to encrypt data that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (i.e. a base station).

  4. Security approaches in - • WAP • WAP specifies the WTLS ( wireless transport layer security protocol ) which provides authentication, data integrity and privacy services. • WTLS is based on the widely used TLS security layer used in Internet. • WTLS generally uses RSA-based cryptography, and can also use elliptic-curve cryptography (ECC), which provides a high level security.

  5. Security aspects - • Authentication • WPKI – provides a set of technologies that relies on encryption and digital certificates. ( slimmed down version of PKI ) • Smart Cards – it is a local way to authenticate user, provides more security on top of username password structure. • NES (Neomar’s Enterprise Server) – act as a single point of access for mobile devices and provides integration with the corporation's management and security infrastructure.

  6. Security aspects - • VPN ( Virtual Private Network ) – These system uses encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. • Firewalls - A system designed to prevent unauthorized access to or from a private network. A WAP gateway can be used as a single point of entry for an enterprise’s wireless systems.

  7. Wireless Security Issues - • In IEEE 802.11 • WEP was intended only to provide the basic security found in wireline LAN’s. • It has serious weaknesses as it shares single secret key. • Cryptography – It has problems with the way WEP uses the cryptographic primitives. • 802.11 encryption is readily breakable, 50-70% networks never even turn on encryption.

  8. Wireless Security Issues - • WAP Phones - • Many e-commerce sites uses SSL security. • At the WAP gateway, during the conversion of encryption from WTLS to SSL format, message is briefly unencrypted and is thus subjected to interception.

  9. Future Standards - • PIC (Pre-IKE Credential ) - A PIC-based system's authentication server would authenticate devices that are authorized to communicate with the system.  • OMAP (Open Multimedia Applications Protocol ) - a library of software from various vendors that will permit secure transactions on wireless devices that use TI's digital signal processors. • MeT (Mobile electronic Transactions ) - Ericsson, Motorola, Nokia, and Siemens have formed an alliance to develop standards for secure mobile activities.

  10. TCP in Wired-Cum-Wireless Environments

  11. TCP in Wired-Cum-Wireless Environment • TCP assumption • Homogeneous: data network • Wired transmission error: rare • Wireless Environment • Heterogeneous network • Limited bandwidth • Long round trip time (RTT)

  12. TCP in Wired-Cum-Wireless Environment • TCP in wireless environment • Random loss • A segment loss triggers congestion avoidance • Frequent restarts and small sender’s window • Retransmissions • Poor throughput

  13. A wired-cum-wireless Internet • Diversification in end-host capabilities • Workstations coexist with WebTVs, wireless phones, and PDAs. • Reliable transmissions are needed for web browsing, e-mail, file transfers, etc. • Wireless media exhibit different transmission characteristics than wired. • Random losses due to fading, shadowing • Often, long RTTs and low bandwidth • Power consumption becomes an issue

  14. End-user wireless networks • Wireless LANs • Sufficient bandwidth and relatively small RTTs, but limited user mobility (IEEE 802.11, HIPERLAN/1) • Wide Area Wireless Data Networks • Limited bandwidth, long RTTs, jitter, increased user mobility (CDPD, GPRS) • Cellular Networks • Handle voice and data (GSM, IS-95) • Same characteristics as WAWDNs, but circuit-switched • Not so economical for data transfers

  15. TCP in a wireless environment • Limited bandwidth • Long round trip times • Random losses • User mobility • Short flows • Power consumption

  16. TCP solution over wireless environment

  17. Taxonomy of solutions • Link layer solutions • TCP-aware LL protocols (e.g. snoop) • TCP-unaware LL protocols (e.g. TULIP) • Split connections • Indirect-TCP • Wireless Application Protocol • TCP modifications (e.g. SACK, Santa Cruz) • New transport protocols (e.g. WTCP)

  18. Link Layer Solutions • Link layer know packet drop • Locally buffer and retransmission • Fast response • Transparent to existing software & hardware • Relative reliable delivery, with TCP

  19. Link Layer Solutions • TCP-Aware LL • Snoop agent in BS • Knowledge of TCP • Snoop timeout < TCP timeout • TCP-Unaware LL • Don’t have knowledge of TCP • Aware of reliable TCP & unreliable UDP • More possibility of LL & TCP retransmission • LL retransmission timeout < TCP timeout • Designed for half-duplex wireless channel

  20. Split connection • Indirect TCP • Improved throughput • Split TCP connection into 2 (wired & wireless) at BS • BS acknowledges segment to sender, before the segment reach the receiver • Violate TCP semantics • Split TCP connection several times

  21. TCP modifications The main cause is TCP assumptions • Modify TCP to differentiate congestion loss, random loss and handoff • Only peer TCP upgraded • Not all to improve TCP over wireless • Many variations proposed to improve performance in different scenarios • Different perspectives • Slow start is too aggressive, causing fast congestion • Initial congestion window is too low

  22. TCP modifications TCP SACK (Selective ACK) • Instead of cumulative ACK, selective ACK for out of order packet. Less retransmission of successful received. • TCP FACK (Forward Acknowledgement) • Make intelligent decisions about data that should be retransmitted • TCP Santa Cruz • Keep records of sending & receiving time • Estimate whether congestion is built up

  23. TCP modifications • Delayed ACK • No loss, cumulative ack. Loss, immediate ack. • DAASS (Delayed ACK after Slow Start) • After slow start is congestion avoidance, need less traffic • ACK Pacing • Rate based, instead of window based • ECN (Explicit Congestion Notification) • Router informs congestion • ELN (Explicit Loss Notification) • Loss is informed

  24. New Transport Protocols • WTCP (wireless TCP) • Designed for CDPD or wireless WAN: low BW, high latency • WTCP attempts to predict when a segment loss is due to transmission errors or due to congestion • Rate based, an algorithm to inform sender of increasing or reducing sending rate • Keep track of statistics for non-congestion segment losses • Use of ACK and SACK • Not been proven

  25. WAP • WAP stack provides WTP which is message oriented, i.e., the basic unit of interchange is entire message not a byte stream as in TCP. • WTP offers various security mechanisms as well as data compression and encryption, provided by WTLS protocol.

  26. Conclusion • TCP performance is poor under wireless environment • TCP over wireless • Link layer • Split connection • TCP modifications • Most developments are specific cases, not for general solution • New protocol designed for wireless just born, still need developments.

  27. References • Facing the challenges of wireless security - http://nas.cl.uh.edu/yang/teaching/csci5939wirelessSecurity/MillerWirelessSecurityJuly01.pdf • TCP in wired-cum-wireless environment - http://nas.cl.uh.edu/yang/teaching/csci5939wirelessSecurity/pentikousis.pdf • Wireless Security http://www.peterindia.com/WirelessSecurity.html • Neomar Server http://www.neomar.com/news/releases/02.01.10developer.html • WEP http://www.webopedia.com/TERM/W/WEP.html

More Related