1 / 33

Mobile and Wireless Networking

Mobile and Wireless Networking. Lecture 20 Dr. Xinbing Wang. Overview of the Course. Part 1: Wireless communication systems (Chapter 1) Flexibility to support roaming Limitations: Geographical coverage, transmission rate, and transmission errors Part 2: Wireless communication technology

rau
Télécharger la présentation

Mobile and Wireless Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile and Wireless Networking Lecture 20Dr. Xinbing Wang

  2. Overview of the Course • Part 1: Wireless communication systems (Chapter 1) • Flexibility to support roaming • Limitations: Geographical coverage, transmission rate, and transmission errors • Part 2: Wireless communication technology • Radio propagation (Chapter 5) • Spread spectrum (Chapter 7) • Part 3: Current wireless systems • Cellular network architecture (Chapter 10) • Mobile IP (Chapter 12) • Wireless LAN (Chapter 11/13/14) • Part 4: Other wireless networks • Ad hoc networks (Reading materials) • Sensor networks (Reading materials) • Wireless PAN (Chapter 15) • Satellite systems (Chapter 9) • Part 5: Wireless Security Dr. Xinbing Wang

  3. Security in Wireless Networks • Wireless security issues • General topics on security • Layered security solutions • Security solutions in wireless networks • Security in UMTS • Security in Mobile IP networks • WLANs: WEP • Secure AODV for mobile ad hoc networks Dr. Xinbing Wang

  4. Wireless Security • Wireless security appears to be following the usual “penetrate and patch” route. • Early wireless security is focused almost exclusively on cryptography and secure transmission. • Wired equivalent privacy (WEP) security, the cryptography built in to 802.11b, for example, is completely broken and offers very little real security. • Argument: is it worse than nothing? • Misunderstanding: reliance on cryptography – “ magic crypto fairy dust”. • Security measures must be implemented throughout the wireless software development lifecycle. • Limitations: devices are smaller, communications speeds are slower, and consumers are more demanding. Dr. Xinbing Wang

  5. Attacks on Wireless Networks • General attacks • Passive attacks are inherently eavesdropping or snooping on transmission • Release of message contents • Traffic analysis • Active attacks involve altering data or creating fraudulent streams • Masquerade: one entity pretends to be a different one (ex. Replay authentication) • Replay: passive capture of a data unit and its subsequent retransmissions to construct unwanted access • Modification: information changed/delayed/recorded to produce an unauthorized result • Denial of service: temporary prevention of communications for normal use. Dr. Xinbing Wang

  6. Attacks on Wireless Networks (2) • Interruption of service • The resources of the system are destroyed or become unavailable • Modification: This is an attack on the integrity of the system. • Not only gain the access to the network, but change a program to do different tasks. • Fabrication: Attack on the authenticity • Insert counterfeit objects • Interception: Attack on the confidentiality • Like eavesdropping: everyone with the proper transceiver equipment can eavesdrop the data/ Radio Shack case. • In most wireless networks, link level ciphering is done by the MAC entities. Dr. Xinbing Wang

  7. Attacks on Wireless Networks (3) • Jamming: The legitimate traffic cannot reach clients or access points due to the fact that illegitimate traffic overwhelms the frequencies. • It can be done easily by degrading the overall strength of the signal • Client-to-client attacks: wireless clients that run TCP/IP protocols share the same vulnerability as wired networks • Attacks against encryption: the IEEE 802.11b uses Wired Equivalent Privacy (WEP) which has proven to have some weaknesses. • Misconfiguration: in order to have ease and rapid deployment, the many APs have an unsecured configuration. • These APs are at high risk of being accessed by unauthorized parties or hackers. Dr. Xinbing Wang

  8. Attacks on Wireless Networks (4) • Brute force attacks against passwords of APs: The majority of APs use a single password or key, shared by all connecting wireless clients. • Change on a regular basis • Employees leave the company • Managing a large number of APs and clients complicates the security system. • Insertion attacks • Without following security procedure, installation of unauthorized device. • Some company may not know that some of its employees have deployed wireless facilities on its network. • An attack may connect a laptop or PDA to an AP without the authorization of the owner, thus be able to connect to the internal network. Dr. Xinbing Wang

  9. Security Principles • Authentication (true/false) • Users, processes, or hardware components be able to identify others in the system as who or what they say they are, and vice versa. • Anyone would sacrifice functionality for accurate authentication? • Access control and authorization (power/right) • Be able to control access to whatever resources that the processes/components represent or control. • Closely tied to authentication. This service provides access control by requiring a user to provide authentication to verify that it is authorized to use the service. Even for a terminal, like lockout feature in cellular phone/laptops. Dr. Xinbing Wang

  10. Security Principles (Cont’d) • Authentication • Access control and authorization • Nonrepudiation • A user/process be identifiable and accountable for its actions in a manner that prohibits the user or process from denying its involvement at a late date. • Privacy and confidentiality • To protect information from unauthorized disclosure. • A very tricky and contentious issue ( be anonymous and confidential). • Cryptography, steganography, digital watermarking. • Integrity • To verify the accuracy of what is sent or delivered and that the process/component has not been altered in some way (often, take for granted). • Auditing: to review the activities to ensure that whatever was performed was appropriate for the given entity. Dr. Xinbing Wang

  11. Physical Layer Security • Provides signal scrambling for over-the-air (OTA) eavesdropping protection • Current technologies based on splitting the bitstream into small fragments called radio frames and then applying some form of frequency based scrambling technique. • Radio frames travel on a spread spectrum of frequencies where each fragment is identified by a digital code known only to the device and the base stations • No other device can receive the transmission • Example: CDMA network security. For each connection, there are billions of code combinations available. Dr. Xinbing Wang

  12. Data Link and Network Layers • Some protocols, such as cellular digital packet data (CDPD) and GSM, provide data confidentiality in these layers. • CDPD applies encryption to each segmented datagram prior to transmission. • GSM uses a subscriber identity module (SIM) card to store a symmetric key known only to the mobile and the authentication center (AuC) at the carrier site. • Key is used in both authentication and ciphering TDMA frames prior to transmission. Dr. Xinbing Wang

  13. Internet Protocol Security (IPSec) • It is an open standard that is based on network layer 3 security protocol. • It specifies how the traffic is protected and to whom it is sent. • Encapsulation Security Payload (ESP) protocol • Data origin authentication, data integrity, relay protection, and data confidentiality • Authentication header (AH) protocol • Data origin authentication, data integrity, and relay protection. Dr. Xinbing Wang

  14. Transport Layer Security • Secure Socket Layer (SSL) used extensively in Web applications to secure TCP/IP connections. • Public keys (RSA) to exchange a session key (RC4 and other algorithm) for bulk encryption • Elaborate session/connection management protocol for session establishment, resumption, and termination. • Designed for high-bandwidth connections; it is not optimized for high-latency networks. • SSL is not well suited for wireless applications • Wireless Transport Layer Security (WTLS) – Part of WAP • It was developed as a replacement for the flawed WEP 802.11b security. • It works by performing client and server authentication to confirm the identity of the sender and his or her message. • It also encrypts the data in transit to keep the information secret and checks the integrity of the data after it arrives. Dr. Xinbing Wang

  15. Application Layer Security • Application specific user authentication • User ID and password • Challenge-response authentication protocols • Biometric: information pattern to identify physical body • Message integrity • Hashing of a shared secret and some message specific data to produce a unique MAC (MD5) • Application level encryption; RC5, Triple 3DES, and so on • Application level digital signatures for non-repudiation and authentication. Dr. Xinbing Wang

  16. Layered Classification of Security Protocols Dr. Xinbing Wang

  17. Security in Wireless Networks • Wireless security issues • General topics on security • Layered security solutions • Security solutions in wireless networks • Security in UMTS • Security in Mobile IP networks • WLANs: WEP • Secure AODV for mobile ad hoc networks Dr. Xinbing Wang

  18. Objectives of UMTS Security • To ensure that information generated by a user is adequately protected against misuse or misappropriation; • To ensure that the resources and services provided by serving networks and home environments are adequately protected against misuse or misappropriation; • To ensure that the security features are adequately standardized to ensure world-wide interoperability and roaming between different serving networks and to ensure that the security features standardized are compatible with world-wide availability; • To ensure that the level of protection provided to users and service providers is better than that provided in contemporary fixed and mobile networks. Dr. Xinbing Wang

  19. New Features in UMTS Security • User identity confidentiality: This hides the user’s permanent identity and current location • User untraceability protects a user’s integrity by making it hard for an attacker to deduce what services are utilized. • User authentication is used to allow network access to authorized users (subscribers) only. • Network Authentication: A means for the user to authenticate the network. This is a completely new feature that eliminates the threat of a radio channel being hijacked by an intruder. • Data and signaling confidentiality: The encryption of signaling and user data. • Data and signaling integrity: Signaling and user data are not only encrypted, but also protected against such things as reply attacks and tampering. This integrity is achieved by using the same sequence numbers for network authentication and by encrypted authentication codes appended to the data and signaling frames. Dr. Xinbing Wang

  20. UMTS Security Architecture • USIM: UMTS subscriber identity module • AKA: authentication and key agreement • DC: Data confidentiality for both data and signaling • DI: data integrity for signaling, but not data • UIC: User identity confidentiality • SN: Serving network is the counterpart on behalf of the HLR/AuC VLR/ SGSN RNC HLR UE USIM UICSN UICUE AKASN AKAHLR AKAUSIM DCUE DCRNC DIRNC DIUE Dr. Xinbing Wang

  21. Application Stratum (IV) Home Stratum/ Service Stratum (I) (III) (I) User Application USIM HE (II) MS (I) Provider Application (I) Transport Stratum (I) SN AN HE: Home Environment ME: Mobile Equipment USIM: User Services Identity Module AN: Access Network SN: Serving Network MS: Mobile Station (I): Network Access Security (III): User Domain Security (II): Network Domain Security (IV): Application Security ME UMTS Security Architecture (2) TS 133102v4.5.0 in December 2002 Dr. Xinbing Wang

  22. UMTS Security (3) 1.Terminal security: It ensures controlled access to the mobile terminal. It comprises of User/USIM authentication(e.g. PIN codes) and the ability to lock out undesired USIMs from a certain terminal. 2. Network Security is about securing signaling and data through the wireline part of the UMTS network, something that is particularly important to roaming subscribers. 3. The visibility property of the UMTS security comprises a set of features that make it possible for a user to find out whether a certain security feature is in operation or not; i.e. if encryption is used. Configurability is what enables the user to decide whether the use and provisioning of services should depend on a certain security feature or not, rejecting incoming non-ciphered calls or rejecting the use of a certain encryption algorithm. 4. Network Access Security, the largest security area to cover, and has several features. Dr. Xinbing Wang

  23. Local Domain Home Domain Local Domain Home Domain AAAH AAAB AAAH AAAL AAAL MN MN FA FA HA HA FA: Foreign Agent HA: Home Agent MN: Mobile Node AAAL: Local AAA Server AAAH: Home AAA Server : Security Association MIP with AAA Extension S. Glass, T. Hiller, S. Jacobs and C. Perkins in October 2000, RFC 2977 A. Basic MIP Architecture B. Enhanced MIP Architecture Dr. Xinbing Wang

  24. WLAN: Wired Equivalent Privacy (WEP) Protocol • As its name, the goal of WEP is to provide a level of privacy that is equivalent to a wired LAN. • The WEP algorithm is used • To protect wireless networks from eavesdropping. • To prevent unauthorized access to wireless networks. • WEP replies on a default set of keys that are shared between wireless devices and APs. • A client with the correct key can communicate with any AP on the wireless network; without the key, a link-level connection request is rejected. • If it is configured to do so, the wireless devices and APs will also encrypt data before transmitting it, and an integrity check ensures that packets are not modified in transit. Dr. Xinbing Wang

  25. Wired Equivalent Privacy (WEP) Protocol (2) • An IEEE 802.11 wireless station will not process data over the wireless network unless its network ID • Also called a Basic Service Set Identification, is the same as other stations on the network. • Sent in every 802.11 data packet, the network ID is a six-byte codeword that distinguishes one wireless LAN from another. • Access points check the network ID when each station initiates a connection to the network. • If the ID doesn't match the one stored in the access point, then the station cannot establish a connection to the wireless LAN. • Thus, an intruder must obtain the network ID necessary to join the network. This should be difficult, assuming you keep the network ID codes confidential. Dr. Xinbing Wang

  26. Wired Equivalent Privacy (WEP) Protocol (3) • Operation • A station requesting 802.11 service sends an authentication frame to another station. • When a station receives an initial authentication frame, the station replies with an authentication frame containing 128 octets of challenge text. • The requesting station copies the challenge text into an authentication frame, encrypts it with a shared key using the WEP service, and sends the frame to the responding station. • The receiving station decrypts the challenge text using the same shared key and compares it to the challenge text sent earlier. If they match, the receiving station replies with an authentication acknowledgement. If not, the station sends a negative authentication notice. Dr. Xinbing Wang

  27. Wired Equivalent Privacy (WEP) Protocol (4) • A way to compromise a wireless LAN • To use specialized equipment to capture information bits being sent over the air, decode them, and read the contents of email, files, or financial transactions. • This doesn't necessarily require the network ID because the monitoring equipment doesn't need to establish a connection to the wireless LAN. • The equipment passively listens to the transmissions as they propagate through the air. • However, this process does require the proper monitoring equipment to correctly demodulate the received spread spectrum signal. Dr. Xinbing Wang

  28. Authentication Frame • Based on an RSA RC4 (stream cipher) algorithm, this simple WEP algorithm has following properties • Reasonably strong: a brute force attack on this algorithm is difficult because every frame is sent with an initialization vector (IV), which restarts the PseudoRandom Number Generator (PRNG) for each frame. • Self-synchronizing: like in any LANs, the wireless stations work in a connectionless environment where packets may get lost. The WEP algorithm resynchronizes at each message. Dr. Xinbing Wang

  29. Authentication Frame (2) 24-bit 40-bit IV Key Encrypted data 32-bit Payload ICV Payload ICV RC4 WEP Frame Header IV key number Payload ICV Dr. Xinbing Wang

  30. Access Control List • Access control list can provide a minimal level of security. • It is based on the Ethernet MAC addresses of the clients. • This list consists of the MAC addresses of all of its clients and only the clients whose MAC addresses are listed can access. Dr. Xinbing Wang

  31. Using the WEP • There are two methods specified in IEEE 802.11 for using the WEP. • A station or an AP can decrypt packets enciphered with any of four keys (provided through a window). • To use key-mapping table where each unique MAC address can have separate keys. • The use of a separate key for each client mitigates the cryptographic attacks found by others. • The disadvantage is that all of these keys should be configured manually on each device or AP. Dr. Xinbing Wang

  32. Weakness in WEP WEP is weak against the following attacks (RC4 and IV) • Active attacks that inject new traffic from unauthorized mobile stations • The attack knows the exact plain text for one encrypted message. • Active attacks to decrypt traffic based on fooling the APs. • The attacker fools the AP: it makes a guess about the header of the packet; not the packet’s content. All he/she needs to do is to guess the destination address. Dr. Xinbing Wang

  33. Weakness in WEP (2) • Passive attacks to decrypt traffic based on statistical analysis. • An eavesdropper can intercept all wireless traffic until an IV collision occurs. • By using XOR of two plain text messages, the attacker can obtain the same IV value. • Dictionary-building attacks which allow real-time automated decryption of traffic after some analysis. • Once the plain text for the packet is known, the attacker can compare the RC4 key stream generated by the IV. The latter can be used to decrypt all other packets that utilize the same IV. Dr. Xinbing Wang

More Related