Securing future wireless networks challenges and strategies
Download
1 / 14

Securing Future Wireless Networks: Challenges and Strategies - PowerPoint PPT Presentation


  • 314 Views
  • Updated On :

Securing Future Wireless Networks: Challenges and Strategies . Pandurang Kamat Wade Trappe. Talk Overview. Security has been one of the great detractors for wireless technologies (and the Internet, too!) We have a chance to consider security as we redesign the network

Related searches for Securing Future Wireless Networks: Challenges and Strategies

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Securing Future Wireless Networks: Challenges and Strategies ' - Jims


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Talk overview l.jpg
Talk Overview

  • Security has been one of the great detractors for wireless technologies (and the Internet, too!)

  • We have a chance to consider security as we redesign the network

  • Think about the questions:

    • Should security be considered separately from the network?

    • What benefits are there if we integrate security into the network?

    • Should we reevaluate the definition of security?

    • How private do we really want our lives?

  • This talk will not focus on classical “Internet Security” but on “Wireless Security”


Through the looking glass the wireless world l.jpg

100BaseT Ethernet

TMS320C6701

Megarray

Connector-

244 Configurable

I/O pins

XC2V6000

FPGA

MPC8260

Through the Looking Glass, the Wireless World

  • Key properties and differentiators that make wireless desirable

    • Ubiquity

    • Mobility

    • Resource adaptability

    • Portability

    • Affordability

    • Platform heterogeneity


Reevaluating the security paradigm l.jpg

System (CIA) Paradigm

Algorithmic Paradigm

Confidentiality

Data Confidentiality

Data Integrity

Integrity

Availability

Authentication

Non-repudiation

Reevaluating the Security Paradigm

These paradigms have been the traditional

frameworks for security on conventional

networks, but what can we do

differently for wireless systems?


Reevaluating the security paradigm pg 2 l.jpg
Reevaluating the Security Paradigm, pg. 2

Confidentiality

Availability

Integrity

Wireless is easy to sniff.

We still need encryption services and key management.

Key freshness is an issue.

RF energy radiates, and wireless entities within the radio coverage pattern may serve as witnesses for the actions of the transmitter.

The value of a wireless network is its promise of ubiquitous availability.

Wireless networks are easy to break!

Wireless hardware/equipment need to be safe from modification.

Data/control info should not be modified before or during transit.

We still need traditional security methods.

But the wireless world has additional problems

and new modalities for solutions!

Privacy

Non

Repudiation

The pervasiveness of the wireless networks should not mean that just anyone can participate!

Example: Rogue APs

Location is a new form of information provided by wireless systems that will facilitate new services. Location information needs to be trusted.

Perpetual connectivity can mean constant surveillance!

With snooping one can monitor mobility and handoffs between networks.

Wireless resources (e.g. power and spectrum) must be managed.

Greedy user behavior will cause resource management to malfunction.

Location

Services

Intrusion

Detection

Resource

Management


Drill down specific challenges and some strategies l.jpg

Drill Down: Specific Challenges and Some Strategies


Availability attack radio interference l.jpg

@#$%%$#@&

Mr. X

Availability Attack: Radio Interference

Hello …

Hi …

  • Alice and Bob are attacked by malicious Mr. X.

  • A story for the problem of wireless denial of service attack we focus on.

    • Alice and Bob  two communicating nodes, A and B.

    • Mr. X  an adversarial interferer X.

    • Mr. X’s insane behavior  the jamming style DoS.

    • People and nodes in wireless network both communicate via shared medium.

  • Jamming style DoS Attack:

    • Behavior that prevents other nodes from using the channel to communicate by occupying the channel that they are communicating on

Bob

Alice


Availability jamming detection defense l.jpg
Availability: Jamming Detection/Defense

  • Detection:

    • Challenge is to discriminate between legitimate causes of poor connectivity and jamming

  • Motivation from “The Art of War” by Sun Tze:

    • “He who cannot defeat his enemy should retreat.”

  • Defense Strategies:

    • Spectral Evasion (Channel Surfing)

    • Spatial Evasion

  • Latency and synchronicity is an issue as you move to many node networks!

  • SDRs will allow more advanced forms of spectral evasion.

PDR VS. SS

Jammed Region

SS(dBm)

PDR %

Channel Surfing Experiment

1.5

Packet Delivery Rate

1

0.5

Jammer turned on

Change channel

0

Trial Number (Time)


Intrusion detection wireless spoofing l.jpg

Late!

MAC: x.y.z.w

Intrusion Detection: Wireless Spoofing

  • Many wireless security threats are possible because it is easy to spoof legitimate devices (ioctl/ipconfig)

  • Example

    • Attacker armed with a laptop having 2 wireless cards.

    • One card monitors all TCP traffic on the AP channel

    • Second card sends back TCP replies to select TCP requests (e.g. all requests for a particular web page). These are sent as if appearing from the server the user was connecting to.

    • At the MAC layer the attacker spoofs AP by injecting custom 802.11x frames with AP’s source MAC address.

  • Results:

    • The user session is hijacked.

    • Requested service is DoSed.

    • Easy to launch flooding DoS attacks at higher-layer buffers

Internet

MAC: x.y.z.w


Intrusion detection spoofing defense l.jpg
Intrusion Detection : Spoofing Defense

  • Spoofing can be addressed through authentication services

    • Traditional authentication services employ cryptographic solutions (e.g. MACs, signatures)

    • Light-weight alternatives can reduce the load on buffers into cryptographic functions

  • A lesson learned from 802.11:

    • 802.11 has several fields controlled by firmware, which are hard for an attacker to bypass

    • The 12bit sequence # field is increased monotonically by 1 for each packet

    • Monotonicity provides a rule whose violation is easy to detect

  • The sequence number was not intended to be a security field, but it can be!

  • We may introduce filters that check monotonic conditions (or more generic rules)


Wireless localization security l.jpg
Wireless Localization Security

  • Location information will facilitate new computing services

    • Location-based file access control

  • Problem: Localization methods are not secure!

  • Traditional cryptography and network security can address cryptographic attacks (Is this beacon really from the AP?)

Is cryptography alone enough?

No!

Localization algorithms depend on measurements that are susceptible to attack!!


Attacks on signal strength l.jpg

r 2

d2

Attacks on Signal Strength

  • Distance is measured using the relationship between received signal strength and distance

  • Adversary may affect the receive signal power by:

    • Alter transmit power of nodes

    • Remove direct path by introducing obstacles

    • Introduce absorbing or attenuating material

    • Introduce ambient channel noise

Power Received

r1

d1

Distance

Absorbing Material


Defenses for wireless localization l.jpg

Attacks

Defenses for Wireless Localization

  • Don’t rely entirely on traditional security!

  • Two-tier approach to defending wireless localization…

  • Add Security and Robustness!

S

E

C

U

R

I

T

Y

R

O

B

U

S

T

A

L

G

A

L

G

O

R

I

T

H

M

Add Authentication,

Entity Verification,

Etc…



ad