1 / 121

Security Issues, Concepts and Strategies in Wireless And Mobile Systems

Security Issues, Concepts and Strategies in Wireless And Mobile Systems. By: Imad Jawhar. Outline. Introduction The wireless environment and systems Concepts and terminologies used in wireless security Some commonly used wireless and mobile systems and protocols

briallen
Download Presentation

Security Issues, Concepts and Strategies in Wireless And Mobile Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Issues, Concepts and Strategies in Wireless And Mobile Systems By: Imad Jawhar

  2. Outline • Introduction • The wireless environment and systems • Concepts and terminologies used in wireless security • Some commonly used wireless and mobile systems and protocols • Wireless application protocol (WAP)

  3. Wireless transaction protocol (WTP) • Wireless transport layer security (WTLS) protocol • Some additional concerning WAP security • Some research and future directions in wireless system security • Conclusions

  4. The Wireless Environment • Communications in the wireless environment has its own issues and challenges. • Generally, it has the following characteristics: • Relatively low bandwidth and data rate. • Relatively high error rates. • Need for low power consumption to preserve battery life of mobile systems. • Mobility of the nodes adds more complexity because of topology changes.

  5. Signal fading. • Handoff issues. • And other challenges. • All of these issues affect design and design for security

  6. There exists many forms of wireless communications and networking, and the number of these forms dynamically increasing. • The following is a list of the some very popular forms of wireless communications.

  7. Satellite Communications: • Uses microwave links and provides global connection of many network infrastructures. • Three types of satellites: • GEO: Geostationary Earth Orbit Satellites. • MEO: Medium Earth Orbit Satellites. • LEO: Low Earth Orbit Satellites.

  8. Cellular Networks: • Widely used recently. Quickly increasing in popularity all over the world. • Geographic area is divided into cells. • Each cell is serviced by a base station (BS). • Several stations are served by a Mobile Telecommunications Switching Office (MTSO), or a similar structure.

  9. Base station connects mobile users to MTSO. • MTSO connects base station (BS’s) to telephone switching office. • The first generation of systems was AMPS (Advanced Mobile Phone Service) which used analog communications

  10. The second generation uses digital traffic channels, encryption, error detection, correction, and allow channel access to be dynamically shared by all users.

  11. Third generation systems will have: • Voice quality that is comparable to public switched telephone networks. • Higher data rates. • Symmetrical and asymmetrical data transmission rates. • Support for both packet and circuit switched data services.

  12. Adaptive interface to the Internet to reflect common asymmetry between inbound and outbound traffic. • More efficient use of available spectrum • Support for wide variety of mobile .equipment. • More flexibility to accept new services and techniques.

  13. Cordless Systems: • Used inside homes and buildings. • Allow wireless communications between cordless devices such as a telephone to a single multiple base stations using TDMA (Time Division Multiple Access) and TDD (Time Division Duplex) communications.

  14. Wireless Local Loop (WLL): • Increasingly more popular way to provide wireless last mile connections between the end user and the local switching telephone center. • Allows reduction in installation cost, and time. • Selective installation is possible (only install when customer desires service, not in anticipation of the customer desiring service).

  15. Mobile IP: • Allows nomadic access to the Internet from different access points. • A user is able to maintain connectability to the Internet while moving from one access point to another. • It uses process registration, agent solicitation, move detection, and tunneling to achieve this objective.

  16. Wireless Local Area Networks (WLANs): • Rapidly becoming very popular. • This is due to many characteristics such as: • Need for mobility. • Cost effectiveness. • Convenience. • Rapid deployment ability.

  17. Decrease in size of electronic and digital equipment. • Speed of mobile computing devices.

  18. There are four types of wireless LANs . • LAN Extension: • Provide wireless connections of mobile computing units to a wired network. • Used in manufacturing, stock exchange, and warehouses.

  19. Cross-building Interconnect: • Used to provide wireless connections between buildings. • Uses microwave communications with dish shaped antennas. • More of a link than a LAN.

  20. Nomadic Access: • Used to provide connectivity from mobile units such as a laptop, PDA or other computing devices to a fixed campus network per example.

  21. Ad Hoc Networking: • Also called rapidly deployable networks. • An increasingly popular form of establishing networks between mobile computing devices, such as laptops, computers inside moving vehicles. • The temporary wireless network is established dynamically on the fly.

  22. Very dynamic in nature because topology changes while nodes move from one location to another, and nodes dynamically move in and out of each other’s range and are added and deleted to the network all together.

  23. Require robust communications algorithms and protocols, which have the following characteristics: • Can quickly adapt to the changing network topology. • Maintain efficient connectivity and routing between various nodes while wireless links are lost and established dynamically as nodes move in and out of each other’s range.

  24. There are numerous applications for Ad Hoc Networks, such as: • Tactical military operations. • Conferences. • Campus and classroom environments. • Disaster recovery. • Search and rescue operations. • And so on.

  25. Bluetooth: • A wireless communications protocol. • Originally started by Ericsson. • Quickly became adopted by a consortium of companies in the computer industry. • Grew from a few companies to thousands including all of the major companies in the industry.

  26. Designed to establish and maintain connections between various computing devices and electronic equipment such as: Computers, cellular phones, PDA’s, and so on. • This is done wirelessly avoiding the need for wires to establish the connections. • Intended to work in a close proximity environments such as homes, offices, classrooms, hospitals, airports, etc.

  27. Connections are established by designating master and slave nodes. • It uses profiles for different devices, which characterize the applications. • There are types of communication links which are multiplexed over the same RF (Radio Frequency): • Synchronous Connection-oriented (SCO) for voice. • Asynchronous connectionless (ACL) links for data.

  28. Uses Frequency-hopping spread spectrum with a high rate 1600 hops/sec to reduce interference, and provide low power, and low cost of radio communications. • Operates in the ISM band at 2.45 GHz with a transmission of 1 to 100 mW, and a range of 10 to 100 meters, and a maximum bit rate of 1 Mbps, and an effective data transfer rate of 721 Kbps.

  29. 802.11 wireless standard • This is a wireless LAN standard. • which is increasingly being adopted by many wireless devices to establish communications at the physical and data link layers of the OSI model. • In 2000 vendors sold around a million 802.11 network interface cards, and sales are expected to go up to 3.9 million in 2004

  30. Security Issues • Importance of wireless systems. • In every aspect of our lives. • Sensitivity of information shared on wireless systems (increasingly important) financial, personal, social, confidential, etc. • example: wireless cameras (watching nanny and baby in house…the whole block watching).

  31. Security services needed • (especially in e-commerce transactions) • User authentication: The process of proving to the system that the user is whom he/she says he/she is.

  32. Data authentication: It is further subdivided into two sub-services. • The first is data integrity, which is the process of guaranteeing to the receiver that the data was not changed during the transmission process. • The second is data origin authentication is the process of proving to the receiver that the data was actually sent by the stated sender.

  33. Data confidentiality: It ensures that unintended parties are not able to read the data while in transit. Encryption is used to achieve this objective.

  34. Authorization: • It is the process of ensuring that only authorized users are allowed to access the data/resources. In a “closed system” a user is not allowed access without explicit authorization. Typically, this is the desired model of secure systems. On the other hand, in an “open system” a user is allowed access (implicit authorization) unless specifically deauthorized by the system. The latter model is undesirable for the design of secure systems, unless absolutely necessary because of the nature of the application (a public library, etc.)

  35. Audit: An audit trail is used to keep track of who, when, what, and how transactions took place in a system. This audit trail can be an essential tool for after the fact analysis in cases intentional or unintentional security attacks. It can also be used by intrusion detection algorithms to detect and prevent current and future attacks.

  36. Non-repudiation: This is an important service that is essential for the proper operation of certain e-commerce transactions. It is the process of guaranteeing that a certain user actually did issue a certain order or required a certain transaction. Non-repudiation is usually implemented using digital signatures, which are unique to users and provide proof that a particular user initiated a particular transaction.

  37. Some Commonly Used Mobile and Wireless and Mobile Systems and Protocols: • 802.11 • Bluetooth • Mobile IP

  38. IEEE 802.11 • This is a wireless LAN standard. • which is increasingly being adopted by many wireless devices to establish communications at the physical and data link layers of the OSI model. • In 2000 vendors sold around a million 802.11 network interface cards, and sales are expected to go up to 3.9 million in 2004

  39. The 802.11 architecture uses the wired equivalent privacy protocol (WEP). • Data is encrypted with WEP to protect the wireless link between clients and access points. • Network administrators distribute a WEP-algorithm-based key for authorized users, which prevents access by unauthorized users.

  40. The protocol has authentications, deauthentication (this service is invoked whenever an existing authentication is to be terminated), and privacy provisions [1] [3]. • Authentication (and deauthentication) services are used for establishing identity of a station. • The standard does not specify any particular authentication scheme.

  41. Privacy services are used to prevent the content of messages from being read by other than intended recipients [3].

  42. Bluetooth • This is a wireless communications protocol, which was originally started by Ericsson. • quickly became adopted by a consortium of companies in the computer industry. • The consortium grew from a few companies to thousands including all of the major companies in the industry.

  43. It is designed to establish and maintain connections between computing devices, and electronic equipment, such as computers, PDA’s, cell phones, and so on, wirelessly avoiding the need for wires. • It is intended to work in a close proximity environment, such as homes, offices, classrooms, hospitals, airports, etc.

  44. Connections are established using designated master and slave nodes. • It uses profiles for different devices, which characterize the applications, synchronous connection-oriented (SCO) for data, and asynchronous connectionless (ACL) links for voice, which are multiplexed on the same RF link.

  45. Frequency-hopping spread spectrum with a high 1600 hops/sec rate is used to reduce interference, and provide low power, low cost radio communications. • It operates in the ISM band at 2.45 GHz with a transmission power of 1 to 100 mW and a range of 10 to 100 meters, and a maximum bit rate of 1 Mbps, and an effective data transfer rate of 721 Kbps.

  46. Up to 8 devices can communicate in a Piconet with one device acting as the master and the other devices as slaves. Several Piconet in one area can form a “Scatternet” in which all nodes use the same frequency range with each “Piconet” using a different hop sequence.

  47. The bluetooth baseband specification defines a facility for link security between any two Bluetooth devices, consisting of the following elements [3]: - Authentication - Encryption (privacy) - Key management and usage.

  48. The security algorithms use four parameters: • Unit address: The 48-bit device address, which is publicly known. • Secret authentication key: A secret 128-bit key. • Secret Privacy key: A secret key of length from 4 to 128 bits.

  49. Random number: A 128-bit random number derived from a pseudorandom generation algorithm executed in the Bluetooth unit. • The two secret keys are generated and configured with the unit and are not disclosed.

  50. The authentication process is used to provide verification of the claimed identity of one of the two Bluetooth devices involved in an exchange. • Authentication is done by verifying that the two devices share the same preconfigured authentication key.

More Related