Wireless security
Sponsored Links
This presentation is the property of its rightful owner.
1 / 9

Wireless Security PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Wireless Security. 2005. 04. 19 교육대학원 분산시스템특론 인천대학교 민병준 032-770-8497, 011-9913-8497, [email protected] Contents. Introduction to Wireless Wireless World Wireless Threats Wireless Security Protocols and Cryptography Security Considerations for Wireless Devices

Download Presentation

Wireless Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Wireless Security

2005. 04. 19

교육대학원 분산시스템특론

인천대학교 민병준

032-770-8497, 011-9913-8497, [email protected]


  • Introduction to Wireless

    • Wireless World

    • Wireless Threats

    • Wireless Security Protocols and Cryptography

    • Security Considerations for Wireless Devices

  • Wireless Technologies and Applications

    • Cellular Networks

    • Wireless Data Networks

    • Wireless Standards and Technologies

  • Wireless Deployment Strategies

    • Implementing Wireless LANs : Security Considerations

    • Enabling Secure Wireless Access to Data

    • Real Examples from the Wireless World

    • The Wireless Future

    • Accessing Wireless LANs

Cellular Networks (1/4)

  • 3 Methods for Spectrum Allocation : provides access to a given frequency for multiple users

    • Frequency Division Multiple Access (FDMA)

    • Time Division Multiple Access (TDMA)

    • Code Division Multiple Access (CDMA)

  • FDMA

    • used on the initial analog Advanced Mobile Phone System (AMPS)

    • available spectrum divided into channels; each channel used for a single conversation

    • FDMA assigns channels even if no conversations are taking place - less efficient

    • only for voice transmission

    • 2G wireless technologies

      • GSM : 80%, CDMA : 11%, PDC : 5%, traditional TDMA : 2%, iDEN : 1%

  • TDMA

    • digitizes the voice signal and turns the signal into a series of short packets

    • uses a single-frequency channel for a very short time and migrates to another channel

    • voice packets can occupy different time slots in different frequency ranges at the same time

    • digital signal, better frequency allocation, support for multiple data types

    • Global System for Mobile Communications (GSM) basis

Cellular Networks (2/4)

  • CDMA

    • frequency hopping spread spectrum in 1940s - utilizing a wider frequency range

      • increases signal quality and connections

      • more secure, decrease the risk of the signal being detected by unauthorized parties

    • rather than dividing spectrum by time or frequency, adds a unique code onto each packet before transmission

    • the same code is used at the receiving end to enable the conversation to be reconstructed

    • stronger security, better (8-10 time than FDMA, 5 time than TDMA) frequency allocation, improved call quality, simplified system planning (by using the same frequency in every sector of every cell)

  • TDMA versus CDMA

    • TDMA advantages

      • longer battery life (less transmitter power), less expensive infrastructure, widest deployment (GSM), international roaming (GSM), data security (GSM's Subscriber Identity Module cart)

    • TDMA disadvantages

      • hard roaming handoffs, distortion (lower signal-to-noise ratio)

    • CDMA advantages

      • bandwidth efficiency, soft roaming handoffs (polls various cells and switches to the cell that offers the best signal and coverage), less distortion, strong voice security

    • CDMA disadvantage

      • more expensive, no international roaming, no SIM card

  • PDC (Personal Digital Cellular)

    • based on TDMA in 800MHz and 1500MHz

    • bandwidth efficiency, packet data, only in Japan

  • iDEN (integrated Dispatch Enhanced Network) by Nextel

    • wireless market called specialized mobile radio (SMR), walkie-talkie with a cellular phone,

Cellular Networks (3/4)

  • Security Threats

    • Network Operator's Security Goals

      • Authentication, Privacy, Data and voice integrity, Performance

    • Security Risks and Threats

      • Network and systems availability (DoS), Physical protection, Fraud (cloned or pirated handsets)

    • Types of Cellular Fraud

      • theft of handsets, sign up for services using false id, handset cloning,

    • Combating Fraud

      • encryption (Electronic Serial Number), blacklist (track the ESNs of stolen phones), traffic analysis, legislation

  • General Security Principles

    • Encryption - size of key : 56-bit in DES

  • GSM

    • handsets with SIM card (smart card with 32K/64K EEPROM)

    • base transceiver station

    • base station controller

    • mobile switching center

    • authentication center

    • home location register / visitor location register

    • operating and maintenance center

  • GSM security

    • authentication algorithm for handset (A3)

    • block cipher algorithm to encrypt voice and data (A5/1 or A5/2)

    • key generation algorithm (A8)

Cellular Networks (4/4)

  • CDMA

    • a 64-bit symmetric key (called A-Key) for authentication, no SIM card

    • why not public keys - hardware limitation, infrastructure requirements

    • Authentication

      • encryption algorithm CAVE (cellular authentication and voice encryption)

      • to minimize the risk of intercepting the A-Key in the air, dynamic value called shared secret data

      • steps

        • commence a call; MSC retrieve subscriber info from HLR, MSC generates 24-bit random number for unique challenge (RANDU); RANDU is transmitted to the phone, phone generate 18-bit AUTHU, MSC calculates AUTU which should match

    • Confidentiality

      • 64-bit Signaling Message Encryption Key (SMEKEY)

  • Shortcomings

    • no mutual authentication

    • poor security algorithms (replacing CAVE with SHA-1)

    • no consistent SIM card mechanism on handset for key storage

    • voice encryption not always

Wireless Data Networks (1/3)

  • General Demands

    • faster throughput

    • more global roaming capabilities

    • interoperability with internet

  • Wireless Data Networks

    • Cellular Digital Packet Data (CDPD)

    • Mobitex

    • General packet Radio Service (GPRS)

  • Cellular Digital Packet Data (CDPD)

    • standard developed in US in 1990s

      • offering wireless data services using AMPS (Advanced Mobile Phone Service) infrastructure

    • advantages

      • speed (19.2 Kbps), TCP/IP based (compatible with Internet), quick call setup

    • architecture

      • similar to wireless voice networks

      • mobile end system ... mobile database stations - mobile data intermediate system - Internet (firewall)

    • security

      • similar to wireless voice network (CDMA) : unique id called NEI (Network Entity Identifier)

      • no tamper-resistant hardware such as SIM

      • Diffie-Hellman key exchange

      • vulnerabilities

        • no mutual authentication, local key storage (no SIM to store NEI)

Wireless Data Networks (2/3)

  • Mobitex

    • wireless data technology developed by Ericsson in 1980s

      • operate in one of 4 frequency families (80MHz, 400MHz, 800MHz, 900MHz)

      • 8Kbps rate, 512-bytpe block transmission

      • royalty-free license

    • architecture

      • peer-to-peer ... base station - local switch - regional switch - national switch / Internet

    • application of the network : Blackberry wireless e-mail pager offered by Canadian-based Research in Motion (RIM)

      • RIM device (32-bit Intel 386 processor, 2MB flash mem, 304Kb static RAM) security model focused on MS outlook & Lotus cc:Mail

    • RIM security architecture

      • desktop - mail server - firewall - Internet - mobile network ... RIM handheld

    • Mobitex vs. CDPD (Mobitex will outlast CDPD)

      • network infrastructure (eliminating AMPS hardware), strong industry association (Mobitex Operators Association led by Ericsson), greater coverage

Wireless Data Networks (3/3)

  • General Packet Radio Service (GPRS)

    • GSM developed in 1990s

      • packet-based

        • compatibility with the Internet

        • always-on connection

        • efficient networks

    • higher throughput

      • use many time slots in parallel

      • data split into chunks and sent simultaneously on multiple channels to a handset

    • handsets

      • Class A terminal (support GPRS and GSM and the simultaneous operation of both, e.g., email + voice)

      • Class B terminal (support GPRS and GSM but not simultaneously)

      • Class C terminal (only GPRS)

    • architecture

      • base station - base station controller - SGSN - HLR / GGSN - Internet

        • SGSN : data router (service GPRS service node)

        • GGSN : gateway GPRS Support Node

        • other network components : charging gateway, border gateway, DNS, lawful interception gateway, firewall and network management stations

    • security issues

      • DoS against GGSN

      • IP address spoofing

      • GGSN - Internet - VPN server - corporate LAN

        • not end-to-end security(SGSN-GGSN), added cost(VPN), trust issue (enterprise - mobile operator)

  • Login