challenges of wireless security tcp in wired cum wireless environments n.
Skip this Video
Loading SlideShow in 5 Seconds..
Challenges of Wireless Security TCP in Wired-Cum-Wireless Environments PowerPoint Presentation
Download Presentation
Challenges of Wireless Security TCP in Wired-Cum-Wireless Environments

Loading in 2 Seconds...

play fullscreen
1 / 27

Challenges of Wireless Security TCP in Wired-Cum-Wireless Environments - PowerPoint PPT Presentation

  • Uploaded on

Challenges of Wireless Security TCP in Wired-Cum-Wireless Environments. Presented by – Vijaiendra Singh Bhatia CSCI 5939 Independent Study – Wireless Security. Introduction . Most of the wireless technologies were not designed with security as top priority.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Challenges of Wireless Security TCP in Wired-Cum-Wireless Environments' - alea-wallace

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
challenges of wireless security tcp in wired cum wireless environments

Challenges of Wireless SecurityTCP in Wired-Cum-Wireless Environments

Presented by –

Vijaiendra Singh Bhatia

CSCI 5939 Independent Study – Wireless Security

  • Most of the wireless technologies were not designed with security as top priority.
  • It is challenging to implement security in wireless devices due to device characteristics.
  • Difficult to consider various security related issues like integrity, confidentiality, authentication and access control at the same time.
security approaches in
Security approaches in -
  • LAN 802.11 standard
    • The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from interception and to prevent unauthorized access to wireless network .
    • WEP relies on a secret key which is used to encrypt data that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (i.e. a base station).
security approaches in1
Security approaches in -
  • WAP
    • WAP specifies the WTLS ( wireless transport layer security protocol ) which provides authentication, data integrity and privacy services.
    • WTLS is based on the widely used TLS security layer used in Internet.
    • WTLS generally uses RSA-based cryptography, and can also use elliptic-curve cryptography (ECC), which provides a high level security.
security aspects
Security aspects -
  • Authentication
    • WPKI – provides a set of technologies that relies on encryption and digital certificates. ( slimmed down version of PKI )
    • Smart Cards – it is a local way to authenticate user, provides more security on top of username password structure.
    • NES (Neomar’s Enterprise Server) – act as a single point of access for mobile devices and provides integration with the corporation's management and security infrastructure.
security aspects1
Security aspects -
  • VPN ( Virtual Private Network ) – These system uses encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
  • Firewalls - A system designed to prevent unauthorized access to or from a private network. A WAP gateway can be used as a single point of entry for an enterprise’s wireless systems.
wireless security issues
Wireless Security Issues -
  • In IEEE 802.11
    • WEP was intended only to provide the basic security found in wireline LAN’s.
    • It has serious weaknesses as it shares single secret key.
    • Cryptography – It has problems with the way WEP uses the cryptographic primitives.
    • 802.11 encryption is readily breakable, 50-70% networks never even turn on encryption.
wireless security issues1
Wireless Security Issues -
  • WAP Phones -
    • Many e-commerce sites uses SSL security.
    • At the WAP gateway, during the conversion of encryption from WTLS to SSL format, message is briefly unencrypted and is thus subjected to interception.
future standards
Future Standards -
  • PIC (Pre-IKE Credential ) - A PIC-based system's authentication server would authenticate devices that are authorized to communicate with the system. 
  • OMAP (Open Multimedia Applications Protocol ) - a library of software from various vendors that will permit secure transactions on wireless devices that use TI's digital signal processors.
  • MeT (Mobile electronic Transactions ) - Ericsson, Motorola, Nokia, and Siemens have formed an alliance to develop standards for secure mobile activities.
tcp in wired cum wireless environment
TCP in Wired-Cum-Wireless Environment
  • TCP assumption
    • Homogeneous: data network
    • Wired transmission error: rare
  • Wireless Environment
    • Heterogeneous network
    • Limited bandwidth
    • Long round trip time (RTT)
tcp in wired cum wireless environment1
TCP in Wired-Cum-Wireless Environment
  • TCP in wireless environment
    • Random loss
    • A segment loss triggers congestion avoidance
    • Frequent restarts and small sender’s window
    • Retransmissions
    • Poor throughput
a wired cum wireless internet
A wired-cum-wireless Internet
  • Diversification in end-host capabilities
    • Workstations coexist with WebTVs, wireless phones, and PDAs.
  • Reliable transmissions are needed for web browsing, e-mail, file transfers, etc.
  • Wireless media exhibit different transmission characteristics than wired.
    • Random losses due to fading, shadowing
    • Often, long RTTs and low bandwidth
  • Power consumption becomes an issue
end user wireless networks
End-user wireless networks
  • Wireless LANs
    • Sufficient bandwidth and relatively small RTTs, but limited user mobility (IEEE 802.11, HIPERLAN/1)
  • Wide Area Wireless Data Networks
    • Limited bandwidth, long RTTs, jitter, increased user mobility (CDPD, GPRS)
  • Cellular Networks
    • Handle voice and data (GSM, IS-95)
    • Same characteristics as WAWDNs, but circuit-switched
    • Not so economical for data transfers
tcp in a wireless environment
TCP in a wireless environment
  • Limited bandwidth
  • Long round trip times
  • Random losses
  • User mobility
  • Short flows
  • Power consumption
taxonomy of solutions
Taxonomy of solutions
  • Link layer solutions
    • TCP-aware LL protocols (e.g. snoop)
    • TCP-unaware LL protocols (e.g. TULIP)
  • Split connections
    • Indirect-TCP
  • Wireless Application Protocol
  • TCP modifications (e.g. SACK, Santa Cruz)
  • New transport protocols (e.g. WTCP)
link layer solutions
Link Layer Solutions
  • Link layer know packet drop
  • Locally buffer and retransmission
  • Fast response
  • Transparent to existing software & hardware
  • Relative reliable delivery, with TCP
link layer solutions1
Link Layer Solutions
  • TCP-Aware LL
    • Snoop agent in BS
    • Knowledge of TCP
    • Snoop timeout < TCP timeout
  • TCP-Unaware LL
    • Don’t have knowledge of TCP
    • Aware of reliable TCP & unreliable UDP
    • More possibility of LL & TCP retransmission
    • LL retransmission timeout < TCP timeout
    • Designed for half-duplex wireless channel
split connection
Split connection
  • Indirect TCP
    • Improved throughput
    • Split TCP connection into 2 (wired & wireless) at BS
    • BS acknowledges segment to sender, before the segment reach the receiver
    • Violate TCP semantics
    • Split TCP connection several times
tcp modifications
TCP modifications

The main cause is TCP assumptions

    • Modify TCP to differentiate congestion loss, random loss and handoff
  • Only peer TCP upgraded
  • Not all to improve TCP over wireless
  • Many variations proposed to improve performance in different scenarios
  • Different perspectives
    • Slow start is too aggressive, causing fast congestion
    • Initial congestion window is too low
tcp modifications1
TCP modifications

TCP SACK (Selective ACK)

    • Instead of cumulative ACK, selective ACK for out of order packet. Less retransmission of successful received.
  • TCP FACK (Forward Acknowledgement)
    • Make intelligent decisions about data that should be retransmitted
  • TCP Santa Cruz
    • Keep records of sending & receiving time
    • Estimate whether congestion is built up
tcp modifications2
TCP modifications
  • Delayed ACK
    • No loss, cumulative ack. Loss, immediate ack.
  • DAASS (Delayed ACK after Slow Start)
    • After slow start is congestion avoidance, need less traffic
  • ACK Pacing
    • Rate based, instead of window based
  • ECN (Explicit Congestion Notification)
    • Router informs congestion
  • ELN (Explicit Loss Notification)
    • Loss is informed
new transport protocols
New Transport Protocols
  • WTCP (wireless TCP)
    • Designed for CDPD or wireless WAN: low BW, high latency
    • WTCP attempts to predict when a segment loss is due to transmission errors or due to congestion
    • Rate based, an algorithm to inform sender of increasing or reducing sending rate
    • Keep track of statistics for non-congestion segment losses
    • Use of ACK and SACK
    • Not been proven
    • WAP stack provides WTP which is message oriented, i.e., the basic unit of interchange is entire message not a byte stream as in TCP.
    • WTP offers various security mechanisms as well as data compression and encryption, provided by WTLS protocol.
  • TCP performance is poor under wireless environment
  • TCP over wireless
    • Link layer
    • Split connection
    • TCP modifications
  • Most developments are specific cases, not for general solution
  • New protocol designed for wireless just born, still need developments.
  • Facing the challenges of wireless security -
  • TCP in wired-cum-wireless environment -
  • Wireless Security
  • Neomar Server
  • WEP