wireless networks and mobile systems l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Lecture 12 Mobile Networks: Security in Wireless LANs and Mobile Networks PowerPoint Presentation
Download Presentation
Lecture 12 Mobile Networks: Security in Wireless LANs and Mobile Networks

Loading in 2 Seconds...

play fullscreen
1 / 46

Lecture 12 Mobile Networks: Security in Wireless LANs and Mobile Networks - PowerPoint PPT Presentation


  • 316 Views
  • Uploaded on

Wireless Networks and Mobile Systems Lecture 12 Mobile Networks: Security in Wireless LANs and Mobile Networks Lecture Objectives Introduce security vulnerabilities and defenses Describe security functions in Basic mechanisms WiFi Protected Access (WPA) IEEE 802.11i

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Lecture 12 Mobile Networks: Security in Wireless LANs and Mobile Networks' - mike_john


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
lecture objectives
Lecture Objectives
  • Introduce security vulnerabilities and defenses
  • Describe security functions in
    • Basic mechanisms
    • WiFi Protected Access (WPA)
    • IEEE 802.11i
  • Describe some other security issues

Mobile Networks: Security in Wireless LANs and Mobile Networks 2

references
References
  • J. F. Kurose and K. W. Ross, Computer Networking: A Top-Down Approach Featuring the Internet, 2nd ed., Addison Wesley, 2003, Chapter 7.
  • T. Karygiannis and L. Owens, “Wireless Network Security: 802.11, Bluetooth, and Handheld Devices,” NIST Special Publication 800-48, Nov. 2002.
    • http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
  • WiFi Protected Access (WPA)
    • http://www.wi-fi.org/OpenSection/protected_access.asp

Mobile Networks: Security in Wireless LANs and Mobile Networks 3

agenda
Agenda
  • Security vulnerabilities and objectives
  • Security mechanisms
  • Basic security features in IEEE 802.11
  • Improving WLAN security
  • Augmenting WLAN security
  • Other security issues

Mobile Networks: Security in Wireless LANs and Mobile Networks 4

wireless magnifies exposure vulnerability
Wireless Magnifies Exposure Vulnerability
  • Information going across the wireless link is exposed to anyone within radio range
    • RF may extend beyond a room or a building
    • Infrared limited to a room
  • Traditional wireline networks benefit from physical security
    • Access to the wire is required to gain information
    • Switched networks further reduce exposure

Sniffing is easy

Mobile Networks: Security in Wireless LANs and Mobile Networks 5

mobility makes it difficult to establish trust
Mobility Makes it Difficult toEstablish Trust
  • A mobile user must connect to a network component (e.g., an access point) that is physically hidden
    • Problem on both home and foreign networks
  • Mobility on foreign networks -- service providers are unknown and, perhaps, not trusted
    • Access points
    • Foreign agents
    • DHCP servers

Is this my AP?

Mobile Networks: Security in Wireless LANs and Mobile Networks 6

lack of infrastructure
Lack of Infrastructure
  • Lack of security infrastructure
    • Authentication servers
    • Certificate authorities
  • Unknown nodes providing service
    • Intermediate nodes for ad hoc routing

Can intermediatenode be trusted?

Mobile Networks: Security in Wireless LANs and Mobile Networks 7

system design issues
System Design Issues
  • Mobile form factor
    • Desire low power consumption
      • Minimize computation
      • Minimize network communication
    • Constrained by low processing capabilities
    • Constrained by limited link capacity
  • Need cryptographic and other security-related algorithms to be simple
  • Need to minimize communications overhead for security protocols

Mobile Networks: Security in Wireless LANs and Mobile Networks 8

secure communications 1
Secure Communications (1)
  • Privacy or confidentiality
    • The intended recipients know what was being sent but unintended parties cannot determine what was sent
    • Requires some form of encryption and decryption
      • Encryption at the sender
      • Decryption at the receiver using a public or private (secret) key to decode the encrypted information
  • Authentication
    • Confirms the identity of the other party in the communication
    • Assures that
      • The claimed sender is the actual sender
      • The claimed receiver is the actual receiver

Mobile Networks: Security in Wireless LANs and Mobile Networks 9

secure communications 2
Secure Communications (2)
  • Message integrity and non-repudiation
    • Data integrity – data is transmitted from source to destination without undetected alteration
    • Non-repudiation – prove that a received message came from a claimed sender
  • Availability and access control
    • Ensures availability of resources for the intended users
    • Controls access to resource

Mobile Networks: Security in Wireless LANs and Mobile Networks 10

link versus end to end security
Link Versus End-to-End Security
  • End-to-end security
    • Provided by network (e.g., IPsec), transport (e.g., SSL), and/or application layer (e.g., application-specific)
  • Link security
    • Provided by link layer (e.g., IEEE 802.11 WEP, WPA, or IEEE 802.11i)

End-to-End Security

Link Security

Mobile Networks: Security in Wireless LANs and Mobile Networks 11

security objectives 1
Security Objectives (1)
  • Major concerns at the link layer
    • Authentication (but, related to access control)
    • Privacy
    • Integrity
  • Major concerns at the network layer (e.g., IPsec)
    • Authentication
    • Privacy
    • Integrity

Mobile Networks: Security in Wireless LANs and Mobile Networks 12

security mechanisms 2
Security Mechanisms (2)
  • Security mechanisms at the transport layer (e.g., SSL) and in applications may deal with all objectives
    • Authentication
    • Privacy
    • Integrity
    • Access control

Mobile Networks: Security in Wireless LANs and Mobile Networks 13

agenda14
Agenda
  • Security vulnerabilities and objectives
  • Security mechanisms
  • Basic security features in IEEE 802.11
  • Improving WLAN security
  • Augmenting WLAN security
  • Other security issues

Mobile Networks: Security in Wireless LANs and Mobile Networks 14

cryptography
Cryptography
  • Symmetric (private) key cryptography
    • Sender and receiver keys are identical (KA = KB)
  • Asymmetric (public) key cryptography
    • Sender (encryption) key (KA) is public
    • Receiver (decryption) key (KB KA) is private

Plaintext

KA

Ciphertext

KB

Plaintext

Encryption

Decryption

Mobile Networks: Security in Wireless LANs and Mobile Networks 15

public key cryptography
Public Key Cryptography
  • Unlike a private key system, one can publish the key for encryption in a public key encryption system

KB+

Public key

Private key

Plaintext

Ciphertext

KB-

Plaintext

Encryption

Decryption

m

KB+(m)

m = KB-(KB+(m))

Mobile Networks: Security in Wireless LANs and Mobile Networks 16

authentication with private key cryptography
Authentication withPrivate Key Cryptography
  • Authentication can be implemented with symmetric (private) key cryptography

A

B

Claim “A”

Generate aone-time “nonce”

R

encrypt

decrypt

K(R)

R

Mobile Networks: Security in Wireless LANs and Mobile Networks 17

authentication with public key cryptography
Authentication withPublic Key Cryptography
  • Use of public key avoids shared key problem
  • Vulnerable to “man-in-the-middle” attack

A

B

Claim “A”

KA+: A’s public key

KA-: A’s private key

R

KA-(R)

Sender must have used private key of A, so it is A

Key Request

KA+

Compute KA+(KA-(R)) = R

Mobile Networks: Security in Wireless LANs and Mobile Networks 18

agenda19
Agenda
  • Security vulnerabilities and objectives
  • Security mechanisms
  • Basic security features in IEEE 802.11
    • Authentication
    • Privacy
  • Improving WLAN security
  • Augmenting WLAN security
  • Other security issues

Mobile Networks: Security in Wireless LANs and Mobile Networks 19

ieee 802 11 security
IEEE 802.11 Security
  • Security was not thoroughly addressed in the original IEEE 802.11 standard
    • Based on Wired Equivalent Privacy (WEP)
    • Objective is to not compromise security when compared to a standard wired LAN (e.g., Ethernet) – but what does this really mean?
  • Evolution
    • Long-term: IEEE 802.11i
    • Short-term: WiFi Protected Access (WPA)

Mobile Networks: Security in Wireless LANs and Mobile Networks 20

ieee 802 11 authentication 1
IEEE 802.11: Authentication (1)
  • IEEE 802.11 supports two authentication schemes
    • Open system “authentication”
    • Shared key authentication
  • Authentication management frames used in a transaction to establish authentication
    • Authentication algorithm number
    • Authentication transaction sequence number
    • Status code
  • Deauthentication management frame sent to terminate an association
    • Reason code

Mobile Networks: Security in Wireless LANs and Mobile Networks 21

ieee 802 11 authentication 2
IEEE 802.11: Authentication (2)
  • Open system “authentication” is really just a placeholder for systems that do not wish to implement true authentication
    • One station asserts its identity
    • The other station responds with success
  • Shared key authentication
    • Both stations must have a copy of a WEP key
    • Station proves identity by encrypting and returning challenge text
    • 128-bit challenge text based on RC4 stream cipher
  • Shared key authentication only authenticates the station to the AP, not the AP to the station!

Mobile Networks: Security in Wireless LANs and Mobile Networks 22

ieee 802 11 shared key authentication
IEEE 802.11: Shared Key Authentication
  • Uses private key authentication scheme shown earlier

STA

AP

identity assertion

128-bitone-time nonce

identity assertion/challenge text

Encrypted using shared WEP key

encrypted text

Decrypted using shared WEP key

success/failure

Mobile Networks: Security in Wireless LANs and Mobile Networks 23

ieee 802 11 deauthentication
IEEE 802.11: Deauthentication
  • A station can terminate an authentication association with another station by sending that station a deauthentication frame
    • Contains just a reason code, e.g., sending station is leaving the BSS or ESS

Mobile Networks: Security in Wireless LANs and Mobile Networks 24

ieee 802 11 privacy
IEEE 802.11: Privacy
  • Based on Wired Equivalent Privacy (WEP)
  • MAC at sender encrypts frame body of data frames
    • Headers and non-data frames are not encrypted
    • Does not protect against data analysis attacks
  • MAC at receiver decrypts and passes data to higher level protocol
  • Uses RC4 symmetric stream cipher
    • Same key at sender and receiver
    • Can be applied to variable length data
  • Key distribution not addressed in standard

Mobile Networks: Security in Wireless LANs and Mobile Networks 25

wep data encryption
WEP Data Encryption
  • Host/AP share 40-bit symmetric key
    • Semi-permanent WEP key
    • May be longer (e.g., 128 bits)
  • Host appends 24-bit initialization vector (IV) for each frame to create a 64-bit key
    • 152-bit key with 128-bit WEP key
  • The 64-bit key is used to generate a stream of keys, kiIV , using RC4 private key stream cipher algorithm
    • Key kiIV is used to encrypt byte i, di, in the frame
      • ci = di XOR kiIV (XOR is exclusive-or)
    • Initialization vector (IV) and the encrypted bytes, ci, are sent in the frame

Mobile Networks: Security in Wireless LANs and Mobile Networks 26

wep encryption at the sender
WEP Encryption at the Sender

KS

Key Sequence Generator

KS = shared WEP key

IV

k1IV

k2IV

kNIV

kN+1IV

kN+4IV

d1

d2

dN

crc1

crc4

Supports integrity

c1

c2

cN

cN+1

cN+4

802.11Header

IV

WEP-encrypted data and CRC

Mobile Networks: Security in Wireless LANs and Mobile Networks 27

wep encryption vulnerability
WEP Encryption Vulnerability
  • Initialization vectors are 24 bits in length and a new one is used each frame, so IVs are eventually reused
  • IVs are transmitted in plaintext, so IV reuse can be detected just by packet sniffing
  • Attack
    • An intruder causes a host to encrypt known plaintext, d1, d2, d3,…
    • The intruder sees ci = di XOR kiIV
    • The intruder knows ci and di, so it can compute kiIV
    • The intruder knows encrypting key sequence k1IV, k2IV, k3IV, k4IV, …
    • The next time that the same IV is used, the intruder can decrypt

Mobile Networks: Security in Wireless LANs and Mobile Networks 28

ieee 802 11 security weaknesses 1
IEEE 802.11: Security Weaknesses (1)
  • WEP encryption is flawed, affecting privacy and authentication
    • Static WEP keys leave encryption vulnerable
    • Initialization vectors sent in the clear
    • Generation of IVs may be weak
      • Not specified in the standard
      • All NICs from a vendor may generate the same sequence of IVs or the IV may be a fixed value
    • Exposed IV (revealing part of key) plus weakness of RC4 make WEP vulnerable to analysis
    • Can be broken for a busy network by a contemporary personal computer – about 10 hours for sniffing and a few seconds to “guess” the key

Mobile Networks: Security in Wireless LANs and Mobile Networks 29

ieee 802 11 security weaknesses 2
IEEE 802.11: Security Weaknesses (2)
  • Integrity check based on CRC
    • Relatively weak compared to a hash or message authentication scheme
    • Introduces vulnerabilities for certain kinds of attacks
  • Unilateral challenge-response used for authentication vulnerable to “man-in-the-middle” attack
  • Asymmetric authentication
    • Station cannot authenticate AP
    • Key management is not addressed by the standard
      • Very complex task, especially for a large network

Mobile Networks: Security in Wireless LANs and Mobile Networks 30

ieee 802 11 security weaknesses 3
IEEE 802.11: Security Weaknesses (3)
  • “Out-of-the-box” default is usually no security
    • Ease of deployment and ease of operation for users
    • Lots of WLANs with no security configured!

Mobile Networks: Security in Wireless LANs and Mobile Networks 31

agenda32
Agenda
  • Security vulnerabilities and objectives
  • Security mechanisms
  • Basic security features in IEEE 802.11
  • Improving WLAN security
  • Augmenting WLAN security
  • Other security issues

Mobile Networks: Security in Wireless LANs and Mobile Networks 32

improving ieee 802 11 security
Improving IEEE 802.11 Security
  • RSA Security’s Fast Packet Rekeying
  • WiFi Alliance’s WiFi Protected Access (WPA)
  • IEEE 802.11 Technical Group i (IEEE 802.11i)

Mobile Networks: Security in Wireless LANs and Mobile Networks 33

fast packet rekeying
Fast Packet Rekeying
  • Generates a unique key to encrypt each network packet on the WLAN
  • Hashing technique used to rapidly generates per packet keys
  • The IEEE 802.11 group has approved fast packet rekeying as a fix for WEP security weaknesses

Mobile Networks: Security in Wireless LANs and Mobile Networks 34

wifi protected access
WiFi Protected Access
  • WiFi Protected Access (WPA) is intended as a near-term solution to the IEEE 802.11 security problem
    • Software-only updates – requires update to AP firmware and NIC driver
    • A subset of the more extensive IEEE 802.11i techniques
  • Based on two main functions
    • 802.1x port-based access control
    • Temporal Key Integrity Protocol (TKIP)

Mobile Networks: Security in Wireless LANs and Mobile Networks 35

ieee 802 1x port based access control
IEEE 802.1x Port-Based Access Control
  • Allows use of upper-layer authentication protocols
    • AP and station can authenticate each other
    • Integrates with IETF’s Extensible Authentication Protocol (EAP)
      • See RFC 2284
    • Authentication can be…
      • On the AP
      • Use a backend server, e.g., with RADIUS
  • Allows use of session keys
    • 802.1x keys can be changed each session
    • Standard WEP keys are semi-permanent

Mobile Networks: Security in Wireless LANs and Mobile Networks 36

temporal key integrity protocol
Temporal Key Integrity Protocol
  • Extends the initialization vector (IV) space beyond 24 bits
  • Uses key construction for each packet
  • Improves cryptographic integrity check beyond CRC used in WEP
  • Supports key derivation and distribution

Mobile Networks: Security in Wireless LANs and Mobile Networks 37

ieee 802 11i
IEEE 802.11i
  • IEEE 802.11i also known as Robust Security Network (RSN)
    • Longer-term solution (but should be available very soon)
    • Requires hardware replacements for APs and NICs
  • Superset of WPA – includes…
    • IEEE 802.1x port-based access control
    • Temporal Key Integrity Protocol (TKIP)
  • Includes support for Advanced Encryption Standard (AES) for confidentiality and integrity

Mobile Networks: Security in Wireless LANs and Mobile Networks 38

advanced encryption standard
Advanced Encryption Standard
  • The Advanced Encryption Standard (AES) is published by NIST as the successor to Data Encryption Standard (DES)
  • Operation
    • 128-byte blocks of data (cleartext)
    • 128-, 192-, or 256-bit symmetric keys
  • NIST estimates that a machine that can break 56-bit DES key in 1 second would take about 149 trillion years to crack a 128-bit AES key (unless someone is very lucky)

Mobile Networks: Security in Wireless LANs and Mobile Networks 39

agenda40
Agenda
  • Security vulnerabilities and objectives
  • Security mechanisms
  • Basic security features in IEEE 802.11
  • Improving WLAN security
  • Augmenting WLAN security
  • Other security issues

Mobile Networks: Security in Wireless LANs and Mobile Networks 40

mitigating risk
Mitigating Risk*
  • Management countermeasures
    • For example, standardizing AP settings and controlling use of WLANs within an organization
  • Operational countermeasures
    • For example, controlling coverage area of APs
  • Technical countermeasures
    • Access point configuration
    • Firmware and software updates
    • Personal firewalls
    • Intrusion detection systems (IDS)
    • Maximizing WEP key length
    • Security audits
    • Virtual private networks

*Karygiannis and Owens, 2002

Mobile Networks: Security in Wireless LANs and Mobile Networks 41

virtual private networks
Virtual Private Networks
  • Using a VPN (e.g., based on IPsec) above the WLAN provides the security present in the environment of the VPN server

VPN Tunnel

Link Security

VPNServer

Mobile Networks: Security in Wireless LANs and Mobile Networks 42

agenda43
Agenda
  • Security vulnerabilities and objectives
  • Security mechanisms
  • Basic security features in IEEE 802.11
  • Improving WLAN security
  • Augmenting WLAN security
  • Other security issues

Mobile Networks: Security in Wireless LANs and Mobile Networks 43

bluetooth
Bluetooth
  • While generally more secure than IEEE 802.11, there are vulnerabilities
  • More information…
    • C. T. Hager and S. F. Midkiff, “Demonstrating Vulnerabilities in Bluetooth Security,” IEEE Global Telecommunications Conference (GLOBECOM), Vol. 3, Dec. 1-5, 2003, pp. 1420-1424.
    • C. T. Hager and S. F. Midkiff, “An Analysis of Bluetooth Security Vulnerabilities,” IEEE Wireless Communications and Networking Conference, Vol. 3, March 16-20, 2003, pp. 1825-1831.

Mobile Networks: Security in Wireless LANs and Mobile Networks 44

mobile networks
Mobile Networks
  • Security vulnerabilities in Mobile IP
    • Rogue Foreign Agents
    • Impersonating a Home Agent
    • Impersonating a Mobile Host to redirect traffic
    • Reducing security to enable Mobile IP – router at foreign network
  • Security vulnerabilities in mobile ad hoc networks (MANETs)
    • Generating faulty routing information
    • Snooping on relayed traffic
    • Refusing to route
    • Power-oriented attacks

Mobile Networks: Security in Wireless LANs and Mobile Networks 45

summary
Summary
  • Examined the basic objectives of security and fundamental approaches to cryptography and authentication
  • IEEE 802.11 security features (which are flawed)
    • Authentication
    • Privacy and integrity
  • Solutions to IEEE 802.11’s security problems
    • WiFi Protected Access (WPA)
    • IEEE 802.11i – Robust Security Network (RSN)
  • Higher layer security methods can also address WLAN security problems
  • Other security issues in wireless and mobile systems

Mobile Networks: Security in Wireless LANs and Mobile Networks 46