Communication System Design 2002, KTH1 Security And Availability For Wireless Communication...
-
Upload
gabriel-bailey -
Category
Documents
-
view
216 -
download
0
Transcript of Communication System Design 2002, KTH1 Security And Availability For Wireless Communication...
Communication System Design 2002, KTH
1
Security And Availability For Wireless Communication
OrganizationPost & Telestyrelse : Anders Rafting
Coach : Lars Adolfsson
Co-Coach : Fredrik Lilieblad
Mehdi GhasemiXiaodong Hu Yvonne Grunnevall
Communication System Design 2002, KTH
2
Goals
What is Wireless Security? Threats in wireless LAN
Security implementations in
HiperLAN/2, IEEE 802.11a, b and Bluetooth
IP-Roaming (WVPN)
OS security
Conclusion
Presentation disposition
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
3
Classifying security threats in WLAN
Security implementation in HiperLAN/2, 802.11 and Bluettoth
Comparing HiperLAN, 802.11 and Bluetooth with each other
Seamless IP-Roaming
Security solutions
Inventory of terminals on the market
Goals
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
4
What is WLAN Security?
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
5
Threats in Wireless Communication
1. Passive attacks
2. Active attacks
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
6
Threats in Wireless Communication
Passive attacks Eavesdropping (sniffering)Very easy in the radio environment.
If the wireless LAN is inside a building, the eavesdropping could actually occur from an external point
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
7
Threats in Wireless Communication
Active attacks
1.1. Social EngineeringSocial Engineering
2.2. ImpersonationImpersonation
3.3. ExploitsExploits
4.4. Data DrivenData Driven
5. Transitive Trust
6. Infrastructure
7. Denial of Service
Security And Availability For Wireless Communication
Similar in Wired & Wireless Communication
Communication System Design 2002, KTH
8
Threats in Wireless Communication
Social Engineering
Fooling the victim for fun and profit
Example
1. Please change your password to ”fooble”
2. Attacker then logs in as user from our network
3. System bugs exploited to gain complete run of system
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
9
Threats in Wireless Communication
Impersonation
Stealing access rights of authorized users
Example
1. Attacker with network sniffer (tcpdump,nitsniff, etc) at trade show or network captures complete login session
2. Attacker later logs into system with user-id and stolen password
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
10
Threats in Wireless Communication
Exploits
Exploiting a hole in software or operatingsystems
Example
1. Attacker sends a message to invalid recipient that appears to have come from a program invocation
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
11
Threats in Wireless Communication
Data Driven
Trojans, trapdoors, viruses
Example
1. Attacker logs into user's account
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
12
Threats in Wireless Communication
Transitive Trust
Attacker fools the mobile host into trusting a base station controlled by the attacker
Wireless LANs offer an interface to an attacker requiring no physical arrangements
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
13
Threats in Wireless Communication
Infrastructure Taking advantage of protocol or infrastructure features or
bugs Infrastructure attacks are based on weaknesses in the
system; software bugs, configuration mistakes, hardware failures, etc.
Similar to problems in wired LANS. Protection against this type of attacks is nearly impossible.
Efforts should be made to minimize potential damage.
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
14
Threats in Wireless Communication
Denial of Service Preventing system from being used As result of the nature of radio transmissions, wireless
LANs are very vulnerable to DOS attacks With a powerful enough transceiver, an attacker can easily
generate enough interference to jam communications
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
15
Security Implementation in
IEEE 802.11 HiperLANBluetooth
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
16
Security And Availability For Wireless Communication
802.11: Wired Equivalent Privacy (WEP)
Designed to be computationally efficient, self-synchronizing and exportable
All users of a given access point share the same encryption key
Shared key authentication Vulnerable to attack Data headers remain unencrypted so anyone can see the
source and destination of the data stream
Communication System Design 2002, KTH
17
Security And Availability For Wireless Communication
802.11: Service Set ID (SSID)
SSID is the network name for a wireless network Can be required to specifically request the access point by
name (lets SSID act as a password) The more people that know the SSID, the higher risks for
misuse Changing the SSID requires communicating the change to
all users of the network
Communication System Design 2002, KTH
18
Security And Availability For Wireless Communication
802.11: MAC Address
Can control access by allowing only defined MAC addresses to connect to the network
Must compile, maintain, and distribute a list of valid MAC addresses to each access point
This address can be spoofed
Not a valid solution for public applications
Communication System Design 2002, KTH
19
Bluetooth
Security And Availability For Wireless Communication
Three security modes
1. Non-secure
2. Link level security, four entities
3. Service levle security, three security levels
Communication System Design 2002, KTH
20
HiperLAN/2
Security And Availability For Wireless Communication
Authentication
Pre-shared key
Public key
Encryption
Communication System Design 2002, KTH
21
Security And Availability For Wireless Communication
Feature 802.11a 802.11b HiperLAN/2
Access CSMA/CA CSMA/CA Centralized TDMA
Connection Connectionless Connectionless Connection oriented
Network support
Support for 802.2 based network
Support for 802.2 based network
Support for multiple core network
Encryption 40-bit RC4 40-bit RC4 DES, 3DES
Security Authentication, encryption and WEP
(and OFDM )
Authentication encryption and WEP
Defines two IDs of communicating nodes uniquely identifying any stations to accomplish security
Comparison between the standards
Communication System Design 2002, KTH
22
Security And Availability For Wireless Communication
802.11a and 802.11b work on different frequencies, so Can coexist in one network
Interference between 802.11b and Bluetooth (near each other)
HiperLAN/2 is not interoperable with 802.11a or 802.11b
Interoperability
Communication System Design 2002, KTH
23
Security And Availability For Wireless Communication
Security and seamless IP-Roaming
IP Mobility
Session Mobility
Wireless VPN
Communication System Design 2002, KTH
24
IP Mobility
Security And Availability For Wireless Communication
Application
IP Mobility
TCP/UDP
IP/IPsec
Mobile IP
Phy Link
Application
SessionMobility
TCP/UDP
IP
SessionMobility
Phy Link
Session Layer
Sockets
Transport Layer
Network Layer
Communication System Design 2002, KTH
25
Security And Availability For Wireless Communication
Application
IP Mobility
TCP/UDP
IP/IPsec
Mobile IP
Phy Link
Application
SessionMobility
TCP/UDP
IP
SessionMobility
Phy Link
Session Layer
Sockets
Transport Layer
Network Layer
Session Mobility
Communication System Design 2002, KTH
26
Security And Availability For Wireless Communication
OS SecurityApplication
Services
Operating System
OS Kernel
Hardware
Communication System Design 2002, KTH
27
Security And Availability For Wireless Communication
Windows Security
Machine OrientedMan Oriented
Focus on usersFocus on data
Communication System Design 2002, KTH
28
Security And Availability For Wireless Communication
Unix security
Machine OrientedMan Oriented
Focus on usersFocus on data
Communication System Design 2002, KTH
29
Security And Availability For Wireless Communication
Wireless LANs very useful and convenient, but current security state not ideal for sensitive environments.
Growing use and popularity require increased focus on security
Cannot forget client security Strong end user security policies and configurations The nature of the radio communication makes it practically
impossible to prevent some attacks, like denial of service using radio interference
Firewalls Wireless VPN
Conclusion
Communication System Design 2002, KTH
30
Questions?
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
31
What is WLAN (Wireless Local Area Network) ?
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
32
HiperLAN/2,IEEE 802.11 and Bluetooh
Security And Availability For Wireless Communication
Communication System Design 2002, KTH
33
IP-Roaming
Security And Availability For Wireless Communication
Internet
Home Agent
Care-of Agent
Mobile IP Computer
Communication System Design 2002, KTH
34
Security And Availability For Wireless Communication
802.11
2.4GHz operating frequency 1 to 2 Mbps throughput Can choose between frequency hopping or direct
sequence spread modulation
Communication System Design 2002, KTH
35
Security And Availability For Wireless Communication
Operates in 5GHz band (less RF interference than 2.4GHz range)
Users Orthogonal Frequency Division Multiplexing (OFDM) Supports data rates up to 54 Mbps Currently no products available, expected in fourth quarter
802.11a
Communication System Design 2002, KTH
36
Security And Availability For Wireless Communication
Operates in 2.4GHz band Data rates can be as high as 11 Mbps Only direct sequence modulation is specified Most widely deployed today
802.11b
Communication System Design 2002, KTH
37
Security And Availability For Wireless Communication
Development led by the European Telecommunications Standards Institute (ETSI)
Operates in the 5 GHz range, uses OFDM technology, and support data rates over 50Mbps like 802.11a
QoS
HiperLAN/2
Communication System Design 2002, KTH
38
Security And Availability For Wireless Communication
Provides a scaleable authentication and encryption solution Does require end user configuration and a strong
knowledge of VPN technology Users must re-authenticate if roaming between VPN servers
VPN (Virtual Private Network)
Communication System Design 2002, KTH
39
Security And Availability For Wireless Communication
WEP Encapsulation Summary:
• Encryption Algorithm = RC4
• Per-packet encryption key = 24-bit IV concatenated to a pre-shared key
• WEP allows IV to be reused with any frame
• Data integrity provided by CRC-32 of the plaintext data (the “ICV”)
• Data and ICV are encrypted under the per-packet encryption key
802.11 Hdr Data
802.11 Hdr DataIV ICV
Encapsulate Decapsulate
WEP Encapsulation
Communication System Design 2002, KTH
40
Difference between HiperLAN/2 and 802.11
Security And Availability For Wireless Communication
Higher efficiency with regard to throughput
Main difference is at MAC-layer
Can be used in a vriouse core network envoironment