Communication System Design 2002, KTH1 Security And Availability For Wireless Communication...

Communication System Design 2002, KTH

1

Security And Availability For Wireless Communication

OrganizationPost & Telestyrelse : Anders Rafting

Coach : Lars Adolfsson

Co-Coach : Fredrik Lilieblad

Mehdi GhasemiXiaodong Hu Yvonne Grunnevall


2

Goals

What is Wireless Security? Threats in wireless LAN

Security implementations in

HiperLAN/2, IEEE 802.11a, b and Bluetooth

IP-Roaming (WVPN)

OS security

Conclusion

Presentation disposition



3

Classifying security threats in WLAN

Security implementation in HiperLAN/2, 802.11 and Bluettoth

Comparing HiperLAN, 802.11 and Bluetooth with each other

Seamless IP-Roaming

Security solutions

Inventory of terminals on the market

Goals



4

What is WLAN Security?



5

Threats in Wireless Communication

1. Passive attacks

2. Active attacks



6


Passive attacks Eavesdropping (sniffering)Very easy in the radio environment.

If the wireless LAN is inside a building, the eavesdropping could actually occur from an external point



7


Active attacks

1.1. Social EngineeringSocial Engineering

2.2. ImpersonationImpersonation

3.3. ExploitsExploits

4.4. Data DrivenData Driven

5. Transitive Trust

6. Infrastructure

7. Denial of Service


Similar in Wired & Wireless Communication


8


Social Engineering

Fooling the victim for fun and profit

Example

1. Please change your password to ”fooble”

2. Attacker then logs in as user from our network

3. System bugs exploited to gain complete run of system



9


Impersonation

Stealing access rights of authorized users

Example

1. Attacker with network sniffer (tcpdump,nitsniff, etc) at trade show or network captures complete login session

2. Attacker later logs into system with user-id and stolen password



10


Exploits

Exploiting a hole in software or operatingsystems

Example

1. Attacker sends a message to invalid recipient that appears to have come from a program invocation



11


Data Driven

Trojans, trapdoors, viruses

Example

1. Attacker logs into user's account



12


Transitive Trust

Attacker fools the mobile host into trusting a base station controlled by the attacker

Wireless LANs offer an interface to an attacker requiring no physical arrangements



13


Infrastructure Taking advantage of protocol or infrastructure features or

bugs Infrastructure attacks are based on weaknesses in the

system; software bugs, configuration mistakes, hardware failures, etc.

Similar to problems in wired LANS. Protection against this type of attacks is nearly impossible.

Efforts should be made to minimize potential damage.



14


Denial of Service Preventing system from being used As result of the nature of radio transmissions, wireless

LANs are very vulnerable to DOS attacks With a powerful enough transceiver, an attacker can easily

generate enough interference to jam communications



15

Security Implementation in

IEEE 802.11 HiperLANBluetooth



16


802.11: Wired Equivalent Privacy (WEP)

Designed to be computationally efficient, self-synchronizing and exportable

All users of a given access point share the same encryption key

Shared key authentication Vulnerable to attack Data headers remain unencrypted so anyone can see the

source and destination of the data stream


17


802.11: Service Set ID (SSID)

SSID is the network name for a wireless network Can be required to specifically request the access point by

name (lets SSID act as a password) The more people that know the SSID, the higher risks for

misuse Changing the SSID requires communicating the change to

all users of the network


18


802.11: MAC Address

Can control access by allowing only defined MAC addresses to connect to the network

Must compile, maintain, and distribute a list of valid MAC addresses to each access point

This address can be spoofed

Not a valid solution for public applications


19

Bluetooth


Three security modes

1. Non-secure

2. Link level security, four entities

3. Service levle security, three security levels


20

HiperLAN/2


Authentication

Pre-shared key

Public key

Encryption


21


Feature 802.11a 802.11b HiperLAN/2

Access CSMA/CA CSMA/CA Centralized TDMA

Connection Connectionless Connectionless Connection oriented

Network support

Support for 802.2 based network

Support for 802.2 based network

Support for multiple core network

Encryption 40-bit RC4 40-bit RC4 DES, 3DES

Security Authentication, encryption and WEP

(and OFDM )

Authentication encryption and WEP

Defines two IDs of communicating nodes uniquely identifying any stations to accomplish security

Comparison between the standards


22


802.11a and 802.11b work on different frequencies, so Can coexist in one network

Interference between 802.11b and Bluetooth (near each other)

HiperLAN/2 is not interoperable with 802.11a or 802.11b

Interoperability


23


Security and seamless IP-Roaming

IP Mobility

Session Mobility

Wireless VPN


24

IP Mobility


Application

IP Mobility

TCP/UDP

IP/IPsec

Mobile IP

Phy Link

Application

SessionMobility

TCP/UDP

IP

SessionMobility

Phy Link

Session Layer

Sockets

Transport Layer

Network Layer


25


Application

IP Mobility

TCP/UDP

IP/IPsec

Mobile IP

Phy Link

Application

SessionMobility

TCP/UDP

IP

SessionMobility

Phy Link

Session Layer

Sockets

Transport Layer

Network Layer

Session Mobility


26


OS SecurityApplication

Services

Operating System

OS Kernel

Hardware


27


Windows Security

Machine OrientedMan Oriented

Focus on usersFocus on data


28


Unix security

Machine OrientedMan Oriented

Focus on usersFocus on data


29


Wireless LANs very useful and convenient, but current security state not ideal for sensitive environments.

Growing use and popularity require increased focus on security

Cannot forget client security Strong end user security policies and configurations The nature of the radio communication makes it practically

impossible to prevent some attacks, like denial of service using radio interference

Firewalls Wireless VPN

Conclusion


30

Questions?



31

What is WLAN (Wireless Local Area Network) ?



32

HiperLAN/2,IEEE 802.11 and Bluetooh



33

IP-Roaming


Internet

Home Agent

Care-of Agent

Mobile IP Computer


34


802.11

2.4GHz operating frequency 1 to 2 Mbps throughput Can choose between frequency hopping or direct

sequence spread modulation


35


Operates in 5GHz band (less RF interference than 2.4GHz range)

Users Orthogonal Frequency Division Multiplexing (OFDM) Supports data rates up to 54 Mbps Currently no products available, expected in fourth quarter

802.11a


36


Operates in 2.4GHz band Data rates can be as high as 11 Mbps Only direct sequence modulation is specified Most widely deployed today

802.11b


37


Development led by the European Telecommunications Standards Institute (ETSI)

Operates in the 5 GHz range, uses OFDM technology, and support data rates over 50Mbps like 802.11a

QoS

HiperLAN/2


38


Provides a scaleable authentication and encryption solution Does require end user configuration and a strong

knowledge of VPN technology Users must re-authenticate if roaming between VPN servers

VPN (Virtual Private Network)


39


WEP Encapsulation Summary:

• Encryption Algorithm = RC4

• Per-packet encryption key = 24-bit IV concatenated to a pre-shared key

• WEP allows IV to be reused with any frame

• Data integrity provided by CRC-32 of the plaintext data (the “ICV”)

• Data and ICV are encrypted under the per-packet encryption key

802.11 Hdr Data

802.11 Hdr DataIV ICV

Encapsulate Decapsulate

WEP Encapsulation


40

Difference between HiperLAN/2 and 802.11


Higher efficiency with regard to throughput

Main difference is at MAC-layer

Can be used in a vriouse core network envoironment


41


Vulnerability

Interruption(Denail of Service)

Interception(Theft)

Interruption(Loss)

Interception

Modification

fabrication

Interruption(Deletion)

Interception

Modification

SoftwareData

Hardware

Communication System Design 2002, KTH1 Security And Availability For Wireless Communication...

Documents

Transcript of Communication System Design 2002, KTH1 Security And Availability For Wireless Communication...