Wireless Security - CSE SERVICESranger.uta.edu/~dliu/courses/ws/2-background.pdf · – Wireless...
30
By Dr. Donggang Liu Wireless Security Background
Transcript of Wireless Security - CSE SERVICESranger.uta.edu/~dliu/courses/ws/2-background.pdf · – Wireless...
By Dr. Donggang Liu
Wireless Security
Background
By Dr. Donggang Liu 2
Wireless Networks
• The need for mobile computing– Laptops, PDAs, Bluetooth devices– Smart phones – Enabling technology
• Wireless communication
• Two important characteristics– Wireless links
• unreliable, vulnerable
– Mobility • introduces new networking challenges
By Dr. Donggang Liu
Wireless Networks • Three elements
– End-point devices• Laptop, PDA, smartphones, RFID tags
• Maybe stationary or mobile
• Usually power constrained
– Wireless infrastructure• Base stations, e.g., wireless routers, access point
• Usually connected to wired network, e.g., Internet
• Relay packets between wireless devices and wired networks
– Wireless links• Communication channel
• data rate varies
• transmission distance varies
3
By Dr. Donggang Liu
Selected Wireless Standards
4
9/71
Characteristics of selected wireless linkstandards
Indoor10-30m
Outdoor50-200m
Mid-range
outdoor200m – 4 Km
Long-range
outdoor5Km – 20 Km
.056
.384
1
4
5-11
54
IS-95, CDMA, GSM 2G
UMTS/WCDMA, CDMA2000 3G
802.15
802.11b
802.11a,g
UMTS/WCDMA-HSPDA, CDMA2000-1xEVDO 3G cellular
enhanced
802.16 (WiMAX)
802.11a,g point-to-point
200 802.11n
Data
rate
(M
bps) data
10/71
Elements of a wireless network
network infrastructure
infrastructure mode! base station connects
mobiles into wirednetwork
! handoff: mobilechanges base stationproviding connectioninto wired network
By Dr. Donggang Liu
Organization
• Infrastructure mode– Base stations bridge user devices and wired networks
– User devices moves around and access wired network through different base stations
• Infrastructure-less, ad-hoc mode– No base stations
• Can only communicate with devices within the covered area
– Devices are self-organized into a network• E.g., routing packets between user devices
• single-hop v.s. multi-hop
5
By Dr. Donggang Liu
Characteristics of Wireless Link
• Limited signal strength– Also decrease with distance
• Interference from other sources– Noise, collision with other signals
• Multipath propagation– signal reflects off objects
• As a result, in wireless networks, links are– Often short range, unreliable, highly lossy
– Energy v.s. link quality6
By Dr. Donggang Liu
Signal Collision
• Hidden terminal problem– A, B can hear each other
– B, C can hear each other
– but A, C cannot hear each other, and thus are unaware of each other
7
A
B
C
• Signal Interfering– A, B can hear each other
– B, C can hear each other– but A, C cannot hear
each other and thus interfere at B
A B CX
By Dr. Donggang Liu
IEEE 802.11 Wireless LAN
• 802.11b, 802.11a,802.11g,802.11n– operate at different data rates
– all use CSMA/CA for multiple access• Sense before transmitting / collision avoidance
• no collision detection
– all have base-station and ad-hoc modes
• Basic architecture– Base stations + wireless hosts
– wireless hosts only (ad-hoc mode)8
By Dr. Donggang Liu
802.15 Personal Area Network
• Cover small area - 10m diameter
• Wireless keyboard, mouse, headphone• Master/slaves architecture
–slaves send requests to master
–master grant access
• Evolved from Bluetooth specification
9
By Dr. Donggang Liu
802.16: WiMAX
• Like 802.11 but longer range (~6 miles)–city rather than a single room
–date rate: ~ 14Mbps
• Basic architecture–Base stations + wireless hosts
10
By Dr. Donggang Liu
Cellular Network Architecture
• Consists of– base station
– mobile users
– wireless link
• Mobile switching center– connect cell to telephone network / internet
– manage call setup
– handle mobility
• Public telephone network / Internet11
By Dr. Donggang Liu
Cellular Communication
• Mobile-to-BS radio spectrum is shared
• Two techniques to mediate the access– Combined FDMA/TDMA
• FDMA: frequency division multiple access
• TDMA: time division multiple access
– CDMA: code division multiple access
• Standards– 2G (voice channels): GSM
– 2.5G (voice/data channels): GPRS, CDMA-2000 (phase 1)
– 3G (voice/data channels): CDMA-2000
12
By Dr. Donggang Liu
Wireless Mesh Networks
• Provide high-coverage, in expensive Internet service
• Architecture– One wireless hot spot (WHS): connect WMN to
Internet– Mobile stations
– Several transit access points: connect mobile stations to WHS
• Single connection point to Internet– Lower cost than WiFi networks
13
By Dr. Donggang Liu
Mobile Ad-hoc Networks
• Formed in an ad-hoc manner– Users are often mobile
– No infrastructure support
– Communicate through wireless link
– Limited energy at user device
– User devices also act as routers
• Often created for a specific purpose–Military applications, battlefield network
14
By Dr. Donggang Liu
Vehicular Ad-hoc Network
• Created for assisting drivers–Offer real-time nearby traffic information
• e.g., alerting drivers about accidents
–Based on the computing and communication platforms installed on each vehicle
– Information are exchanged through • individual vehicles, and
• road-side units
15
By Dr. Donggang Liu
Sensor Networks
• To interacts with physical environments– e.g., monitor volcano activity, battle field surveillance
– Operation in harsh environments
• Consists of – A large number of small, low-cost sensor nodes
• Sense the environment, collect and report findings
• Also forward data packets for others
• Form a network of small sensors
– A few base stations• Store data, connect to wired networks
16
By Dr. Donggang Liu
RFID
• Identifying and tracking items• An RFID system has
– RFID tags– RFID readers
– Back-end database
• RFID tag– microchip + antenna
– very limited memory and computing power– can active (battery powered) or passive (harness
energy from reader’s signal)
17
By Dr. Donggang Liu
Common challenges
• Wireless link– lossy, unreliable, open
• Mobility
• Limited energy • Limited computing capability
18
By Dr. Donggang Liu
Mobility• No mobility
– Users access network via the same AP
– Stationary wireless sensor networks
• Some mobility– Mobile users moves around and access the network via
different APs
– Mobile sensor networks• Sensors are mobile -> routing re-construction
• High mobility– Mobile users maintain uninterrupted network access passing
many APs (cell phone)
19
By Dr. Donggang Liu
Terms
• Home network– Home agent
• Perform mobility support
– Permanent address
• Visited network– Foreign agent
• Perform mobility support• Could be done by the mobile itself
– Care-of-address20
By Dr. Donggang Liu
How to Find a Mobile Friend?
• Search all phone books?
• Call her/his parents?
• Check her/his website or facebook profile
• Expect her/him to let you know where she/he is?
21
By Dr. Donggang Liu
Approaches to Handle Mobility• Let routers handle it
– Routers propagate the permanent address
– Routing table includes where each mobile user is located
– No change on the end-systems
– Problem: not scalable
• Let end-systems handle it– Direct routing
• get the address of FA and send messages to directly
– Indirect routing • communication via home agent and foreign agent
• Registration needed (home agent need to know where is the mobile)
22
By Dr. Donggang Liu
Indirect Routing
• Triangle routing– Correspondent
• send messages to home address
– Home agent • receives packets, find the visited network, and forward
them to the foreign agent
– Foreign agent• receives packets and forward them to mobile
– Mobile replies to correspondent directly
• Could be very inefficient due to the triangle23
By Dr. Donggang Liu
Moving between Networks
• Suppose user changes network again– registers with the new foreign agent
– new foreign agent registers with home agent
– home agent update the care-of-address
• This is done transparently – Correspondent does’t need to know the change
– Maintain uninterrupted communication
24
By Dr. Donggang Liu
Direct Routing• Correspondent gets the address of FA
– And then forwards packets to FA
• FA forward packets to mobile
• Mobile replies directly to correspondent
• Benefit: overcome triangle routing problem
• Not transparent to the correspondent– since she has to know the care-of-address
• What if mobile changes network again?– Let the first FA (anchor FA) handle the change
– i.e., you always contact the anchor FA to send messages
25
By Dr. Donggang Liu
Mobile IP (RFC 3344)
• Very similar to what we have discussed
• Three major components– indirect routing
–agent discovery• home/foreign agent broadcast ICMP messages
– registration with home agent
26
By Dr. Donggang Liu
Handle Mobility in Cellular Networks
• Home network (e.g., T-mobile, AT&T)–Home location register (HLR): database containing permanent user profile and current user location
• Visited network–Visitor location register (VLR): database containing users currently in the network
–Could be home network
27
By Dr. Donggang Liu
Indirect Routing in GSM
28
55/71
Handling mobility in cellular networks
! home network: network of cellular provider yousubscribe to (e.g., Sprint PCS, Verizon)" home location register (HLR): database in home
network containing permanent cell phone #,profile information (services, preferences,billing), information about current location(could be in another network)
! visited network: network in which mobile currentlyresides" visitor location register (VLR): database with
entry for each user currently in network" could be home network
56/71
Public
switched
telephone
network
mobile
user
home
Mobile
Switching
Center
HLRhome
network
visited
network
correspondent
Mobile
Switching
Center
VLR
GSM: indirect routing to mobile
1 call routed
to home network
2
home MSC consults HLR,
gets roaming number of
mobile in visited network
3
home MSC sets up 2nd leg of call
to MSC in visited network
4
MSC in visited network completes
call through base station to mobile
By Dr. Donggang Liu
Handoff with Common MSC
29
57/71
Mobile
Switching
Center
VLR
old BSSnew BSS
old
routing
new
routing
GSM: handoff with common MSC
! Handoff goal: route call vianew base station (withoutinterruption)
! reasons for handoff:" stronger signal to/from new
BSS (continuing connectivity,less battery drain)
" load balance: free up channelin current BSS
" GSM doesn’t mandate why toperform handoff (policy), onlyhow (mechanism)
! handoff initiated by old BSS
58/71
Mobile
SwitchingCenter
VLR
old BSS
1
3
24
5 6
78
GSM: handoff with common MSC
new BSS
1. old BSS informs MSC of impending
handoff, provides list of 1+ new BSSs
2. MSC sets up path (allocates resources)
to new BSS
3. new BSS allocates radio channel for
use by mobile
4. new BSS signals MSC, old BSS: ready
5. old BSS tells mobile: perform handoff to
new BSS
6. mobile, new BSS signal to activate new
channel
7. mobile signals via new BSS to MSC:
handoff complete. MSC reroutes call
8 MSC-old-BSS resources released
By Dr. Donggang Liu
Handoff with Common MSC• 1. old BSS informs MSC of impending
handoff, provides list of 1+ new BSSs
• 2. MSC sets up path (allocates resources) to new BSS
• 3. new BSS allocates radio channel for use by mobile
• 4. new BSS signals MSC, old BSS: ready
• 5. old BSS tells mobile: perform handoff to new BSS
• 6. mobile, new BSS signal to activate new channel
• 7. mobile signals via new BSS to MSC: handoff complete. MSC reroutes call
• 8 MSC-old-BSS resources released
30
57/71
Mobile
Switching
Center
VLR
old BSSnew BSS
old
routing
new
routing
GSM: handoff with common MSC
Handoff goal: route call vianew base station (withoutinterruption)
reasons for handoff: stronger signal to/from new
BSS (continuing connectivity,less battery drain)
load balance: free up channelin current BSS
GSM doesn’t mandate why toperform handoff (policy), onlyhow (mechanism)
handoff initiated by old BSS
58/71
Mobile
SwitchingCenter
VLR
old BSS
1
3
24
5 6
78
GSM: handoff with common MSC
new BSS
1. old BSS informs MSC of impending
handoff, provides list of 1+ new BSSs
2. MSC sets up path (allocates resources)
to new BSS
3. new BSS allocates radio channel for
use by mobile
4. new BSS signals MSC, old BSS: ready
5. old BSS tells mobile: perform handoff to
new BSS
6. mobile, new BSS signal to activate new
channel
7. mobile signals via new BSS to MSC:
handoff complete. MSC reroutes call
8 MSC-old-BSS resources released
