Security and Assurance - Goals Integrity
• Modified only in acceptable ways• Modified only by authorized people• Modified only by authorized processes
Availability
• Service request is completed in an acceptable period of time
• Timely response to requests
Confidentiality• Only authorized people or systems can access protected
data.
Threats, Vulnerabilities and Controls
Threats
circumstances that have the potential to cause harm
InterceptionInterruptionModificationfabrication
Vulnerabilities
weaknesses in a security system
Controls
protective measures
Security Needs for Mobile Networks
Basic security services provided by a wireless communication system• Encryption
• Confidentiality of user message transferred over the wireless channel
• Session key establishment • Between Home Network and a Mobile Station
• Between two different Mobile Stations
• Authentication
• For the validation of the identity of the mobile user
Cryptosystems
Cryptosystems are employed to cover up the content of the message exchanged between two parties
Two major types of Cryptosystems:• Public-Key (Asymmetric-Key)
• Ex. RSA (Rivest, Shamir, and Adleman)
• Symmetric-Key• Ex. DES (Data Encryption Standard)
Public-Key Cryptosystems Public-key P.txt = D(kPRIV , E(kPUB, P.txt)). (Asymmetric-Key) systems are easy to manage:
• Download the recipients public key. • Encrypt the message. • Send it. • The recipient uses the private key to decrypt.• Public-Key requires more computation (RSA is 1000 times slower than
DES). Modular Square Root (MSR) is a variant of RSA that requires only one modular multiplication, which is acceptable for a MS
Authentication Problem You have to know who you are talking to Sender E(kpubR , E(kprivS, P.txt)) Receiver
Symmetric-Key Cryptosystems
Strengths of Symmetric-Keys is based on:
Secrecy of the key
Difficulty of guessing the key
Difficulty of inverting the encryption (i.e., breaking the algorithm)
Computations needed are negligible compared to Public-Key
Analysis of Protocol 1 Symmetric-Key Encryption
1. MS HN: r
2. MS HN: IDMS, f(k, r)
An identity of each party is denoted by ID f() is a symmetric key encryption function such as DES The Home Network (HN) broadcasts systems information
including a random number r MS sends IDMS & f(k,r) to the HN k is the secret key shared between MS and HN HN find’s MS’s secret key – database – completes
authentication to the MS by verifying f(k,r)
Analysis of Protocol 1 Symmetric-Key Encryption (contd.)
The advantage of this protocol is that computation of f() can be easily performed by the MS having the low computational power.
The disadvantage, well…., do you think it will be easy to protect and maintain the database containing the secret keys of MS?
PROBABALY NOT!!!
Analysis of Protocol 2 Public Key Certificate
Assume a universally trusted certificate authority (CA) – run by a single, large SP
Each MS is provided with a certificate which contains:• MS’s identity• The current expiration date• Certificate authority’s signature• Certificate authority’s private key (sCA)
The MS and HN have the following certificatescertHN = {IDHN,pHN,dateHN,[h(IDHN,pHN,dateHN)]sCA}
certMS = {IDMS,dateMS,[h(IDMS,dateMS)]sCA} date denotes the expiration of the certificate pHN means the public key of the HN […] sCA means signing […] using a private key of the CA
Analysis of Protocol 2 Public Key Certificate (contd.)
1. MS HN: certHN
2. MS HN: [ks]pHN, f(ks,certMS)
3. MS HN: f(ks,[IDMS, IDHN])
The home network HN broadcasts its certificate certHN The MS can authenticate the HN by verifying the signature with the pCA
corresponding to sCA Session key ks randomly chosen by MS – encrypted with pHN and the
encrypted session key [ks]pHN is sent to the HN with the certMS encrypted with ks
HN decrypts [ks]pHN with its secret key sHN MS can also be authenticated based on its secret certificate Since anyone who obtains certMS, can impersonate MS, it should be
protected – ks encrypts the message
ServerServerServerServerServerServerServerServer
ServerServerServerServerHNHNHNHN
WorkstationWorkstationWorkstationWorkstation
MS
KerberosKerberosDatabaseDatabase
CertificateCertificate GrantingGranting ServerServer
CertificateCertificate GrantingGranting ServerServer
AuthenticationAuthentication ServerServer
AuthenticationAuthentication ServerServer
Kerberos Key Distribution ServiceKerberos Key Distribution Service
Protocol 1 -vs- Protocol 2certHN = {IDHN,pHN,dateHN,[h(IDHN,pHN,dateHN)]sCA} certMS = {IDMS,dateMS,[h(IDMS,dateMS)]sCA}
Protocol 1
1. MS HN: r
2. MS HN: IDMS, f(k, r)
Protocol 2
1. MS HN: certHN
2. MS HN: [ks]pHN, f(ks,certMS)
3. MS HN: f(ks,[IDMS, IDHN])
Strengths & Weaknesses of Protocols 1-3 Protocol 1: Symmetric-Key
• Negligible computation compared to Public-key
• Difficult to maintain and protect database of secret keys
Protocol 2: Public Key
• Computationally higher, although this is reduced by MSR
• Does not protect against impersonation of the MS
WEP key encryption
WEP key is used as a standard mode of encryption for the wireless lans. It is a symmetric key encryption used to prevent eavesdropping. It also prevents unauthorized users from accessing the lan. 40- bit and 128- bit WEP keys are available.
Working of WEP key
User and the Access point have a shared WEP key. RC4 algorithm expands a short key into infinite pseudo- random key streams. Checks to see if the key is from an authorized user.
RC4(streamcypher) encryption and decryption
State40-bytekey
Initialization Vector
XOR
Key-stream
Plaintext Cipher-text
Encryption box
One-time pad & XORD with
plain text
Problems in WEP key Encryption
• Decrypt using statistical analysis.
• Active attack to inject traffic.
• Active attack to decrypt packets
• Modify destination IP
• Send a packet to a remote known computer.
Problems in WEP keyencryption
Dictionary attack• Initialization vector
Man in the middle attacks• Intercepts authentication messages to gain
access to the network
Message Integrity Check (Interceptor)