wireless security speaker: jerry gao ph.d. san jose state university email: [email protected]...

Wireless Security

Speaker: Jerry Gao Ph.D.

San Jose State Universityemail: [email protected]

URL: http://www.engr.sjsu.edu/gaojerry

Topic: Wireless Security

- Why IS Wireless Security Differ?

- What the needs and challenges?

- Wireless Threats and Security Problems

- Basic Concepts in Security

- WAP Wireless Security Solutions

- Wireless LAN Security Solutions

Jerry Gao Ph.D. 3/2004

Presentation Outline

All Rights Reserved

Wireless networks are characterized by generally low quality service (QoS) due to small size devices, low power, and low bandwidth.

There are four fundamental differences for wireless services:

• Bandwidth

• Allowable error rates

• Latency and Variability

• Power constraints

Compared with wired networks, wireless networks are:

• Relatively unreliable, as packet losses.

• High latency and variability due to retransmissions.

• Network limitations on communications and security protocols.

Jerry Gao Ph.D. 3/2004 All Rights Reserved

Why Is Wireless Security Different?

Other related issues:

• Portable device limitations:

– User expectations, limited computing power, and limited storage space.

– >> limits to the cryptographic algorithms and solutions in a device

– >> fundamental restrictions on bandwidth, error rate, latency, and variability.

• Portable mobility causes issues:

– Out of coverage, one-way coverage, unknown network connectivity, throughput overflow, protocol overhead and compression.


Why Is Wireless Security Different?

Why Do We Need Wireless Security?

Since most existing security solutions, standards, and technology are not well suited for wireless networking and wireless systems because of the following reasons:

• They have too much overhead and tight timeout

• They are too complex and need much for power, and storage

• They are not efficient enough for mobile devices and wireless networks

In a wireless network, security features greatly differ between each of the protocol stacks, and security policy implementation and enforcement is dependent on the carrier.


What Are Needs and Challenges?

What are the challenges here?

• Adaptation and integration of existing solutions and infrastructure

• Promoting consistency and interoperability among a diverse spectrum of mobile and wireless devices.

• Providing a high level of security without detrimental impact on the user experience.

What are the needs?

• New standards, technology, and solutions for wireless networking.

• New standards, implementation, products and techniques for mobile commerce application systems.

• Secured wireless communication protocols and channels

• Secured wireless hardware solutions to protect physical layer network

• Secured wireless user access experience

• Secured wireless solutions to protect wireless servers and gateways.


What Are the Needs and Challenges?

Eavesdropping:

- The primary threat is the potential for unauthorized parties to eavesdrop on radio signals sent between a wireless station and an access point (or user device).

- Eavesdropping is a passive attack because an eavesdropper can listen to a message without altering the data, the sender and intended receiver of the message may not event be aware of the intrusion.

-> the solution is to user Spread-Spectrum technology, which is resistant to eavesdropping.

Unauthorized Access:

- The potential for an intruder to enter a WLAN system disguised as an authorized user. Once inside, the intruder can violate the confidentiality and integrity of network traffic by sending, receiving, and altering or forging messages.

- This is an active attack.

-> the solution is to deploy authentication mechanisms to ensure only authorized users can access the network.


Wireless Threats

Interference and Jamming: (Denial of Service Attack)

- The potential of radio interference that can seriously degrade bandwidth (data throughout).

- If an attack has a powerful transmitter, he or she can generate a radio signal strong enough to overwhelm weaker signals, disrupting communications. This is known as jamming.

-> the solution is to use Direction-finding equipment to detect the source of jamming signals.

Man-in-the-middle-attacks:

- This attack is more sophisticated than most attach and require a lot of information about the network

- The attacker will intercept the connection when a user initiates a connection, and complete the connection to the intended resource and proxy all communication to the resource. Now, he can modify, eavesdrop, inject data on a session.


Wireless Threats


Wireless Vulnerabilities

Interception/Ease of Interception:Individuals (other than the intended recipient) make illicit efforts to obtain wireless signals over the wireless network.

-> There are generally simple countermeasures that can be taken to greatly reduce the risk of data interception.

Interruption of Service:

Accidents, constructions, and power outage … cause the interruption of services.

Natural Hazards:Hurricanes, Tornadoes, Winter Storms, Flooding Fire, Earthquakes, Power Outages


Wireless Vulnerabilities

Unintentional Interruptions:These happen when network control was neglected or no control.

In Jan. of 1990, the AT&T long-distance network with 114 switching centers on a Monday afternoon began to falter.In minutes, more than half of the callers were greeted by“All circuits are busy. Please try your call later”.

Intentional Interruptions:The interconnection and interdependence of the national communications infrastructure presents a valuable and vulnerable target to terrorists.

Our complex national infrastructures are vulnerable becauseof their increasing interdependence.

Unintentional Interceptions: (Friends and Neighbors)


Cell Phone Vulnerabilities

Jamming:A cell phone jammer (or call blocker) is a device that

transmits low-power radio signals that cut off communications between cellular handsets and cellular base stations.

For example, most jammers use a transmission method that confuses the decoding circuits of cellular handsets as if no cellular base station is within the service area.

Countermeasures to Jamming and Interception:

Countermeasures to Jamming have challenged engineers for many years.

Over the last 50 years, a class of modulation techniques, usually called Spread Spectrum, has been developed. Spread Spectrum signals are more difficult to jam than narrowband signals.


Fraud and Countermeasures to Fraud

Fraud:Cellular phone fraud is defined as the use of cellular services

by deceptive means to avoid paying for the benefit of the services.

Theft prevention is a constant concern.

Countermeasures to Jamming and Interception:

Countermeasures to Jamming have challenged engineers for many years.

Over the last 50 years, a class of modulation techniques, usually called Spread Spectrum, has been developed. Spread Spectrum signals are more difficult to jam than narrowband signals.

Critical components for a secure media encryption system:

• Trusted Encryption Algorithm

• Pre-Encryption of Streaming Media

• Adequate Key Lengths

• Variable Key Lengths

• Media Keys and Content Stored in Separate Locations

• Decryption Occurs in the Media Player

• Uniquely Encrypt Each Packet

• A Public-Key Exchange System


Framework for Dealing with Policy Issues

Different types of security information systems:

• Cryptographic systems

• Digital Key Management Systems

• Access control and authentication validation systems

• Digital certification server and systems

The primary key management functions:

• Key receipt and identification

• Key storage, allocation, and use

• Key Zeroization

• Key accounting

• Rekey


Security Information Systems

The four common solutions for wireless security are:

• Authentication (no forgery). Verification that both parties in a transaction are who they say they are. This can be assured in multiple ways, including a simple password scheme, certificates, and a PKI scheme. Note: PKI usually add overhead to the system performance.

• Integrity (no tampering): The content transferred on the network has not been altered by anyone. Requiring the content be signed using keys or certificates, commonly provides integrity.

• Data privacy (no eavesdropping): The content transferred on the network cannot be seen by anyone. Privacy is provided by encryption, typically through SSL or WTLS.

• Nonrepudiation. All parties to the transaction are noted. A user or a provider cannot deny having performed a transaction. Nonrepudiation is usually ensured by requiring that content be signed with public or private certificates.


Wireless Security Solutions

Basic requirements for wireless security solutions for wireless applications systems include:

• The solution should be interoperate seamlessly.

• The solution should be work end-to-end.

• The solution should be efficient and cost-effective for mobile devices.

• The solution should be reliable.

Three levels of wireless security services:

• At level 1, users simply view information, such as a bank account information. They cannot exchange information.

• In level 2, closed transactions would be acceptable. For example, information can be exchanged or money can be transferred within the same institution.

• At level 3, the highest level of security, end-to-end encryption allows uses to exchange information without other companies or transfer money between financial institutions.



The steps to add security to your wireless-based systems:

• Step#1: secure a connection between the server and the mobile device client.

• Step#2: provide the certification of the sever.

• Step#3: provide the certification of the client.

Four basic steps to protect your data from being misused:

• Use a secure air carrier like CDMA. You cannot reply on GSM signal security alone.

• Deliver content in a micro-browser and store as little as possible on the mobile devices. Browsers keep all sensitive data resident the server. You can design sessions to clear data caches on the mobile devices.

• Use two-way certificates. In this approach, the client must authenticate the server before the password is transmitted over the air. The server then returns an authentication check.

• Add an additional layer of encryption for highly secure networks. CDMA has strong native security. Cellular Digital Packet Data(CDPD), Mobitex, and Motient typically need to run an application layer on top of their native security.



Basic functions in Cryptographic information systems:

• Initialization, termination, operation support.

• Boot, instantiation, run-time, abnormal/normal termination.

• Security management, configuration, policy, enforcement

• Encryption, Decryption, TRANSEC, integrity, authentication.

• RED/BLACK isolation

• Communicator Data, Radio Control/Status

• Keystream functions, algorithm, and management

• Cryptographic channel instantiation

• Cryptographic control, status, and interface

• Cryptographic bypass



The primary functions within the crytographic subsystem are:

• Cryptographic Keystream generation capability

• Encryption and decryption of communicator information

• Signature generation and validation, high grade integrity checking

• Controlled bypass of communicator and radio information




Architectures of Security Information Systems

User Terminal CRYPTOComm.Device

BYPASS

In this Traditional Secure Communication Environment, the security is achieved by:

• Physical access control to user terminal

• Hard-wired connections for each channel

• High-grade hardware cryptography in a discrete box

• Very limited bypass capability within communicator channel or manual ancillary device

• System high application



User Terminal CRYPTOComm.Device

BYPASS

In this Embedded cryptographic equipment, the security is achieved by:

• Physical access control to user terminal

• Hard-wired connections for each channel

• High-grade hardware cryptography within the box

• Very limited bypass capability within communicator channel or manual ancillary device

• System high application

• Limited TED user application processing



Wireless DeviceCRYPTO Other Network

Nodes

BYPASS

In this wide area networks in a wireless domain, the security is achieved by:

• Hard-grade hardware cryptography within the communication device.

• Hard-wired internal connections or computer bus for the single wireless channel configuration.

• Bypass requirement further increased to handle protocols and network information.

• Separation of data classification and types performed by network, wireless system high.

• Multiple access methods for the communicator networks

• Interconnection of networks at multiple communicator sites



WirelessDevice

User Processingand Networks

Multi-channelCRYPTO assets

BYPASS

Security Features:

• Multi-channel/multi-communicator wireless operation

• Access control to network and wireless services governed by software

• that allows to multiple communicators to hare a single physical connection

• Virtual internal connections for each wireless communicator port and radio channel.

• Single RED bus architecture

• High-grade programmable cryptography embedded within the wireless device

• Bypass requirement further increased to handle internal radio control

• Radio functions programmable for all processes

• Use of commercial software products.

Multi-channelwireless assets


Wireless LAN Security Solutions

Authentication :-Authentication is used to establish the identity of stations to each other.-IEEE 802.11 requires mutually acceptable ,successful authentication before a station can establish an association with an AP.

•Open System authentication•Shared key authentication

De-authentication: - This service is invoked whenever an existing authentication is to be terminated.

Privacy:- WEP encryption is used to prevent the contents of messages from being read by other than the intended recipient.


WLAN Security Solutions

Mobile station Access point

Authentication request

“Open system”

Authentication response“open system”

Open System Authentication



Mobile station(A) Access point(B)Authentication request

“shared key”

Challenge text“shared key”

Challenge Response(Encrypted challenge

Text)“shared key”Authentication result“shared key”

Shared Key Authentication



WEP Encryption:IEEE 802.11 incorporates WEP to provide modest level of security.WEP uses encryption algorithm based on the RC4 encryption algorithm.



WEP Decryption:A XOR-based Shared-Key Decryption process.


Wireless LAN (802.11) Vulnerabilities

There are several vulnerabilities:-Service Set ID problem:

-SSID is an identification value programmed in the access point or group of access points to identify the local wireless subnet.-An eavesdropper can easily determine the SSID with the use of an 802.11 wireless LAN packet analyzer and gain access to the network.

-The weakness of Shared Key Authentication:-How to secure the exchange of the shared key before communications?

-The process of exchanging the challenge text occurs over the wireless link and is vulnerable to a man-in-the-middle attack.-WEP XOR-based encryption algorithm has a problem due to the fact that: Plaintext XOR Ciphertext -> key stream.


i-mode Security HTTPS Layer Pass-Through

cHTML

HTTPS

Transport

PDC-P

cHTML

HTTPS

Transport

PDC-P

TCPTransport

PDC-P

IP

L2

L1

TCPTransport

PDC-P

IP

L2

L1

Mobile Terminal Mobile TerminalMobile BaseStation Gateway


WAP Security Solutions - Reencryption

WTLS is based on TLS,which is an refinement of Secure Socket Layer(SSL)

InternetWirelessNetwork

WTLS SSL

Wireless Network Wired Network

WAP gateway

UP.Linkserver

WEBServer

ApplicationServer

WML-BasedClient

Web PhoneUP.Browser


WAP Security Solutions - WTLS

WTLS Record Protocol

WTLS Handshake protocol

WTLS change Cipher protocol

WTLS Alert protocol

WTP

WTLS RP-provides basic security services to higher layer protocols

WTLS protocol stack


WAP Security Solutions - WTLS

User data

Compress

Add MAC

Encrypt

Append WTLS record header

WTLS Record Protocol Operation


WAP Security Solutions – WTLS (Record Format)

R = reserved C=cipher spec indicator S=sequence number field indicatorL=record length field indicator MAC=message authentication code

encr

ypte

d

Content type R S LC Sequence number

Record length

Plain text(optionally compressed)

MAC (0,16or 20 bytes)

- Takes care of integrity and authentication


MAC - Message Authentication Code

H

H

compare

Hash code(MDm)

Secret key

mes

sage

mes

sage

mes

sage

1.MDm=H(Sab || M)

M || MDm

MDm

MDm


WAP - Encryption

MAC code is encrypted using symmetric encryption algorithm:-DES,RC5,IDEA

-DES DES is the Data Encryption Standard is a mathematical algorithm in the encrypting and decrypting of binary information. The system consists of an algorithm and a key.

-RC5 RC5 encrypts blocks of plain text of length 32,64,or 128 bits into blocks of ciphertext of the same length.It is a variable length key and intented to provide high security

- IDEA IDEA is a block cipher that uses 128-bit key to encrypt data in blocks of 64 bits.

Key-64 bits (of this 6 bits are parity). Even with just fifty six bits there are over seventy quadrillion possible keys (simply 2^56). The digits in the key must be independently determined to take full advantage of seventy quadrillion possible keys. The government claims that short of trying all seventy quadrillion combinations there is no way to break the DES algorithm.


WAP - Change Cipher Spec protocol

•The change cipher spec message is sent by both the client and server to notify the receiving party that subsequent records will be protected under the just-negotiatedCipherSpec and keys.

•The protocol consists of a single message, which is encrypted and compressed under the current CipherSpec. The message consists of a single byte of value 1.

•Separate read and write states are maintained by both the SSL client and server. When the client or server receives a change cipher spec message, it copies the pending read state into the current read state. When the client or server writes a change cipherspec message, it copies the pending write state into the current write state.

•The client sends a change cipher spec message following handshake key exchangeand the server sends one after successfully processing the key exchange message it received from the client.


WAP - Alter Protocol

Alert Protocol is used to convey WTLS-related alerts to the peer entity.As with other applications,alert messages are compressed and encrypted as specified by the current state

consists of two bytes.1st byte- warning or critical or fatal2st byte- specific alerts

fatal alerts- If the level is fatal, WTLS immediately terminates the connection.

Ex: unexpected_message, bad_record_mac, decompression_failure,handshake_failure..etc.,

Nonfatal alerts bad_certificate, unsupported_certificate, certificate_revoked..etc.,


WAP - Hand Shake Protocol

This protocol allows the server and the client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in a WTLS record.

•Phase I - Used to initiate logical function and establish security capabilities.

•Phase II -Used for server authentication and key exchange

•Phase III -Used for client authentication and key exchange

•Phase IV - Completes the secure connection.


WAP GAP- The WAP architecture is based on a wireless gateway (WAP gateway) that translates data

from the wireless formats defined by WAP (such as WML) to the Internet formats used by

Web servers (e.g. HTML).

- To make the translation, the WAP gateway needs access to the unsecured, plaintext data being

transmitted. While many WAP gateways don't do any data translation, the deployed security

protocols are defined on the basis that they do. Therefore, the WAP gateway still accesses the

plaintext data. The resulting architecture does secure all transport.

- The WAP WTLS specification provides strong security between a WAP client and the gateway,

and the gateway uses some other secure mechanism (e.g. SSL) to connect to the content server.

In between those two connections, for a very brief time (milliseconds), the data is (temporarily)

unsecured.

This is the so-called "WAP gap." Solution: Have the company’s own gateway

End-to-end security will be an option in the next version of WAP.


WAP WMLIn order to provide the user of the WML browser a secure and unique identity, the WAP specification has added a identity Module.(used for bank transaction)

The WAP Identity Module (WIM) -> store the cryptographic keys used in WTLS and in the application layer.

All operations using these keys should be performed within the WIM so that the keys are never exposed outside the secure environment. These operations include:

(1) Signing in the application layer.

(2) Decryption when setting up a shared key as part of a secure session in WTLS.

(3) MAC computation and verification as part of securing messages in WTLS.

(4 ) Conventional encryption and decryption as part of securing messages in WTLS.

Ideally, the WIM should be implemented as an additional application on the GSM SIM card.

Such enhanced SIM cards are expected on the market in the near future.

wireless security speaker: jerry gao ph.d. san jose state university email: [email protected]...

Documents

wireless solutions

wireless networks

wireless security different

wireless devices

wireless security speaker

wireless systems

wireless networking

wireless services