wireless security speaker: jerry gao ph.d. san jose state university email: [email protected]...
Post on 22-Dec-2015
215 views
TRANSCRIPT
Wireless Security
Speaker: Jerry Gao Ph.D.
San Jose State Universityemail: [email protected]
URL: http://www.engr.sjsu.edu/gaojerry
Topic: Wireless Security
- Why IS Wireless Security Differ?
- What the needs and challenges?
- Wireless Threats and Security Problems
- Basic Concepts in Security
- WAP Wireless Security Solutions
- Wireless LAN Security Solutions
Jerry Gao Ph.D. 3/2004
Presentation Outline
All Rights Reserved
Wireless networks are characterized by generally low quality service (QoS) due to small size devices, low power, and low bandwidth.
There are four fundamental differences for wireless services:
• Bandwidth
• Allowable error rates
• Latency and Variability
• Power constraints
Compared with wired networks, wireless networks are:
• Relatively unreliable, as packet losses.
• High latency and variability due to retransmissions.
• Network limitations on communications and security protocols.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Why Is Wireless Security Different?
Other related issues:
• Portable device limitations:
– User expectations, limited computing power, and limited storage space.
– >> limits to the cryptographic algorithms and solutions in a device
– >> fundamental restrictions on bandwidth, error rate, latency, and variability.
• Portable mobility causes issues:
– Out of coverage, one-way coverage, unknown network connectivity, throughput overflow, protocol overhead and compression.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Why Is Wireless Security Different?
Why Do We Need Wireless Security?
Since most existing security solutions, standards, and technology are not well suited for wireless networking and wireless systems because of the following reasons:
• They have too much overhead and tight timeout
• They are too complex and need much for power, and storage
• They are not efficient enough for mobile devices and wireless networks
In a wireless network, security features greatly differ between each of the protocol stacks, and security policy implementation and enforcement is dependent on the carrier.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
What Are Needs and Challenges?
What are the challenges here?
• Adaptation and integration of existing solutions and infrastructure
• Promoting consistency and interoperability among a diverse spectrum of mobile and wireless devices.
• Providing a high level of security without detrimental impact on the user experience.
What are the needs?
• New standards, technology, and solutions for wireless networking.
• New standards, implementation, products and techniques for mobile commerce application systems.
• Secured wireless communication protocols and channels
• Secured wireless hardware solutions to protect physical layer network
• Secured wireless user access experience
• Secured wireless solutions to protect wireless servers and gateways.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
What Are the Needs and Challenges?
Eavesdropping:
- The primary threat is the potential for unauthorized parties to eavesdrop on radio signals sent between a wireless station and an access point (or user device).
- Eavesdropping is a passive attack because an eavesdropper can listen to a message without altering the data, the sender and intended receiver of the message may not event be aware of the intrusion.
-> the solution is to user Spread-Spectrum technology, which is resistant to eavesdropping.
Unauthorized Access:
- The potential for an intruder to enter a WLAN system disguised as an authorized user. Once inside, the intruder can violate the confidentiality and integrity of network traffic by sending, receiving, and altering or forging messages.
- This is an active attack.
-> the solution is to deploy authentication mechanisms to ensure only authorized users can access the network.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Wireless Threats
Interference and Jamming: (Denial of Service Attack)
- The potential of radio interference that can seriously degrade bandwidth (data throughout).
- If an attack has a powerful transmitter, he or she can generate a radio signal strong enough to overwhelm weaker signals, disrupting communications. This is known as jamming.
-> the solution is to use Direction-finding equipment to detect the source of jamming signals.
Man-in-the-middle-attacks:
- This attack is more sophisticated than most attach and require a lot of information about the network
- The attacker will intercept the connection when a user initiates a connection, and complete the connection to the intended resource and proxy all communication to the resource. Now, he can modify, eavesdrop, inject data on a session.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Wireless Threats
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Wireless Vulnerabilities
Interception/Ease of Interception:Individuals (other than the intended recipient) make illicit efforts to obtain wireless signals over the wireless network.
-> There are generally simple countermeasures that can be taken to greatly reduce the risk of data interception.
Interruption of Service:
Accidents, constructions, and power outage … cause the interruption of services.
Natural Hazards:Hurricanes, Tornadoes, Winter Storms, Flooding Fire, Earthquakes, Power Outages
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Wireless Vulnerabilities
Unintentional Interruptions:These happen when network control was neglected or no control.
In Jan. of 1990, the AT&T long-distance network with 114 switching centers on a Monday afternoon began to falter.In minutes, more than half of the callers were greeted by“All circuits are busy. Please try your call later”.
Intentional Interruptions:The interconnection and interdependence of the national communications infrastructure presents a valuable and vulnerable target to terrorists.
Our complex national infrastructures are vulnerable becauseof their increasing interdependence.
Unintentional Interceptions: (Friends and Neighbors)
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Cell Phone Vulnerabilities
Jamming:A cell phone jammer (or call blocker) is a device that
transmits low-power radio signals that cut off communications between cellular handsets and cellular base stations.
For example, most jammers use a transmission method that confuses the decoding circuits of cellular handsets as if no cellular base station is within the service area.
Countermeasures to Jamming and Interception:
Countermeasures to Jamming have challenged engineers for many years.
Over the last 50 years, a class of modulation techniques, usually called Spread Spectrum, has been developed. Spread Spectrum signals are more difficult to jam than narrowband signals.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Fraud and Countermeasures to Fraud
Fraud:Cellular phone fraud is defined as the use of cellular services
by deceptive means to avoid paying for the benefit of the services.
Theft prevention is a constant concern.
Countermeasures to Jamming and Interception:
Countermeasures to Jamming have challenged engineers for many years.
Over the last 50 years, a class of modulation techniques, usually called Spread Spectrum, has been developed. Spread Spectrum signals are more difficult to jam than narrowband signals.
Critical components for a secure media encryption system:
• Trusted Encryption Algorithm
• Pre-Encryption of Streaming Media
• Adequate Key Lengths
• Variable Key Lengths
• Media Keys and Content Stored in Separate Locations
• Decryption Occurs in the Media Player
• Uniquely Encrypt Each Packet
• A Public-Key Exchange System
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Framework for Dealing with Policy Issues
Different types of security information systems:
• Cryptographic systems
• Digital Key Management Systems
• Access control and authentication validation systems
• Digital certification server and systems
The primary key management functions:
• Key receipt and identification
• Key storage, allocation, and use
• Key Zeroization
• Key accounting
• Rekey
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Security Information Systems
The four common solutions for wireless security are:
• Authentication (no forgery). Verification that both parties in a transaction are who they say they are. This can be assured in multiple ways, including a simple password scheme, certificates, and a PKI scheme. Note: PKI usually add overhead to the system performance.
• Integrity (no tampering): The content transferred on the network has not been altered by anyone. Requiring the content be signed using keys or certificates, commonly provides integrity.
• Data privacy (no eavesdropping): The content transferred on the network cannot be seen by anyone. Privacy is provided by encryption, typically through SSL or WTLS.
• Nonrepudiation. All parties to the transaction are noted. A user or a provider cannot deny having performed a transaction. Nonrepudiation is usually ensured by requiring that content be signed with public or private certificates.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Wireless Security Solutions
Basic requirements for wireless security solutions for wireless applications systems include:
• The solution should be interoperate seamlessly.
• The solution should be work end-to-end.
• The solution should be efficient and cost-effective for mobile devices.
• The solution should be reliable.
Three levels of wireless security services:
• At level 1, users simply view information, such as a bank account information. They cannot exchange information.
• In level 2, closed transactions would be acceptable. For example, information can be exchanged or money can be transferred within the same institution.
• At level 3, the highest level of security, end-to-end encryption allows uses to exchange information without other companies or transfer money between financial institutions.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Wireless Security Solutions
The steps to add security to your wireless-based systems:
• Step#1: secure a connection between the server and the mobile device client.
• Step#2: provide the certification of the sever.
• Step#3: provide the certification of the client.
Four basic steps to protect your data from being misused:
• Use a secure air carrier like CDMA. You cannot reply on GSM signal security alone.
• Deliver content in a micro-browser and store as little as possible on the mobile devices. Browsers keep all sensitive data resident the server. You can design sessions to clear data caches on the mobile devices.
• Use two-way certificates. In this approach, the client must authenticate the server before the password is transmitted over the air. The server then returns an authentication check.
• Add an additional layer of encryption for highly secure networks. CDMA has strong native security. Cellular Digital Packet Data(CDPD), Mobitex, and Motient typically need to run an application layer on top of their native security.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Wireless Security Solutions
Basic functions in Cryptographic information systems:
• Initialization, termination, operation support.
• Boot, instantiation, run-time, abnormal/normal termination.
• Security management, configuration, policy, enforcement
• Encryption, Decryption, TRANSEC, integrity, authentication.
• RED/BLACK isolation
• Communicator Data, Radio Control/Status
• Keystream functions, algorithm, and management
• Cryptographic channel instantiation
• Cryptographic control, status, and interface
• Cryptographic bypass
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Security Information Systems
The primary functions within the crytographic subsystem are:
• Cryptographic Keystream generation capability
• Encryption and decryption of communicator information
• Signature generation and validation, high grade integrity checking
• Controlled bypass of communicator and radio information
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Security Information Systems
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Architectures of Security Information Systems
User Terminal CRYPTOComm.Device
BYPASS
In this Traditional Secure Communication Environment, the security is achieved by:
• Physical access control to user terminal
• Hard-wired connections for each channel
• High-grade hardware cryptography in a discrete box
• Very limited bypass capability within communicator channel or manual ancillary device
• System high application
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Architectures of Security Information Systems
User Terminal CRYPTOComm.Device
BYPASS
In this Embedded cryptographic equipment, the security is achieved by:
• Physical access control to user terminal
• Hard-wired connections for each channel
• High-grade hardware cryptography within the box
• Very limited bypass capability within communicator channel or manual ancillary device
• System high application
• Limited TED user application processing
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Architectures of Security Information Systems
Wireless DeviceCRYPTO Other Network
Nodes
BYPASS
In this wide area networks in a wireless domain, the security is achieved by:
• Hard-grade hardware cryptography within the communication device.
• Hard-wired internal connections or computer bus for the single wireless channel configuration.
• Bypass requirement further increased to handle protocols and network information.
• Separation of data classification and types performed by network, wireless system high.
• Multiple access methods for the communicator networks
• Interconnection of networks at multiple communicator sites
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Architectures of Security Information Systems
WirelessDevice
User Processingand Networks
Multi-channelCRYPTO assets
BYPASS
Security Features:
• Multi-channel/multi-communicator wireless operation
• Access control to network and wireless services governed by software
• that allows to multiple communicators to hare a single physical connection
• Virtual internal connections for each wireless communicator port and radio channel.
• Single RED bus architecture
• High-grade programmable cryptography embedded within the wireless device
• Bypass requirement further increased to handle internal radio control
• Radio functions programmable for all processes
• Use of commercial software products.
Multi-channelwireless assets
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Wireless LAN Security Solutions
Authentication :-Authentication is used to establish the identity of stations to each other.-IEEE 802.11 requires mutually acceptable ,successful authentication before a station can establish an association with an AP.
•Open System authentication•Shared key authentication
De-authentication: - This service is invoked whenever an existing authentication is to be terminated.
Privacy:- WEP encryption is used to prevent the contents of messages from being read by other than the intended recipient.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WLAN Security Solutions
Mobile station Access point
Authentication request
“Open system”
Authentication response“open system”
Open System Authentication
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WLAN Security Solutions
Mobile station(A) Access point(B)Authentication request
“shared key”
Challenge text“shared key”
Challenge Response(Encrypted challenge
Text)“shared key”Authentication result“shared key”
Shared Key Authentication
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WLAN Security Solutions
WEP Encryption:IEEE 802.11 incorporates WEP to provide modest level of security.WEP uses encryption algorithm based on the RC4 encryption algorithm.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WLAN Security Solutions
WEP Decryption:A XOR-based Shared-Key Decryption process.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
Wireless LAN (802.11) Vulnerabilities
There are several vulnerabilities:-Service Set ID problem:
-SSID is an identification value programmed in the access point or group of access points to identify the local wireless subnet.-An eavesdropper can easily determine the SSID with the use of an 802.11 wireless LAN packet analyzer and gain access to the network.
-The weakness of Shared Key Authentication:-How to secure the exchange of the shared key before communications?
-The process of exchanging the challenge text occurs over the wireless link and is vulnerable to a man-in-the-middle attack.-WEP XOR-based encryption algorithm has a problem due to the fact that: Plaintext XOR Ciphertext -> key stream.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
i-mode Security HTTPS Layer Pass-Through
cHTML
HTTPS
Transport
PDC-P
cHTML
HTTPS
Transport
PDC-P
TCPTransport
PDC-P
IP
L2
L1
TCPTransport
PDC-P
IP
L2
L1
Mobile Terminal Mobile TerminalMobile BaseStation Gateway
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP Security Solutions - Reencryption
WTLS is based on TLS,which is an refinement of Secure Socket Layer(SSL)
InternetWirelessNetwork
WTLS SSL
Wireless Network Wired Network
WAP gateway
UP.Linkserver
WEBServer
ApplicationServer
WML-BasedClient
Web PhoneUP.Browser
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP Security Solutions - WTLS
WTLS Record Protocol
WTLS Handshake protocol
WTLS change Cipher protocol
WTLS Alert protocol
WTP
WTLS RP-provides basic security services to higher layer protocols
WTLS protocol stack
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP Security Solutions - WTLS
User data
Compress
Add MAC
Encrypt
Append WTLS record header
WTLS Record Protocol Operation
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP Security Solutions – WTLS (Record Format)
R = reserved C=cipher spec indicator S=sequence number field indicatorL=record length field indicator MAC=message authentication code
encr
ypte
d
Content type R S LC Sequence number
Record length
Plain text(optionally compressed)
MAC (0,16or 20 bytes)
- Takes care of integrity and authentication
Jerry Gao Ph.D. 3/2004 All Rights Reserved
MAC - Message Authentication Code
H
H
compare
Hash code(MDm)
Secret key
mes
sage
mes
sage
mes
sage
1.MDm=H(Sab || M)
M || MDm
MDm
MDm
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP - Encryption
MAC code is encrypted using symmetric encryption algorithm:-DES,RC5,IDEA
-DES DES is the Data Encryption Standard is a mathematical algorithm in the encrypting and decrypting of binary information. The system consists of an algorithm and a key.
-RC5 RC5 encrypts blocks of plain text of length 32,64,or 128 bits into blocks of ciphertext of the same length.It is a variable length key and intented to provide high security
- IDEA IDEA is a block cipher that uses 128-bit key to encrypt data in blocks of 64 bits.
Key-64 bits (of this 6 bits are parity). Even with just fifty six bits there are over seventy quadrillion possible keys (simply 2^56). The digits in the key must be independently determined to take full advantage of seventy quadrillion possible keys. The government claims that short of trying all seventy quadrillion combinations there is no way to break the DES algorithm.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP - Change Cipher Spec protocol
•The change cipher spec message is sent by both the client and server to notify the receiving party that subsequent records will be protected under the just-negotiatedCipherSpec and keys.
•The protocol consists of a single message, which is encrypted and compressed under the current CipherSpec. The message consists of a single byte of value 1.
•Separate read and write states are maintained by both the SSL client and server. When the client or server receives a change cipher spec message, it copies the pending read state into the current read state. When the client or server writes a change cipherspec message, it copies the pending write state into the current write state.
•The client sends a change cipher spec message following handshake key exchangeand the server sends one after successfully processing the key exchange message it received from the client.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP - Alter Protocol
Alert Protocol is used to convey WTLS-related alerts to the peer entity.As with other applications,alert messages are compressed and encrypted as specified by the current state
consists of two bytes.1st byte- warning or critical or fatal2st byte- specific alerts
fatal alerts- If the level is fatal, WTLS immediately terminates the connection.
Ex: unexpected_message, bad_record_mac, decompression_failure,handshake_failure..etc.,
Nonfatal alerts bad_certificate, unsupported_certificate, certificate_revoked..etc.,
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP - Hand Shake Protocol
This protocol allows the server and the client to authenticate each other and to negotiate an encryption and MAC algorithm and cryptographic keys to be used to protect data sent in a WTLS record.
•Phase I - Used to initiate logical function and establish security capabilities.
•Phase II -Used for server authentication and key exchange
•Phase III -Used for client authentication and key exchange
•Phase IV - Completes the secure connection.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP GAP- The WAP architecture is based on a wireless gateway (WAP gateway) that translates data
from the wireless formats defined by WAP (such as WML) to the Internet formats used by
Web servers (e.g. HTML).
- To make the translation, the WAP gateway needs access to the unsecured, plaintext data being
transmitted. While many WAP gateways don't do any data translation, the deployed security
protocols are defined on the basis that they do. Therefore, the WAP gateway still accesses the
plaintext data. The resulting architecture does secure all transport.
- The WAP WTLS specification provides strong security between a WAP client and the gateway,
and the gateway uses some other secure mechanism (e.g. SSL) to connect to the content server.
In between those two connections, for a very brief time (milliseconds), the data is (temporarily)
unsecured.
This is the so-called "WAP gap." Solution: Have the company’s own gateway
End-to-end security will be an option in the next version of WAP.
Jerry Gao Ph.D. 3/2004 All Rights Reserved
WAP WMLIn order to provide the user of the WML browser a secure and unique identity, the WAP specification has added a identity Module.(used for bank transaction)
The WAP Identity Module (WIM) -> store the cryptographic keys used in WTLS and in the application layer.
All operations using these keys should be performed within the WIM so that the keys are never exposed outside the secure environment. These operations include:
(1) Signing in the application layer.
(2) Decryption when setting up a shared key as part of a secure session in WTLS.
(3) MAC computation and verification as part of securing messages in WTLS.
(4 ) Conventional encryption and decryption as part of securing messages in WTLS.
Ideally, the WIM should be implemented as an additional application on the GSM SIM card.
Such enhanced SIM cards are expected on the market in the near future.