SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS

Similar documents
System Threat Analysis Case Study for Software Based Communications

A HIGH ASSURANCE WIRELESS COMPUTING SYSTEM (HAWCS ) ARCHITECTURE FOR SOFTWARE DEFINED RADIOS AND WIRELESS MOBILE PLATFORMS

Assignment Project Whitepaper ITEC495-V1WW. Instructor: Wayne Smith. Jim Patterson

Ethical Hacking and Prevention

Wireless Network Security Fundamentals and Technologies

What is Eavedropping?

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

Wireless Attacks and Countermeasures

Wireless LAN Security (RM12/2002)

Wireless e-business Security. Lothar Vigelandzoon

Session 4 - Commercial SDR. Wednesday 13:30 15:30

5. Execute the attack and obtain unauthorized access to the system.

Chapter 11: Networks

Security+ SY0-501 Study Guide Table of Contents

Mobile Devices prioritize User Experience

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

PRODUCT GUIDE Wireless Intrusion Prevention Systems

Wireless Network Security

The MILS Partitioning Communication System + RT CORBA = Secure Communications for SBC Systems

Define information security Define security as process, not point product.

Chapter 4. Network Security. Part I

Chapter 11: It s a Network. Introduction to Networking

ANATOMY OF AN ATTACK!

Trusted Platform for Mobile Devices: Challenges and Solutions

2. INTRUDER DETECTION SYSTEMS

Requirements for Building Effective Government WLANs

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Network Security and Cryptography. December Sample Exam Marking Scheme

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

Chancen und Risiken im Bereich von WLAN's. FGSec - Vorabendveranstaltung 20. Juni 2002 Uwe B. Kissmann

WPA SECURITY (Wi-Fi Protected Access) Presentation. Douglas Cheathem (csc Spring 2007)

IS Today: Managing in a Digital World 9/17/12

Campus Network Design

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Karthik Pinnamaneni COEN 150 Wireless Network Security Dr. Joan Holliday 5/21/03

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Achieving End-to-End Security in the Internet of Things (IoT)

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

WLAN Security. Dr. Siwaruk Siwamogsatham. ThaiCERT, NECTEC

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Detecting & Eliminating Rogue Access Point in IEEE WLAN

Chapter 1 B: Exploring the Network

Secure Mobility Challenges. Fat APs, Decentralized Risk. Physical Access. Business Requirements

E-Commerce/Web Security

Introduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013

Venusense UTM Introduction

Attacking Networks. Joshua Wright LightReading LIVE! October 1, 2003

Introduction to Information Security Dr. Rick Jerz

LESSON 12: WI FI NETWORKS SECURITY

NETWORK THREATS DEMAN

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

SECURE SYSTEMS, NETWORKS AND DEVICES SAFEGUARDING CRITICAL INFRASTRUCTURE OPERATIONS

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Wireless technology Principles of Security

A (sample) computerized system for publishing the daily currency exchange rates

Securing Wireless LANs with Certificate Services

Recommendations for Device Provisioning Security

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

ABSTRACT. The rapid growth in Wireless networking brought the need for securing the wireless

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

A Review Paper on Network Security Attacks and Defences

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

Wireless Security Security problems in Wireless Networks

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

MILS Middleware: High Assurance Security for Real-time, Distributed Systems

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

CHAPTER 8 SECURING INFORMATION SYSTEMS

Chapter 10: Security and Ethical Challenges of E-Business

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

Building High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

MILS Multiple Independent Levels of Security. Carol Taylor & Jim Alves-Foss University of Idaho Moscow, Idaho

I T S E C U R I T Y AND C E R T CASE STUDY OLYMPIC GAMES

Mobile Security Fall 2013

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Securing your Virtualized Datacenter. Charu Chaubal Senior Architect, Technical Marketing 6 November, 2008

Cyber Threat Assessment and Mitigation for Power Grids Lloyd Wihl Director, Application Engineering Scalable Network Technologies

Network Security Protection Alternatives for the Cloud

WIRELESS EVIL TWIN ATTACK

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Security for SIP-based VoIP Communications Solutions

CYBER SECURITY MALAYSIA AWARDS, CONFERENCE & EXHIBITION (CSM-ACE) Securing Virtual Environments

Interworking Evaluation of current security mechanisms and lacks in wireless and Bluetooth networks ...

Protecting Your Cloud

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Syllabus: The syllabus is broadly structured as follows:

MASP Chapter on Safety and Security

Advanced Diploma on Information Security

Transcription:

SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS David Murotake, (SCA Technica, Inc. Nashua NH, USA; david.murotak@scatechnica.com) Antonio Martin (SCA Technica, Inc., Nashua NH, USA; tony.martin@scatechnica.com) ABSTRACT Software defined radios (SDR) are rapidly becoming a mainstream technology for commercial, civil and military mobile terminals and wireless access points. Moreover, wireless Internet waveforms with weak security designs, such as IEEE 802.11 Wireless Fidelity (WIFI), a form of wireless local area network (WLAN), are becoming increasingly prevalent. Because WIFI enabled laptop computers and personal digital assistants (PDA) combine a radio and computing interface, they provide a useful case study examining potential dangers posed by hackers to networks of software defined radio terminals. Supported in part by a US Air Force Small Business Innovation Research (SBIR) contract, we have conducted a system threat and requirements analysis for software defined radios (SDR) and wireless terminals (including non-sdr) employing WIFI. The study concludes that WIFI networks, including ubiquitous IEEE 802.11(b) WIFI hot spots, are subject to blended attack methods combining coordinated attacks on the radio and computer. The blended attacks threaten the integrity of a SDR radio system, the components of which are shown in Figure 1. 1. INTRODUCTION As the world order changed during the last two decades, large numbers of highly trained electronic warfare professionals and mathematicians became displaced as technically sophisticated armies and their radio reconnaissance battalions were demobilized. Can this explain the surge of well designed wireless hacking tools and equipment now available? Some of these tools are freely distributed software which can be downloaded from the Internet? Other tools, including enterprise-grade hardware and systems, can be purchased online. These sophisticated tools, which enable the blended attacks shown in Table 1, include: Stumblers which allow wireless hackers to explore the network characteristics of wireless base stations and mobile terminals Sniffers which intercept, display, and store data being transmitted over the network Crackers which break encryption codes, such as Wired Equivalent Protection (WEP) and network access codes for GSM. This paper surveys the tools and blended attack methods used by hackers to attack and exploit WIFI equipped mobile terminals. The paper then examines parallels between the WIFI scenario and similar threats to software defined radio terminals and networks by wireless hackers. We conclude by proposing requirements and architectures for high assurance SDR. 1..* Administration Station 1 Administration System Radio System Hw Platform 1 Radio Set Platform 1 1 1..n Sw Platform Radio Set Waveform 0..n Administration Figure 1. SDR Components. (SDR Use Cases OMG swradio/2003-05-02) Waveform Component

Table 1. Blended attack methods usable against SDR. ( Security Threats & Requirements; 3 rd Generation Partnership Project, Technical Specification Group Services and Systems Aspects, examples by Murotake) Blended attacks (Table 1) combine five attack methods (unauthorized access to data, threats to integrity, denial of service, unauthorized access to services, and repudiation) against both the radio and computing interfaces [1] of a wireless mobile terminal. Special techniques allow the hacker to jam encrypted WIFI networks, making normal access points invisible to WIFI terminals and allowing hackers to use their own access points to seize control of networks. Even the victims of hacking today appear to be willing victims. Rogue WIFI networks, installed by employees despite corporate policies to the contrary, threaten the integrity of over 30% of corporate networks. 2. SYSTEM VULNERABILITIES The Radio System components model shown in Figure 1 can be further detailed with security vulnerabilities, as shown in Figure 2 [2]. The vulnerabilities affect both hardware and software in the Radio Set and the Administration System components. Hackers can exploit security vulnerabilities by blending the five basic attack methods, shown in Table 1, against both the radio and computer interfaces. In the Radio Set, vulnerabilities affect the stability and integrity of both the Radio Set Platform hardware and software, and the Radio Set s. Using blended attack methods, hackers can exploit both hardware and software vulnerabilities within the Radio Set. Vulnerabilities related to hardware may result from a variety of factors, including: lack of a hardware based security kernel (such as an encryption engine); lack of hardware firewall; and exploitable hardware device architectures with corresponding exploits in the device drivers. Software vulnerabilities may include exploitable operating environments including: vulnerable operating Figure 2. SDR System Vulnerabilities. (Murotake, System Threat Analysis Case Study for Software Based Communications, OMG Software Based Communications Workshop, September 2004)

system (OS) and middleware; weak software based encryption engine; use of waveform(s) with weak security design; corrupted waveform or application download; weak or nonexistent anti-virus and firewall software; and weak or nonexistent security policy. A threat scenario for SDR using a Wireless LAN (WLAN) waveform download to enter a WLAN is shown in Figure 3. In this scenario, the victim mobile terminal (laptop) and access point can be subjected to a number of blended attack methods by a hacker equipped with a mobile terminal card, a separate access point, or both. Use Denial Of Service (jamming) attack on target WAP. Force users to turn off encryption. Users automatically switch to Hacker s WAP on another channel. Attack vs WPA encrypted WIFI Use stumbler SW to detect WAP control information Use Denial Of Service (jamming) attack on target WAP. Force users to turn off encryption. Users switch to Hacker s WAP on another channel A successful attack usually results in the following (undesired) impacts on the mobile terminal and access point, highlighting the importance of protecting the platform, and not just the data: The upload and download data being passed between mobile terminal and access point are compromised. The radio and network configuration software in the SDR are corrupted. A keystroke or packet repeater (a type of Trojan Horse software) is successfully planted on the host laptop or PDA. 3. ASSURANCE ARCHITECTURE Figure 3. Threat scenario for WIFI. (Murotake) In the scenario above, the following types of attack against the SDR are possible, since the standard IEEE 802.11(b) system does NOT employ strong authentication, such as the IEEE 802.1X standard: Attack vs unencrypted WIFI infrastructure Use stumbler SW to detect wireless network, obtain wireless access point (WAP) control information Enter network and use sniffer SW to obtain unauthorized access to data Attack vs WEP encrypted WIFI Use stumbler SW to detect WAP control information Use hacking software, e.g. WEPCRACK, to break WEP encryption code. Enter network and use sniffer to obtain unauthorized access to data The best defense approach to a blended attack is a multilayered defense, or defense in depth [3]. That is, a combination of methods, instantiated in both hardware and software, is implemented in both the terminal and access point, in both design and verification of high assurance systems. In the most secure high assurance systems, a hierarchical architecture is employed, where multiple layers provide specific, well-defined security mechanisms that can be used by higher levels. A high assurance security mechanism must be: (i) always invoked, (ii) non-bypassable, (iii) tamperproof, and (iv) verifiable. Security features recommended by the SDR Forum [4] for SDR s include: 1. Security Policy Enforcement and Management 2. Information Integrity 3. Authentication and Non-repudiation 4. Access Control 5. Encryption and Decryption Services 6. Key and Certificate Management 7. Standardized Installation Mechanisms 8. Auditing and Alarms

9. Configuration Management 10. Memory Management 11. Emissions Management 12. Computer Security (virus scanning and firewalls) Figure 4. SDR Forum Security Reference Architecture. (SDR Forum DL-SIN, SDRF-02-W-0005-V030) Figure 4 shows the SDR Forum s security reference architecture model. The model displays the requisite mutli-layered character needed to provide the defense in depth against blended attacks. Security can be enhanced by incorporating a strong hardware security kernel within the SDR. By using an FPGA or ASIC which includes a hardware encryption engine, a software radio micro-kernel and a secured programming gateway, hackers will have a greater difficulty in corrupting the system software and applications. Another approach used in high assurance systems is the use of robust operating environments and middleware. One method is in the use of high-assurance software components, such as real time operating systems (RTOS) and object request brokers (ORB). One way of doing this is by selecting components which provide an Common Criteria (CC) Evaluated Assurance Level (EAL) of 5 or above (on a scale of 1-7, EAL 7 has the highest level of security). An extreme example of this is a multiple independent levels of security (MILS) architecture, as shown in Figure 5. The MILS operating environment employs a real-time, partitioning micro-kernel RTOS and a MILS (ORB), rated at EAL 7. 4. INTEGRATED BIOMETRICS One method of enhancing end to end assurance in SDR is through the use of integrated, multi-mode biometric systems to enforce certain aspects of the security policy. Biometric techniques, which can be easily incorporated into SDR mobile terminals, include fingerprint scanners and speaker verification systems, as shown in Figure 6. Figure 5. High Assurance MILS Architecture. (Alves-Foss et al, 2004) The model also suggests use of a hardware security module. Secure download, storage, installation and instantiation (DSII) of waveforms and other applications is also shown. Figure 6. Biometric techniques (Sonetech) Biometric systems themselves must protect themselves against hacking and other forms of attack [5]. Figure 7

shows the vulnerable points (red lines) of a typical biometric sensing system. Figure 7. Vulnerabilities of a biometric sensor. (Ratha) Because the integrated biometric system may employ reconfigurable signal processing algorithms for feature extraction and matching, the same types of programming core frameworks (CF) and application programming interfaces (API) may be developed for integrated biometric systems. Thus, the high assurance SDR software component model may look like Figure 8: which protects both the mobile clients and servers. This includes the mobile radio, mobile host, server radio, and server host components of an SDR network. The security architecture must ensure: Integrity of: software applications and downloads including download, storage, installation and instantiation (DSII) Integrity of the reconfigurable platform against blended attacks by employing defensive layers (firewalls, intrusion detection, virus protection) Integrate biometric and radiometric assurance techniques Employ trusted architecture, high assurance operating systems and middleware Integrity of the analog signal or data from exploitation/compromise 6. REFERENCES Figure 8. SDR with integrated biometrics. 2004. [1] Security Threats and Requirements; 3GPP TS 21.133 V4.1.0 (2001-12); 3rd Generation Partnership Project, Technical Specification Group Services and Systems Aspects [2] Murotake, System Threat Analysis Case Study for Software Based Communications, OMG Software Based Communications Workshop, September 2004 [3] Jim Alves-Foss, Carol Taylor, and Paul Oman, A multi-layered approach to security in high assurance systems, Proceedings of 37th Hawaii International Conference on System Sciences 5. CONCLUSIONS SDR security is a system level problem. To design a system with appropriate defenses, one must first understand the system threat and defensive requirements. Hackers use blended attacks against both the radio and computer layers of the SDR. To defend against the blended attack requires a multi-layered defense-in-depth [4] Security considerations for operational software for software defined radio devices in a commercial wireless domain, SDR Forum DL-SIN, Document SDRF-02-W-0005-V030. [5] Ratha et al, Enhancing security and privacy in biometrics-based authentication systems, IBM Systems Journal 40:3, 2001

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback