Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe

Similar documents
Wireless Network Security Spring 2011

Cryptography and Network Security Chapter 1

Security in Mobile Ad-hoc Networks. Wormhole Attacks

On the Internet, nobody knows you re a dog.

Wireless LAN Security (RM12/2002)

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Wireless Attacks and Countermeasures

Security protocols and their verification. Mark Ryan University of Birmingham

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Wireless Network Security Spring 2011

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Mobile Security Fall 2013

A Survey of BGP Security Review

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Diverse network environments Dynamic attack landscape Adversarial environment IDS performance strongly depends on chosen classifier

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

0x1A Great Papers in Computer Security

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Wireless Security Security problems in Wireless Networks

DETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM

Information Security CS 526

Wireless Network Security

CSC 4900 Computer Networks: Security Protocols (2)

NETWORK SECURITY. Ch. 3: Network Attacks

Wireless Network Security Spring 2015

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN

Caveat. Much of security-related stuff is mostly beyond my expertise. So coverage of this topic is very limited

PRODUCT GUIDE Wireless Intrusion Prevention Systems

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

Agenda. Housekeeping. Library Computing Without Wires Tuesday, March 1, :00 noon to 1:00 p.m. Don t wait for Q&A to submit questions

Security of Mobile Ad Hoc and Wireless Sensor Networks

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

CIS 5373 Systems Security

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Vidder PrecisionAccess

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Eliminating Handoff latencies in WLANs using Multiple Radios: Applications, Experience, and Evaluation

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Wireless Attacks and Defense. By: Dan Schade. April 9, 2006

Securing Internet Communication: TLS

Overview of Security

Introduction and Statement of the Problem

Security in Ad Hoc Networks Attacks

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Detection and Localization of Multiple Spoofing using GADE and IDOL in WSN. U.Kavitha 1.

Network Security. Thierry Sans

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Security Using Digital Signatures & Encryption

VLANs and Association Redirection. Jon Ellch

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Wireless Network Security Spring 2016

Public-key Cryptography: Theory and Practice

Computer Networks & Security 2016/2017

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015

Requirements from the

CS 425 / ECE 428 Distributed Systems Fall 2017

Multipot: A More Potent Variant of Evil Twin

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

What is Eavedropping?

Sleep/Wake Aware Local Monitoring (SLAM)

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

Wireless Challenges : Computer Networking. Overview. Routing to Mobile Nodes. Lecture 25: Wireless Networking

Wireless Network Security Spring 2014

Last lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection. Shell code

Network Security Issues and New Challenges

Detection and Localization of Multiple Spoofing Attackers in Wireless Networks Using Data Mining Techniques

CS 494/594 Computer and Network Security

Trusted Platform for Mobile Devices: Challenges and Solutions

How Insecure is Wireless LAN?

CND Exam Blueprint v2.0

Cyber-physical intrusion detection on a robotic vehicle

Lecture 9. Authentication & Key Distribution

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Cyber Moving Targets. Yashar Dehkan Asl

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

typedef void (*type_fp)(void); int a(char *s) { type_fp hf = (type_fp)(&happy_function); char buf[16]; strncpy(buf, s, 18); (*hf)(); return 0; }

Wireless and Mobile Networks Reading: Sections 2.8 and 4.2.5

Building a Secure Wireless Network. Use i and WPA to Protect the Channel and Authenticate Users. May, 2007

Overview of Information Security

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Ju-A A Lee and Jae-Hyun Kim

The 8 th International Scientific Conference DEFENSE RESOURCES MANAGEMENT IN THE 21st CENTURY Braşov, November 14 th 2013

ECCouncil Certified Ethical Hacker. Download Full Version :

(2½ hours) Total Marks: 75

CSC 574 Computer and Network Security. TCP/IP Security

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Wireless Network Security Spring 2014

A SIMPLE INTRODUCTION TO TOR

Lecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422

The Protocols that run the Internet

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

CSc 466/566. Computer Security. 18 : Network Security Introduction

Network Security (NetSec)

Transcription:

Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe

Talk Overview Security has been one of the great detractors for wireless technologies (and the Internet, too!) We have a chance to consider security as we redesign the network Think about the questions: Should security be considered separately from the network? What benefits are there if we integrate security into the network? Should we reevaluate the definition of security? How private do we really want our lives? This talk will not focus on classical Internet Security but on Wireless Security Wireless security has its own Spam problems that it needs to deal with

Through the Looking Glass, the Wireless World Key properties and differentiators that make wireless desirable Ubiquity Mobility Resource adaptability Location Portability Affordability Megarray XC2V6000 Connector- FPGA 244 Configurable I/O pins TMS320C6701 100BaseT Ethernet MPC8260 Extendibility Platform heterogeneity

Reevaluating the Security Paradigm System (CIA) Paradigm Algorithmic Paradigm Confidentiality Integrity Availability Data Confidentiality These paradigms have been the traditional frameworks for security on conventional Data Integrity networks, but what can we do differently for wireless systems? Authentication Non-repudiation

Reevaluating the Security Paradigm, pg. 2 Non Repudiation Intrusion Detection Confidentiality Availability Integrity Wireless is easy to sniff. RF The energy value radiates, of a Wireless wireless and hardware/equipment network wireless We still is need its encryption services entities promise within of need ubiquitous the radio be safe coverage availability. from and modification. key management. pattern may serve as witnesses for the Forensics We still need Data/control traditional security info Key should methods. freshness not be is an issue. Wireless actions networks of the transmitter. modified are before easy to or break! during transit. But The the Location pervasiveness wireless is world a Perpetual new of the has form wireless additional connectivity of information problems can mean and RF new signals modalities provide for Wireless solutions! networks will be the networks provided should by not wireless mean constant systems that signatures surveillance! just that that will can be perturbed platform of choice for attacks. anyone facilitate can With new participate! services. snooping by physical Location one can bodies. monitor Privacy Example: information mobility and Should handoffs the network keep track of We can Rogue integrate needs APs to wireless be Wireless trusted. trip-wires resources between (e.g. power and networks. forensic evidence? into future wireless deployments! spectrum) must be managed. Physical Greedy Location user behavior will cause Security resource management Services to malfunction. Resource Management

Drill Down: Specific Challenges and Some Strategies

Availability Attack: Radio Interference Alice and Bob are attacked by malicious Mr. X. A story for the problem of wireless denial of service attack we focus on. Alice and Bob two communicating nodes, A and B. Mr. X an adversarial interferer X. Mr. X s insane behavior the jamming style DoS. People and nodes in wireless network both communicate via shared medium. Jamming style DoS Attack: Behavior that prevents other nodes from using the channel to communicate by occupying the channel that they are communicating on Bob AP 1 AP 2 @#$%%$#@& Hello Hi Alice Mr. X D A AP 0 X 0 X 1 B C A B C D E X F G H I J K L

Availability: Jamming Detection/Defense Detection: Challenge is to discriminate between legitimate causes of poor connectivity and jamming Motivation from The Art of War by Sun Tze: He who cannot defeat his enemy should retreat. Defense Strategies: Spectral Evasion (Channel Surfing) Spatial Evasion Latency and synchronicity is an issue as you move to many node networks! SDRs will allow more advanced forms of spectral evasion. SS(dBm) Packet Delivery Rate 1.5 1 0.5 0 Jammed Region PDR VS. SS PDR % Channel Surfing Experiment Jammer turned on Change channel Trial Number (Time)

Availability Attack: Wireless Spoofing Many wireless security threats are possible because it is easy to spoof legitimate devices (ioctl/ipconfig) Example Attacker armed with a laptop having 2 wireless cards. One card monitors all TCP traffic on the AP channel Second card sends back TCP replies to select TCP requests (e.g. all requests for a particular web page). These are sent as if appearing from the server the user was connecting to. At the MAC layer the attacker spoofs AP by injecting custom 802.11x frames with AP s source MAC address. Results: The user session is hijacked. Requested service is DoSed. Easy to launch flooding DoS attacks at higher-layer buffers Internet MAC: x.y.z.w MAC: x.y.z.w Late!

Availability: Spoofing Defense Spoofing can be addressed through authentication services Traditional authentication services employ cryptographic solutions (e.g. MACs, signatures) Light-weight alternatives can reduce the load on buffers into cryptographic functions A lesson learned from 802.11: 802.11 has several fields controlled by firmware, which are hard for an attacker to bypass The 12bit sequence # field is increased monotonically by 1 for each packet Monotonicity provides a rule whose violation is easy to detect The sequence number was not intended to be a security field, but it can be! We may introduce filters that check monotonic conditions (or more generic rules)

Wireless Localization Security Location information will facilitate new computing services Location-based file access control Problem: Localization methods are not secure! Traditional cryptography and network security can address cryptographic attacks (Is this beacon really from the AP?) Is cryptography alone enough? No! Localization algorithms depend on measurements that are susceptible to attack!!

Attacks on Signal Strength Distance is measured using the relationship between received signal strength and distance Adversary may affect the receive signal power by: Alter transmit power of nodes Remove direct path by introducing obstacles Introduce absorbing or attenuating material Introduce ambient channel noise Power Received r 2 r 1 d 1 d 2 Distance Absorbing Material

Defenses for Wireless Localization Don t rely entirely on traditional security! Two-tier approach to defending wireless localization Add Security and Robustness! Attacks S E C U R I T Y R A O L B G U O S R T I T A H L M G Add Authentication, Entity Verification, Etc See SerLoc, SPINE, ROPE

Intrusion Detection & Locationing z Idea: Use resource management to affect security. Set up different power configurations and alternate between them randomly. z Result: Wireless devices will change their association as they can no longer hear a BS/AP We may use this to locate a wireless device Intruders in a wireless network will not be able to fake a location z Question: How to modulate the power configurations to best isolate a mobile device? Service degradation from reassociations? MT1 Associated with AP1, MT2 Associated with AP1 MT1 Associated with AP2, MT2 Associated with AP1

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback