Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe
Talk Overview Security has been one of the great detractors for wireless technologies (and the Internet, too!) We have a chance to consider security as we redesign the network Think about the questions: Should security be considered separately from the network? What benefits are there if we integrate security into the network? Should we reevaluate the definition of security? How private do we really want our lives? This talk will not focus on classical Internet Security but on Wireless Security Wireless security has its own Spam problems that it needs to deal with
Through the Looking Glass, the Wireless World Key properties and differentiators that make wireless desirable Ubiquity Mobility Resource adaptability Location Portability Affordability Megarray XC2V6000 Connector- FPGA 244 Configurable I/O pins TMS320C6701 100BaseT Ethernet MPC8260 Extendibility Platform heterogeneity
Reevaluating the Security Paradigm System (CIA) Paradigm Algorithmic Paradigm Confidentiality Integrity Availability Data Confidentiality These paradigms have been the traditional frameworks for security on conventional Data Integrity networks, but what can we do differently for wireless systems? Authentication Non-repudiation
Reevaluating the Security Paradigm, pg. 2 Non Repudiation Intrusion Detection Confidentiality Availability Integrity Wireless is easy to sniff. RF The energy value radiates, of a Wireless wireless and hardware/equipment network wireless We still is need its encryption services entities promise within of need ubiquitous the radio be safe coverage availability. from and modification. key management. pattern may serve as witnesses for the Forensics We still need Data/control traditional security info Key should methods. freshness not be is an issue. Wireless actions networks of the transmitter. modified are before easy to or break! during transit. But The the Location pervasiveness wireless is world a Perpetual new of the has form wireless additional connectivity of information problems can mean and RF new signals modalities provide for Wireless solutions! networks will be the networks provided should by not wireless mean constant systems that signatures surveillance! just that that will can be perturbed platform of choice for attacks. anyone facilitate can With new participate! services. snooping by physical Location one can bodies. monitor Privacy Example: information mobility and Should handoffs the network keep track of We can Rogue integrate needs APs to wireless be Wireless trusted. trip-wires resources between (e.g. power and networks. forensic evidence? into future wireless deployments! spectrum) must be managed. Physical Greedy Location user behavior will cause Security resource management Services to malfunction. Resource Management
Drill Down: Specific Challenges and Some Strategies
Availability Attack: Radio Interference Alice and Bob are attacked by malicious Mr. X. A story for the problem of wireless denial of service attack we focus on. Alice and Bob two communicating nodes, A and B. Mr. X an adversarial interferer X. Mr. X s insane behavior the jamming style DoS. People and nodes in wireless network both communicate via shared medium. Jamming style DoS Attack: Behavior that prevents other nodes from using the channel to communicate by occupying the channel that they are communicating on Bob AP 1 AP 2 @#$%%$#@& Hello Hi Alice Mr. X D A AP 0 X 0 X 1 B C A B C D E X F G H I J K L
Availability: Jamming Detection/Defense Detection: Challenge is to discriminate between legitimate causes of poor connectivity and jamming Motivation from The Art of War by Sun Tze: He who cannot defeat his enemy should retreat. Defense Strategies: Spectral Evasion (Channel Surfing) Spatial Evasion Latency and synchronicity is an issue as you move to many node networks! SDRs will allow more advanced forms of spectral evasion. SS(dBm) Packet Delivery Rate 1.5 1 0.5 0 Jammed Region PDR VS. SS PDR % Channel Surfing Experiment Jammer turned on Change channel Trial Number (Time)
Availability Attack: Wireless Spoofing Many wireless security threats are possible because it is easy to spoof legitimate devices (ioctl/ipconfig) Example Attacker armed with a laptop having 2 wireless cards. One card monitors all TCP traffic on the AP channel Second card sends back TCP replies to select TCP requests (e.g. all requests for a particular web page). These are sent as if appearing from the server the user was connecting to. At the MAC layer the attacker spoofs AP by injecting custom 802.11x frames with AP s source MAC address. Results: The user session is hijacked. Requested service is DoSed. Easy to launch flooding DoS attacks at higher-layer buffers Internet MAC: x.y.z.w MAC: x.y.z.w Late!
Availability: Spoofing Defense Spoofing can be addressed through authentication services Traditional authentication services employ cryptographic solutions (e.g. MACs, signatures) Light-weight alternatives can reduce the load on buffers into cryptographic functions A lesson learned from 802.11: 802.11 has several fields controlled by firmware, which are hard for an attacker to bypass The 12bit sequence # field is increased monotonically by 1 for each packet Monotonicity provides a rule whose violation is easy to detect The sequence number was not intended to be a security field, but it can be! We may introduce filters that check monotonic conditions (or more generic rules)
Wireless Localization Security Location information will facilitate new computing services Location-based file access control Problem: Localization methods are not secure! Traditional cryptography and network security can address cryptographic attacks (Is this beacon really from the AP?) Is cryptography alone enough? No! Localization algorithms depend on measurements that are susceptible to attack!!
Attacks on Signal Strength Distance is measured using the relationship between received signal strength and distance Adversary may affect the receive signal power by: Alter transmit power of nodes Remove direct path by introducing obstacles Introduce absorbing or attenuating material Introduce ambient channel noise Power Received r 2 r 1 d 1 d 2 Distance Absorbing Material
Defenses for Wireless Localization Don t rely entirely on traditional security! Two-tier approach to defending wireless localization Add Security and Robustness! Attacks S E C U R I T Y R A O L B G U O S R T I T A H L M G Add Authentication, Entity Verification, Etc See SerLoc, SPINE, ROPE
Intrusion Detection & Locationing z Idea: Use resource management to affect security. Set up different power configurations and alternate between them randomly. z Result: Wireless devices will change their association as they can no longer hear a BS/AP We may use this to locate a wireless device Intruders in a wireless network will not be able to fake a location z Question: How to modulate the power configurations to best isolate a mobile device? Service degradation from reassociations? MT1 Associated with AP1, MT2 Associated with AP1 MT1 Associated with AP2, MT2 Associated with AP1