Wireless Security Security problems in Wireless Networks
Security of Wireless Networks Wireless networks are everywhere more and more electronic devices are becoming wireless However, ensuring security in wireless networks are challenging Wireless links are open to all entities no physical protection of links anyone can send and receive from the channel Links are broadcast in nature overhearing signals, generating collisions Power and computing resource on are usually limited Many wired solutions are not practical 2
Example Attacks Eavesdropping the transmission Injecting bogus messages Replaying previous recorded message Unauthorized access to services Denial of service Signal jamming 3
Protecting Wireless Networks Confidentiality Messages sent over wireless links must be always encrypted Integrity The original of messages must be verified No one can modify messages without being detected The freshness of the messages must be ensured Availability Service shall be always available Jamming has to be handled 4
Security Attacks Weakness in wireless systems Design level and implementation level Attacks at different layers Physical layer: jamming MAC layer: jamming, selfish behavior Network layer: routing, selfish behavior 5
Physical Layer Radio signal comes with noise SNR must be good enough for decoding Jamming Constant jamming Inject noise signal continuously Reactive jamming Jam only when there are signals in the air More effective, but you need to detect the presence of radio signal 6
MAC Layer Fingerprinting physical devices user privacy: tracking a specific user location privacy: determine the location of a specific device/user Three methods Using clock skew Using radio frequency characteristics Using RSS signature Fingerprinting could be used for legitimate purpose It could be fooled by attackers 7
MAC Layer Jamming Constant jamming Send packets continuously Reactive jamming Send packets to corrupt existing transmission Selfish behavior Manipulate MAC protocol to maximize bandwidth Send packets without any back-off timer 8
Network Layer Sybil attacks Node replication attacks Wormhole attacks Selective routing Routing black-hole Identify privacy Location privacy 9
Case Studies GSM security WiFi security Bluetooth security 10
GSM Security Main security component subscriber authentication challenge-response protocol based on a long-term key shared with the home network operator support roaming without leaking long-term key Other security components Confidentiality of the communication Messages are always encrypted with proper keys user privacy Temporary identifiers during the network access 11
The SIM Card Subscribers must establish security associations with the network Subscriber Identify Module (SIM card) Tamper resistant Information are destroyed if there is any physical tampering Protected by a PIN code Removable from the phone Contain all data specific to an end user Identity, PIN, secret keys, phone logs,... 12
GSM Authentication Mobile Station Visited Network Home network Identity (IMSI) K R Identity (IMSI) (Ke, R, S) Ke S K R R Ke S S S = S? 13
Issues Focus on the protection of wireless communication the wired part is not considered The visited network has all the data except the master secret key Privacy of users are of great concern Successful attacks have been reported Fake base stations Cloning of the SIM card Tamper-resistance is not 100% guarantee 14
WiFi Security WEP (Wired Equivalent Privacy) Part of 802.11 specification Focus on the protection of wireless part Make sure that it is at least as secure as a simple wired LAN (without extra protection) Not intended for strong security Services include access control to the wired network Done through the access point (AP) message confidentiality and integrity 15
WEB Authentication A user device needs to authenticate itself to the AP Based on a preset key between the device and the AP You need to get this key before joining the WiFi network The protocol STA->AP: request AP->STA: challenge (r) //128 bits long STA->AP: response (e k (r)) AP->STA: Success/Fail 16
WEP Encryption Based on RC4 (by Rivest for RSA 1987) Encryption procedure For each message RC4 is initialized with the shared secret and IV IV (24 bits) changes for every message RC4 produces a pseudo-random byte sequence This byte sequence is XORed to the message Integrity Protection Based on an encrypted CRC value Compute an ICV and append it to the message The message and ICV are encrypted together 17
Detailed Protocol Encryption IV, K^(Message ICV) Decryption Extract IV K^(the remaining part) -> recovered message -> (Message ICV ) Checks if Message and ICV matches K= RC4(IV secret key) The pseudo random byte sequence 18
WEP Keys Shared keys A default key for encryption/decryption You can have multiple default keys But in practice, we often use one default key users use the same key for access They can decrypt each other s message Key mapping keys Individual keys for users AP maintains a table of keys shared with users An index is used to determine which one to use 19
WEP Flaws Access point is not authenticated A user may establish connection with a rogue AP Traffic to and from users may intercepted Impersonation during authentication Protocol AP->STA: r STA->AP: IV r^k Attacker can recompute K and impersonate STA AP->attacker: r attack->ap: IV r ^K 20
WEP Flaws Replay attack IV does not have to be increased after each message IV can be reused FIX: increase IV by 1 for every message ICV problem CRC used for computing ICV is a linear function CRC(X^Y)=CRC(X)^CRC(Y) Attacker intercept ((M CRC(M)) ^ K) And XOR it with (M ^ M CRC(M ^ M)) Where M is the target message 21
WEP Flaws IV reuse Assume it increases by 1 for every message) However, IV is 24 bits long -> 16,777,216 possibilities After 16M messages, IV will be reused e.g., 11Mbps AP-> 700 packets per second -> 7 hours Weak RC4 keys Due to the user of IV, RC4 will use a lot of keys during message transmission However, some of the keys are weak RC4 output is not random in the beginning Attacker can thus recover shared secret if a weak key is computed WEP encryption will be broken after a few million of messages 22
Bluetooth Security Short-range radio communication Hard to eavesdrop PIN is used for establishment of keys However, PIN is 4-digit value You can easily crack it off-line Privacy issues Fixed and unique device address 23