System Threat Analysis Case Study for Software Based Communications

Similar documents
SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS

Define information security Define security as process, not point product.

What is Eavedropping?

Wireless LAN Security (RM12/2002)

Wireless Attacks and Countermeasures

Session 4 - Commercial SDR. Wednesday 13:30 15:30

Wireless e-business Security. Lothar Vigelandzoon

A Review Paper on Network Security Attacks and Defences

تاثیرفناوری اطالعات برسازمان ومدیریت جلسه هشتم و نهم

PRODUCT GUIDE Wireless Intrusion Prevention Systems

Most Common Security Threats (cont.)

Ethical Hacking and Prevention

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Today s challenge on Wireless Networking. David Leung, CISM Solution Consultant, Security Datacraft China/Hong Kong Ltd.

D. The bank s web server is using an X.509 certificate that is not signed by a root CA, causing the user ID and password to be sent unencrypted.

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Chapter 4. Network Security. Part I

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Wireless Network Security Fundamentals and Technologies

Security+ SY0-501 Study Guide Table of Contents

Frequently Asked Questions WPA2 Vulnerability (KRACK)

5. Execute the attack and obtain unauthorized access to the system.

Detecting & Eliminating Rogue Access Point in IEEE WLAN

Chancen und Risiken im Bereich von WLAN's. FGSec - Vorabendveranstaltung 20. Juni 2002 Uwe B. Kissmann

Outline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Wireless Network Security

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Mobile Security Fall 2013

ANATOMY OF AN ATTACK!

Submitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

Wireless Security Security problems in Wireless Networks

Cryptography and Network Security

IC32E - Pre-Instructional Survey

Requirements for Building Effective Government WLANs

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Motorola AirDefense Retail Solutions Wireless Security Solutions For Retail

CHAPTER 8 SECURING INFORMATION SYSTEMS

Trusted Platform for Mobile Devices: Challenges and Solutions

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

LESSON 12: WI FI NETWORKS SECURITY

Home Computer and Internet User Security

Process System Security. Process System Security

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

A HIGH ASSURANCE WIRELESS COMPUTING SYSTEM (HAWCS ) ARCHITECTURE FOR SOFTWARE DEFINED RADIOS AND WIRELESS MOBILE PLATFORMS

ASC Chairman. Best Practice In Data Security In The Cloud. Speaker Name Dr. Eng. Bahaa Hasan

Ceedo Client Family Products Security

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Network Security Issues and Cryptography

Building High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

ClearPath OS 2200 System LAN Security Overview. White paper

CSWAE Certified Secure Web Application Engineer

What is a Wireless LAN? The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in Ne

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Advanced Diploma on Information Security

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Mobile Devices prioritize User Experience

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Virtual Dispersive Networking Spread Spectrum IP

Chapter 1 Describing Regulatory Compliance

ABSTRACT. The rapid growth in Wireless networking brought the need for securing the wireless


Exam : Title : Security Solutions for Systems Engineers. Version : Demo

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

Wireless Networking Basics. Ed Crowley

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Campus Network Design

Wireless and Network Security Integration Solution Overview

Secure Mobility Challenges. Fat APs, Decentralized Risk. Physical Access. Business Requirements

Chapter 11: It s a Network. Introduction to Networking

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Chapter 10: Security and Ethical Challenges of E-Business

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

The MILS Partitioning Communication System + RT CORBA = Secure Communications for SBC Systems

CSE 565 Computer Security Fall 2018

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Distributed Systems. Lecture 14: Security. 5 March,

Wireless LAN Security. Gabriel Clothier

Security and Authentication

Chapter 11: Networks

Access Controls. CISSP Guide to Security Essentials Chapter 2

NETWORK THREATS DEMAN

Certified Ethical Hacker

Cyber Criminal Methods & Prevention Techniques. By

Karthik Pinnamaneni COEN 150 Wireless Network Security Dr. Joan Holliday 5/21/03

Certified Ethical Hacker (CEH)

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

CompTIA Security+(2008 Edition) Exam

Application Defense: An emerging Security Concept

COMPUTER NETWORK SECURITY

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

Hacking Exposed Wireless: Wireless Security Secrets & Colutions Ebooks Free

Systems and Network Security (NETW-1002)

Transcription:

System Threat Analysis Case Study for Software Based Communications David K. Murotake, Ph.D. dmurotak@scatechnica.com Mobile: (603) 321-6536 www.scatechnica.com SBC Workshop 2004 1

Introduction Software based communications (SBC) Becoming mainstream technology Commercial, civil and military mobile terminals and access points. IEEE 802.11 Wireless Fidelity (WIFI) provides a useful case study Weak security design open to blended attacks Radio and computer interfaces Wireless and traditional Internet hacking exploits Highlight potential dangers posed by hackers against networks of SBC s. SBC Workshop 2004 2

What is a Software Radio? Reconf. MB/MM Antennas, Tx, Rx RF RX A/D RF TX D/A Reconf. A/D D/A Modem Reconf. Security Waveform Core Framework Reconf. Codec Security Host Computer Network Interface Middleware & OS HMI/GUI User I/O Storage A software defined radio (SDR) can switch between waveforms (such as AM, FM, SINCGARS, Have Quick, DAMA, JTIDS) without hardware changes by downloading software and firmware to reconfigurable modems, codecs and security chipsets. Software radios are expected to be mainstream in commercial and consumer wireless devices within five years. Leading-edge users are already adopting SDR. The US Government is procuring over $6 billion worth of Joint Tactical Radio System () SDR s complying with the Software Communications Architecture (SCA) within the next five years. SBC Workshop 2004 3

SDR Radio System Components Radio System 1 1..n Administration System Radio Set 1..* Administration Station 1 Radio Set Platform 0..n Application Hw Platform 1 1 Sw Platform Waveform Application Administration Application Waveform SBC Workshop 2004 Component 4 Figure source: SDR Use Cases OMG swradio/2003-05-02

SDR Radio System Vulnerabilities Weak or nonexistent security policy Compromised network access data base Weak or nonexistent firewall and defensive software suite 1 Administration System Radio System 1..n Radio Set Weak or nonexistent security policy Compromised terminal access data base Weak or nonexistent firewall and defensive software suite 1..* Administration Station 1 Radio Set Platform Exploitable OS Exploitable Middleware Weak SW encryption 0..n Application Hw Platform 1 1 Sw Platform Waveform Application Administration Application Exploitable architecture Weak or nonexistent HW security kernel Exploitable drivers Weak waveform design Waveform Corrupted download Component SBC Workshop 2004 5 Figure source: SDR Use Cases OMG swradio/2003-05-02, with modifications by

The System Threat: WIFI Case Study SBC Workshop 2004 6

Hackers & Willing Victims Hackers Not just college kids with too much time on their hands Rogue radio reconnaissance operators from displaced intelligence agencies Rogue mathematicians and computer scientists Industrial espionage Terrorists Intelligence agencies Willing victims Rogue WLAN s are those operating despite corporate regulations banning WLAN (because of security threat) Over 30% of corporations and government agencies have rogue nodes operating Over 80% of WIFI access points are unencrypted Most users having any difficulty with encryption turn it off and operate in the clear Most users will do ANYTHING for an internet connection NOW SBC Workshop 2004 7

WIFI Threat: Hacker Tools Software Tools Downloadable from internet (most are Linux based) Stumblers allow wireless hackers to explore the network characteristics of wireless access points (base stations) and mobile terminals Sniffers intercept, display, and store data being transmitted over the network Crackers break encryption codes, such as Wired Equivalent Protection (WEP) Enterprise level tools available (e.g. AirMagnet) Malicious software (e.g. keystroke repeaters) Hardware Tools Modified wireless cards, access points, and software drivers High gain antennas (used with hacker mobile terminals or access points) Power amplifiers (used with hacker terminals or access points; often illegal) Enterprise level (professional grade) tools available including hand-held products; can be used by both IT managers and hackers SDR s SDR smay be be the the ultimate hacking tool tool in in the the wrong wrong hands hands SBC Workshop 2004 8

Wireless Attack Methods Threat Category Unauthorized access to data Threats to integrity Denial of service Unauthorized access to services Repudiation Attacks on Radio Interface Example: Use of stumbler SW to detect WIFI hot spots, identify wireless access point (WAP) characteristics. Use of sniffer SW to intercept data. Hacking encryption codes using SW e.g. WEPCRACK. Planting malicious SW in radio component. Intruders may prevent user traffic, signaling data and control data from being transmitted on the radio interface, e.g. jamming. The intruder first masquerades as a base station towards the user, then hijacks his connection after authentication. Repudiation of user traffic origin: A user could deny that he entered the network (no access logs). Attacks on Other Parts of System Intruders may eavesdrop signaling data or control data on any system interface, whether wired or wireless. This may be used to conduct other attacks on system. Intruders may modify, insert, replay or delete signaling or control data on any system interface, whether wired or wireless. Planting malicious software on computer. Intruders may attempt to prevent user traffic by a coordinated transmission of large numbers of packets by means of a virus infection of a network.. Intruders may impersonate a user to utilize services authorized for that user. Repudiation of user traffic origin: A user could deny that he sent user traffic. Security Threats and Requirements; 3GPP TS 21.133 V4.1.0 (2001-12); 3rd Generation Partnership Project, Technical Specification Group Services and Systems Aspects. SBC Workshop 2004 9

The WIFI Hacking Scenario 1. Internet 1. Internet 2. Cable/DSL Modem 3. Hardware Firewall 4. Server w/ Software Anti- Virus Apps and Firewall 6. Local Area Network ` 9. Hacker 5. Printer 2. Cable/DSL Modem 3. Hardware Firewall 5. WLAN Access Point 6. WLAN 4. Server Over 30% of corporate networks have rogue WIFI users 9. Hacker WLAN Access Point 7. Laptop w/biometrics 8. PC w/biometrics 7. Laptop w/wlan modem 8. Hacker w/wlan modem The The blended attack allows hackers to to penetrate the the wireless layer and and gain gain full full access to to the the mobile computer SBC Workshop 2004 10

Blended Attacks against WIFI Attack vs unencrypted WIFI infrastructure Use stumbler SW to detect wireless network, obtain wireless access point (WAP) control information Enter network and use sniffer SW to obtain unauthorized access to data Install malicious software (malware) on PC to obtain unauthorized access to computer information Attack vs WEP encrypted WIFI Use stumbler SW to detect WAP control information Method 1: Use hacking software, e.g. WEPCRACK, to break WEP encryption code. Enter network and use sniffer to obtain unauthorized access to data Method 2: Use Denial Of Service (jamming) attack on target WAP. Force users to turn off encryption. Users automatically switch to Hacker s WAP on another channel. Install malicious software (malware) on PC to obtain unauthorized access to computer information Attack vs WPA encrypted WIFI Use stumbler SW to detect WAP control information Use Denial Of Service (jamming) attack on target WAP. Force users to turn off encryption. Users automatically switch to Hacker s WAP on another channel Install malicious software (malware) on PC to obtain unauthorized access to computer information SBC Workshop 2004 11

System Threat Analysis Conclusions Wireless computers are vulnerable to blended attacks WIFI has a weak security design Hackers have access to sophisticated, enterprise grade tools Coordinated attacks against the radio and computer interfaces Coordinated attacks against mobile terminal and access point Wireless computers must protect against blended attacks Holy Grail #1: Protect mobile terminals without requiring changes to existing (weak) standards or access points Holy Grail #2: Protect access points (and corporate networks) without requiring changes to existing (weak) standards or upgrades to mobile terminals Be able to leverage improved WIFI standards (e.g. 802.11 g) Protecting the data using encryption is not enough Must protect the integrity of the underlying computer system against malicious software e.g. keystroke repeaters SBC Workshop 2004 12

Software Radio Security Architecture SBC Workshop 2004 13

Software/firmware categories for commercial wireless devices Source: Document DL-SIN, Final Draft, SDRF-02-W- 0005-V0.30, 31 August 2004 SBC Workshop 2004 14

SDR Forum Security Reference Model (Draft) Source: Document DL-SIN, Final Draft, SDRF-02-W- 0005-V0.30, 31 August 2004 SBC Workshop 2004 15

Security Framework (Gallery 2003) Entity Roles and Responsibilities Digital Signatures Public Key Infrastructure (PKI) Virus Scanning Trust Relationships Proof Carrying Code (PCC) Path Histories Source: Gallery, E. (2003). A Policy-Based Framework for the Authorisation of Software Downloads in a Mobile Environment. 2003 Software Defined Radio Technical Conference, Session SY-2. SBC Workshop 2004 16

Recommended Security Features (Defense-in-depth) 1. Security Policy Enforcement and Management 2. Information Integrity 3. Authentication and Non-repudiation 4. Access Control 5. Encryption and Decryption Services 6. Key and Certificate Management 7. Standardized Installation Mechanisms 8. Auditing and Alarms 9. Configuration Management 10.Memory Management 11.Emissions Management 12.Computer Security, including virus scanning and firewalls SBC Workshop 2004 17

Red/Black Security (SCA 2.2) Example of Layered Defense In Depth RF Non-CORBA Non-CORBA Non-CORBA Modem Modem Modem Modem Modem Translate API Modem Agent Agent Connect, Interconnect JCF CORBA CORBA ORB ORB && JCF CF Services Services Services Services Services & (Middleware) (Middleware) POSIX Operating System POSIX POSIX Operating Operating System System LAN LAN Serial Serial Interface Services LAN & Serial Interface Services Board Board Support Package (Bus (Bus Layer) Board Support Package (Bus Layer) Infosec Agent Agent Non-CORBA Non-CORBA Non-CORBA Infosec Infosec Infosec Infosec Translate API Infosec Infosec Agent Agent Core Framework IDL ( Logical Software Bus ) Host Translate API NetProtocol, Internetwork Modem NAPI Link, Network NAPI Link, Network NAPI Host Host Agent Agent CORBA ORB JCF CORBA CORBA ORB ORB && JCF CF Services (Middleware) Services Services Services Services & (Middleware) (Middleware) POSIX POSIX Operating Operating System System LAN LAN Serial Serial Interface Interface Services Services LAN & Serial Interface Services Board Board Support Support Package Package (Bus (Bus Layer) Layer) Board Support Package (Bus Layer) Non-CORBA Non-CORBA HCI HCI Host Host HCI Black Hardware Bus Red Hardware Bus Source: JPO, Joint Program Status Update, 30 June 2003 and/or Legacy Core Framework (JCF) SBC Workshop 2004 18 Commercial Off-the-Shelf (COTS)

Biometric Sensor Model Figure: Ratha et al, Enhancing security and privacy in biometrics-based authentication systems, IBM Systems Journal 40:3, 2001 Model can be generalized to include: Password entry Fingerprint scanner Speaker verification Retinal scanning Face/body recognition RF watermarks Radio fingerprinting Synergistic with software radio Figure source: Sonetech Corporation SBC Workshop 2004 19

SDR Security Architecture Conclusions SDR security is a system level problem Must understand the system threat and requirements Blended attacks against radio and computer layers Must protect Both the mobile clients and servers Mobile radio, mobile host Server radio, server host Integrity of software applications and downloads SDR Forum Download Security, Installation and Instantiation (DSII) Integrity of the reconfigurable platform Defeat blended attacks Employ defensive layers, firewalls, intrusion detection, virus protection Integrate biometric and radiometric assurance techniques Employ trusted architecture, high assurance operating systems and middleware Integrity of the analog signal or data from exploitation/compromise Employ Security oriented architecture with defensive layer to defeat blended attacks High assurance components e.g. MLS orb and OS to enhance platform integrity Integrated, multi-mode biometrics etc. for improved end to end assurance SBC Workshop 2004 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback