![Page 1: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/1.jpg)
Seminar 2A
8:30AM-Noon April 10, 2007
EDUCAUSE Security Professionals Conference
H. Morrow Long, CISSP, CISM, CEHDirector - Information Security
Yale University
Wireless Security forMobile Devices
![Page 2: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/2.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 2
Copyright Notice
Copyright H. Morrow Long 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
![Page 3: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/3.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 3
Description
A discussion of the security issues involved in a multitude of wireless data technologies including PPP over cellular, IEEE Cellular and Mobile Data (one way
and two way pagers), IEEE 802.11a/b/g/i, WEP, WPA as well as IEEE 802.1X, WEP, WAP’s WTLS, Bluetooth, ZigBee, CPDP, 1RTT, EVDO and SMS.
A useful guide to the relative information security risks to an individual or organization involved in wireless data technologies including those used by pagers, cellphones, PDAs, assorted networked ‘appliances’ and wireless WANS, LANS and PANs
![Page 4: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/4.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 4
Outside workshop scope:
Private Mobile RadioPrivate MicrowaveShortwave Radio IPDirectPCSkyDSL / Aloha Networks High Speed ISPMobile Satellite data services Iridium (Motorola, et. al) GlobalStar (Qualcomm, Loral) Teledesic (Gates/McCaw)
Digital cordlessIrDA
![Page 5: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/5.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 5
Topics
Introduction, History and Evolution of Wireless DataTerminology Definitions: Wireless Data SecurityWireless Data Risks and ThreatsPager SecurityCellular Phone Security Analog Digital
Wireless Data Security Non-IP Mobile Data Access Networks Wireless PANs / Pico-Nets
Wireless LANs and VLANs 802.11 / WiFi
![Page 6: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/6.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 6
Introduction
Prediction for the Late 1990s
“Most people now carry a portable radio transceiver with a Touchtone keyboard. They have a wallet full of credit-card size overlays. When an individual is dialed, he can be reached in most parts of the country. The zones of radio in-accessibility are diminishing. It has been suggested that the public should be issued with transceivers that transmit their national identification number, even when switched off. These devices would help in controlling crime, which is still growing at an appalling rate. They would also be used in most financial transactions.”
- James Martin, 1971, “Future Developments in
Telecommunications”, p. 355, Prentice Hall.
![Page 7: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/7.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 7
Introduction
•Workers connect wireless home LANs to the Internet at high speed.
•Workers set up office PCs to push data to PDAs over Internet.
•Senior US Government official told staff he wanted wireless access. They set up a demo of all kinds of reports and data availability. Turns out he just wanted an alphanumeric pager.
•INS considers a ban on the use of personal devices to hold data.
•Doctors are buying PDAs and putting notes & data on patients in them.
•Army Material Command giving senior managers Blackberry 2-way pagers.
•Pentagon issues a warning reminder that wireless LANs are not allowed in the Pentagon, nor may mobile wireless devices enter most DOD areas.
![Page 8: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/8.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 8
Mobile Wireless Voice – History
Radio-telephones develop 1901-1920First wireless voice AM Radio – 1906Commercial AM Radio Pitt PA – 1920First FM broadcast – 1935 (FM is a big mobile radio help)Military walkie-talkies - 1940Two-way police radios –1930-1950sCommercial RadioTelephone:MTS & IMTS 1946..1965..1976..1980sPrivate mobile radio servicesDC-NYC Metroliner phones – late 1960sCB Radios – 1970s 1G Cellular (Tokyo 1979, Sweden 1981, Chicago 1983)
![Page 9: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/9.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 9
Wireless Data – History and Evolution
McClure's Magazine, February, 1902, pages 291-299: Marconi‘s Achievement. Telegraphing Across The Ocean Without Wires.
![Page 10: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/10.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 10
Wireless Data – History and Evolution
1901 – First Transatlantic telegraph – Marconi Company 1920s commercial service – Marconi CompanyMobile – 1908 Shipboard telegraph – Marconi CompanyEncrypted radiotelegraph messagesAlohanet / Hawaii Radio WAN – 1970sTCP/IP over shortwave (Ham) radio – 1980sCellular V.90 modems – 1990sPDAs and cellphones with digital wireless services$150 Wireless 802.11b Ethernet cards and base stations(Mobile Data + Mobile Internet + Internet) -> Supranet
![Page 11: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/11.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 11
Secure Wireless Data – History and Evolution
Secure telephony over Radio
A-3 – analog “scrambling”• US/UK analog voice privacy system in use at WWII start• Broken by Germans early in WWII, real time decryption
![Page 12: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/12.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 12
Secure Wireless Data – History and Evolution
Secure telephony over Radio
SIGSALY Secure Digital Voice Communications• First useful use of :
– Companded PCM encoding of voice (vocoder – BTL 1936-9)– Enciphered telephony, quantized speech transmission– Speech bandwidth compression– Spread Spectrum technology– multilevel Frequency Shift Keying (FSK) and FDM (Frequency Division Multiplex) as a
viable transmission method over a fading medium– Weighted 90 tons, ocupied a large room.– Special phongraph records contained a secret key masking voices with white noise– Germans monitored but never broke the system– Declassified in 1976.
• US (BTL, DOD), UK (Turing)
![Page 13: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/13.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 13
Secure Wireless Data – History and Evolution
Alan Turing
![Page 14: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/14.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 14
Secure Wireless Data – History and Evolution
Spread spectrum radio transmission
• Actress Hedy Lamarr and composer George Antheil.
•Patent 2,292,387 given to DOD, Declassified in mid-1980s.
Designed to defeat interception and jamming of sub signals to torpedo by sending multiple coded signals on different frequencies in random pattern.
![Page 15: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/15.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 15
Secure Wireless Data – History and Evolution
Secure telephony over Radio – Other WWII methods Navaho code-talkers
1st Marine Division Ballarat 7 July 1943 Photog: Ashman
Private First Class Preston Toledo (left) and Private First Class Frank Toledo, cousins and Navajos, attached to a Marine Artillery Regiment in the South Pacific will relay orders over a field radio in their native tongue.
OFFICIAL U.S. MARINE CORPS PHOTO USMC #57875
(Paraphrased caption) http://bingaman.senate.gov/code_talkers/men/127-MN-57875/127-mn-57875.html
![Page 16: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/16.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 16
Wireless – Terminology Definition
AMPSDAMPSTDMACDMAGSMPCSISP
• 1G• 2G• 2.5G• 3G• Dual-mode• Tri-mode• SIM• GPS
• Spread-spectrum
• Frequency Hopping
![Page 17: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/17.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 17
Wireless Data – Terminology Definition
CDPD
PPP
EVDO
GPRS
• Portal• WLAN• W-VLAN• WAP• “Web-
clipping”• PQA – Palm
Query App
• IEEE 802.11a
• IEEE 802.11b
• IEEE 802.1x• IEEE
802.11e• IEEE
802.11g• Bluetooth• HomeRF• Jini
![Page 18: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/18.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 18
Wireless Data Security– Terminology Definition
VPNSupranetInternetinternetintranetextranetISP
• PPP CHAP mode
• Firewall• WEP• SSL / TLS• WTLS
• Encryption• Authenticati
on• PKI• LDAP• “Certificate”
![Page 19: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/19.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 19
Wireless Data Risks and Threats Business Needs for Wireless Data Security
Financial / m-commerceEnable Telecommuting for employeesSecure current insecure applications (alerts, remote administration)Provide remote access to important internal information resources (e.g. E-mail)Monitoring/Controlling sensitive and/or important real-world devices (sensors)
![Page 20: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/20.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 20
Wireless Data Risks and Threats – CIA / AAA /etc
Confidentiality - Data ExposureIntegrity - Data Modification/Tampering Availability - Denial of Service to Data/ResourcesAuthentication - Identification vs SpoofingAuthorization - Appropriate Access ControlAccounting - Theft of Service (cloning, wireless ISP)M-commerce - Fraudulent transactions, CC # theftMalicious Software – Trojan Horses, Viruses, Worms, etc.Personal Privacy - Location exposure (new 911 law, GPS)Physical theft of device
![Page 21: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/21.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 21
Wireless Data Risks and Threats
Confidentiality
Sniffing / Eavesdropping / Interception from the airSniffing / Eavesdropping / Interception at endpoint Via Compromise of mobile/wireless device Via Compromise of base station (cell tower / GSM POP)
Stolen devices – stored dataStolen devices – use of keys & secrets for accessBrute Force Decryption / CryptanalysisReplay Attack
![Page 22: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/22.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 22
Alternatives to wireless data service provider encryption
Secure corporate or partner portalsSSL Web servers / Secure ASPs WTLS WAP servers
Secured Applications (SSLized IMAP/POP)Secure Remote Access (Term/File xfer) SSH, Secure Telnet/FTP, FTP over SSL Multiuser NT/W2K (w/WinCE MS Term Srvr Client) Remote Console: CC, PCA, Timbukto, VNC PGP Encrypted Files for transfer over insecure links/email
![Page 23: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/23.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 23
Wireless Data Risks and Threats –
Integrity – Data/etc Modification
Tampering with intercepted data in transitTampering with stored dataTampering with keys & secrets for accessTampering with device identification credentialsTampering with device applications (programs)Replay Attack
![Page 24: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/24.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 24
Wireless Data Risks and Threats
Availability
Denial of Service via Signal Jamming (e.g. Israeli device) Netline C-Guard Cellular Firewall http://www.cguard.com/English/latests/index.html
Non-malicious man-made problemsNatural Disasters in cell areas
![Page 25: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/25.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 25
Wireless Data Risks and Threats
Authentication - Identification Spoofing data in transit – Man in the middleSpoofing the endpoints Cloning analog phones Impersonating servers (e.g. m-commerce web servers or WAP servers)
Cellphone credentials ID #s Phone #s GSM SIM cards
User credentials PINs, Passwords, X.509 “Certificates”, Smartcards
![Page 26: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/26.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 26
Wireless Data Risks and Threats
Authorization – Access Control
Allowing a user or device access to a: Application Network Resource (file, printer, fax)
E.g., Cellular phone companies authorize devices/users for access to their networks: Roaming Long distance calls Local calls 911 calls
![Page 27: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/27.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 27
Wireless Data Risks and Threats
Accounting
Theft of Service: Via cloning Via theft of wireless ISP access credentials Via theft of physical device Via compromise of base station / networked servers / etc. Via fraudulent registration with carrier or ISP
![Page 28: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/28.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 28
Wireless Data Risks and Threats
M-Commerce
Fraudulent transactionsCredit Card number theft At WAP WTLS gateway At Web server endpoint At mobile device endpoint
Other account (customer/employee/vendor) theft.
![Page 29: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/29.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 29
Wireless Data Risks and Threats
Cellphone Malicious Software
E-Mail & WAP browsers too “dumb” to infect?Other push and pull content methods PIM synch
First Cellphone Virus Hoax – “Mobile Phone Virus Hoax” – May 18, 1999
No Known Cellphone Malicious SoftwareFirst Cellphone Messaging Attack – Spanish SMS
![Page 30: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/30.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 30
“Mobile Phone Virus Hoax”
Dear all mobile phone's owners,
ATTENTION!!!
NOW THERE IS A VIRUS ON MOBILE PHONE SYSTEM..
All mobile phone in DIGITAL system can be infected by this virus..If you receive a phone call and your phone display"UNAVAILABLE" on the screen (for most of digital mobile phones with a function to display in-coming call telephone number),DON'T ANSWER THE CALL. END THE CALL IMMEDIATELY!!!BECAUSE IF YOU ANSWER THE CALL, YOURPHONE WIL L BE INFECTED BY THIS VIRUS.. This virus will erase all IMIE and IMSI information from both your phone& your SIM card which will make your phone unable to connect with the telephone network. You will have to buy a new phone.
This information has been confirmed by both Motorola and Nokia..For more information, please visit Motorola or Nokia web sites:
http://www.mot.comhttp://www.mot.com or http://www.nokia.com
There are over 3 million mobile phone being infected by this virus in USA now. You can also check this news in CNN web site:http://www.cnn.com..
Please forward this information to all your friends who have digital mobile phones..
![Page 31: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/31.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 31
“Mobilevirus” Hoax – 3/19/2001
VIRUSINFORMATION VARNING !!!!
----------------------------------------------------------------
Följande har hänt:
Om din mobiltelefon ringer och det blinker: !?UNAVAILABLE!? på
displayen. SÅ SVARA INTE. Din telefonen blir angripen av ett
virus, som raderar alla IMIE och IMSI informationer,
både från telefonen och SIM-kortet.
Och då finns det bara en sak att göra, just det - köpa en ny
telefon.
Både Motorola och Nokia har bekräftat denne information. I USA
har detta virus förstört 3 miljoner mobiltelefoner.
VB DENNA E-MAIL TILL ALLA DU KÄNNER SOM HAR
MOBILTELEFON.
![Page 32: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/32.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 32
PDA/Cellphone Malicious Software
E-Mail Clients and Web browsers
Other push and pull content methods PDA PIM synch
First PDA Virus Hoax – “Hairy Palms” 10/12/97
First PDA Malicious Software: Palm.Liberty.A 8/28/00 Trojan Horse Palm.Vapor 9/22/00 Trojan Horse Palm.Phage.Dropper 9/22/00 Computer Virus
PDA Anti-Virus Software Palm: Symantec, McAfee, CA, Trend, F-Secure EPOC: McAfee, F-Secure PocketPC: McAfee
![Page 33: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/33.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 33
Wireless Data Risks and Threats
Personal Privacy
Location exposure: Passive roaming transmit cellphone #ID continously in cell area. This method is used to
track down fugitives today. Reg 911. New E911 law requirement and methods require greater accuracy:
• Triangulation within cell area – TDOA (Time Difference of Arrival)• AOA – Angle of Arrival (CDMA near-far problem as with TDOA)• Location Pattern Matching• GPS – Global Positioning System -- is one method likely to be used as well as included inside
mobile wireless devices. Under user privacy control.
Caller-ID / ANI / *69Physical theft of device – stored data / credentials / etc. Phone card / Credit card numbers / PINs, Passwords, etc. Traffic Analysis – called #s recorded on mobile device
![Page 34: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/34.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 34
Wireless Data Risks and Threats
Physical theft of device
Loss / Destruction of mobile deviceLoss / Destruction of data: Sensitive business records secret access credentials
Compromise/Abuse of secret access credentialsFraudulent use of mobile deviceTrue replacement cost of mobile device, new device + : Damage assessment – exposure of business data Replacing data Securing secret access credentials
![Page 35: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/35.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 35
Wireless Data Risks and Threats
Reverse Tunneling
Utilizing a VPN tunnel or other “trusted” connection to connect back to or burrow through to the user’s enterprise network and computer resources (if you can steal the device or hijack the connection)
This is a particular Blackberry worry.
Carpal TunnelingAlso a particular Blackberry worry….
![Page 36: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/36.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 36
Pager Technologies and Security
Typically low data rate, insecure, one-way short messages. Powerful ground transmitter networks.In CT and NY individuals are actively listening on pager traffic (PIs, news organizations, etc.). Don’t use for anything private as there is no encryption.One Way POCSAG - Post Office Code Standardization Advisory Group – 1981.
512bps – 2400bps. ERMES – 1995 – International Standard FLEX (Motorola)
Two Way reFLEX (Motorola) Mobitex (2 way paging and mobile data)
![Page 37: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/37.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 37
“Zero G”
0G
PTT MTS IMTS AMTS OLT MTD Autotel/PALM ARP
![Page 38: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/38.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 38
“One G”
1G
NMTAMPS/TACS/ETACSHicapCDPDMobitexDataTac
![Page 39: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/39.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 39
Cellular Techology and Standards
1G – 1st Generation - Analog
• AMPS (US) 800Mhz (UHF) FM used
• NAMPS
• UK: TACS (1982), ETACS (1985)
• Japan: NMT (Nordic Mobile Telephone) – 1979
Data transmission is unreliable and 9.6kbps or less.
![Page 40: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/40.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 40
“Two G”
2G
GSMiDEND-AMPSIS-95/cdmaOnePDCCSD
PHSGPRSHSCSDWiDENCDMA2000 1xRTT/IS-2000EDGE (EGPRS)
![Page 41: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/41.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 41
Cellular Techology and Standards
2G - 2nd Generation – Digital
• PDC (Japan) Pacific Digital Cellular
• TDMA/FDMA
• GSM (World-wide)
• USDC (North American TDMA Cellular, aka US Digital Cellular) Dual-mode 800Mhz
• DAMPS: IS-54 (1992), IS-136 (1996)
• CDMA/FDMA
• IS-95 (CDMAone 1993) Dual-mode 800Mhz
![Page 42: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/42.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 42
Cellular Techology and Standards
2G - 2nd Generation – Digital Cellular• PCS – (Personal Communiations Services) 1.9 Ghz
PCS is a misnomer, but was supposed to be for a different type of coverage range and/or service than cellular phone service.
• TDMA/FDMA
• DCS-1900 – Upbanded GSM
• J-STD-011 – Upbanded USDC
• CDMA/FDMA
• J-STD-008 – Upbanded CDMA
Data rates from 9.6kbps to 14.4kbps. Slow.
![Page 43: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/43.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 43
Cellular Techology and Standards
2.5G - 2 1/2 Generation – Digital Cellular Enhanced
• HSCSD (High Speed Circuit-Switched Data)
• 38.4kbps
• GPRS (General Packet Radio Service)
• 144kbps
• EDGE (Enhanced Data Rates for Global Evolution)
• 384kbps
![Page 44: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/44.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 44
“Three G”
3G
W-CDMA UMTS (3GSM) FOMA
TD-CDMA/UMTS-TDD
1xEV-DO/IS-856
TD-SCDMA
GAN (UMA)HSPA
HSDPAHSUPA
HSPA+HSOPA)
![Page 45: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/45.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 45
Cellular Techology and Standards
3G - 3rd Generation – Digital Next Generation
• 3GPP – UMTS/UTRA, WCDMA, ARIB
• UMTS – Universal Mobile Telecom System• European implementation of IMT2000 standard
• WCDMA – Wide band CDMA (NTT Japan)
• CDMA
• CDMA2000 (US)
Data rates from 144kbps to 2000kbps.
![Page 46: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/46.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 46
“Four G”
4G
UMB 3GPP2 Project based on IS-95/CMDA (e.g CDMA2000)
UMTS Revision 8 (LTE) 3GPP Project based on evolved GSM (UTMS)
WiMAX
![Page 47: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/47.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 47
Cellular Techology and Standards - 4th Generation
UMB (Ultra Mobile Broadband)
• OFDMA technology
• 3GPP2 CDMA200 upgrade’s brand name
• 280 Mbits/sec downstream, 75 Mbits up
• Std in 2007, commercialization in 2009.
• IP based -- but supports voice cell calls
• Interoperable with 1x and 1XEV-DO
![Page 48: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/48.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 48
Cellular Techology and Standards - 4th Generation
UMTS Revision 8 (LTE) - 3GPP Long Term Evolution • E-UTRA OFDMA down, SC-FDMA uplink
• 3GPP GMS/UTMS upgrade’s name - AKA SC-FDMA)
• 100 Mbits/sec downstream, 50 Mbits up
• Std in 2007, commercialization in 2009.
• IP based -- voice cell to WiMAX & UMB?
• Interoperable with GMS/GPRS or W-CDMA-based UMTS - WRT mobility hand-offs
![Page 49: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/49.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 49
Cellular Techology and Standards - 4th Generation
WiMAX - Worldwide Interoperability for Microwave Access
• IEEE 802.16 standard AKA WirelessMAN100
• Theoretical 70 Mbits (distance related)
• 20 - 30 Kilometres radius• IEEE 802.16e-2005 is called “Mobile WiMax”
![Page 50: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/50.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 50
Cellular Techology Security
GSM has been criticized for cryptographic insecurity. It is a non-open, licensed system. In 1999 Adi Shamir and Alex Biryukov deciphered GSM A5/1.
• http://www.brookson.com/gsm/contents.htm• http://tito.hack3r.com/textos/telephonia/gsm-secur.html
The SDA (SmartCard Developers Assn.), Ian Goldberg and David Wagner of UC Berkeley ‘cloned’ a SIM card in 1998 (broke Comp128):
• http://www.scard.org/press/19980413-01/
Data rates from 10Mbps to 150Mbps!
![Page 51: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/51.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 51
GPRS Security
GPRS - Global General Packet Radio Service (GPRS)
2.5G Packet-switched Mobile Data Service
Built on GSM and IS-136
Uses GSM security.
Superceded oler GSM CSD (Circuit Switched Data)
Superceded by EGPRS (Edge GPRS) 200+ Kbps vs. 60 - 80 Kbps
![Page 52: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/52.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 52
1XRTT and EVDO
EV-DO - Evolution Data OptimizedBuilt on CDMA - 1x data available w/CDMA1xRTT 50 Kbps-100 Kbps - burst to 144Kbps# EVDO Rev 0 400kbps-700kbps Download, bursts up to 2.0Mbps, 50kbps-100kbps Upload Speed, bursts to 144Kbps.# EVDO Rev A 450Kbps-800Kbps Download, bursts to 3.0Mbps, 300Kbps-400Kbps Upload Speed, bursts to 1.8Mbps.Uses CDMA built-in encryption / security.
![Page 53: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/53.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 53
Cellular Techology / Mobile Data
• SMS – Short Message Service
• Similar to paging
• Small text messages
• Encryption is supported
• NTT DoCoMo iMode
![Page 54: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/54.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 54
Cellular Techology / Mobile Data
• WAP – Wireless Application Protocol
• 4 or 5 line text menus in ‘microbrowser’
• Designed for use of numeric keypad on cellphones called ‘Internet-enabled’ phones.
• Mobile Web: HTML/HDML/XML/WML files converted at WAP gateway.
• WTLS (Wireless Transport Level Security) provides single leg vs. end-to-end security using ECC (less cpu intensive), not RSA encryption.Uses X.509v3 certificates from root Trust CAs
![Page 55: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/55.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 55
Mobile Data Techology and Standards
Public Packet Data Networks (WAN Tech)
• 19.2kbps – Ardis, RAM, CDPD
• 128kbps – Metricom (circuit-switched)
Used by paging and wireless data services:
• RIM (Research in Motion) Blackberry
• AT&T Wireless
• Verizon
• Palm.net
• OmniSky
![Page 56: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/56.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 56
Mobile Data Techology
Public Packet Data Networks (WAN Tech)• Motorola DataTAC and ASTROs• EDACS (Ericsson Enhanced Digital Access
Communications System)• TETRA (Terrestrial Trunked Radio) – Europe.Used by :• Fedex• US Govt• Private companies who build their own mobile
data networks.
![Page 57: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/57.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 57
Mobile Data Device Security
Palm Security
@Stake NotSync utility demonstrated an attack on the Palm via the use of the IR port to attempt to sync with the Palm. The Sync could be hijacked and important information (e.g. password) obtained.
Any time you are beaming from a Palm you must be careful about any devices in IR range.
![Page 58: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/58.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 58
Blackberry Security
Has message level security between BB & BES(Blackberry Enterprise Server) but not on Internet.
Only allows ‘signed’ applications to run - but these could infect & compromise..Such an application could be used as a backdoor/proxy into enterprise networks.It could also read and send e-mail, SMS and Internet traffic.DISABLE the CAPABILITY TO INSTALL & RUN 3-rd Party Applications.
![Page 59: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/59.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 59
Wireless Data Tech and Standards
Wide/Metro Area PPP over Cellular Analog (AMPS) – 9.6kbps Digital (US CDMA) – 14.kbps
CDPD – 19.2kbpsMetricom Richochet modem– provides encryption!Wireless ISPs for high speed access Several hundred kbps to several megabits per second Proprietary MAN technologies Native American Reservation high speed Internet access
WiMax - 20 to 30 KM at 70 Megabits/sec.
![Page 60: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/60.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 60
PAN (Personal Area Network) Standards
PAN/piconet networks PCs, printers, peripherals, applicances in a very small (10’ – 20’) personal area network. Meant as wire/cable replacements.
Wireless LAN Technology
• Bluetooth (IEEE 802.15)
• HomeRF
Middleware:
• Jini – Sun Microsystems Java – provides authentication and security
![Page 61: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/61.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 61
1, 10 and 100 metre versions.Uses 2.4Ghz freq range.Bluetooth uses custom algorithms based on the SAFER+ block cipher for authentication and key derivation.The E22 algorithm.is used for initialization and master key generation.Encryption is via the E0 stream cipher.“PINs” have been cracked/hacked. Encryption to be upgraded.Bluetooth 3 to use UMB.
![Page 62: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/62.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 62
Bluetooth Security Threats
Bluejacking - sending messages to Bluetooth-enabled devices.Bluesnarfing - stealing info from a Bluetooth device (contacts/addressbook)Bluestumbling - discovering and cataloging Bluetooth devicesBuebugging controlling another’s deviceBluetooth “rifle” can be used up to 1 mile to receive signal..
![Page 63: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/63.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 63
ZigBee (AKA HomeRF lite)
250 Kbps at up to 30 meters.
Uses the 2.4GHz radio band - ala 802.11b/g and 868/915 MHz.
HomeRF Lite plus the 802.15.4 specification.
AKA PURLnet, RF-Lite, Firefly & HomeRF Lite.
CSMA/CA in varied topologies up to 50 metres
Low Power
![Page 64: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/64.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 64
![Page 65: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/65.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 65
Summary and Unresolved Issues
Wireless data over digitally encrypted channels (e.g. US CDMA) is better security in general than “over” analog un-encrypted.No encryption nor security mechanism is 100% secure. You need to assess risk threats and evaluate tradeoffs.For sensitive/critical data you should use end-to-end protection: either encrypted applications (e.g. SSL) or VPNs (or both) over wireless networks even those with digital encryption.
![Page 66: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/66.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 66
Questions?
![Page 67: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/67.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 67
Additional Resources
• 3G Wireless FAQhttp://www.synchrotech.com/support/faq-3g.html
•Official Bluetooth SIG Website:http://www.bluetooth.com/
• HomeRF Working Group, Inc.http://www.homerf.org/
•IEEE 802 LAN/MAN Standards Committee:http://www.ieee802.org/
•Wireless Application Protocol Forum Ltd.:http://www.wapforum.org/
![Page 68: Seminar 2A 8:30AM-Noon April 10, 2007 EDUCAUSE Security Professionals Conference H. Morrow Long, CISSP, CISM, CEH Director - Information Security Yale](https://reader035.vdocuments.mx/reader035/viewer/2022070306/5518bfc055034638098b48aa/html5/thumbnails/68.jpg)
2007/04/10 EDUCAUSE 2007 Security Professionals Conference Sem 2A Wireless Security for Mobile Devices 68
Questions