wireless security cs 551: information systems security presented by the dining philosophers november...
TRANSCRIPT
Wireless SecurityWireless Security
CS 551: Information Systems Security
presented by
The Dining Philosophers
November 25, 2002
The Dining PhilosophersThe Dining Philosophers
Eugene LebanidzeHao LiangImran ShahAdrian Kao
Thanks to Steve Tropello
AgendaAgenda
IntroductionOverview of wireless technology
– Cellular phones– WLANs– Bluetooth
Security issuesSolutionsConclusions
Wireless DevicesWireless Devices
Mobile/Cell phones Pagers WLAN (Wireless Local Area Network) Bluetooth Radio stations Cordless phones Garage door openers Handheld devices (infrared)
Electromagnetic SpectrumElectromagnetic Spectrum
ModulationModulation
Encoding information so it’s suitable for transmission
Analog Modulation– Traditional AM & FM (Radio stations)
Digital Modulation– More cost effective than analog– Greater noise immunity– More robust to channel impairment– Error control– Security (i.e. encryption)
Digital Modulation MethodsDigital Modulation Methods
Amplitude Shift Keying (ASK)– On-off keying– “On” means 1, “off”
means 0.
Frequency Shift Keying (FSK)– f1 means 1, f2 means 0
– Less efficient
Phase Shift Keying– Binary (BPSK)– Differential (DPSK)– Quadrature (QPSK)– Offset QPSK– /4 QPSK– and many more
ASKASK
FSKFSK
BPSKBPSK
Issues in WirelessIssues in Wireless
Modulation techniques Handoff / Tracking ISI (Intersymbol Interference) Fading “Line of Sight”
– Reflections– Obstacles
Noise Efficiency, capacity
Cell Phones: HandoffCell Phones: Handoff
Base Station
Device IssuesDevice Issues Mobility: size and weight
– Enough storage?– Enough processing power?– Practical?
Power consumption– More computation requires more power– More circuitry requires more power
Price– Memory, processor, and battery costs
Technology– Does it do what we want? Does it do it right?
Security IssuesSecurity Issues
Information is open and in the air Signals can be affected by noise or EM radiation Mobile devices are small (small storage, slow, low
power consumption) Many, many devices
– Key distribution (pseudo random)– Interference
Networks– Centralized/distributed systems and ad-hoc networks
SolutionsSolutionsEncrypt data
– Don’t have to worry about eavesdropping– But still have to worry about noise and ISI
Directional antennas– SDMA– Doesn’t work very well, not as efficient
Power/distance control– Hard to do, requires lots of computing power,
not practical for mobile devices
Cell PhonesCell Phones
Scrambler
More privacy then securityCan we implement better security?
Speech Encoder +
Pseudo Random
Modulator
WAPWAP Wireless Application Protocol Standard created by a forum to provide more
optimized content for mobile wireless devices
Security flaws in transport layer
WTLSWTLS Wireless Transport Layer Security Similar to TLS or SSL in conventional networks WAP gateway must first decrypt and then encrypt with less
secure scheme– Optimized for wireless, hence less secure– Not compatible with TSL
WLANWLAN
Wireless Local Area NetworkMost common standard: IEEE 802.11In addition to worrying about issues in
networks, must also worry about issues in wireless
Does not focus on security, just the physical standard
Security is focused in other standards
802.1x802.1x
Port based network access controlNew Wi-Fi security protocol wireless
standards, but has already been cracked.– “Session hijacking”– “Man-in-the-middle”
Can add WEP on top to provide more security
Cracking 802.1xCracking 802.1x Session hijacking
– Occurs because of race conditions in 802.1x and 802.11 state machines
– Hacker waits for successful authentication– Break user connection and impersonate user– Can exploit user’s session until timeout (~1 hr)
Man-in-the-Middle– Works since 802.1x uses only one-way authentication– Hacker acts as Access Point to user and user to AP– APs are trusted entities bad design
WEPWEP Wireless Equivalent Privacy IEEE 802.11b Uses RC4 stream cipher developed by RSA
– Known to be weak and can be easily cracked– Developed in 1987– 40-bit secret key
Design Criteria– Reasonably Strong – Computationally Efficient – Self-synchronizing – Exportable– Optional
WEP Encryption ArchitectureWEP Encryption Architecture
How WEP worksHow WEP works Secret key to maintain privacy (RC4)
– 24-bit IV (Initialization Vector)– 40-bit secret key– Concatenated and 64-bit value used as seed for PRNG
32-bit ICV (Integrity Check Value) to ensure no manipulated data transmitted (CRC-32)– Based on plaintext from Integrity Algorithm– Concatenated with original plaintext
XOR key with plaintext– IV concatenated in front of ciphertext and final message is
sent
Cracking WEPCracking WEP
You don’t need toOpen-source software available to take
advantage of RC4 weaknesses– Airsnort
Hours to days, depending on traffic
– WEPCrack Several Perl programs
– Search on Google yields numerous programs
Solutions for WLANsSolutions for WLANs
802.1x with WEP is not enoughPut lots of things together for securityNeed another encryption protocol on top to
provide securityProblems
– Need hardware acceleration– Optimize for speed and efficiency– Tradeoff in security scheme
BluetoothBluetooth Ad hoc, personal networks (piconets)
– PDA or laptop to cell phone Short range, low power consumption, and cheap!
– 1mW ~ 100mW– 0.1m ~ 100m– $5 ~ $25
Frequency hopping– Involves periodic change of transmission frequency
Sequence of data bursts Time-varying, pseudorandom carrier frequencies
– Not so much security as interference avoidance scheme
Bluetooth SecurityBluetooth Security Issues in dist’d systems, ad hoc networks
– Availability– Authorization and key management– Confidentiality and Integrity
Security modes– Mode 2: service level enforced security– Mode 3: link level enforced security
Device initiates sec. procedure before channel is established
Device security levels– Trusted device – Untrusted device
Service security levels– Authentication only – Open to all– Authorization and Authentication
Bluetooth Link Level SecurityBluetooth Link Level Security Link Keys (no encryption key)
– Combination key Derived from information from two devices, new for each pair
– Unit key Generated in single device when it is installed
– Master key Temp key replaces current key, used by Master to broadcast to many
– Initialization key Before there are any combination or unit keys, used only for install
48-bit unique Bluetooth Device Address defined by IEEE 128-bit random Private Authentication Key 8 ~ 128-bit Private Encryption Key 128-bit (pseudo-)random number generated by device
Bluetooth Security ProblemsBluetooth Security Problems 128-bit key stream cipher can be broken in O(264), but
so short it can’t happen (FH) Usability: need to input PIN twice, very annoying Initialization key is not trustworthy
– Based on PIN only, and if 4-bits, then only 10,000 possibilities
– 50% of PINs are “0000” Unit key assumed to be shared secret, but can be
obtained and identity can be forged Device Address can be used to track and monitor Battery draining denial of service attack
Solutions for BluetoothSolutions for Bluetooth
Application level key agreement in software Problems with implementing better security
– More hardware, more storage, more power, more $$– Defeats the whole purpose of Bluetooth
Or, forget about security altogether (not likely)– Let Bluetooth be only physical and technical standard– Security left to users who can use software (not smart)
Spread SpectrumSpread Spectrum Other modulation techniques strive for greater power
and/or bandwidth efficiency SS modulation has transmission bandwidth orders of
magnitude greater than message bandwidth Multiple users without interfering CDMA (Code Division Multiple Access)
– 3G cell phones– Military communications
“Spread” message across entire bandwidth, below noise level
Controlled by pseudo-noise (PN) code
Concluding RemarksConcluding Remarks
Wireless security is hard– Power and size compromise– Must optimize for wireless devices
Each situation is different, so no one method will work
State of the art: cause for concern– Absolutely no encryption for most mobile
devicesPerhaps ECC (Elliptic Curve Cryptograph)?
Questions?