56

Wireless SecurityAll vulnerabilities that exist in conventional wired networks apply and likely easierTheft, tampering of devices

PortabilityTamper-proof devices?

Intrusion and interception of poorly encrypted communicationWireless medium is “open”, unauthorized users can get around firewallsRogue APs

Denial of serviceEx: Jamming channel

57

Problems with WEP RevisitedIVs are short

24-bit IVs cause the generated key stream to repeatRepetition allows easy decryption of data for a moderately sophisticated adversary

Cryptographic keys are sharedAs the number of people sharing the key grows, the security risks also grow

RC4 has a weak key schedule and is inappropriately used in WEPWeakness in the first few bits in RC4 scheduleRC4 schedule is restarted for every packet

Packet integrity is lowCRC and other linear block codes are inadequate for providing cryptographic integrity

No user authenticationClient does not authenticate AP

Anyone can pretend to be an APDevice authentication is simple shared-key challenge-response

Shared-key challenge response is subject to man-in-the-middle attack

58

An Illustration of Man-in-the-middle attack

Authorization Request

Challenge

Response

Confirm Success

Encrypt Challenge using RC4 algo

Generate a random #

Decrypt response and verify

59

An Illustration of Man-in-the-middle attack

Authorization Request 2

Challenge 2

Response

Generate a random #

Authorization Request 1

Challenge 1

Response

Confirm Success

Authorization Request 2

Challenge 1

60

Counter-measurements in WLANMAC Access Control (ACL)

Grant or deny a list of NIC addressesHowever, MAC addresses are transmitted clear-text and can be spoofedSet up ACL can be cumbersome for medium to large networks

Wireless Protected Access (WPA)IEEE 802.1X port access control

Stop intruders from sending traffic through the access point into adjacent networksUse Extensible Authentication Protocol (EAP)

TKIP (temporal key integrity protocol)Add a per-packet key mixing function to de-correlate the public initialization vectors (IVs) from weak keysRe-keying with fresh encryption and integrity keys every 1000 packetsTKIP utilizes RC4 with 128-bit keys for encryption and 64-bit keys for authentication. Now replaced by RSN (Robust Security Network) which use AES block cipher

61

AP acts as a middle manRADIUS: authorization serverEAPOW 4-way hanshake can be used to exchange shared-key (for session)

62

Counter-measurements (cont’d)Personal firewallVirtual private network (VPN)

Corporate intranet, e.g., access UH resource using VPN

63

VPN (cont’d)

“Secured tunnel” built on IPsec (layer 3)Access control:

Wireless networks on campus

Enterprise Network

Enterprise Network

RADIUS Server

Firewall

64

An Example – Home Wireless Network

Enable WEPMAC ACLFirewall

DSL Modem Wireless Router

00:1C:58:23:BD:9A

66

67

68

69

A Real Life ExampleScreen shot from Radisson Bahia Mar (Fort Lauderdale)

70

Security Issues in MANETMANETs inherently assume “cooperation” and thus are subject to security attack by design

Ex: DSR routing uses cached routesSecurity problems

AvailabilityRF jamming“sleep deprivation torture”Inject false routing information or simply drop packets

IntegrityData integrityDevice integrity: how do you know your thermometer is telling the truth?

AuthenticityAbsence of online serverSecure transient association

ConfidentialityThese problems are aggravated by the fact that many devices, e.g., a thermometer is incapable of performing cryptographic operations by itself

71

An Example Attack in DSRBackhole:

A wants to communicate with D.

Node A will broadcast a message asking the better path to reach the node D.The best path is chosen depending on the metric of the different routesIf an intruder replies with the shortest path, it inserts itself in the networkNode can drop any packet forwarded to him

Node A Node B

Node DNode C

Intruder

72

Counter-attack to blackholePassively acknowledge

Node A Node B

Node DNode C

Intruder

Data 1Data 1

73

A “Secured” MANET Routing ProtocolNodes need to be authenticated

Source, destination, relay nodesHow? Shared-key or public keyBut how to establish keys? – key management is a hard problem

Route message content needs to be protectedSome are dynamically updated each hopSome are static

Integrity of data messages

Example: hash chain for AODV to ensure hop count fieldSource RREP (seed, HTTL(seed), H)Intermediate node, kth hop, (Hk, HTTL(seed), H)

74

Further Readinghttp://csrc.nist.gov/publications/nistpubs/800-

48/NIST_SP_800-48.pdf