Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Securing Future Wireless Networks: Challenges and Strategies

advertisement 
Securing Future Wireless Networks:
Challenges and Strategies
Pandurang Kamat
Wade Trappe
Talk Overview

Security has been one of the great detractors for wireless
technologies (and the Internet, too!)

We have a chance to consider security as we redesign the
network

Think about the questions:
– Should security be considered separately from the network?
– What benefits are there if we integrate security into the network?
– Should we reevaluate the definition of security?
– How private do we really want our lives?

This talk will not focus on classical “Internet Security” but on
“Wireless Security”
Through the Looking Glass, the Wireless World

Key properties and differentiators
that make wireless desirable
– Ubiquity
– Mobility
– Resource adaptability
– Portability
– Affordability
– Platform heterogeneity
Megarray XC2V6000
ConnectorFPGA
244 Configurable
I/O pins
TMS320C6701
100BaseT Ethernet
MPC8260
Reevaluating the Security Paradigm
System (CIA) Paradigm
Algorithmic Paradigm
Data Confidentiality
These paradigms have been the traditional
Confidentiality
frameworks for security on conventional
Data Integrity
networks, but what can we do
Authentication
differently for wireless systems?
Integrity
Availability
Non-repudiation
Reevaluating the Security Paradigm, pg. 2
Confidentiality
Availability
Non
Repudiation
Integrity
Wireless is easy to sniff.
RF
energy
radiates,
and
wireless
The value of
Wireless
a wireless
hardware/equipment
network
its encryption
need
We stillisneed
services
entities
within
the
radio
coverage
promise of ubiquitous
to be safe availability.
from modification.
and key management.
pattern may serve as witnesses for the
freshness
Data/control
infoKey
should
not beis an issue.
Weactions
still need
traditional
security
methods.
of
the
transmitter.
Wireless networks
arebefore
easy to
modified
orbreak!
during transit.
Privacy
But
the
wireless
has
additional
problems
The
Location
pervasiveness
is world
aPerpetual
new
of the
form
wireless
connectivity
of information
can mean
andshould
newby
modalities
for
networks
provided
not
wireless
mean
constant
systems
thatsolutions!
surveillance!
justthat will
anyone
facilitate
canWith
new
participate!
services.
snoopingLocation
one can monitor
Example:
information
Rogue
mobility
needs
APs
and
to behandoffs
trusted. resources
between (e.g. power and
Wireless
networks.
spectrum) must be managed.
Intrusion
Detection
Greedy Location
user behavior will cause
resource management
Services to malfunction.
Resource
Management
Drill Down:
Specific Challenges and Some
Strategies
Availability Attack: Radio Interference


@#$%%$#@&
…
Hi
Hello …
Alice and Bob are attacked by malicious Mr. X.
A story for the problem of wireless denial of service
attack we focus on.
– Alice and Bob  two communicating nodes, A and
B.
– Mr. X  an adversarial interferer X.
– Mr. X’s insane behavior  the jamming style DoS.
– People and nodes in wireless network both
communicate via shared medium.
…
Bob
Alice
Mr. X
AP1
D
X1
A
B

AP0
Jamming style DoS Attack:
– Behavior that prevents other nodes from using the
channel to communicate by occupying the channel
that they are communicating on
X0
C
A
B
C
AP2
D
E
H
X
F
I
K
G
J
L
Availability: Jamming Detection/Defense

Detection:
– Challenge is to discriminate
between legitimate causes of poor
connectivity and jamming
Motivation from “The Art of
War” by Sun Tze:
PDR VS. SS
Jammed Region
SS(dBm)

– “He who cannot defeat his enemy
should retreat.”


Defense Strategies:
– Spectral Evasion (Channel
Surfing)
– Spatial Evasion
Latency and synchronicity is an issue
as you move to many node
networks!
SDRs will allow more advanced
forms of spectral evasion.
PDR %
1.5
Packet Delivery Rate

Channel Surfing Experiment
1
0.5
Jammer
turned
on
Change
channel
0
Trial Number (Time)
Intrusion Detection: Wireless Spoofing


Many wireless security threats are
possible because it is easy to spoof
legitimate devices (ioctl/ipconfig)
Example
– Attacker armed with a laptop having 2
wireless cards.
– One card monitors all TCP traffic on the
AP channel
– Second card sends back TCP replies to
select TCP requests (e.g. all requests for a
particular web page). These are sent as if
appearing from the server the user was
connecting to.
– At the MAC layer the attacker spoofs AP
by injecting custom 802.11x frames with
AP’s source MAC address.

Results:
– The user session is hijacked.
– Requested service is DoSed.
– Easy to launch flooding DoS attacks at
higher-layer buffers
Internet
MAC: x.y.z.w
Late!
MAC: x.y.z.w
Intrusion Detection : Spoofing Defense

Spoofing can be addressed through
authentication services
– Traditional authentication services employ
cryptographic solutions (e.g. MACs,
signatures)
– Light-weight alternatives can reduce the load
on buffers into cryptographic functions

A lesson learned from 802.11:
– 802.11 has several fields controlled by
firmware, which are hard for an attacker to
bypass
– The 12bit sequence # field is increased
monotonically by 1 for each packet
– Monotonicity provides a rule whose violation
is easy to detect


The sequence number was not intended to be
a security field, but it can be!
We may introduce filters that check
monotonic conditions (or more generic rules)
Wireless Localization Security

Location information will facilitate new computing services
– Location-based file access control

Problem: Localization methods are not secure!

Traditional cryptography and network security can address
cryptographic attacks (Is this beacon really from the AP?)
Is cryptography alone enough?
No!
Localization algorithms depend on
measurements that are susceptible to attack!!

Distance is measured using the
relationship between received
signal strength and distance

Adversary may affect the receive
signal power by:
– Alter transmit power of
nodes
– Remove direct path by
introducing obstacles
– Introduce absorbing or
attenuating material
– Introduce ambient channel
noise
Power Received
Attacks on Signal Strength
r
1
r
2
d1
Absorbing Material
d2
Distance
Defenses for Wireless Localization
• Don’t rely entirely on traditional security!
• Two-tier approach to defending wireless localization…
Add Security and Robustness!
Attacks
S
E
C
U
R
I
T
Y
R
A
O
L
B
G
U
O
S
R
T
I
T
A
H
L
M
G
Add Authentication,
Entity Verification,
Etc…
Questions ?
Related documents
Presentation 6: Mr. José Luiz Navarro Frauendorf, NEOTEC.
Presentation 6: Mr. José Luiz Navarro Frauendorf, NEOTEC.
ABSTRACT: Nowadays, the good access of Intranet and Internet are mostly...
ABSTRACT: Nowadays, the good access of Intranet and Internet are mostly...
Download
advertisement