FELK 19: Security of Wireless Networks
Mario Čagalj
University of Split
2013/2014.
Administrativne informacije
 O predavaču
 Dr. sc. Mario Čagalj, izv. prof.
 http://www.fesb.hr/~mcagalj
 Assistent
 Dr. sc. Toni Perković
 Web stranica predmeta
 http://www.fesb.hr/~mcagalj/WiSec
 Prezentacije s predavanja
 Razna literatura i reference
 Obavijesti (+ eLearning)
 Konzultacije
 Email: {mario.cagalj, toperkov}@fesb.hr
2
Način provjere znanja
 Dva kolokvija
 Nakon 7. odnosno 13. tjedna nastave
 Laboratorijske vježbe
 Predana izvješća preduvjet za upis ocjene
 Ocjenjivanje
A - Prisustvo (predavanja i lab)
B - Izvješća s laboratorijskih vježbi
C - 1. kolokvij
D - 2. kolokvij (cijelo gradivo)
Ocjena = Zaokruži (0.05*A + 0.2*B + 0.30*C + 0.45*D)
3
Literatura
 Prezentacije s predavanja
 Dio tema pokrivaju sljedeće knjige
 Buttyan L. and Hubaux J.-P., “Security and Cooperation in Wireless
Networks”, Cambridge University Press, 2008.
(dostupna online http://secowinet.epfl.ch)
 Menezes J., van Oorschot P. C. and Vanstone S. A., “Handbook of
Applied Cryptography”, CRC Press, 1996.
(dostupna online http://www.cacr.math.uwaterloo.ca/hac)
 Adamy D., “A First Course on Electronic Warfare”, Artech House, 2001.
 Dio tema baziran je na znanstvenim člancima (vidi web)
4
Tentativni pregled nastavnih jedinica
 Uvod
 Radio komunikacijski kanal
 Napadi ometanjem signala (radio jamming)
 Prisluškivanje i napadi prijenosom komunikacije (relay attacks)
 Zaštita od ometanja signala: tehnike raspršenog spektra (FHSS i DSSS)
 Pregled osnovnih kriptografskih primitiva
 Sigurnost WiFi mreža (IEEE 802.11 arhitekture, WEP, WPA, WPA2, 802.11i, anomalije)
 1. kolokvij
 Sigurnost cellularnih mreža (GSM, UMTS, man-in-the-middle)
 Ranjivost bežičnih navigacijskih sustava (GPS, Gallileo)
 Sigurnost bežičnih senzorskih mreža (inicijalizacija, uspostava enkripcijskih ključeva)
 User-friendly autentifikacija poruka preko radio kanala (I-codes, uparivanje uređaja)
 Lokacijska privatnost u bežičnim mrežama
 2. kolokvij
5
Laboratorijske vježbe (hands-on/demo)
 Ranjivost radio kanala
 Denial-of-service ometanjem signala, MitM putem ARP spoofing napada,
prisluškivanje i analiza podataka
 Osnovni kriptografski primitivi (Cryptool2)
 Sigurnost WiFi mreža
 Probijanje WEP i WPA/WPA2, lažne pristupne točke
 SSL stripping napad, propusti u konfiguraciji EAP-TTLS metode (FESB)
 Konfiguracija naprednih autentifikacijskim metoda: WinSrv 2008 i kontroler
pristupnih točaka
 Anomalija u performansama IEEE 802.11 standarda
 Reduction/denial-of-service napadi
 Sigurnost u celularnim 2G/3G mrežama
 MitM i DoS napadi
 Softverski radio
6
Moto ovog kolegija
 Think outside the box
http://www.rojish.com/how-to-think-out-of-the-box-to-succeed-with-blogging/
7
Introduction: Wireless Networks
Age of wireless networking
•
•
•
•
•
•
•
•
•
•
Mesh Networks
Vehicular Networks
Sensor/Actuator Networks
Networks of Robots
Underwater Networks
Personal Area (body) Networks
Satellite Networks (NASA 2007)
Cellular, WiFi, ..
Digitalization of the physical world: every physical
object will have a digital representation
Internet of things - communication with every
object/device (6lowpan)
Mica sensor
Telos sensors
RFID
IRIDIUM satellite network
© http://www.kddi.com
http://www.thebookmyproject.com
© Computer Networks
9
Age of wireless networking
 Mobile phone penetration rate (©http://www.parseco.com)
 Mobiles support different wireless technologies
 Bluetooth, WiFi, UWB, infrared, ultrasound
10
Vehicle-to-vehicle communication
 Standardized
 Dedicated Short Range
Communications (DSRC) devices
 DSRC works in 5.9 GHz, range of 1000m
http://www.motorauthority.com/
11
Wireless/mobile healthcare
 Wireless pacemakers
 Daily monitoring and alerting
 No wires, less intrusive and less infections
 Wireless brain sensors/implants
 Developed at Brown University
 Wireless bionic eye
 A camera, attached to a pair of glasses,
transmits high-frequency radio signals to
a microchip implanted in the retina or
directly into the brain
12
Disaster recovery/military
 Wireless ad-hoc and sensor networks (earthquake, tsunami,
storms, fires, military conflicts...)
 Can make a difference between life and death!
Wireless Sensing for Urban Search & Rescue,@Civionics
13
Machine-2-machine (m2m) systems
 Telemetry systems
 Enable remote communication between machines and other
machines and people
 Smart meetering, smart grid, smart parking, smart home
http://www.libelium.com
14
Radio spectrum
 Which part of the electromagnetic spectrum is used for communication
 Not all frequencies are equally suitable for all tasks – e.g., wall penetration, different
atmospheric attenuation
twisted
pair
coax cable
1 Mm
300 Hz
10 km
30 kHz
VLF
LF
optical transmission
100 m
3 MHz
MF
HF
1m
300 MHz
VHF
UHF
10 mm
30 GHz
SHF
EHF
100 m
3 THz
infrared
VLF = Very Low Frequency
UHF = Ultra High Frequency
LF = Low Frequency
SHF = Super High Frequency
MF = Medium Frequency
EHF = Extra High Frequency
HF = High Frequency
UV = Ultraviolet Light
VHF = Very High Frequency
1 m
300 THz
visible light UV
15
Frequency allocation
• Some frequencies are allocated
to specific uses
•
Cellular phones, analog
television/radio broadcasting,
DVB-T, radar, emergency services,
radio astronomy, …
• Particularly interesting: ISM
(Industrial, Scientific, Medical)
frequency bands
•
•
License-free operation
Overcrowding leads to cognitive
radio systems
Some typical ISM bands
Frequency
Comment
13,553-13,567 MHz
RFID smart
cards
26,957 – 27,283 MHz
40,66 – 40,70 MHz
433,05 – 434,79 MHz
Europe
902 – 928 MHz
Americas
2,4 – 2,5 GHz
WLAN/WPAN
microwave owen
5,725 – 5,875 GHz
24 – 24,25 GHz
WLAN
16
Frequency allocation
•
•
GSM/UMTS (800, 1900MHz, ...)
802.11 (WiFi) (LAN) Wireless Fidelity
•
•
•
•
•
2.4 GHz, 54Mbps, 100mW-1W, 30m range
802.16 (WiMAX)
•
10-66 GHz, < 10km coverage
•
2-11GHz, < 20km coverage
•
75Mbps (theoretical), 20km, 5Mbps (typically, 5km)
UWB
•
3.1 - 10.6 GHz, short-range Gbps communication
•
lower speed, longer range, localization (<2km outdoor)
802.15.4 (Zigbee) (WPAN) (Sensor networks)
•
868 MHz in Europe, 915 MHz in the USA and 2.4 GHz
•
250kbps, 1mW, ~100m range
•
4 MHz 8-bit processors
RFIDs
•
Short range identification tags 1-12 m (UHF 865-868 EU, 902-928 MHz)
17
Applications of wireless networks
• Infrastructure-based
• Cellular – any data
• WiFi access – any data
• GPS – location, time
• Local Area (Indoor) Navigation – location, time
• Infrastructure-less (multi-hop)
• Sensor networks – environmental (sensed) values
• Ad hoc (e.g. vehicular network) – any data
• Mesh networks (e.g., home networks) – any data
• RFID (Radio Frequency Identification) tags – identity
18
Application-specific constraints and
security goals
Goal: to communicate privately
Confidentiality is the prime security goal!
Cellular networks
- infrastructure based
- single-hop (to the BS)
Sensor Networks
- infrastructureless
- multihop
- node compromise
- node sabotage
- displacement
- other security issues
Goal: to accurately measure and deliver sensed data
Confidentiality not an issue – data authentication is important!
19
This lecture
• Wireless/radio communication
• Message relay attacks
• Eavesdropping
• Message insertion
• Relay attacks in practice
20
Wireless Communication
Transmiting data using radio waves
• Produced by a resonating circuit (e.g., LC)
• Transmitted through an antenna
• Basics: transmitter can send a radio wave, receiver can detect whether
such a wave is present and also its parameters
• Parameters of a wave (e.g, a sine function)
s(t)  A(t) c os(2f(t)t  (t))
•
Parameters: amplitude A(t), frequency f(t), phase (t)
• Manipulating these three parameters allows the sender to express
data; receiver reconstructs data from the received signal
22
Signal representation – Fourier series
•
Any periodic function/signal s(t) (with period T, i.e. fundamental frequency
f0=1/T) can be viewed as a linear composition of sine waves
2kt
2kt 
 

s(t)  k0  a k c os
 b k sin
  k0 a k c os(2kf0 t)  b k sin(2kf0 t)
T
T 

where ak and bk are Fourier coefficients for kth harmonic given by
T
2
a k   s(t) cos(2kf0 t)dt
T0
and
T
2
bk   s(t) sin(2kf0 t)dt
T0
•
Fourier coefficients are referred to as the frequency-domain representation
•
In general, we use Fourier transform for both periodic and non-periodic signals
23
Signal representation – example
•
Approximating an odd square wave
with A=1 and T=1
•
The Fourier coefficients are
T
2
a k   s(t) cos(2kf0 t)dt  0
T0
 4A , for k  1,3,5,...

2
2A
1  c o s(k)   k
b k   s( t) sin(2kf0 t)dt 
T0
k
 0, for k  0,2,4,...

T
•
Leading to the following Fourier series representation of the square wave
s(t) 
4A  sin(2f0t) sin(3  2f0t) sin(5  2f0t)



 ...
 
1
3
5

24
Signal representation – example
s(t) 
k  3 harmonics
4  sin(2t) sin(3  2t) sin(5  2t) 




 
1
3
5
k  5 harmonics
25
Signal spectrum
• Signal spectrum refers to the plot of the magnitudes and phases of
different frequency components of a given signal
•
Example, amplitude spectrum (one-sided) of our square wave
•
Observe, the spectrum is discrete (periodic signal)
The spectrum is very wide, actually infinite (transitions in zero time)
The strongest component (first harmonic) accounts for ~81% of the signal power
•
•
26
Signal spectrum
• Power spectrum
• This plot tells us how the power is divided up between different frequencies
• Can be calculated using the Fourier coefficients ak and bk (Parseval theorem)
1 2
a02 1  2
P   s (t)dt    ak  b2k 
T0
4 2 k1
T
•
E.g., square wave (power of each harmonic normalized to the strongest harmonic)
27
Signal spectrum
• Power spectrum
• This plot tells us how the power is divided up between different frequencies
• Can be calculated using the Fourier coefficients ak and bk (Parseval theorem)
1 2
a02 1  2
P   s (t)dt    ak  b2k 
T0
4 2 k1
T
•
E.g., square wave (power of each harmonic normalized to the strongest harmonic)
28
Baseband bandwidth
• Baseband bandwidth (B) is equal to the highest frequency of a signal or
system, or an upper bound on such frequencies (due to a filter)
•
•
For example, our square wave has infinite bandwidth
In practice however, the signals are bandlimited to a finite bandwidth
Low-pass filter
B
29
Digital Phase Modulation: A Review of Basic Concepts
by James E. Gilley, 2003
Passband bandwidth
• Passband bandwidth is the difference between the upper and lower
cutoff frequencies of a communication channel, or a signal spectrum
•
Example, a filtered baseband signal (rectangular pulses with f0=600Hz) multiplied by
the sine carrier with frequency fc=1500Hz
Channel bandwidth due to
regulation restrictions
null-to-null
bandwidth
• Data rate (bit/s) supported by a channel is directly proportional to its
bandwidth (Shannon–Hartley theorem: C  B  log2 1  S / N )
30
Signal modulation
• How to manipulate a given signal parameter?
 Set the parameter to an arbitrary value: analog modulation
 Choose parameter values from a finite set of legal values: digital keying
• Modulation?
 Data to be transmitted is used to select transmission parameters as a
function of time
 These parameters modify a basic sine wave, which serves as a starting
point for modulating the signal onto it
 This basic sine wave has a center frequency fc
 The resulting signal requires a certain bandwidth to be transmitted
(centered around the center frequency)
31
Digital modulation
• Use data to modify the amplitude of a
carrier - Amplitude Shift Keying (ASK)
• Use data to modify the frequency of a
carrier - Frequency Shift Keying (FSK)
• Use data to modify the phase of a
carrier - Phase Shift Keying (PSK)
© Tanenbaum, Computer Networks
32
Digital modulation - example
• Binary PSK (BPSK): 1 bit per symbol
•
•
•
binary “0” represented by s0(t) 
2Eb
2Eb
cos(2πf ct  π)  
cos(2πf ct)
Tb
Tb
binary “1” represented by s1(t) 
2Eb
c os(2πfct)
Tb
symbol amplitude
Tb bit duration, fc carrier frequency (fc >> 1/ Tb)
T
T
Eb transmitted signal energy per bit (i.e., 0 s02(t)dt 0 s12(t)dt Eb )
Signal space representation
b
b
Q (quadrature)
 Eb
bit 0
•
Eb
bit 1
I (in-phase)
This implies that the in-phase component is given as I(t)  2 / Tb cos(2πfct)
and therefore s0 (t)   Eb I(t) and s1(t)  Eb I(t)
33
Digital Phase Modulation: A Review of Basic Concepts
by James E. Gilley, 2003
Digital modulation - example
• Binary PSK (BPSK)
•
Esentially an amplitude modulation with a square wave
1
0
1
1
0
1
0
0
34
Digital Phase Modulation: A Review of Basic Concepts
by James E. Gilley, 2003
Digital modulation - example
• Binary PSK (BPSK) spectrum and pulse shaping
35
http://www.gaussianwaves.com
Demodulation of BPSK signal
• Let r(t) be the received signal in a noise-free scenario
• The demodulation process
Tb
2 Eb
rˆ   r(t)  I (t)dt  
Tb
0
Tb
2
c
os
 (2πfct)dt   Eb
0
• Guess signal s1(t) (or binary 1) was transmitted if rˆ  0
• Guess signal s0(t) (or binary 0) was transmitted if rˆ  0
36
Transmission corrupted by noise
 The simplest channel model - Additive White Gaussian Noise (AWGN)
channel
data
p( n) 
detector
digital
modulator
baseband
1
22
e
n2
22
digital
demodulator
, 2 
N0
2
Noise
bandpass
filter
si
passband
channel
ri  s i  n
37
http://www.gaussianwaves.com
Demodulation of BPSK signal in AWGN
• Let r(t) be the received signal in a AWGN scenario
•
The signal si(t) is corrupted by zero-mean Gaussian noise n(t) with variance
N0/2 (the noise spectral power density), i.e., r(t) = si(t) + n(t)
• The output of the correlation receiver
Tb
Tb
0
0
rˆ   r(t)  I (t)dt   E b   n(t)  I (t)dt   E b  n I
•
Here nI is a projection of n(t) onto the in-phase axis (also Gaussian and zero
mean with with variance N0/2)
38
http://www.gaussianwaves.com
Demodulation of BPSK signal in AWGN
• We assume that bits 0 and 1 are equally likely
Eb
Pr(error)  Pr(s1 |s0 ) Pr(s0 )  Pr(s0 |s1 ) Pr(s1 )
Pr(error) 
1
Pr(rˆ  0|s0 )  Pr(rˆ  0|s1 )
2
39
http://www.gaussianwaves.com
Demodulation of BPSK signal in AWGN
• We assume that bits 0 and 1 are equally likely
Eb
Eb
1
Pr(error)  Pr(rˆ  0| s 0 )  Pr(rˆ  0| s1 )
2
• Finally, the BPSK bit error rate (BER) is given by
1   2E b
Pr(erro r)  Q
2   N0

 2E b
  Q

 N
0



 2E b
   Q

 N
0







40
Bit error rate (BER)
1
Coherently Detected BPSK
Coherently Detected BFSK
0.1
0.01
BER
(bit-error rate)
0.001
0.0001
1e-05
1e-06
1e-07
-10
-5
0
5
10
Eb/N0 [dB]
bit energy to
noise density ratio
41
[SNR/bit]
15
Digital multi-level modulation - example
• Quadrature PSK (QPSK): 2 bits per symbol
binary “00” represented by s00(t) 
2Es
3π
cos 2πfct  
Tb
4 

binary “01” represented by s01(t) 
2Es
3π
cos 2πfct  
Tb
4 

binary “10” represented by s10(t) 
2Es
π
c os 2πfct  
Tb
4

binary “11” represented by s11(t) 
2Es
π
c os 2πfct  
Tb
4

42
Digital multi-level modulation - example
• Quadrature PSK (QPSK): 2 bits per symbol
• Using the identity cos(a+b)=cos(a)cos(b)-sin(a)sin(b), we can rewrite the QPSK symbols
as follows
s00(t)  
Es
Es
I (t) 
Q (t)
2
2
E
Es
s01(t)   s I (t) 
Q (t)
2
2
s10(t) 

Es Es  01
 

,
2
2


Es
Es
I (t) 
Q (t)
2
2
Es
Es
s11(t) 
I (t) 
Q (t)
2
2
•
Q (quadrature)
00

Es
E 
 
, s 
2
2 

Es
 E
E 
11  s , s 
2 
 2
10
I (in-phase)
 Es
E 

, s 
2 
 2
where I(t)  2 / Ts c os(2πf c t)
Q(t)  2 / Ts sin (2πfct)
43
Q (quadrature)

Es Es 
 
 01
,
2
2


QPSK
• The same bit error rate as BPSK
1
In-phase
0
Quadrature
1
0 1
0
1 0
1
0
1 0
0
10
 Es
E 

, s 
2 
 2

Es
E 
 
, s 
2
2 

1
Es
I (in-phase)
00
• But more bits per symbol
0
 E s Es 

,
2
2


11 
1
0 1
44
Digital multi-level modulations
• Quadrature Amplitude and Phase Modulation (QAM)
QAM-4, QAM-16, QAM-64, QAM-256
•
•
On one hand, we increase the the data rate
On the other hand, denser constellations imply higher bit error rates
Q
0
Q
Q
01
11
00
10
1
I
BPSK
QAM-4 (QPSK)
I
I
QAM-16
45
Bit rate vs. baud rate
• Bit rate = bits/second
• Baud (symbol) rate = symbols/second
•
BPSK, 1 symbol encodes 1 bit
• QPSK (QAM-4), 1 symbol encodes 2 bits
• QAM-16, 1 symbol encodes 4 bits
Q
0
Q
Q
01
11
00
10
1
I
BPSK
QAM-4 (QPSK)
I
I
QAM-16
46
Antenna
• A resonating circuit (e.g., LC) connected to an antenna causes an
antenna to emit EM waves (modulated signals)
• A receiving antenna converts the EM waves into electrical current
• Many types of antennas with different gains (G)
Isotropic
Omnidirectional
Gain: 2dB
Directional
Gain:
10-55dB
47
47
Power and gain quantities
dBm = dB value of Power / 1 mWatt
dBW = dB value of Power / 1 Watt
Used to describe signal strength.
dBi
(0dBi is by default the gain of an
isotropic antenna)
= dB value of antenna gain relative to
the gain of an isotropic antenna
The ratio of a quantity Q1 to another comparable quantity Q0:
LdB  10 lo g10
Thus: PdBm  10 log10
Q1
Q0
P
P
and PdBW  10 log10
1mW
1W
For example: 1W = +30dBm, 100mW = +20dBm
48
Antenna: Gain vs. Beamwidth (1/2)
• Antenna radiation pattern
 Reciprocity theorem: the transmitting and receiving patterns of an antenna
are identical at a given wavelength
 Gain is a measure of how much of the input power is concentrated
(radiated) in a particular direction (relative to the isotropic antenna with
the same input power, e.g., 20dBi means 100 times more)
 Beamwidth of a pattern is the angular separation between two identical
points on opposite side of the pattern maximum
49
http://www.kyes.com/antenna/navy/basics/antennas.htm
Antenna: Gain vs. Beamwidth (2/2)
• Power density PD= Pin/4πR2, where Pin is the input/radiated power (no losses)
When the angle in which the radiation is constrained is reduced, the gain goes up
in that direction.
50
Signal propagation
 Wireless transmission distorts a transmitted signal
 Results in uncertainty at receiver about which bit sequence originally
caused the transmitted signal
 Abstraction: Wireless channel describes these distortion effects
 Sources of distortion
 Attenuation – energy is distributed to larger areas with increasing distance
 Reflection/refraction – bounce of a surface; enter material
 Diffraction – start “new wave” from a sharp edge
 Scattering – multiple reflections at rough surfaces
 Doppler fading – shift in frequencies (loss of center)
51
Attenuation and path loss
• Effect of attenuation: received signal strength is a function of the
distance R between sender and receiver
• Captured by Friis equation (a simplified form)

Prx
 λ 
 GtGr 

Ptx
 4πR 
 Gr and Gt are antenna gains for the receiver and transmiter
 λ is the wavelength and α is a path-loss exponent (2 - 5)
 Attenuation depends on the enviroment, for free-space α=2
• Path loss (PL)

Ptx
 λ 
PL(dB)  10log
 Ptx (dB )  Prx (dB )  10log G t G r 

Prx
 4πR 
52
XMTR
LINK LOSSES
Received Power
Spreading and
Atmospheric Loss
Antenna Gain
Antenna Gain
Transmitted Power
Signal Strength (dBm)
Signal Propagation (Strength)
RCVR
Path through link
To calculate the received signal level (in dBm), add the transmitting antenna
gain (in dB), subtract the link losses (in dB), and add the receiving antenna gain (dB)
to the transmitter power (in dBm).
© D. Adamy, A First Course on Electronic Warfare
53
Receiver sensitivity
• The smallest signal (the lowest signal strength) that a receiver
can receive and still provide the proper specified output.
• Example:
•
•
•
•
•
•
Transmitter Power (1W) = +30dBm
Transmitting Antenna Gain = +10dB
Spreading Loss = 100dB
Atmospheric Loss = 2dB
Receiving Antenna Gain = +3dB
Receiver Power (dBm) = +30dBm + 10dB – 100dB – 2dB + 3dB = -59dBm
Receiver 1 sensitivity is -62dBm and the receiver 2 is -65dBm: receiver 1 and 2 will receive the
signal as if there is still 3dBm and 6dBm of margin on the link, respectively.
Recv 2 is 3dB (a factor of two) better than recv 1; recv 2 can hear signals that are half the
strength of those heard by recv1.
54
Wireless signal in a real environments
• Brighter color = stronger signal
• Obviously, simple (quadratic) free
space attenuation formula is not
sufficient to capture these effects
55
© Jochen Schiller, FU Berlin
Generalizing the attenuation formula
 To take into account stronger attenuation than only caused by distance (e.g.,
walls, …), use a larger path-loss exponent α > 2
α
 R0 
(R0 is a referent distance)
Precv (R)  Precv (R0 )   
R
 Rewrite in logarithmic form (in dB):
R
PL(R)[dB]  PL(R0 )[dB]  10α log 
 R0 
• Take obstacles into account by a random variation
• Add a Gaussian random variable with 0 mean and variance 2 to dB representation
• Equivalent to multiplying with a lognormal random variable in metric units: lognormal fading
R
PL(R)[dB]  PL(R0 )[dB]  10α log   X [dB]

 R0 
56
Lognormal fading (shadowing)
10log10 R
http://www.hindawi.com
57
Reflection, diffraction and scattering
 Reflection: when the surface is large relative to the wavelength of signal

May cause phase shift from original / cancel out original or increase it
 Diffraction: when the signal hits the edge of an impenetrable body that is
large relative to the wavelength

Enables the reception of the signal even if Non-Line-of-Sight (NLOS)
 Scattering: obstacle size is in the order of λ
 Doppler shift
Scattering

Signal propagation


In LoS (Line-of-Sight) diffracted and scattered
signals not significant compared to the direct
signal, but reflected signals can be
(multipath effects)
Diffraction
Reflection
In NLoS, diffraction and scattering
are primary means of reception
58
Reflections and multipath fading
 Multiple copies of a radio signal take different paths to the receiver
 The effects of multipath include constructive and destructive interference,
and phase shifting of the signal at the receiver
 Destructive interference causes signal fading
Reflection
59
Signal-to-Noise ratio (SNR) per bit (Eb/N0)
Eb Es 1 S  Ts 1 Prx
1
P
1

 
 

 rx 
N0 N0 r N / B r N0 r  Rs N0 R b
 Eb - energy per bit, Es - energy per symbol
 N0 - noise power spectral density
 S (i.e., Prx) - received signal power
 N - received noise power
 B - receiver’s bandwidth
 Ts - symbol duration
 Rs - baud rate, Rb - bit rate, r=Rb/Rs
60
Message eavesdropping and
insertion – message relay attacks
Wrong mental model
=
M
A
B
M
A
B
62
62
Eavesdropping
• Attackers can eavesdrop communication from much longer
distances than anticipated
 Attacks on Bluetooth (designed for 10-100m range)
 Reported eavesdropping from more than 1.5 km (BlueSniper rifle)
 Thanks to high gain/sensitivity antennas
M
M
A
B
63
63
Message insertion
• Straightforward
• If the attacker knows the frequency/modulation/coding on/by which
the communicating parties exchange information
m
A
M
B
64
Message replay (1/2)
• Replay = message eavesdropping + insertion
• Example: straightforward attack on neighborhood discovery
protocols in wireless networks (the wormhole attack)
• Q: Could authentication help here?
M
Hi, I am A, your neighbor
A
B
C
65
Message replay (2/2)
• Authenticated neighborhood discovery
Hi, I am A, your neighbor
generates a signature
with its private key
verifies A’s signature
using A’s public_key
prove it, NB
A
signA{NB, B, A}
B
RFID reader (ZG)
RFID card (ST)
M
Hi, I am A, your neighbor
A
B
Authentication does not help!
(we will show some solutions to this problem later in the course)
C
66
Relay attacks in practice
 Chip & PIN (EMV) relay attacks
 http://www.cl.cam.ac.uk/research/security/banking/relay
 Cracking keyless car systems
 http://www.youtube.com/watch?v=bfjMj8fgsBo
 Practical NFC Peer-to-Peer Relay Attack using Mobile Phones
 http://eprint.iacr.org/2010/228.pdf
67