Basic radio frequency communications - 2 Session 1 Contents • • • • Basic security concepts Attacks against wireless networks Wireless technologies Classification according to the range 2/42 Basic security concepts • Vulnerability – An inherent weakness in the design, configuration, implementation of a network or system – This can take any form and can be intentional, accidental, or simply an act of nature • Threat – Any possible event that can disrupt the operation, functioning, integrity, or availability of a network or system 3/42 Basic security concepts • Attack – A specific technique used to exploit a vulnerability • Example – A threat could be a denial of service – A vulnerability is in the design of a communication system – An attack could be jamming 4/42 Basic security concepts • Confidentiality – Providing confidentiality means hiding the information from an unauthorized third party • Integrity – Ensuring data integrity means protecting data from being modified without authorization • Availability – The wireless network should be always available to be used 5/42 Basic security concepts • Privacy – Ensuring privacy means hiding the user identity, location or service usage • Authentication – Process that ensures that only legitimate users (possessing certain credentials) can access the wireless network 6/42 Basic security concepts • Access Control – Process that grants a legitimate user access to certain information that he/she is allowed to access • Non-repudiation – Activities that prevent users from denying the use of wireless networks 7/42 Attacks against wireless networks • Passive attacks (1) – Channel eavesdropping • An attacker can place an antenna to hear the information between the victim transmitter and receiver – Channel overuse • The radio spectrum is a shared resource • A wireless operator or a user may make an excessive use of the radio spectrum and prevent others from accessing it 8/42 Attacks against wireless networks • Passive attacks (2) – Traffic analysis • An analysis that shows characteristics of the traffic, e.g. how frequently the communication takes place • Active attacks (1) – Channel jamming • Part of denial of service attacks • Performed by transmitting at the same time in the same communication channel as the victim 9/42 Attacks against wireless networks • Active attacks (2) – Identity cheat • An attacker impersonates a legitimate user in the wireless networks – Spoofing • An attacker retrieves data and sends other data to the victim user – Data alteration • An attacker modifies the content of the information 10/42 Attacks against wireless networks 11/42 Attacks against wireless networks • Specific vulnerabilities of wireless networks regarding mobility, i.e. the fact that a device can roam across different wireless networks and network operators (1) – Privacy of a user is threatened – Mobile device is small • Limited storage, computing power and energy • Strong protection measures (e.g. strong cryptography) are difficult to implement 12/42 Attacks against wireless networks • Specific vulnerabilities of wireless networks regarding mobility, i.e. the fact that a device can roam across different wireless networks and network operators (2) – Mobile device can be easily stolen • This may lead to misuse and reverse engineering 13/42 Wireless technologies • RFID • Personal networks – Bluetooth (IEEE 802.15.1) – ZigBee (IEEE 802.15.4) • Wireless LAN (IEEE 802.11) • Cellular networks – GSM – UMTS (3G) 14/42 Wireless technologies • • • • • • Wireless mesh networks Mobile ad hoc networks Hybrid ad hoc networks Vehicular networks Sensor networks Integrated networks 15/42 RFID • RFID (Radio Frequency Identification) – Serves for automatic and secure reading of an IDnumber – There are also RFID devices capable of storing data – wireless memory (e.g. electronic passports) • Applications (http://www1.nrk.no/nett-tv/klipp/164552) – Logistics – Ticketing – Transport (e.g. Autopass), etc. 16/42 RFID • Operation – An RFID tag is mounted on the object to be identified • The tag consists of a chip and an antenna • Energy needed for operation of the tag is (usually) received from the reader – a radio transmitter – When the tag finds itself in the field of the reader’s radio signal, it transmits an echo – The echo is checked in the reader’s database and thus the object is identified. 17/42 Personal networks • Bluetooth – A short-range communications system intended to replace the cables connecting portable and/or fixed electronic devices. – The system offers services that enable the connection of devices and the exchange of data between these devices. 18/42 Personal networks • Bluetooth 19/42 Personal networks • ZigBee – A short-range communication system intended to facilitate communication between various technical devices, tipically home appliances. – Simpler messages than Bluetooth – More scalable than Bluetooth 20/42 Wireless LAN • Wireless LAN enables connectivity of computing devices (PCs, laptop, printers, etc.) by means of a radio link • Such a connection is transparent for the users – There is no logical difference between a wired and a wireless connection. 21/42 Wireless LAN 22/42 Cellular networks • Cellular network – A radio network made up of a number of radio cells, each served by a fixed transmitter, known as a base station. – These cells are used to cover different areas in order to provide radio coverage over a wider area than the area of one cell • Example – Mobile telephony networks (GPS, UMTS) 23/42 Cellular networks 24/42 Cellular networks • Abbreviations (1) – SIM – Subscriber Identity Module – MS – Mobile Station – USIM – Universal Subscriber Identity Module – ME – Mobile Equipment – TE – Terminal Equipment – UE – User Equipment – BTS – Base Transceiver Station – BSC – Base Station Controller 25/42 Cellular networks • Abbreviations (2) – Node B – Analogue to BTS in UMTS – RNC – Radio Network Controller – BSS – Base Station Subsystem – RNS – Radio Network Subsystem – MSC – Mobile Switching Center – GMSC – Gateway MSC – SGSN – Serving GPRS Support Node – GGSN – Gateway GPRS Support Node 26/42 Cellular networks • Abbreviations (3) – VLR – Visitor Location Register – HLR – Home Location Register – EIR – Equipment Identity Register – AuC – Authentication Center – PSTN – Public Switched Telephone Network – PLMN – Public Land Mobile Network 27/42 Wireless mesh networks • Mesh network – Data communication through fixed nodes – The connectivity allows continued communication even if some of the nodes in the network stop functioning • Wireless mesh network – Communication between the nodes is wireless – Similar to mobile ad hoc networks, but the nodes are in general not mobile. 28/42 Mobile ad hoc networks (MANETs) • A self-configuring network of mobile routers (and associated hosts) connected by wireless links • Together, they form an arbitrary topology • The routers are free to move randomly and organize themselves arbitrarily 29/42 Mobile ad hoc networks (MANETs) • The network's wireless topology may change rapidly and unpredictably • Such a network may operate in a standalone fashion, or may be connected to a larger Internet 30/42 Mobile ad hoc networks (MANETs) 31/42 Hybrid ad hoc networks • A structure-based network that is extended using multi-hop communications • The existence of a communication link between the mobile station and the base station is not required – A mobile station that has no direct connection with a base station can use other mobile stations as relays. 32/42 Hybrid ad hoc networks 33/42 Vehicular networks (VANETs) • A form of MANET – Intended to provide communication among nearby vehicles and between vehicles and nearby fixed equipment (roadside equipment) • The main goal – providing safety and comfort for passengers 34/42 Vehicular networks (VANETs) • A special electronic device is placed inside each vehicle – Provides ad hoc network connectivity for the passengers • This network tends to operate without any infrastructure 35/42 Vehicular networks (VANETs) 36/42 Wireless sensor networks • Spatially distributed autonomous devices – Use sensors to cooperatively monitor physical or environmental conditions (temperature, sound, vibration, pressure, motion, pollutants, etc.) at different locations. • In addition to one or more sensors, each node in a sensor network is equipped with a radio transceiver, a small microcontroller, and an energy source, usually a battery. 37/42 Wireless sensor networks 38/42 Integrated networks • Modern networks often integrate many types of networks, including various types of wireless networks • Example – Sensor networks and ad hoc networks are often integrated to make a single network 39/42 Integrated networks 40/42 Classification according to range • According to the range, wireless networks are classified in the following way – Short-range • Bluetooth, ZigBee – Medium-range • WLAN – Medium long-range • Cellular – Long-range • Satellite global area networks 41/42 Classification according to range 42/42