Security Issues in Wireless Networks

1
Security Issues in Wireless Networks

• Kumar ViswanathCMPE 293

2
What is Cryptography

• Cryptography is the work of people suffering from
  delusional paranoia

3
Security Requirements

• Confidentiality
• Protection from disclosure to unauthorized
  persons
• Integrity
• Maintaining Data Consistency
• Authentication
• Assurance of identity of originator of Data
• Non- Repudiation
• Originator of communications cant deny it later

4
Security Threats

• Information Disclosure /information leakage
• Integrity violation
• Masquerading
• Denial of Service
• Generic threats backdoors, trojans, insider
  attacks
• Most Internet Security problems are related to
  access control or authentication

5
Attack Types

• Passive attack can only observe data or
  communications
• Active attack can actively modify data or
  communications
• Mail forgery/ Modification
• IP spoofing / session hijacking

Passive Attack
Active Attack
6
Security Mechanisms

• Three basic building blocks are used
• Encryption is used to provide confidentiality,
  can provide authentication and integrity
  protection
• Digital Signatures are used to provide
  authentication, integrity protection and non
  repudiation
• Checksum and Hash algorithms are used to provide
  integrity protection
• One more more of these security mechanisms is
  combined to provide a security service

7
Services , Mechanisms, Algorithms

• Services are built from mechanisms
• Mechanisms are implemented using algorithms

SSL
Signatures
Encryption
Hashing
DSA
RSA
DES
MD5
8
Conventional Encryption

• Shared Key
• Problem of communicating a large message in
  secret reduced to communicating a small key in
  secret

9
Public Key Encryption

• Use Matched public/private key pairs
• Any one can encrypt with public key but only one
  person can decrypt with private key

10
Security In GSM Networks

• Overview
• GSM subscribers MS are traced during their
  intra-domain and inter-domain movements
• Each MS informs the network of its position and
  this information is used to update the VLR and
  HLR
• Communication is established under control of
  Authentication center called Auc located within
  the Message Switching Center (MSC)

11
GSM Contd

• Every GSM subscriber has a smart card (SIM)
  containing a secret key Ki known only to the HLR.
• When MS notifies local MSC of its presence, local
  VLR contacts the HLR
• VLR transmits it own identity , MS indentity
  (IMSI) and position to HLR.
• HLR queries its AUc for a set of triplets
  containing a challenge, a signed response SRES
  and corresponding session key Kc.
• The triplets are forwarded to VLR which uses it
  for authenticating MS

12

• Parameters SRES and Kc are computed with
  proprietary algorithms A3 and A8 that implement
  one way functions.
• SRES A3(Ki,RAND)
• Kc A8(Ki,RAND)
• Authentication of Mobile Station is achieved
  using the challenge response mechanism
• Data Confidentiality is achieved by enciphering
  all data with session key Kc.
• A5 is used to encipher data, speech and signaling
  messages

13
GSM Authentication Scheme
14
Security Issues

• The authentication scheme relies on the security
  of the inter- network between the VLR ? HLR
  communication
• Another point of contention is the manner in
  which the authentication information is
  distributed.The Home domain has to generate on
  the fly, a set of challenge -response pairs
• GSM uses proprietary Algorithms for
  authentication and secrecy.
• Security by Obscurity is not effective.

15
CDPD

• CDPD is not only a value added service but a
  complete architecture. The architecture supports
  several network layer protocols including IP
• Security Services composed of
• Data confidentiality
• Key Distribution
• Mobile Unit Authentication

16

• An authentication server AS is present in every
  CDPD domain
• The AS is typically co-located with the Mobile
  Data Intermediate System (MD-IS)
• Mobile unit (M-ES) authentication requires
  contacting the AS in the units Home domain

17
CDPD contd

• The authentication begins with the Diffie-Hellman
  key exchange protocol.
• M-ES and MD-IS both share a key Ks.
• M-ES encrypts its credential with Ks and submits
  it for authentication
• Credentials consist of a triple NEI,ARN,ASN
• The serving MD-IS decrypts the credentials and
  forward them to the home MD-IS in cleartext.

18

• Home MD-IS validates the credentials and issues a
  new ARN.
• M-ES authentication is complete when the serving
  MD-IS receives a confirmation from the home MD-IS

19
CDPD Authentication Scheme
20
Security Issues

• Authentication scheme is unidirectional
• An intruder can masquerade as the serving MD-IS
  and discover M-ES credentials
• The scheme assumes that the fixed network is
  secure
• CDPD does not have a long term key unlike GSM. If
  an intruder intercepts the M-ES credentials he
  can impersonate for ever.

21
Securing Ad Hoc Networks

• Goals
• Availability ensure survivability of the network
  despite denial of service attacks. The DOS can be
  targeted at any layer
• Confidentiality ensures that certain information
  is not disclosed to unauthorized entities. Eg
  Routing information information should not be
  leaked out because it can help to identify and
  locate the targets
• Integrity guarantee that a message being
  transferred is never corrupted.

22

• Authentication enables a node to ensure the
  identity of the nodes communicating.
• Non- Repudiation ensures that the origin of the
  message cannot deny having sent the message

23
Challenges

• Wireless links renders the ad hoc network
  susceptible to attacks
• In Ad hoc scenarios like tactical warfare etc.
  nodes have a high probability of being
  compromised.
• Ad hoc network is dynamic because of frequent
  topology changes. Trust relationship among nodes
  also changes

24
Secure Routing

• Two sources of threats
• External Intruder nodes can pose to be a part of
  the network injecting erroneous routes, replaying
  old information or introduce excessive traffic to
  partition the network
• Internal The nodes themselves could be
  compromised. Detection of such nodes is difficult
  since compromised nodes can generate valid
  signatures.

25

• High Level Solution
• Treat routing information from compromised nodes
  as outdated information
• If routing protocol can provide multiple routes
  use Diversity Coding techniques
• eg if there are n disjoint routes to a
  destination use (n-r) channels to transmit data
  and other r channels to transmit redundant
  information.

26
Key Management Service

• Use Digital signatures to to protect both routing
  and data
• Public Key infrastructure because of superiority
  in key distribution.
• Problems
• Requires a trusted entity called Certification
  Authority CA for key management
• Single point of failure

27
Key Management Service

• Key Management consists of n servers. The service
  as a whole has a public/private key pair K/k.
• The public key K is known to all nodes and the
  private key is divided into n shares s1,s2, sn.

Key management K/k
K
S1
Sn
K1/k1
K2/k2
Kn/kn
S2
28

• Each server i has a public/private key pair
  Ki/ki and knows the public keys of all other
  nodes.
• Nodes as clients can query requests to get other
  clients public keys or update requests to change
  their own public keys
• The key management scheme uses (n,t1) threshold
  cryptography.

29
Threshold Crytography

• An (n,t1) scheme allows n parties to share the
  ability perform cryptographic operations ( eg.
  digital signatures ) so that any t1 parties can
  jointly perform the operations
• For the service to sign a certificate each server
  generates the partial signature using its private
  key share Si
• All the Si are combined in the combiner.The
  combiner can use any valid t1 partial signatures
  to generate the Key K.
• Note Compromised Servers can generate incorrect
  partial signatures.
• Proactive schemes use share refreshing.
• Compute new shares from old shares without
  disclosing the service private key to any server.

30
Wired Equivalent Privacy (WEP)

• Wired Equivalent Privacy
• Part of 802.11 Link layer protocol
• Security Goals
• prevent link layer eavesdropping
• Secondary Goal prevent network access
• Essentially equivalent to wired access point
  security

31
WEP

• WEP relies on a secret key that is shared between
  a mobile station (eg. a laptop with a wireless
  ethernet card) and an access point (ie. a base
  station)
• The secret key is used to encrypt packets before
  they are transmitted, and an integrity check is
  used to ensure that packets are not modified in
  transit.
• The standard does not discuss how the shared key
  is established. In practice, most installations
  use a single key that is shared between all
  mobile stations and access points.

32
Protocol Setup
LAN
Access Point
Shared key
Mobile Station
Mobile Station
Mobile Station
33

• WEP uses RC4 which is a stream cipher
• A stream cipher operates by expanding a short key
  into an infinite pseudo-random key stream.
• The sender XORs the key stream with the
  plaintext to produce ciphertext.
• The receiver has a copy of the same key, and uses
  it to generate identical key stream.
• XORing the key stream with the ciphertext yields
  the original plaintext.

34
Problems

• An attacker can flip a bit in the ciphertext,
  then upon decryption, the corresponding bit in
  the plaintext will be flipped.
• Also, if an eavesdropper intercepts two
  ciphertexts encrypted with the same key stream,
  it is possible to obtain the XOR of the two
  plaintexts.
• Knowledge of this XOR can enable statistical
  attacks to recover the plaintexts.
• The statistical attacks become increasingly
  practical as more ciphertexts that use the same
  key stream are known.

35
Security Measures

• To ensure that a packet has not been modified in
  transit, WEP uses an Integrity Check (IC) field
  in the packet.
• To avoid encrypting two ciphertexts with the same
  key stream, an Initialization Vector (IV) is used
  to augment the shared secret key and produce a
  different RC4 key for each packet. The IV is also
  included in the packet.

36
Conclusions

• Designing secure protocols is harder than it
  looks
• Public review is a good idea
• Use previous work ( and their failures ) to
  design more robust schemes