Project Proposal: Security Threats for Wireless Devices

1
Project Proposal Security Threats for Wireless
Devices

• Matt Fratkin
• April 11th, 2005
• E6886

2
Project Overview

• To investigate the current security threats among
  Wireless LANS, Wireless Personal Area Networks
  (Bluetooth), and Wireless Handheld devices
• To describe the various problems associated with
  the built in security features for each of these
  devices

3
Wireless Technology Overview

• Wireless technology can be defined as the ability
  for more than one device to communicate with each
  other without having any sort of physical
  connection

4
Wireless Technology Threats Overview

• Since wireless technology does not use cables for
  transmission, it relies on radio frequencies to
  transmit the data
• This makes it susceptible for intruders to
  intercept the signal and interfere with it how
  ever they want whether it be eavesdropping,
  stealing information, or causing damage to the
  network

5
Wireless LANs Overview

• Connects users computers to the network using an
  access point device
• The access point connects with devices equipped
  with wireless network adapters (wired Ethernet
  LAN via an RJ-45 port)
• These access points usually have coverage areas
  of up to 300 feet
• Some of these access points can be linked
  together so users can remained linked through
  multiple access points

6
Wireless Personal Area Networks Overview
(Bluetooth)

• These are networks that are supposed to
  dynamically connect devices such as cell phones,
  laptops, PDAs
• These ad-hoc networks have random network
  configurations and rely on a master-slave system
  connected by wireless links to allow devices to
  communicate with one another
• Since the devices move in an unpredictable way
  the networks need to be reconfigured on the go in
  order to handle the change
• The routing that the Bluetooth uses allows the
  master to establish and maintain these ever
  shifting networks

7
Bluetooth Network Example

• Bluetooth enabled mobile phone connecting to
  mobile phone network, synching with a PDA address
  book, and downloading email

8
Wireless Handheld Devices

• These devices can broken down into two
  categories PDAs and Smart Phones
• PDAs operate on a proprietary networking standard
  that sends email to remote servers by accessing
  the corporate network
• Smart Phones are mobile phones that contain
  information processing and data networking
  capabilities

9
Wireless LAN Security Features

• There are three different types of security
  features for Wireless LANs
• Authentication
• Confidentiality
• Integrity

10
Wireless LAN Security Features - Authentication

• Provides a service to the users by needing to
  verify the identity of the users for each
  communicating station
• Denies access to those who can not properly
  authenticate themselves
• Therefore only authorized personal are allowed to
  use the communicating client stations

11
Wireless LAN Security Features- Confidentiality

• This feature provides privacy to any user on the
  network
• Supposed to prevent eavesdropping by outsiders
• Therefore only authorized people are allowed to
  view the data on the network

12
Wireless LAN Security Features - Integrity

• This feature is used to ensure that the data
  coming in is the data that was transmitted
• Makes sure that no alterations of the data has
  been made while it is in transit
• Therefore users should feel confident that they
  are viewing the data that was meant for them to
  see, not some altered version

13
Wireless LAN Security Diagram
14
Problems with the Wireless LAN Security Features

• The standardization of Wireless LAN security is
  the IEEE 802.11Standard Security
• This provides for cryptographic keys of 40-bits
• However, some vendors have implemented products
  with keys of up to 104 and 128-bit keys
• Many users in a network often share these
  cryptographic keys so if one becomes lost or
  stolen then the whole network can be at risk
• Also, the eavesdropper usually knows 24-bits of
  every packet key, so this combined with the
  weakness in the key schedule allows for an
  analytical attack

15
Problems with the Wireless LAN Security Features-
cont.

• The analytical attack recovers the key after only
  analyzing a small amount of traffic in the key
  schedule (RC4)
• This attack is a very public attack similar to an
  attack script and open source code
• Since the integrity is checked by a Cyclic
  Redundancy Check (CRC) along with checksums, the
  integrity can be challenged due to the fact that
  the checksums are noncryptographic
• This leads to vulnerabilities in the system,
  allowing the attacker to be able to
  systematically decrypt the incoming packets and
  those change the information

16
RC4 Algorithm used for privacy protection
17
Diagram of Possible Wireless LAN attacks
18
Bluetooth Security Features

• There are some built in security features for
  Bluetooth technology that address the following
  topics
• Authentication
• Confidentiality
• Authorization

19
Bluetooth Security Features - Authentication

• The purpose of this feature is to be able to
  verify the identity of who the device is
  communicating with
• There is also an abort feature in case the device
  does not authenticate properly

20
Bluetooth Security Features - Confidentiality

• This feature once again protects the privacy of
  the user
• It is intended to prevent others from
  viewing/eavesdropping on the information being
  sent to and from the user
• Therefore the user can feel safe that only
  authorized users are seeing the data

21
Bluetooth Security Features Authorization

• This feature addresses the question as to whether
  or not the device is authorized to use the
  service
• This prevents non-authorized users from stealing
  resources intended for authorized users

22
Bluetooth Security Modes

• On top of the built in security features,
  Bluetooth can operate in the following three
  security modes
• Security Mode 1 Nonsecure mode
• Security Mode 2 Service-level enforced security
  mode
• Security Mode 3 Link-level enforced security mode

23
Bluetooth Security Modes
24
Bluetooth Security Diagram
25
Problems with Bluetooth Security Features

• Based on a table generated by the National
  Institute of Standards and Technology (NIST),
  some of the problems/vulnerabilities with the
  Bluetooth Technology are
• The random number generator may produce static or
  periodic numbers that reduce the effectiveness of
  the authentication scheme
• Short PINS are allowed for generating link and
  encryption keys. These short PINS can be guessed
  and therefore decreases the security
• There is no way clear way to generate and
  distribute PINS, therefore in networks with many
  users it is difficult to keep secure PINS from
  being guessed

26
Problems with Bluetooth Security Features - cont

• Authentication can be repeated- there is no limit
  set for the number of times a user can attempt to
  become authenticated
• The key length used for encryption doesnt have a
  set minimum length, causing some to have
  short/weak keys
• Security is not maintained all the way through
  the system- individual links are encrypted and
  authenticated and data is decrypted at
  intermediate points. There is no encryption and
  decryption maintained all the way through the
  system

27
Wireless Handheld Device Security Features

• There are not a lot of built in security features
  in wireless handheld device, but their security
  can be threatened as well in the following areas
• Confidentiality
• Integrity
• Availability

28
Wireless Handheld Devices Security Threats -
Confidentiality

• The information contained on the wireless devices
  can be compromised at a variety of different
  levels whether it be on the handheld device
  itself, the storage module, the PC, or while
  being sent over Bluetooth, USB, or serial
  communication ports
• PDAs are susceptible during the period when data
  is being transmitted as the data being sent is
  unencrypted so anyone in close proximity can
  retrieve that information
• Likewise, a Bluetooth device that is not properly
  configured is liable to have the data stolen from
  someone who has a Bluetooth-enabled device

29
Wireless Handheld Devices Security Threats -
Integrity

• Handheld devices face the same problems as
  Wireless LANs as the transmitted data can be
  altered before it reaches the user or device thus
  interfering with the integrity of the transmitted
  data
• The handheld hardware must be protected from the
  insertion or replacement of the read-only-memory
  (ROM) by outside parties
• Handheld applications must be protected from the
  installation of software from unauthorized
  sources that may contain malicious software
  (malware)

30
Wireless Handheld Devices Security Threats -
Availability

• The wireless handheld devices need to also be
  protected from attacks that limit their
  computational or network resources thus making
  these devices unusable for certain periods of
  time
• These attacks can be in the form of Trojan
  horses, worms, viruses and other malware that
  effect the networks
• All types of wireless handheld devices are
  targets for these types of attacks

31
Conclusion

• As it is evident from the previous slides
  wireless technology is a wonderful feature for
  many of today's most common devices
• However, since information is being transmitted
  through radio frequencies it is open to
  interception and tampering from outside parties
• Although many of these devices are built with
  security features it seems like many of these
  features are not good enough to protect the
  transmitted data

32
Conclusion - cont

• Encryption keys for the networks seem to be built
  using very small amount of bits, even though the
  vendors are building the devices with large
  amounts of bits
• PINS over large networks with many users are no
  good as short PINS are used which can easily be
  guessed
• With the ever changing technology the wireless
  technology needs to make security a huge priority
  to protect the customers

33
Questions/Comments

• I can be contacted at mbf2106_at_columbia.edu if you
  have any questions or comments

34
References

• Karygiannis, Tom and Owens, Les, Wireless
  Network Security 802.11, Bluetooth and Handheld
  Devices, http//csrc.nist.gov/publications/nistpu
  bs/800-48/NIST_SP_800-48.pdf, 2002.
• Uskela, Sami, Security in Wireless Local Area
  Networks, http//www.tml.hut.fi/Opinnot/Tik-110.5
  01/1997/wireless_lan.html, 1997
• V-One Corporation, Smart Security for Wireless
  Communications, http//www.v-one.com/docs/whitepa
  per_wireless.pdf, 2003.

35
References -Diagrams

• All diagrams were taken from the Wireless
  Network Security Publication by Tom Karygiannis
  and Les Owens