Presentation is loading. Please wait.

Presentation is loading. Please wait.

NETE46301 Physical Layer Security Lecture 2 Supakorn Kungpisdan

Similar presentations

Presentation on theme: "NETE46301 Physical Layer Security Lecture 2 Supakorn Kungpisdan"— Presentation transcript:

1 NETE46301 Physical Layer Security Lecture 2 Supakorn Kungpisdan

2 NETE Roadmap Defending the Physical Layer Attacking the Physical Layer

3 NETE Defending the Physical Layer The point at which protection should begin Security Controls have three primary goals: –Deter: security lighting and “Beware of Dog” sign –Delay: fences, gates, locks, access controls, and mantraps –Detect: intrusion detection systems (IDSes) and alarms Higher layers focus on preventing disclosure, denial, or alteration of information Physical security focuses on intruders, vandals, and thieves

4 NETE Physical, Technical, and Administrative Controls

5 NETE Design Security Design security should begin during the design phase, not at the time of deployment Physical security of assets and employees should be considered when designing a new facility; well-designed facilities are comfortable and secure

6 NETE Key Issues of Design Security Location Construction Accessibility and Transportation Climatology Utilities Access Control

7 NETE Perimeter Security What to examine: –Natural boundaries at the location –Fences or walls around the site –The design of the outer walls of a building –Divisions and choke points within a building A series of mechanisms includes: –Fences –Perimeter Intrusion Detection and Assessment Systems (PIDAS) –Security lighting –Closed-circuit television (CCTV) –Security guards and guard dogs –Warning signs and notices

8 NETE Fencing A fence with proper design and height can delay an intruder and work as a psychological barrier A risk analysis should be performed to evaluate types of physical assets to be protected –4-foot fence will deter a casual trespasser –8-foot fence will keep a determined intruder out Need to consider gauge and mesh size of the wire –The smaller the mesh, the more difficult it is to climb –The heavier the gauge, the more difficult it is to cut

9 NETE Gauge and Mesh 16G with 50mm vs 25 mm mesh

10 NETE Fencing (cont.)

11 NETE PIDAS Perimeter Intrusion Detection and Assessment Systems PIDAS has sensors that detect intruders and feel vibrations along the fence The system may produce false positives due to stray deer, high winds, or other natural events

12 NETE Gates, Guards, and Ground Design UL Standard 325 details requirements for fates with 4 classifications: –Residential Class 1 –Commercial Class 2 –Industrial Class 3 –Restricted Access Class 4 Bollards are made of concrete or steel and used to block vehicle traffic or to protect areas where pedestrians are entering or leaving buildings Security guards need to have job references and be subjected to a background check –Web site operation and private investigators

13 NETE Bollards

14 NETE Gates, Guards, and Ground Design (cont.) Dogs are loyal but can be unpredictable. –Dogs are restricted to exterior control and should be used with caution Lighting can discourage criminals Most standards list two candlefoot power as the norm for facilities using nighttime security. Too much light causes over-lighting and glare. It may bleed over adjacent property With CCTV, activities can be monitored live by a security officer or recorded and reviewed later –British government has installed over 1.5 million CCTV cameras Warning signs or notices should be posted to deter trespassing

15 NETE Facility Security “Anyone with physical access has the means and the opportunity to commit a crime” Least Privilege: providing only the minimum amount of access that is required, and restricted non-authorized individuals from entering sensitive areas Can achieve by examining windows, doors, locks, walls, access control, intrusion detection

16 NETE Entry Points Doors, windows, roof access, fire escapes, delivery access, and chimneys

17 NETE Entry Points: Doors Door functions determine its construction, appearance, and operation A door designed for security purpose is very solid and durable, with hardened hardware Interior doors are made of hollow-core wood; exterior doors are made of solid-core wood Need to perform risk assessment on interior applications

18 NETE Entry Points: Doors (cont.) Doors have fire rating with various configurations: –Personal doors –Industrial doors –Vehicle access doors –Bulletproof doors –Vault doors Must examine hardware used to install a door Mantrap is designed so that when the outer door opens, the inner door locks

19 NETE Doors (cont.) Bullet-proof door Vault door

20 NETE Doors (cont.) Industrial door Vehicle access door

21 NETE Mantrap

22 NETE Entry Points: Doors (cont.) Automatic door locks: fail-safe or fail- secure –Fail-safe (unlocked) state allows employees to exit, but also allows other unauthenticated access –Fail-secure (locked) configuration is when the doors default to being locked, thereby keeping unauthorized individuals out while also preventing access

23 NETE Entry Points: Windows Alarms or sensors may be installed on windows Window types include: –Standard: lowest security, least expensive, easily shattered ( แตกละเอียด ) –Polycarbonate Acrylic: more stronger than standard glass –Wire Reinforced: adds shatterproof protection –Laminated: similar to those used in automobiles, strengthen the glass –Solar Film: provide moderate level of security and decrease potential for shattering –Security Film: highest security

24 NETE Walls (cont.)

25 NETE Entry Points: Walls A reinforced wall can keep a determined attacker from entering an area Walls should be designed with firewalls, and emergency lighting should be in place

26 NETE Access Control Access control is any mechanism by which an individual is granted or denied access Many types include: –Mechanical locks –Identity card technology

27 NETE Access Control: Locks Warded locks and tumbler locks Warded locks work by matching wards to keys, are cheapest mechanical lock and easiest to pick Tumbler locks contain more parts and are harder to pick Another type of tumbler lock is the tubular lock, which is used for computers, vending machines, and other high-security devices

28 NETE Warded Locks

29 NETE Access Control: Locks (cont.)

30 NETE Tumbler Locks (cont.)

31 NETE Access Control: Locks (cont.) Three basic grades of locks include: –Grade 3: The weakest commercial lock (designed for 200,000 cycles) –Grade 2: Light duty commercial locks or heavy duty residential locks (designed for 400,000 cycles) –Grade 1: Commercial locks of the highest security (designed for 800,000 cycles)

32 NETE Access Control: Physical Controls Network cabling –Select the right type of cable –Should be routed through the facility so that it cannot be tampered with –Unused network drop should be disabled; all cable access points should be secured

33 NETE Access Control: Physical Controls (cont.) Controlling individuals: –ID cards with photograph of an individual –Intelligent access control devices: contact and contactless Contact access cards come with different configurations including: –Active Electronic: can transmit electronic data –Electronic Circuit: has a circuit embedded –Magnetic Strips: has a magnetic stripe –Optical-coded: contains laser-burned pattern of encoded dots

34 NETE Optical Card

35 NETE Access Control: Physical Controls (cont.) Contactless cards function by proximity e.g. RFID (Radio Frequency ID) –Passive: powered by RFID reader –Semi-passive: has battery only to power microchip –Active: battery-powered Multi-factor authentication is recommended Physical Intrusion Detection –Motion Detectors: audio, infrared, wave pattern, or capacitance –Photoelectric sensors –Pressure-sensitive devices –Glass breakage sensors Keep in mind that IDSes are not perfect

36 NETE Intrusion Detection (cont.) Glass break sensor Photoelectric sensor Motion detection sensor (photoelectric infrared)

37 NETE Device Security Device security addresses controls implemented to secure devices found in an organization –Computers, networking devices, portable devices, cameras, iPods, and thumb drives

38 NETE Device Security: Identification and Authentication Identification: the process of identifying yourself Authentication: the process of proving your identity Three categories of authentication –Something You Know –Something You Have –Something You Are

39 NETE Device Security: Sth You Know Passwords are most commonly used authentication schemes Gartner study in 2000 found that: –90% of respondents use dictionary words or names –47% use their name, spouse’s name, or a pet’s name –9% used cryptographically strong passwords

40 NETE Device Security: Sth You Know (cont.) A good password policy: –Passwords should not use personal information –Passwords should be 8 or more characters –Passwords should be changed regularly –Passwords should never be comprised of common workds or names –Passwords should be complex, use upper- and lower- case letters, and miscellaneous characters (e.g. #, $, %, ^, &) –Limit logon attempts to three successive attempts

41 NETE Device Security: Sth You Have Tokens, smart cards, and magnetic cards Two basic groups of tokens: –Synchronous token: synchronized to authentication server –Asynchronous challenge-response token

42 NETE Device Security: Sth You Are Basic operations: 1.User enrolls in the system 2.User requests to be authenticated 3.A decision is reached: allowed or denied Accuracy of biometrics –Type 1 Error (False Rejection Rate: FRR) –Type 2 Error (False Acceptance Rate: FAR) The point at which FRR and FAR meet is known as Crossover Error Rate (CER) The Lower CER, the more accurate the system

43 NETE Crossover Error Rate (CER)

44 NETE Biometric Finger Scan Hand Geometry Palm Scan Retina Pattern Iris Recognition Voice Recognition Keyboard Dynamics

45 NETE Computer Controls Session controls –System timeouts –Screensaver lockouts Warning banners

46 NETE Device Security: Mobile Devices and Media Samsung Corporation banned employees from using Samsung’s cell phones with 8GB of storage Sensitive media must be controlled, handled, and destroyed in an approved manner –Papers can be shredded: strip-cut and cross-cut shredders –CD can be destroyed –Magnetic media can be degaussed –Harddrive can be wiped

47 NETE Information Classification Systems Government Information Classification System –Focuses on secrecy Commercial Information Classification System –Focuses on Integrity

48 NETE Information Classification Systems (cont.)

49 NETE Information Classification Systems (cont.)

50 NETE Communications Security Communications Security examines electronic devices and electromagnetic radiation (EMR) they produce Original controls for these vulnerabilities were named TEMPEST, now changed to Emissions Security (Emsec) Newer technologies that have replaced shielding are white noise and control zones PBX must be secure Fax can be intercepted –Fax ribbons can be virtual carbon copy of original document –Solved by using fax server and fax encryption

51 NETE Comm Security: Bluetooth To keep bluetooth secure, make sure bluetooth-enable devices are set to non-discoverable mode. Use secure application to limit amount of cleartext transmission It no bluetooth functionality is needed, turn if off –It can be configured to access shared directories without authentication, which open it up for viruses, trojans, and information theft In 2005, AirDefense released BlueWatch, the first commercial security tool designed to monitor bluetooth devices and identify insecure devices –

52 NETE BlueWatch AirDefense BlueWatch can provide information such as: –Identify different types of Bluetooth devices, including laptops, PDAs, keyboards and cell phones –Provide key attributes, including device class, manufacturer and signal strength –Illustrate communication or connectivity among various devices –Identify services available on each device, including network access, fax and audio gateway

53 NETE Wireless Protocols Retire WEP devices Change default SSID MAC filtering Turn off DHCP Limit access of wireless users Use port authentication (802.1x) Perform periodic site surveys and scan for rogue devices e.g. using Kismet Update policies to stipulate requirements for wireless users Use encryption Implement a second layer of authentication e.g. RADIUS

54 NETE Roadmap Defending the Physical Layer Attacking the Physical Layer

55 NETE Attacking Physical Layer Several techniques to attack physical security: –Stealing data –Lock picking –Wiretapping –Hardware modification

56 NETE Stealing Data Abe Usher wrote a program called “pod slurp” to steal data from PC Purpose of Slurp –To create a proof-of-concept application that searches for office documents that can be copied from a Windows computer to an iPod (or other removable storage device). –The point of this exercise is to demonstrate (quantitatively) how quickly data theft can occur with removable storage devices. Method: –Searches for the "C:Documents and Settings" directory on a Windows computer. It then recurses through all of the subdirectories, discovering all of the documents (*.doc, *.xls, *.htm, *.url, *.pdf, etc.) on the computer that it is running from.

57 NETE How to Use Slurp Step 0: –Stop the iPod Service in Windows (if iPod software is installed and running). Step 1: –Unzip Step 2: –Copy the entire "slurp-audit" directory to your removable storage device (iPod, external hard drive, etc.) Step 3 –Run the application file "slurp-audit.exe" and watch it find all of the business files. After it is complete, check the report.html file to find out what files could have been copied to an iPod or USB thumbdrive. For more information, check:

58 NETE Slurp

59 NETE Slurp Report

60 NETE Lock Picks Basic components used to pick locks: –Tension Wrenches: small, angled flathead screwdrivers that come in various thicknesses and sizes –Picks: small, angled, and pointed, similar to a dentist pick

61 NETE Scrubbing

62 NETE Lock Shim

63 NETE Lock Shim (cont.)

64 NETE Lock Shim (cont.)

65 NETE Scanning and Sniffing Phreakers are interested in making free long-distance calls Free loaders intercept free HBO. Prevented by implementing videocipher encryption Cordless phone were attacked by tuning the same frequencies other people to listen to active conversation –Solved by switching to spread spectrum technologies 1 st Gen mobile phones have been hacked by Tumbling –Modify Electronic Serial Number (ESN) and mobile identification number (MIN) after each call Also vulnerable to cloning attack –Intercept ESN and MIN from listening to active calls

66 NETE Scanning and Sniffing (cont.) Attacks on 2 nd Gen Mobile phones: –International Mobile Subscriber Identity (IMSI) catcher Tell mobile phone that it is a base station –Cellphone jammer Transmit signals with same freq as cell phones; preventing all communication within given area –Cellphone detector Detect when a cell phone is powered on

67 NETE Scanning and Sniffing (cont.) Bluejacking allows an individual to send unsolicited messages over BT to other BT devicesBluejacking Bluesnarfing is the theft of data, calendar information and phonebook entriesBluesnarfing

68 NETE Tools to Attack Bluetooth RedFang: small proof-of-concept application used to find non-discoverable devices Bluesniff: a proof-of-concept tool for BT wardriving Btscanner: a BT scanning with the ability to do inquiry and brute force scans, identify BT devices in range BlueBug: exploits a BT security hole on some BT- enabled phones. Allows unauthorized downloading of phonebooks and call lists, sending and reading SMSs Find those tools at –

69 NETE Attacking WLANs Eavesdropping Open Authentication Rogue Access Point DoS

70 NETE Hardware Hacking Hardware hacking is about using physical access to bypass control or modify the device in some manner –Sometimes it is called “moding” Bypass BIOS password Router password recovery –Prevented by issuing no service password- recovery command Bypass Windows authentication

71 NETE Example: Modifying Bluetooth Hardware Objective: –To extend BT range

72 NETE Example: Modifying Bluetooth Hardware 1 2

73 NETE Example: Modifying Bluetooth Hardware 3 4

74 NETE Example: Modifying Bluetooth Hardware 5 6

75 NETE To Read Hack-The-Stack: Page 70-84

76 NETE Question? Next week Data Link Layer Security

Download ppt "NETE46301 Physical Layer Security Lecture 2 Supakorn Kungpisdan"

Similar presentations

Ads by Google