E-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 1 Security of Mobile Transactions Over Wireless Pervasive Networks Hella KAFFEL-BEN.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Mobile Computing and Commerce And Pervasive Computing
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Security Issues In Mobile IP
Doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group.
Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)
Internet Applications
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
PEAP & EAP-TTLS 1.EAP-TLS Drawbacks 2.PEAP 3.EAP-TTLS 4.EAP-TTLS – Full Example 5.Security Issues 6.PEAP vs. EAP-TTLS 7.Other EAP methods 8.Summary.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
02/12/00 E-Business Architecture
Wired Equivalent Privacy (WEP)
Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
Wireless Security Issues David E. Hudak, Ph.D. Senior Software Architect Karlnet, Inc.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Wireless LAN Security Yen-Cheng Chen Department of Information Management National Chi Nan University
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
Mobile and Wireless Communication Security By Jason Gratto.
Remedies Use of encrypted tunneling protocols (e.g. IPSec, Secure Shell) for secure data transmission over an insecure networktunneling protocolsIPSecSecure.
Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Wireless and Security CSCI 5857: Encoding and Encryption.
BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.
KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Chapter 4 Application Level Security in Cellular Networks.
WEP Protocol Weaknesses and Vulnerabilities
Wireless Network Security Presented by: Prabhakaran Theertharaman.
Secure Systems Research Group - FAU Patterns for Wireless Web Services Nelly Delessy January 19, 2006.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.
Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.
Lecture 24 Wireless Network Security
National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE
Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Azam Supervisor : Prof. Raj Jain
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Wireless security Wi–Fi (802.11) Security
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
IS3220 Information Technology Infrastructure Security
Electronic Banking & Security Electronic Banking & Security.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
UNIT 7 SEMINAR Unit 7 Chapter 9, plus Lab 13 Course Name – IT482 Network Design Instructor – David Roberts – Office Hours: Tuesday.
Wireless LAN Security 4.3 Wireless LAN Security.
IEEE i Dohwan Kim.
Security and Privacy in Pervasive/Ubiquitous Computing Systems
Mobile Commerce and Ubiquitous Computing
Providing Teleworker Services
Presentation transcript:

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 1 Security of Mobile Transactions Over Wireless Pervasive Networks Hella KAFFEL-BEN AYED Esma HAMED Anis ZOUAOUI CRISTAL Lab ENSI

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 2 OUTLINE Wireless systems The m-transactions over hotspots New pervasive systems The security requirements Conclusion

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 3 WIFI Hotspots presentation HotSpot (or Hotzone) : Limited public zone covered by a wireless network Allows to connect to the Internet Deployed in high traffic sites: Airports, hotels, squares, conference sites,… Customers types : Mobile professionals needing to connect to their enterprise network through Internet Mobile customers needing to access Internet services: Reservation Tourist information E-Gov + E-commerce…

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 4 WIFI Hotspots characteristics b standard Ubiquitous: anywhere anytime High transmission rate : 54Mb/s Ease of use Rapid access Low costs Diversity of mobile communication devices Attractive environment for conducting m-commerce, m-Gov, …m-transactions

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 5 M-Commerce over hotspots Wireless device Internet Access Point (AP) Server Catalogs/ Service Navigation Order Request Authorization /Settlement Request Authorization /Settlement Response Order Response Information Phase: Payment Phase:

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 6 M-Government / M-Administration …the use of mobile technologies in the provision of the services in the public area strong penetration of mobiles (mobile phones, PDA, etc) + Benefit from of innovative wireless and mobile technologies.

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 7 M-Gov System Architecture

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 8 The wireless context vulnerabilities Wireless medium of transmission Interferences, mobility, … Exposed wireless communications Multiple attacks : Spoofing Sniffing DoS Possible duplication of payment systems (SIM cards, pre- paid cards, …)

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 9 Security requirement services for m-Gov Authentication Confidentiality Integrity Non-repudiation Protection against replay attacks …

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 10 Available security solutions Mutual authentication EAP (Extensible Authentication Protocol): Extension of the RADIUS protocol (Remote Access Dial-In User Service) 802.1X: Network standard used in switches Encryption key distribution method with 802.1X protocol AES encryption algorithm Tunneling Ex: Encryption of IP traffic with IPsec protocol

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 11 EAP and 802.1X Authentication traffic: The AP encapsulates 802.1X traffic into RADIUS traffic, and vice versa Data traffic: The AP blocks everything but 802.1X to- RADIUS authentication traffic Wireless device Wired Network Access Point RADIUS server EAP over Wireless 802.1X traffic EAP over RADIUS RADIUS traffic

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed i security features Mutual authentication Dynamic session keys Message Integrity Check (MIC) TKIP: Temporal Key Integrity Protocol PPK (Per-Packet Key) for encryption Initialization vector sequencing Rapid re-keying Unicast and Broadcast key rotation AES Encryption Authentication and security for control and management frames

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 13 New Mobile Environment Embedded and pervasive systems: Restricted resources memory processor Power supply Wireless networks: Bandwidth, frequent disconnexions Relatively cheap and cost sensitive because they often involve high-volume products The extremely diverse nature of embedded Applications a wide range of damage that can be done through abuse in a pervasive world

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 14 Embedded Pervasive Systems A wide variety of applications : hand-held devices household appliances RFID tags washing machines, refrigerators or microwave ovens. safety-critical applications e.g., in ITS (intelligent transport systems such as automotive, railroad or airplane), military, control systems …

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 15 Potential Threats (1/3) From privacy violation to financial loss or even bodily harm… Risk Potential: the close coupling with the physical environment threats against our real physical environment Financials an increasing number of pervasive applications that involve financial aspects, digital entertainment content in home and mobile devices, location-based services for hand-held devices, smart cards with e-wallet functions.

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 16 Potential Threats (2/3) New business models : sophisticated security solutions New pervasive applicationswhere the business model relies on strong security functionality. Manipulation may lead to a loss of revenue. Pay-TV, time-limited feature activation in fielded products, Privacy Pervasive computing :intimate link between human user and computing device = disclosure of a users location or of his/her behavior,

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 17 Potential Threats (3/3) Reliability manipulations harm the reliability of a product E.g.. remote software updates of pervasive devices E.g.. chip tuning in the automotive context. Legislation Legislative requirement will force certain pervasive applications to provide strong security, e.g., road toll systems, e-voting systems,or mobile banking applications.

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 18 Conclusion Pervasive security : an emerging discipline There is an active academic and industrial community working on strong security solutions.

e-transaction Security The PKI Tunis, January 2010 H. Kaffel-Ben Ayed 19 Thank you for attending this presentation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.