Security Issues in Wireless Networks Kumar Viswanath CMPE 293
What is Cryptography *Cryptography is the work of people suffering from delusional paranoia
Security Requirements *Confidentiality »Protection from disclosure to unauthorized persons *Integrity »Maintaining Data Consistency *Authentication »Assurance of identity of originator of Data *Non- Repudiation »Originator of communications cant deny it later
Security Threats *Information Disclosure /information leakage *Integrity violation *Masquerading *Denial of Service *Generic threats: backdoors, trojans, insider attacks *Most Internet Security problems are related to access control or authentication
Attack Types *Passive attack can only observe data or communications *Active attack can actively modify data or communications »Mail forgery/ Modification »IP spoofing / session hijacking Passive AttackActive Attack
Security Mechanisms *Three basic building blocks are used: »Encryption is used to provide confidentiality, can provide authentication and integrity protection »Digital Signatures are used to provide authentication, integrity protection and non repudiation »Checksum and Hash algorithms are used to provide integrity protection *One more more of these security mechanisms is combined to provide a security service
*Services are built from mechanisms *Mechanisms are implemented using algorithms SignaturesEncryptionHashing SSL Services, Mechanisms, Algorithms DSARSADES MD5
*Shared Key *Problem of communicating a large message in secret reduced to communicating a small key in secret Conventional Encryption
*Use Matched public/private key pairs *Any one can encrypt with public key but only one person can decrypt with private key Public Key Encryption
Security In GSM Networks *Overview »GSM subscribers MS are traced during their intra- domain and inter-domain movements »Each MS informs the network of its position and this information is used to update the VLR and HLR »Communication is established under control of Authentication center called Auc located within the Message Switching Center ( MSC )
GSM Cont’d *Every GSM subscriber has a smart card (SIM) containing a secret key K i known only to the HLR. *When MS notifies local MSC of its presence, local VLR contacts the HLR *VLR transmits it own identity, MS indentity (IMSI) and position to HLR. *HLR queries its AUc for a set of triplets containing a challenge, a signed response SRES and corresponding session key K c. *The triplets are forwarded to VLR which uses it for authenticating MS
*Parameters SRES and K c are computed with proprietary algorithms A 3 and A 8 that implement one way functions. * SRES = A 3 (K i,RAND) * K c = A 8 (K i,RAND) *Authentication of Mobile Station is achieved using the challenge response mechanism *Data Confidentiality is achieved by enciphering all data with session key K c. *A 5 is used to encipher data, speech and signaling messages
GSM Authentication Scheme
Security Issues *The authentication scheme relies on the security of the inter- network between the VLR HLR communication *Another point of contention is the manner in which the authentication information is distributed.The Home domain has to generate on the fly, a set of challenge - response pairs *GSM uses proprietary Algorithms for authentication and secrecy. *Security by Obscurity is not effective.
CDPD *CDPD is not only a value added service but a complete architecture. The architecture supports several network layer protocols including IP *Security Services composed of »Data confidentiality »Key Distribution »Mobile Unit Authentication
*An authentication server AS is present in every CDPD domain *The AS is typically co-located with the Mobile Data Intermediate System ( MD-IS ) *Mobile unit ( M-ES ) authentication requires contacting the AS in the units Home domain
CDPD cont’d *The authentication begins with the Diffie-Hellman key exchange protocol. * M-ES and MD-IS both share a key K s. * M-ES encrypts its credential with K s and submits it for authentication *Credentials consist of a triple [NEI,ARN,ASN] *The serving MD-IS decrypts the credentials and forward them to the home MD-IS in cleartext.
*Home MD-IS validates the credentials and issues a new ARN. * M-ES authentication is complete when the serving MD-IS receives a confirmation from the home MD-IS
CDPD Authentication Scheme
Security Issues *Authentication scheme is unidirectional *An intruder can masquerade as the serving MD-IS and discover M-ES credentials *The scheme assumes that the fixed network is secure *CDPD does not have a long term key unlike GSM. If an intruder intercepts the M-ES credentials he can impersonate for ever.
Securing Ad Hoc Networks *Goals »Availability: ensure survivability of the network despite denial of service attacks. The DOS can be targeted at any layer »Confidentiality: ensures that certain information is not disclosed to unauthorized entities. Eg Routing information information should not be leaked out because it can help to identify and locate the targets »Integrity: guarantee that a message being transferred is never corrupted.
*Authentication: enables a node to ensure the identity of the nodes communicating. *Non- Repudiation: ensures that the origin of the message cannot deny having sent the message
Challenges *Wireless links renders the ad hoc network susceptible to attacks *In Ad hoc scenarios like tactical warfare etc. nodes have a high probability of being compromised. *Ad hoc network is dynamic because of frequent topology changes. Trust relationship among nodes also changes
Secure Routing *Two sources of threats: »External: Intruder nodes can pose to be a part of the network injecting erroneous routes, replaying old information or introduce excessive traffic to partition the network »Internal: The nodes themselves could be compromised. Detection of such nodes is difficult since compromised nodes can generate valid signatures.
*High Level Solution »Treat routing information from compromised nodes as outdated information *If routing protocol can provide multiple routes use Diversity Coding techniques »eg if there are n disjoint routes to a destination use (n-r) channels to transmit data and other r channels to transmit redundant information.
Key Management Service *Use Digital signatures to to protect both routing and data *Public Key infrastructure because of superiority in key distribution. *Problems: »Requires a trusted entity called Certification Authority CA for key management »Single point of failure
Key Management Service *Key Management consists of n servers. The service as a whole has a public/private key pair K/k. *The public key K is known to all nodes and the private key is divided into n shares s1,s2,… sn. K1/k1K2/k2Kn/kn K S1 S2 Sn Key management K/k
*Each server ‘i’ has a public/private key pair Ki/ki and knows the public keys of all other nodes. *Nodes as clients can query requests to get other client’s public keys or update requests to change their own public keys *The key management scheme uses (n,t+1) threshold cryptography.
Threshold Crytography *An (n,t+1) scheme allows n parties to share the ability perform cryptographic operations ( eg. digital signatures ) so that any t+1 parties can jointly perform the operations *For the service to sign a certificate each server generates the partial signature using its private key share Si *All the Si are combined in the combiner.The combiner can use any valid t+1 partial signatures to generate the Key K. *Note: Compromised Servers can generate incorrect partial signatures. *Proactive schemes use share refreshing. »Compute new shares from old shares without disclosing the service private key to any server.
Wired Equivalent Privacy (WEP) *“ Wired Equivalent Privacy” *Part of Link layer protocol *Security Goals: »prevent link layer eavesdropping »Secondary Goal: prevent network access »Essentially equivalent to wired access point security
WEP *WEP relies on a secret key that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (ie. a base station) *The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit. *The standard does not discuss how the shared key is established. In practice, most installations use a single key that is shared between all mobile stations and access points.
Protocol Setup LAN Access Point Mobile Station Shared key
*WEP uses RC4 which is a stream cipher *A stream cipher operates by expanding a short key into an infinite pseudo-random key stream. * The sender XORs the key stream with the plaintext to produce ciphertext. *The receiver has a copy of the same key, and uses it to generate identical key stream. * XORing the key stream with the ciphertext yields the original plaintext.
Problems *An attacker can flip a bit in the ciphertext, then upon decryption, the corresponding bit in the plaintext will be flipped. *Also, if an eavesdropper intercepts two ciphertexts encrypted with the same key stream, it is possible to obtain the XOR of the two plaintexts. *Knowledge of this XOR can enable statistical attacks to recover the plaintexts. *The statistical attacks become increasingly practical as more ciphertexts that use the same key stream are known.
Security Measures *To ensure that a packet has not been modified in transit, WEP uses an Integrity Check (IC) field in the packet. *To avoid encrypting two ciphertexts with the same key stream, an Initialization Vector (IV) is used to augment the shared secret key and produce a different RC4 key for each packet. The IV is also included in the packet.
Conclusions *Designing secure protocols is harder than it looks *Public review is a good idea *Use previous work ( and their failures ) to design more robust schemes