An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption By Arpan Pal Wireless Group Center of Excellence for Embedded Systems.

Slides:

Advertisements

Similar presentations

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Advertisements

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

1 MD5 Cracking One way hash. Used in online passwords and file verification.

TinySec: Security for TinyOS Chris Karlof Naveen Sastry David Wagner January 15, 2003

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.

How To Not Make a Secure Protocol WEP Dan Petro.

Wired Equivalent Privacy (WEP)

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Wireless Security Presentation by Paul Petty and Sooner Brooks-Heath.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Networks Olga Agnew Bryant Likes Daewon Seo.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

WLAN What is WLAN? Physical vs. Wireless LAN

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Security Considerations for IEEE Networks Karthikeyan Mahadevan.

1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Done By : Ahmad Al-Asmar Wireless LAN Security Risks and Solutions.

Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.

Wireless Security Presented by: Amit Kumar Singh Instructor : Dr. T. Andrew Yang.

NSRI1 Security of Wireless LAN ’ Seongtaek Chee (NSRI)

Chapter 4 Application Level Security in Cellular Networks.

WEP Protocol Weaknesses and Vulnerabilities

WEP AND WPA by Kunmun Garabadu. Wireless LAN Hot Spot : Hotspot is a readily available wireless connection.  Access Point : It serves as the communication.

Information Security By:-H.M.Patel. Information security There are three aspects of information security Security service Security mechanism Security.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.

Network Security David Lazăr.

Shambhu Upadhyaya Security – AES-CCMP Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 13)

TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.

Link-Layer Protection in i WLANs With Dummy Authentication Will Mooney, Robin Jha.

無線網路安全 WEP. Requirements of Network Security Information Security Confidentiality Integrity Availability Non-repudiation Attack defense Passive Attack.

Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.

National Institute of Science & Technology WIRELESS LAN SECURITY Swagat Sourav [1] Wireless LAN Security Presented By SWAGAT SOURAV Roll # EE

CIS 325: Data Communications1 Chapter Seventeen Network Security.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Wireless Security John Himmelein Erick Andrew Christian Adam Varun Bapna.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

Doc.: IEEE /230 Submission May 2001 William Arbaugh, University of MarylandSlide 1 An Inductive Chosen Plaintext Attack against WEP/WEP2 William.

Fall 2006CS 395: Computer Security1 Key Management.

Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.

EECS  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Wireless Authentication Protocol Presented By: Tasmiah Tamzid Anannya Student Id:

USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

Wireless Security Ian Bodley.

Prasad Narayana, Yao Zhao, Yan Chen, Judy Fu (Motorola Labs)

Security Of Wireless Sensor Networks

ONLINE SECURE DATA SERVICE

CRYPTOGRAPHY & NETWORK SECURITY

Presentation transcript:

An Alternative Approach for Enhancing Security of WMANs using Physical Layer Encryption By Arpan Pal Wireless Group Center of Excellence for Embedded Systems Tata Consultancy Services India IEEE C /88

Agenda Security Threats of Wireless MAN Security Threats of Wireless MAN Proposed System Overview Proposed System Overview Proposed System Features Proposed System Features How the proposed system mitigate the security How the proposed system mitigate the security threats threats Conclusion Conclusion

Security Threats of Wireless MAN Human Initiated Events Human Initiated Events Data Privacy Data Privacy Data Forgery Data Forgery Denial of Service Denial of Service Hardware Errors Hardware Errors Data Privacy, Data Forgery and Denial of Service are the main security events that need to be addressed Ref:- Alan Chickinsky, Wireless Security Threats, IEEE C /06, January 2003 IEEE C /06, January 2003

System Overview – Traditional System Read Transmitted PHY params info Configure Baseband PHY Transmitter PHY config params Framed data from Media Access Control (MAC) layer Transmitter Front-end sent using prior-known PHY config PHY params info + Add before actual data Transmitter PHY config params Framed data To Media Access Control (MAC) layer - Hacker can access only at here Receiver Front-end Receiver Baseband PHY Receiver Configure Decode Tx PHY params info using prior-known PHY config

System Overview – Proposed System Read Transmitted PHY params info + KEY2 Configure Baseband PHY Transmitter PHY Transmitter config params Framed data from Media Access Control (MAC) layer Transmitter Front-end sent using prior-known PHY config PHY Transmitter param info + KEY2 + Add before actual data Transmitter PHY Receiver config params Framed data To Media Access Control (MAC) layer - Hacker can access only at here Receiver Front-end Receiver Baseband PHY Receiver Configure Decode transmitted PHY params info using prior-known PHY config Modifications to Tx Algorithms based on KEY2 Encrypt with KEY1 Modifications to Rx Algorithms based on KEY2 Decrypt with KEY1

Proposed System Features KEY1 delivered to valid users using some secure KEY1 delivered to valid users using some secure key distribution mechanism key distribution mechanism Possible Physical layer system parameters encrypted Possible Physical layer system parameters encrypted using KEY1 using KEY1 Error Control Coding Rate Error Control Coding Rate Type of Modulation Type of Modulation Length of Packet Length of Packet Second Level Key KEY2 Second Level Key KEY2 Possible Physical layer system parameters modified Possible Physical layer system parameters modified using KEY2 using KEY2 Interleaving Pattern Interleaving Pattern Phase offset of OFDM symbols Phase offset of OFDM symbols Constellation Mapping Constellation Mapping

Proposed System - Example KEY2 can be varied from packet to packet KEY2 can be varied from packet to packet One may modify using random numbers seeded by KEY2 One may modify using random numbers seeded by KEY2 Phase offset of OFDM symbols at IFFT input Phase offset of OFDM symbols at IFFT input Note:- Phases of only data points (excluding pilots and zero padding) should be altered Error Control Coding Rate Modulation Type Packet Length KEY2 XOR Random No. Generator Encrypted Output KEY1

Proposed System – Application to Physical Layer of is evolving Physical Layer of is evolving OFDM could be an integral part of PHY given the OFDM could be an integral part of PHY given the operational scenario operational scenario The proposed scheme can easily be adapted The proposed scheme can easily be adapted to the OFDM PHY to the OFDM PHY The proposed scheme is not limited to OFDM PHY only The proposed scheme is not limited to OFDM PHY only

Mitigation of Security Threats - Data Privacy Known-Plaintext Attack Known-Plaintext Attack Recording of encrypted data at MAC level Recording of encrypted data at MAC level Key can be found out if Data is known Key can be found out if Data is known Proposed Scheme prevents hackers from recording correct Proposed Scheme prevents hackers from recording correct encrypted data at MAC level encrypted data at MAC level ( wrong FEC rate, wrong modulation, unknown phase offset, unknown interleaving pattern etc.) offset, unknown interleaving pattern etc.)

Mitigation of Security Threats - Data Forgery Unauthorized users insert data into network as valid user Unauthorized users insert data into network as valid user Replay Replay Mimicking Mimicking Proposed Scheme prevents hackers from both Replay and Proposed Scheme prevents hackers from both Replay and Mimicking Mimicking Replay is not possible as the data recorded at MAC layer Replay is not possible as the data recorded at MAC layer is totally wrong and hence cannot be replayed is totally wrong and hence cannot be replayed to generate a valid message to generate a valid message Mimicking is not possible because this needs finding out Mimicking is not possible because this needs finding out the key first (using Known-Plain-Text attack) the key first (using Known-Plain-Text attack)

Mitigation of Security Threats - Denial Of Service Intruder can flood network with valid and invalid messages Intruder can flood network with valid and invalid messages Channel jamming at RF level Channel jamming at RF level Proposed Scheme prevents hackers from sending valid Proposed Scheme prevents hackers from sending valid messages as they dont know the Key messages as they dont know the Key Invalid messages can be filtered out in the PHY level as Invalid messages can be filtered out in the PHY level as the encryption is taking place in PHY layer itself the encryption is taking place in PHY layer itself Channel jamming at RF level cannot be prevented Channel jamming at RF level cannot be prevented

Conclusion Data Privacy, Data Forgery and Denial-of-Service Data Privacy, Data Forgery and Denial-of-Service (valid messages) at MAC layer (software) can be prevented (valid messages) at MAC layer (software) can be prevented Denial-of-Service (invalid messages) can be prevented Denial-of-Service (invalid messages) can be prevented using PHY layer message integrity check using PHY layer message integrity check Denial-of-Service (Channel jamming at RF level) Denial-of-Service (Channel jamming at RF level) cannot be prevented cannot be prevented To break into the proposed security scheme, hackers need To break into the proposed security scheme, hackers need costly hardware set-up costly hardware set-up Even with Hardware set-up, breaking the system Even with Hardware set-up, breaking the system in Real-time is extremely difficult – the PHY level ciphering in Real-time is extremely difficult – the PHY level ciphering substantially increases the entry barrier for break-in substantially increases the entry barrier for break-in A good KEY distribution scheme need to be explored A good KEY distribution scheme need to be explored

Thank You