Download presentation
Presentation is loading. Please wait.
1
Wireless Overview Protocols and Threat Models
Dan Veeneman
2
Protocols and Threat Models
Focus of this talk Overview of available commercial technologies Skipping U.S.-centric Terrestrial networks Additional information in second briefing Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
3
Wireless Overview Protocols and Threat Models
Radio Frequency Basics Mobile telephony Cellular Digital Packet Data (CDPD) Nextel Private data networks Two-way paging Bluetooth 3G Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
4
Protocols and Threat Models
Why Wireless Immediate communication, mobile user Two-way, interactive Broadcast Convenience Bandwidth limitations Roaming (no fixed location) Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
5
Protocols and Threat Models
Market Requirements Reliable Low-cost Easy to use Secure Pervasive Interoperable Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
6
Wireless Security Requirements
Trust Model access control authenticate users to access particular resources link privacy encryption link integrity message authentication prevent denial of service (limit bandwidth hogs) Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
7
Protocols and Threat Models
Radio Frequency Federal Communications Commission FM Radio: 88 to 108 MHz Cellular telephones: 800 and 1900 MHz Two-way pagers: 900 MHz Industrial, Scientific and Medical (ISM): to GHz Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
8
Protocols and Threat Models
Radio Wave Frequency Wavelength Amplitude Modulation Phase FSK PSK Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
9
Protocols and Threat Models
Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
10
Generic Wireless Architecture
Mobile terminal Airlink Radio base station Intraconnect links Network control Interconnect links External Networks Public Switched Telephone Network Internet Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
11
Common Airlink Problems
Variable link quality Multi-path (signal reflections) Shadowing (terrain/structure blockage) Interference Other users EMI Attenuation Distance Antenna orientation/polarization Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
12
Protocols and Threat Models
Multipath Multiple paths to receiver Each path has slightly different time delay Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
13
Protocols and Threat Models
Interference Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
14
Error Detection/Correction
Parity Codes Parity bits + Data bits = Expected code word Cyclic Redundancy Check Chunk of data + Polynomial residue Block Codes Chunk of data + Redundant Data Convolutional Codes Data stream fed through LFSR Code rate, constraint length Concatenated Codes Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
15
Protocols and Threat Models
Terrestrial Networks Voice primary Cellular and PCS Nextel Data primary private packet paging Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
16
Protocols and Threat Models
Cellular Analog Digital - TDMA Digital - CDMA Digital - GSM Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
17
Protocols and Threat Models
System Comparison Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
18
Cellular Frequency Reuse
Seven frequency sets Geographic distance between sets allows the same frequencies to be reused Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
19
Protocols and Threat Models
Cellular-based Mobile Telephone Switching Office (MTSO) Controls multiple base stations Interfaces to PSTN Mobile is handed off from one base station to another Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
20
Advanced Mobile Phone System
ā1Gā Analog voice 50 MHz, 832 channels Mobile transmit: 824 MHz to 849 MHz Base transmit: 869 to 894 MHz 21 control channels Designed in 1970ās Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
21
Cellular Telephone startup
Mobile telephone scans for strongest control channel Listens to overhead messages on forward link Sends registration message Electronic Serial Number (ESN) Mobile Identification Number (MIN) Waits for paging message Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
22
Protocols and Threat Models
AMPS weaknesses Interception is easy (but now illegal) Spoofing (āclonedā phones) Call hijacking Tracking Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
23
Protocols and Threat Models
Locating Mobiles GPS Time Difference of Arrival Angle of Arrival Multipath Fingerprinting Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
24
Protocols and Threat Models
TDOA Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
25
Protocols and Threat Models
AOA Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
26
Cellular Digital Packet Data
Packet data sent on idle voice channels Voice takes priority AT&T āOmniSkyā service Verizon IP-based interfaces 150,000 customers Many police car installs Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
27
Protocols and Threat Models
CDPD Coverage Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
28
Protocols and Threat Models
CDPD Elements M-ES: Mobile End System CDPD modem MDBS: Mobile Data Base Station RF interface MD-IS: Mobile Data Intermediate System Mobile Home Function (MHF) Mobile Serving Function (MSF) IS: Intermediate System Router, IP/CNIP F-ES: Fixed End Station Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
29
Protocols and Threat Models
CDPD Roaming Packets to M-ES go to MHF MD-IS first Forwarded to MSF MD-IS Packets from M-ES can route directly to F-ES Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
30
Protocols and Threat Models
CDPD Airlink GMSK modulation 19.2 kbps raw data rate FEC Reed-Solomon 63, 47 block code 47 info symbols (six-bit symbols, 282 bits), 16 parity symbols, 63 total symbols Correct up to 8 six-bit symbols Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
31
Protocols and Threat Models
CDPD MAC Continuous forward link from MDBS Mobiles listen to forward link busy/idle Possible reverse channel collisions Mobile checks forward link for decode success Header, User Data, Trailer (Frame Check) Flag, address, control fields in header Selective ARQ Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
32
CDPD Link Establishment
M-ES known to serving MD-IS Terminal Equipment Identifier (TEI), 6 to 27 bits M-ES sends TEI Request with 48-bit Equipment ID MD-IS issues TEI Assign with assigned TEI TEI lifetime of 4 hours, can be exhausted Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
33
Protocols and Threat Models
CDPD Registration End System Hello (ESH) message Network Equipment Identifier (usually 32-bit IP address) Registration Counter (to filter duplicates) Credentials Authentication Random Number (ARN, 64 bits) Authentication Sequence Number (ASN, 16 bits) Shared history (incremented by 1 after each TEI assignment) ESH sent from M-ES to MDBS encrypted ASN and ARN are both 0 at initial configuration ARN occasionally changed Network maintains two most-recent Credentials (in case of loss of update synchronization) Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
34
Protocols and Threat Models
CDPD Registration MD-IS sends Redirect Request (RDR) to MHF Requests MHF send all future packets to it MHF checks M-ES Credentials MHF returns Redirect Confirmation to MSF MSF returns Hello Confirmation (ISC) to M-ES Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
35
Protocols and Threat Models
CDPD Attacks IP-accessible Intermediate Systems (routers) Attacks from outside, other providers BGP4, OSPF, buffer overflow, etc Only the airlink is encrypted Use unauthenticated RDR messages to grab traffic Brute force Credentials via repeated RDR Jam reverse link transmissions Disrupt M-ES reception Busy-out the reverse link (attempt saturation) Place an analog call via CDPD cellsite CDPD āZAPā command to silence bad modems Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
36
Protocols and Threat Models
Cellemetry Use spare capacity in the cellular control channel A few bytes Telemetry Vending machines Maintenance data Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
37
Protocols and Threat Models
Digital AMPS Answer to capacity issues AT&T Wireless IS-136 800 MHz cellular and 1900 MHz PCS Time Division Multiple Access Six timeslots One call gets two timeslots Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
38
Time Division Multiple Access
Mobiles take turns transmitting Base transmits continuously Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
39
Code Division Multiple Access
Competitor to D-AMPS IS-95 Sprint PCS, Verizon Pilot + 63 other āchannelsā Walsh Codes Requires that all users in a cell be time-synchronized to maintain orthogonality Near/Far problem, power control Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
40
Protocols and Threat Models
Frequency Hopping Transmissions āhopā Pseudo-random sequence Transmitter and receiver must synchronize 2.4 GHz ISM at least 75 frequencies duration < 400 ms Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
41
Protocols and Threat Models
Direct Sequence Each data bit replaced with sequence of āchipsā Bandwidth increases Power density decreases Signals appear as noise LPI/LPD, anti-jam GPS, IS-95 Chip pattern comes from Pseudo-random Noise (PN) code Transmitter and receiver must synchronize Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
42
Protocols and Threat Models
Correlation Example DATA: PN: SPREAD: (four chips per bit) First data bit 1 becomes 4 chips, 1010 Next data bit 0 comes 4 chips, 1001 (inverted 0110) Correlation with PN Code synchronized XOR: Correlation with PN Code not synchronized (one chip off) PN: XOR: Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
43
Protocols and Threat Models
Problems with CDMA Cell sites ābreatheā Combined noise of all reverse links can exceed cell site limit Airlink different but network suffers same weaknesses as D-AMPS Must license from Qualcomm Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
44
Global System for Mobiles
European design from the 1980s VoiceStream, Cingular, AT&T transitioning Short Message Service 200 kHz channels Eight timeslots 270 kbps aggregate data rate Separates equipment identity from user identity Subscriber Information Module Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
45
International Mobile station Equipment Identity
Type Approval Code (TAC) is issued by a central authority Final Assembly Code (FAC) identifies the place of manufacture Serial Number (SNR) assigned by the manufacturer Spare (SP) is reserved, usually zero. Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
46
International Mobile Subscriber Identity
Mobile Country Code (MCC) identifies the country in which the customer is subscribed. (United States is 310) Mobile Network Code (MNC) identifies the GSM network to which the user is subscribed, also known as the home network. (VoiceStream is 26) Mobile Subscriber Identification Number (MSIN) identifies the user within the network. Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
47
Protocols and Threat Models
GSM Speech 20 millisecond sample of speech Digitized from codec (13 kbps) Channel coding (22.8 kbps) Interleaving Encrypting Burst formatting (33.8 kbps) Modulation (270 kbps) Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
48
Protocols and Threat Models
GSM has weak crypto Security by Obscurity Algorithms never officially released All of them leaked or reverse-engineered A3/A8 in SIM A5 in hardware A5 (privacy algorithm) deliberately weakened A8 feeds it weakened keys Weaker algorithm (A5/2) for export Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
49
Protocols and Threat Models
Short Message Service 20 billion SMS messages per month from 553 million GSM subscribers Carried in GSM logical data channel Increasing applications Youth market (Instant Messenger) eBay outbidding Remote monitoring TDMA and CDMA have similar āTacked onā Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
50
Protocols and Threat Models
Some SMS Issues Early pre-pay phones had free SMS due to lack of billing system integration SMS Identity spoofing Faked ācaller-IDā data SMS viruses Crash certain phones Badly-formatted binary messages Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
51
Integrated Dispatch Enhanced Network (iDEN)
Grew out of Specialized Mobile Radio (SMR), dispatch/group environment Equipment from Motorola Service from Nextel TDMA, 6 timeslots, 15 ms each Continuous forward control channel VSELP voice Test equipment can monitor Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
52
Protocols and Threat Models
Mobitex Cingular Interactive (US) Rogers (Canada) āPalm.Netā service Ericsson standard 700,000 customers Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
53
Protocols and Threat Models
Mobitex coverage Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
54
Protocols and Threat Models
Mobitex 2,500 U.S. base stations 30 mile radius channels per site 12.5 kHz 8 kbps signaling rate MHz 2 watts Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
55
Protocols and Threat Models
Mobitex monitoring Specification publicly available Source code to monitor released on Usenet Receiver with 800 MHz coverage PC with simple interface board Network interfaces via Internet, frame relay, X.25 Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
56
Advanced Radio Data Information System (ARDIS)
IBM field personnel, Motorola network Motient (US), Bell Mobility (Canada) 40 million messages/month 1,500 base stations 40 watt transmitter, mile range X.25 or TCP/IP to ARDIS switch Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
57
Protocols and Threat Models
ARDIS Network Radio Packet Modem (RPM) Base stations talk to Radio Network Controller (RNC) via leased lines with dialup restoral Switch is āARDIS Service Engineā Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
58
Protocols and Threat Models
ARDIS Airlink DataTac 4000 (US) MDC 4800 or RD-LAP 19.2 2048 maximum message 240 or 512 byte max packet payload Logical Link Identifier (unique device ID), either 4 or 8 bytes CRC and FEC Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
59
Protocols and Threat Models
ARDIS Protocols Standard Context Routing (SCR) Basic Inbound (from server to mobile) Basic Acknowledgement (mobile ACK) Basic Outbound (from mobile to server) Peer-to-peer āMessage Generatorā (MG) protocol Poorly validated field values Sender (spoof) Recipient (spam) Message length (crash client application) Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
60
ARDIS Message Filtering
Radio Packet Modem uses Hayes AT command-style interface āThe modemās two-character S50 register contains the current user header. When a wireless modem receives an outbound message from the ARDIS network, the modem examines the user header in the message header. If the user header in the message matches the user header in an S50 register, the message can be received. If it does not match, the message is discarded.ā ATS50=QA Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
61
ARDIS Security Recommendations
āCustomers with sensitive data may want to provide data encryption within their applications. For example, an exclusive OR could be applied to ASCII data with a randomly generated encryption key selected for each terminal during logon. NOTE: Only user data can be encrypted; ARDIS must be able to read SCR and other user header data to determine the proper disposition of a message.ā āA wireless device application should allow a command from the host to dump all RAM contents and disable the application. This command could be used if a wireless device were lost or stolen. This feature could be activated automatically when a logon is attempted, or by a host user.ā Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
62
MicroCellular Data Network (Ricochet)
Mesh topology FHSS, every ms Synchronous heartbeat, 30 sec Ricochet modems: 900 MHz Poletop radios: 2.3, 2.4 GHz Density per square mile Wireless Access Point (WAP) Covers square miles Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
63
Protocols and Threat Models
Ricochet Network Name Server: The Ricochet Name Server maintains access control and routing information for every radio and service within the Ricochet network. Every time a Ricochet device (subscriber device, microcell radio, or gateway) is powered on, it registers with the Name Server to verify that it has network authorization. Whenever a Ricochet device requests a connection, the Name Server validates the request. If authorized, the originator is provided with a network routing path to the requested destination. MCDN Path List of addresses (IP, phone number, microcell number) of waypoints part of header, used to route the packet Packet delivery services Lightweight: in-order, windowed, no end-to-end retries Heavyweight: in-order, windowed, end-to-end retries Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
64
Protocols and Threat Models
Metricom and Ricochet Metricom 51,000 customers in 21 cities Bankruptcy Ricochet Networks (part of Aerie Networks) Gen II: 176 kbps, up to 400 kbps bursts Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
65
Protocols and Threat Models
FLEX (One-way paging) Four level FSK 1600, 3200, 6400 bps Four-minute FLEX protocol cycle Short capcodes: 7 digits Long capcodes: 9 digits FLEXsuite: 128-bit RC4, symmetric keys Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
66
ReFLEX (Two-way paging)
Narrowband PCS Nationwide frequencies Forward: MHz Reverse: , MHz Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
67
ReFLEX inbound messaging
Send request on shared ALOHA channel Receive timeslot assignment Send data in assigned timeslot on data channel Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
68
Protocols and Threat Models
ReFLEX forward link ReFLEX frame is s 128 frames = cycle (4 minutes) 21 data, 11 error correction (21,32) BCH ācollapseā, sleep for 2n frames Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
69
Protocols and Threat Models
Bluetooth Peer-to-peer, proximity-based āpersonal area networkā Low power, short range Multiple devices in a āpiconetā one device is master Up to 10 piconets may link to form āscatter netsā Each device has a unique 48-bit address Initialization process uses a PIN Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
70
Protocols and Threat Models
Bluetooth Airlink 2.45 GHz 1,600 hops per second Master and up to 7 active Slaves Hop sequence based on masterās address GMSK, BPSK FEC Master: up to 721 kbps, even timeslots Slave: 57.6 kbps, odd timeslots 79 frequencies 3.2 kHz clock, 28 bits Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
71
Bluetooth device modes
Four modes: active (continuous) sniff (check at intervals) hold (check again later) park (listen for beacon only) Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
72
Bluetooth Protocol Stack
Application Group Middleware Protocol Group Transport Protocol Group Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
73
Transport Protocol Group
Radio Baseband L2CAP (Logical Link Control and Adaptation Protocol) Protocol multiplexing Fragmentation/reassembly Audio Control Link Manager Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
74
Bluetooth Identifiers
Device Address, 48 bits Private Authentication Key, 128 bits Private Encryption Key, 8 to 128 bits RAND, 128 bits Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
75
Bluetooth Security Modes
non-secure Security Mode 2 service-level after channel establishment Security Mode 3 link-level prior to channel establishment Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
76
Bluetooth Security Levels
Device Trusted Untrusted Service Authorization and Authentication Authentication Only Open to all devices Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
77
Protocols and Threat Models
Bluetooth Unit Key Unit Key E21( Device Address, Random Number) Usually fixed for the lifetime of the device Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
78
Bluetooth Initial Key Generation
Verifier sends Claimant IN_RAND Verifier computes Kinit from E22( IN_RAND, PIN) Kinit is temporary link key PIN can be Fixed in simple device Keyed in by user (typically 4 digits) Generated by user device Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
79
Bluetooth Authentication
Device A generates AU_RAND and sends it to Device B Device B sends Device AddressB to Device A Device A and Device B both compute SRES and ACO from SAFER+ based MAC function E1(Kinit, AU_RAND, Device Address ) Device B sends SRESB to Device A If SRESA equals SRESB, then devices are authenticated Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
80
Protocols and Threat Models
Bluetooth Link Key Two types of link keys Unit key of one of the devices Unit A computes K = KA XOR Kinit and sends K to Unit B Unit B computes KA = K XOR Kinit KA is used as link key Key derived from both unit keys Unit A generates LK_RANDA, sends it to Unit B and computes LK_KA = E21(LK_RANDA, Device AddressA ) Unit B generates LK_RANDB, sends it to Unit A and computes LK_KB = E21(LK_RANDB, Device AddressB) Both units compute each otherās key and the link key KAB = LK_KA XOR LK_KB Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
81
Bluetooth Encryption Key
KC = E3( EN_RANDA, Klink, COF ) Ciphering Offset Figure (COF) Authenticated Ciphering Offset (ACO) or For broadcast, Device Address concatenated with itself Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
82
Protocols and Threat Models
Bluetooth Encryption Kcipher = E0( Device AddressA, clockA, KC ) Data is exclusive-ORāed with Kcipher before transmission and after reception Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
83
Bluetooth Security Issues
Privacy Devices can be closely tracked Only devices are authenticated, not users Key variables exchanged in the clear Link key a shared secret among too many A, B use Aās unit key as the link key B can later use Aās unit key and a faked address to eavesdrop on traffic Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
84
Protocols and Threat Models
3GPP 3rd Generation Partnership Project Crypto developed in the open Air interface will use KASUMI encryption Evolve GSM Multimedia Messaging Service (MMS) General Packet Radio Service (GPRS) GSM overlay (Phase 1: 4x14 kbps, Phase 2: 8x14kbps) Cingular,AT&T: TDMA to GSM to GPRS Enhanced Data rates for GSM Evolution (EDGE) Universal Mobile Telephone Service (UMTS) High Speed Circuit Switched Data (HSCSD) Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
85
Protocols and Threat Models
Questions? Black Hat Briefings July 31, 2002 Wireless Overview Protocols and Threat Models
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.