Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Network Security

Published byBuck Chapman Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Network Security"— Presentation transcript:

1 Wireless Network Security
Smartening the Environment using Wireless Sensor Networks in a Developing Country Wireless Network Security 3G, 4G Wireless PAN/LAN/MAN Al-Sakib Khan Pathan Department of Computer Science International Islamic University Malaysia UTM, 23 May 2012

2 Guided and Unguided Media
All types of communications need some kind of medium. The information is encoded in a signal that is carried through a medium. Quality depends on the characteristics of the medium. Two main groups of transmission media, namely the guided medium and the wireless medium. UTM, 23 May 2012

3 Guided and Unguided Media
For the guided medium, there is a physical path (such as a cable) for electromagnetic wave propagation. For the wireless medium, the electromagnetic wave is transmitted through air, water, or vacuum (space). A wireless medium is also called an unguided medium. UTM, 23 May 2012

4 Wireless LAN A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give a network connection to all users in a building or campus. The backbone network usually uses cables. UTM, 23 May 2012

5 Wireless Network? Security?
Source: UTM, 23 May 2012

6 Wireless Network Features
Wireless networks are treated as having more vulnerabilities than wired networks because of their shared nature naturally broadcasted states unclear perimeters invisible access UTM, 23 May 2012

7 What other “Wireless”? 3G Wireless Networks
3G or 3rd generation mobile telecommunications is a generation of standards for mobile phones and mobile telecommunication services fulfilling the International Mobile Telecommunications-2000 (IMT-2000) specifications by the International Telecommunication Union. Application services include wide-area wireless voice telephone, mobile Internet access, video calls and mobile TV, all in a mobile environment. UTM, 23 May 2012

8 What other “Wireless”? 4G Wireless Networks
In telecommunications, 4G is the fourth generation of cell phone mobile communications standards. It is a successor of the third generation (3G) standards. 4G system provides mobile ultra-broadband Internet access, for example to laptops with USB wireless modems, to smartphones, & to other mobile devices. Conceivable applications include amended mobile web access, IP telephony, gaming services, high-definition mobile TV, video conferencing, 3D television. UTM, 23 May 2012

9 3G Wireless Source: UTM, 23 May 2012

10 A Cell Tower UTM, 23 May 2012

11 3G and WiFi S: UTM, 23 May 2012

12 What they have in Common?
Wireless unguided medium. Potential threat from anybody within the range of wireless coverage/communication. Attenuation. Distortion during signal propagation. Noises. Do all of these impact security? UTM, 23 May 2012

13 Security Viewing Angles
(a) Key Management (b) Secure Routing (c) Secure Services (d) Intrusion Detection Systems (IDS) [outsider, insider] Viewing Angle 2 (a) Physical security (b) Deployment security (sparse or dense, etc.) (c) Topological security (cluster/flat, hierarchy/tree, etc.) (d) Wireless communication security (e) Data security UTM, 23 May 2012

14 Security Viewing Angles
Viewing Angle 3: Holistic Security (a) Application layer security (b) Transport layer security (c) Network layer security (d) Data link layer security (e) Physical layer security Holistic Security? – Still open research issue! UTM, 23 May 2012

15 Main Security Aspects Authentication Authorization
Privacy/Confidentiality Integrity Non-repudiation UTM, 23 May 2012

16 3G Security: Background
One of the aspects of GSM that has played a significant part in its global appeal is its set of security features GSM was the first public telephone system to use integrated cryptographic mechanisms GSM security model has been adopted, modified and extended for DECT, TETRA and 3GPP UTM, 23 May 2012

17 3GPP The 3rd Generation Partnership Project (3GPP) is a collaboration between groups of telecommunications associations, known as the Organizational Partners. The initial scope of 3GPP was to make a globally applicable 3G mobile phone system specification based on evolved Global System for Mobile Communications (GSM) specifications within the scope of the International Mobile Telecommunications-2000 project of the ITU. UTM, 23 May 2012

18 3GPP Security Principles
Ensure that 3G security builds on the security of GSM where features that have proved to be needed and that are robust shall be adopted for 3G Ensure that 3G security improves on the security of second generation systems by correcting real and perceived weaknesses Ensure that new 3G security features are defined as necessary to secure new services offered by 3G UTM, 23 May 2012

19 3G Security Objectives Ensure that
information generated by or relating to a user is adequately protected against misuse or misappropriation. the resources and services provided are adequately protected against misuse or misappropriation. the security features standardized are compatible with world-wide availability. the security features are adequately standardized to ensure world-wide interoperability and roaming between different serving networks. UTM, 23 May 2012

20 3G Security Objectives Ensure that
the level of protection afforded to users and providers of services is better than that is provided in contemporary fixed and mobile networks (including GSM). the implementation of 3GPP security features and mechanisms can be extended and enhanced as required by new threats and services. UTM, 23 May 2012

21 3G Requirements Capture
Based on the threat analysis, a comprehensive list of security requirements were captured and categorized The security requirements help identify which security features need to be introduced in order to counteract the threats The requirements capture has led to the identification of additional security features beyond those retained from GSM UTM, 23 May 2012

22 3G Security Arch: Background
Source: Peter Howard , Vodafone, UK Presentation Slides UTM, 23 May 2012

23 3G R99 Security Features (beyond GSM)
Protection against active attacks on the radio interface New integrity mechanism added to protect critical signaling information on the radio interface Enhanced authentication protocol provides mutual authentication and freshness of cipher/integrity key towards the user Enhanced encryption Stronger algorithm, longer key Encryption terminates in the radio network controller rather than the base station UTM, 23 May 2012

24 3G R99 Security Features (beyond GSM)
Core network security Some protection of signaling between network nodes Potential for secure global roaming Adoption of 3GPP authentication by TIA TR-45 / 3GPP2 UTM, 23 May 2012

25 3G Security Architecture
Home Environment (HE) Serving Network (SN) Access Network (AN) Mobile Terminal (MT) Terminal Equipment (TE) User Services Identity Module (USIM) UTM, 23 May 2012

26 3G Network Architecture
Circuit Network Circuit/ Signaling Gateway Mobility Manager Feature Server(s) Circuit Switch IN Services RNC Call Agent Voice Data + Packet Voice IP Core Network Radio Access Control Packet Network (Internet) Packet Gateway IP RAN Intelligent Network (IN) Radio Network Controller (RNC) IP Radio Access Network (IP RAN) 3G 2G 2G/2.5G Source: Presentation Slides of Myagmar, Gupta: UIUC, USA, 2001 UTM, 23 May 2012

27 Improved Security Features, 1
Network Authentication The user can identify the network Explicit Integrity Data integrity is assured explicitly by use of integrity algorithms Also stronger confidentiality algorithms with longer keys Network Security Mechanisms to support security within and between networks UTM, 23 May 2012

28 Improved Security Features, 2
Switch Based Security Security is based within the switch rather than the base station IMEI Integrity Integrity mechanisms for IMEI (International Mobile Equipment Identity) provided from the start Secure Services Protect against misuse of services provided by SN and HE UTM, 23 May 2012

29 Improved Security Features, 3
Secure Applications Provide security for applications resident on USIM Fraud Detection Mechanisms to combating fraud in roaming situations Flexibility Security features can be extended and enhanced as required by new threats and services UTM, 23 May 2012

30 Improved Security Features, 4
Visibility and Configurability Users are notified whether security is on and what level of security is available Users can configure security features for individual services Compatibility Standardized security features to ensure world-wide interoperability and roaming At least one encryption algorithm exported on world-wide basis UTM, 23 May 2012

31 Improved Security Features, 5
Lawful Interception Mechanisms to provide authorized agencies with certain information about subscribers UTM, 23 May 2012

32 Problems of 3G Security, 1 IMSI (International Mobile Subscriber Identity) is sent in cleartext when allocating TMSI (Temporary Mobile Subscriber Identity) to user. The transmission of IMEI (International Mobile Equipment Identity) is not protected; IMEI is not a security feature. A user can be enticed to camp on a false BS. Once the user camps on the radio channels of a false BS, the user is out of reach of the paging signals of SN. UTM, 23 May 2012

33 Problems of 3G Security, 2 Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The intruder poses as a man-in-the-middle and drops the user once the call is set-up. UTM, 23 May 2012

34 4G Security? Two issues are at the forefront of 4G development:
the verification of users and the limitation of network access in the heterogeneous architecture. Other vulnerabilities involve providers utilizing different systems and the basis of user-centered design, which allows users to select their preferred connection method. UTM, 23 May 2012

35 Wireless PAN WPAN? A wireless personal area network (WPAN) is a personal area network - a network for interconnecting devices centered around an individual person's workspace - in which the connections are wireless. IrDA (Infrared Data Association) Bluetooth Wireless USB Z-Wave ZigBee Body Area Network UTM, 23 May 2012

36 Wireless LAN/MAN WLAN? WMAN? Wireless connected LAN.
A metropolitan area network (MAN) is a computer network that usually spans a city or a large campus. A MAN usually interconnects a number of local area networks (LANs) using a high-capacity backbone technology, such as fiber-optical links, and provides up-link services to wide area networks (or WAN) and the Internet. Wireless Version!! UTM, 23 May 2012

37 What About Security? Common solutions may work in each type of network. Basic wireless security barriers are present but based on characteristics and network settings, things may be different and may demand specific security measures. Based on different standards, different security requirements are met. UTM, 23 May 2012

38 What About Security? Two security services are mainly emphasized:
Authentication Shared Key Authentication Privacy/Confidentiality (Encryption) Wired Equivalence Privacy Other aspects are often requirement specific. UTM, 23 May 2012

39 WLAN Security? standard specifies the operating parameters of wireless local area networks (WLAN) History: , b, a, g, i Minimal security in early versions. Original architecture not well suited for modern security needs. 802.11i attempts to address security issues with WLANs. UTM, 23 May 2012

40 IEEE 802.11b Wired Equivalent Privacy (WEP) Access Control
Confidentiality Encryption 40-bit keys (increased to 104-bit by WEP2) Based on RC4 algorithm Access Control Shared key authentication + Encryption Data Integrity Integrity checksum computed for all messages UTM, 23 May 2012

41 IEEE 802.11b Vulnerabilities in WEP Poorly implemented encryption
Key reuse, small keys, no keyed MIC Weak authentication No key management No interception detection UTM, 23 May 2012

42 IEEE 802.11b: Attacks Successful attacks on 802.11b
Key recovery - AirSnort Man-in-the-middle Denial of service Authentication forging Known plaintext Known ciphertext UTM, 23 May 2012

43 IEEE i IEEE i-2004 or i, implemented as WPA2 (Wi-Fi Protected Access II), is an amendment to the original IEEE The draft standard was ratified on 24 June 2004 Later amendments in 2007 and 2012! UTM, 23 May 2012

44 Original IEEE 802.11i Security Specifications Improved Encryption
CCMP (AES), TKIP (Temporal Key Integrity Protocol), WRAP (Wireless Robust Authenticated Protocol) 2-way authentication Key management Ad-hoc network support Improved security architecture UTM, 23 May 2012

45 802.11i Authentication UTM, 23 May 2012

46 Encryption UTM, 23 May 2012

47 802.11i: Potential Weaknesses
Hardware requirements Hardware upgrade needed for AES (Advanced Encryption Standard) support Strength of TKIP and WRAP questionable in the long term AS (auth. server) needed for 2-way authentication Complexity The more complex a system is, the more likely it may contain an undetected backdoor Patchwork nature of “fixing” b UTM, 23 May 2012

48 Connecting WLAN – Control?
Options: May be connected securely (WPA2, i, etc.) If unsecured, connect to your secure systems securely: VPN – Virtual Private Network SSL connections to secure systems Be careful not to expose passwords Watch for direct attacks on untrusted networks UTM, 23 May 2012

49 802.11i Improvements 802.11i appears to be a significant improvement over b from a security standpoint Vendors are nervous about implementing i protocols due to how quickly WEP was compromised after its release Time will tell how effective i actually is Wireless networks will not be completely secure until the standards that specify them are designed from the beginning with security in mind UTM, 23 May 2012

50 Remarks – WLAN Security
Wireless LAN Security also could be benefited by the advancements of security measures for other networks. The main reason that WLANs are attacked is due to their availability for long time and the medium used, where anybody can try to join in. All these apply to PAN and MAN as well!! UTM, 23 May 2012

51 References [1] Marius Popovici, Daniel Crisan, Zagham Abbas, "Wireless Networks", [2] Peter Howard, "3G Security Overview", Presentation Slides, Vodafone, UK [3] [4] Colin Blanchard, "Security for the Third Generation (3G) Mobile System", Network Systems & Security Technologies. [5] Myagmar, Gupta , “3G Security Overview”, Presentation Slides of UIUC 2001. [6] Kim W. Tracy, "Wireless LAN Security", NEIU, University Computing UTM, 23 May 2012

52 THANK YOU UTM, 23 May 2012

53 sakib.pathan@gmail.com , sakib@iium.edu.my
Questions and Answers , ??? UTM, 23 May 2012

Download ppt "Wireless Network Security"

Similar presentations

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.

SECURING WIRELESS LANS PRESENTED BY VICTOR C. NWALA CS555 Department of Computer Science Old Dominion University.
Chapter - 11 CWNA Certified Wireless Network Administrator Introduction to Wireless LANs.

Chapter - 11 CWNA Certified Wireless Network Administrator Introduction to Wireless LANs.
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
Myagmar, Gupta UIUC 2001 1 3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.

G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems Communications and Networks Chapter 8.

Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems Communications and Networks Chapter 8.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
D-1 Management Information Systems for the Information Age Second Canadian Edition Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved.

D-1 Management Information Systems for the Information Age Second Canadian Edition Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.
1 Wireless LAN Security Kim W. Tracy NEIU, University Computing

1 Wireless LAN Security Kim W. Tracy NEIU, University Computing
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
Chapter 1: Overview Lecturer: Alias Mohd Telecommunications Department Faculty of Electrical Engineering UTM SET 4573: Data Communication and Switching.

Chapter 1: Overview Lecturer: Alias Mohd Telecommunications Department Faculty of Electrical Engineering UTM SET 4573: Data Communication and Switching.
Selecting a WAN Technology Lecture 4: WAN Devices &Technology.

Selecting a WAN Technology Lecture 4: WAN Devices &Technology.

Similar presentations

Ads by Google