Presentation is loading. Please wait.

Presentation is loading. Please wait.

January 10, 20071 ECET 581/CPET/ECET 499 Mobile Computing Technologies & Apps Mobile and Wireless Security 1 of 2 Paul I-Hai Lin, Professor Electrical.

Published byHomer Higgins Modified over 9 years ago

Similar presentations

Presentation on theme: "January 10, 20071 ECET 581/CPET/ECET 499 Mobile Computing Technologies & Apps Mobile and Wireless Security 1 of 2 Paul I-Hai Lin, Professor Electrical."— Presentation transcript:

1 January 10, 20071 ECET 581/CPET/ECET 499 Mobile Computing Technologies & Apps Mobile and Wireless Security 1 of 2 Paul I-Hai Lin, Professor Electrical and Computer Engineering Technology Indiana University-Purdue University Fort Wayne

2 January 10, 20072 Mobile and Wireless Security Various Security Risks Various Security Risks Traditional Security Issues Traditional Security Issues Mobile and Wireless Security Issues Mobile and Wireless Security Issues Problems in Ad Hoc Networks Problems in Ad Hoc Networks Additional Issues: Commerce Additional Issues: Commerce Additional Types of Attacks Additional Types of Attacks

3 January 10, 20073 Various Security Risks Various Security Risks Various Security Risks Physical SecurityPhysical Security Communications SecurityCommunications Security Emission Security (Electronic Signals)Emission Security (Electronic Signals) Computer SecurityComputer Security Network SecurityNetwork Security Information SecurityInformation Security

4 January 10, 20074 Traditional Security Issues Integrity Integrity Confidentiality Confidentiality Nonrepudiation Nonrepudiation Availability Availability

5 January 10, 20075 Traditional Security Issues (cont.) Integrity Integrity System Integrity: perform its intended functions in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the systemSystem Integrity: perform its intended functions in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system Data Integrity: the receiver of the data can verify that the data have not been modified; in addition, no one should be able to substitute fake dataData Integrity: the receiver of the data can verify that the data have not been modified; in addition, no one should be able to substitute fake data Integrity of Files and Information in transmissionIntegrity of Files and Information in transmission Confidentiality Confidentiality Only intended recipient (s) can read the provided dataOnly intended recipient (s) can read the provided data Confidentiality of Files and Information in transmissionConfidentiality of Files and Information in transmission Traffic flow confidentialityTraffic flow confidentiality

6 January 10, 20076 Traditional Security Issues (cont.) Nonrepudiation Nonrepudiation The sender should not be able to falsely deny (i.e. repudiate) sending dataThe sender should not be able to falsely deny (i.e. repudiate) sending data ExamplesExamples Availability Availability A third party with no access should not be able to block legitimate parties from using a resourceA third party with no access should not be able to block legitimate parties from using a resource Denial-of-Service Attacks (DoS)Denial-of-Service Attacks (DoS)

7 January 10, 20077 Types of Attacks Access Attacks Access Attacks Modification Attacks Modification Attacks Denial-of-Service Attacks (DoS) Denial-of-Service Attacks (DoS) Repudiation Attacks Repudiation Attacks

8 January 10, 20078 Types of Attacks (cont.) Access Attacks Access Attacks Snooping (looking through)Snooping (looking through) Eavesdropping (listens)Eavesdropping (listens) Interception (active)Interception (active) Modification Attacks Modification Attacks ChangesChanges InsertionInsertion DeletionDeletion

9 January 10, 20079 Types of Attacks (cont.) Denial-of-Service Attacks (DoS) Denial-of-Service Attacks (DoS) Denial of access to informationDenial of access to information Denial of access to applicationsDenial of access to applications Denial of access to systemsDenial of access to systems Denial of access to communicationsDenial of access to communications Repudiation Attacks Repudiation Attacks MasqueradingMasquerading Denying an eventDenying an event

10 January 10, 200710 DoS Attacks - Information The Computer Emergency Response Team Coordination Center (CERT/CC) www.cert.org/advisories/, Denial of Services: http://www.cert.org/tech_tips/denial_of_service.h tml The Computer Emergency Response Team Coordination Center (CERT/CC) www.cert.org/advisories/, Denial of Services: http://www.cert.org/tech_tips/denial_of_service.h tml www.cert.org/advisories/ http://www.cert.org/tech_tips/denial_of_service.h tml www.cert.org/advisories/ http://www.cert.org/tech_tips/denial_of_service.h tml SecurityFocus’s bugtraq, http://www.securityfocus.com/archive/1 SecurityFocus’s bugtraq, http://www.securityfocus.com/archive/1 http://www.securityfocus.com/archive/1 SecuriTeam, http://www.securiteam.com/ SecuriTeam, http://www.securiteam.com/ http://www.securiteam.com/

11 January 10, 200711 DoS Attacks Syn_flood, http://www.cert.org/advisories/CA-1996- 21.html Syn_flood, http://www.cert.org/advisories/CA-1996- 21.html http://www.cert.org/advisories/CA-1996- 21.html http://www.cert.org/advisories/CA-1996- 21.html TCP SYNC Flooding and IP Spoofing AttacksTCP SYNC Flooding and IP Spoofing Attacks Smurf, http://www.cert.org/advisories/CA-1998-01.html Smurf, http://www.cert.org/advisories/CA-1998-01.html http://www.cert.org/advisories/CA-1998-01.html Smurf IP Denial-of-Service AttacksSmurf IP Denial-of-Service Attacks Ping_of_death, http://www.cert.org/advisories/CA- 1996-26.html Ping_of_death, http://www.cert.org/advisories/CA- 1996-26.html http://www.cert.org/advisories/CA- 1996-26.html http://www.cert.org/advisories/CA- 1996-26.html Denial-of-Service via pingDenial-of-Service via ping Teardrop, http://www.cert.org/advisories/CA-1997- 28.html Teardrop, http://www.cert.org/advisories/CA-1997- 28.html http://www.cert.org/advisories/CA-1997- 28.html http://www.cert.org/advisories/CA-1997- 28.html

12 January 10, 200712 Distributed DoS Attacks Distributed Denial of Service (DDos) Attacks/Tools, http://staff.washington.edu/dittrich/misc/ddos/ Distributed Denial of Service (DDos) Attacks/Tools, http://staff.washington.edu/dittrich/misc/ddos/ http://staff.washington.edu/dittrich/misc/ddos/ “mstream” Distributed DoS, http://www.cert.org/incident_notes/IN-2000-05.html “mstream” Distributed DoS, http://www.cert.org/incident_notes/IN-2000-05.html http://www.cert.org/incident_notes/IN-2000-05.html Distributed DOS attack software, http://www.tenebril.com/src/spyware/distributed-dos- attack-software.php Distributed DOS attack software, http://www.tenebril.com/src/spyware/distributed-dos- attack-software.php

13 January 10, 200713 Mobile and Wireless Security Physical Security Physical Security Information Security Information Security EmailEmail Contact databaseContact database Price listsPrice lists Personal Information ManagerPersonal Information Manager Business plan, documentsBusiness plan, documents

14 January 10, 200714 Mobile and Wireless Security Issues Physical Security Physical Security DetectabilityDetectability RF signal RF signal Changing frequencies Changing frequencies Use very directional antenna Use very directional antenna Use minimal power Use minimal power Resource Depletion/Exhaustion attackResource Depletion/Exhaustion attack Shortens the lifespan of the battery, consumes all the power in a battery Shortens the lifespan of the battery, consumes all the power in a battery In Ad Hoc networks – attacks cause key routing nodes to fail, and leaving parts of the network unreachable In Ad Hoc networks – attacks cause key routing nodes to fail, and leaving parts of the network unreachable

15 January 10, 200715 Mobile and Wireless Security Issues (cont.) Physical Intercept Problems Physical Intercept Problems Wireless/broadcastWireless/broadcast Mitigation:Mitigation: Directional antenna Directional antenna Low-power transmissions Low-power transmissions Frequency-hopping/spread spectrum technology Frequency-hopping/spread spectrum technology Encryption techniques at higher layers Encryption techniques at higher layers

16 January 10, 200716 Mobile and Wireless Security Issues (cont.) Theft of Devices Theft of Devices War Driving War Driving Wireless card running some detection softwareWireless card running some detection software GPSGPS Driving around: detect the presence of wireless networks, and GPS gives the location for later referenceDriving around: detect the presence of wireless networks, and GPS gives the location for later reference References (detection software): References (detection software): http://www.netstumbler.com/http://www.netstumbler.com/http://www.netstumbler.com/ http://www.kismetwireless.net/http://www.kismetwireless.net/http://www.kismetwireless.net/ http://www.wardriving.com/http://www.wardriving.com/http://www.wardriving.com/

17 January 10, 200717 Mobile and Wireless Security Issues (cont.) War Walking War Walking Lightweight computer: PDA PocketPC, laptopLightweight computer: PDA PocketPC, laptop Walking aroundWalking around War Chalking (symbols) War Chalking (symbols) Open networkOpen network Closed networksClosed networks WEP (Wired Equivalent Privacy) password protected networkWEP (Wired Equivalent Privacy) password protected network

18 January 10, 200718 Problems in Ad Hoc Networks Problems in Ad Hoc Networks Problems in Ad Hoc Networks Data pass through several other Ad Hoc networksData pass through several other Ad Hoc networks Man in the middle attack to copy or corrupt data in transitMan in the middle attack to copy or corrupt data in transit Routing (risks) Routing (risks) SpoofingSpoofing ARP Spoofing: request an address and pass data to impersonator ARP Spoofing: request an address and pass data to impersonator ARP cache poisoning: actively corrupt data as it pass throughARP cache poisoning: actively corrupt data as it pass through Resource-exhaustion attackResource-exhaustion attack

19 January 10, 200719 Problems in Ad Hoc Networks Key management Key management EncryptionEncryption AuthenticationAuthentication Creating, sharing, storing, encryption keysCreating, sharing, storing, encryption keys Public key encryption Public key encryption Private key encryption Private key encryption Prekeying: not practical Prekeying: not practical

20 January 10, 200720 Problems in Ad Hoc Networks Reconfiguring Reconfiguring Dynamic natureDynamic nature Topology changes over timeTopology changes over time Route may no longer workRoute may no longer work Hostile Environment Hostile Environment Unsecured physical locations (coffee shops, airports, etc)Unsecured physical locations (coffee shops, airports, etc) Ad Hoc networks of soldiers Ad Hoc networks of soldiers

21 January 10, 200721 Additional Issues: Commerce Liability Liability Fear, uncertainty, and doubt Fear, uncertainty, and doubt Fraud Fraud Big bucks at stake Big bucks at stake

22 January 10, 200722 Additional Issues: Commerce Liability Liability Fear, uncertainty, and doubt Fear, uncertainty, and doubt Fraud Fraud Big bucks at stake Big bucks at stake

23 January 10, 200723 Additional Types of Attacks “Man in the Middle” Attacks “Man in the Middle” Attacks Traffic Analysis Traffic Analysis Reply Attacks Reply Attacks Reusing data in a packet observed by a malicious nodeReusing data in a packet observed by a malicious node Buffer-Overflow Attacks Buffer-Overflow Attacks Extra data cause the program to execute different code by changing variables values, program flow, or similarExtra data cause the program to execute different code by changing variables values, program flow, or similar

Download ppt "January 10, 20071 ECET 581/CPET/ECET 499 Mobile Computing Technologies & Apps Mobile and Wireless Security 1 of 2 Paul I-Hai Lin, Professor Electrical."

Similar presentations

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.

Chapter 1 This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.

7: Network Security1 Chapter 7: Network security – Author? Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Man in the Middle attacks and ARP poisoning explained

Man in the Middle attacks and ARP poisoning explained
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Similar presentations

Ads by Google