Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sg-whitespace-09/0026r05 Submission February 2009 Slide 1 Security Ad-Hoc Report Draft Date: 2009-02-19 Authors: Alex Reznik, InterDigital; Ranga Reddy,

Published byMilo Long Modified over 8 years ago

Similar presentations

Presentation on theme: "Sg-whitespace-09/0026r05 Submission February 2009 Slide 1 Security Ad-Hoc Report Draft Date: 2009-02-19 Authors: Alex Reznik, InterDigital; Ranga Reddy,"— Presentation transcript:

1 sg-whitespace-09/0026r05 Submission February 2009 Slide 1 Security Ad-Hoc Report Draft Date: 2009-02-19 Authors: Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine

2 sg-whitespace-09/0026r05 Submission This presentation summarizes the recommendations of the security ad-hoc group. It consists of 2 parts: –Main section includes recommendation and threat analysis –Main section will be presented as part of the White Spaces ECSG tutorial –Background section includes additional information intended to illustrate, support and explain points made in the main section. Abstract February 2009 Slide 2Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine

3 sg-whitespace-09/0026r05 Submission Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine Main Section February 2009 Slide 3

4 sg-whitespace-09/0026r05 Submission Within the context of white spaces, security design needs to focus on two goals: –Primary goal: Protection of incumbents –Secondary goal: Protection of unlicensed users The number of issues and technologies is larger than with protection of incumbents Requires a comprehensive approach Approach to Security –The ad-hoc recommends that an end-to-end security analysis be used in developing security aspects of white space technologies –Within 802 this means a focus on the following The interfaces required for support of higher-level security technologies, such as data/application security, secure identity protocols, device security, etc. Support of security technologies as discussed below Security Goals and General Approach February 2009 Slide 4Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine

5 sg-whitespace-09/0026r05 Submission Illegal Use of Spectrum –Causing harmful interference to incumbents Denial of Service between Secondary Users –Threats to coexistence protocols between secondary devices e.g. Stealing/hogging spectrum Unauthorized disclosure or modification of “sensitive user/location” information –Disclosure of user location –Modification of database info “Sensitive user/location” information is not correct –Registered incumbent or secondary user location –Database info poisoning Sensitive user/location information may include –User location information –User identity –Database registration/authentication parameters –Sensor measurements reported to the database by user –Interference report from the database –Etc. Threat Analysis: High Level Threats February 2009 Slide 5Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine

6 sg-whitespace-09/0026r05 Submission Threat Analysis Mapping Use Cases to Threats – Master Devices February 2009 Slide 6 Use Cases/Threats 4W Fixed 4W-4W fed by 100mW 4W-100 mW 100 mW (Registered Master) 100 mW (Un - registered Master) 50 mW (Sensing Only) ≤ 40 mW Illegal Use of Spectrum XXXXXX DoS between Secondary Users XXXXXXX Disclosure/ Modification of “Relevant“ Info XXXXX “Relevant” Info Not correct XXX Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine

7 sg-whitespace-09/0026r05 Submission Threat Analysis Mapping Use Cases to Threats – Client Devices February 2009 Slide 7 Use Cases/Threats 4W Fixed 4W-4W fed by 100mW 4W-100 mW 100 mW (Registered Master) 100 mW (Un - registered Master) 50 mW (Sensing Only) ≤ 40 mW Illegal Use of Spectrum XXX DoS between Secondary Users XXXXXXX Disclosure/ Modification of “Relevant“ Info XXXXX “Relevant” Info Not correct XXX Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine

8 sg-whitespace-09/0026r05 Submission For the “50mW (Sensing Only)” and “≤ 40mW” the Disclosure/Modification of Relevant Info & Relevant Info Not Correct threats, are not applicable as those devices will not make use of the database. The “≤ 40mW” use case is not affected by the Illegal Use of Spectrum threat due to low power. Devices can operate in adjacent channels. Client devices cannot pose the Illegal Use of Spectrum threat in some use cases because the master chooses the spectrum, polls the database, and bears the responsibility for violation. The exception is when the master device is unregistered. –Given that registration for the lower power devices is not required. This also may be applicable for lower power networks operating in a mesh or peer to peer topology, where every device would be considered a master. Threat Analysis: Caveats February 2009 Slide 8Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine

9 sg-whitespace-09/0026r05 Submission Further Work –Present recommendation represents the best that could be accomplished with a limited time-span of this SG –The contributors and other security ad-hoc participant recognize the need for a much more detailed analysis resulting in A detailed use-case based threat analysis Detailed recommendation for addressing identified threats –802 should plan to further pursue this topic either in a separate SG or as part of other whitespace activities Device Security –An important requirement for protection of incumbents Ensures that devices cannot be modified to “break the rules,” (e.g., disallow the connection of a higher gain antenna to the PA of the TVBD resulting in a higher EIRP than that produced by the original TVBD) –Potentially required to pass FCC certification –802 may need to provide support of proper device security techniques. Some potential example are: Measurement and signaling required to verify that the device is operating according to applicable specifications and policies Ability to affect device operations (e.g. disable transmissions) should device be found to be in violation of such policies See Slide 11 for an illustrative example of an approach where this might be relevant Low-Layer Security –Support of low-layer techniques by 802 is recommended to address the following Incumbent classification / identification identification of malicious and negligent impersonators Protection of coexistence signaling –It is recommended that the WGs coordinate their efforts in this area Sensor and location measurement security –Support by 802 of techniques that secure and attest sensing and location measurements is recommended Protection of database information –Protection of database information on the device and its transmission over the air interface links is recommended and appropriate techniques should be supported by 802 Ad-Hoc Recommendations February 2009 Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine Slide 9

10 sg-whitespace-09/0026r05 Submission Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine Background and Additional Information February 2009 Slide 10

11 sg-whitespace-09/0026r05 Submission Compliance attestation : an important piece in the cognitive radio puzzle –Provides the most effective mechanism for ensuring that a radio is following the required specifications –May be required to demonstrate regulatory compliance –In particular, MAC and PHY (and perhaps even the RF) must be attested to The trend, especially in the area of “cognitive radios,” is toward implementations which are highly configurable. Code attestation is not sufficient to ensure compliance –Compliance must be attested over all possible configurations –The state space may be too large for full code-based attestations Limited attestation can address this problem however –May be defined within RF/PHY/MAC or external to it –Must have the ability to monitor operation of the un-trusted entity for policy compliance –Must have the ability to limit operation when non- compliance observed –At a minimum, interfaces that enable monitor/limitation of operation must be defined and supported Illustrating the role of device security: Configurable Radio February 2009 Network and above TCMTCM Certify Compliance PHY MAC RF PHY MAC RF Un-trustedTrusted Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine Slide 11

12 sg-whitespace-09/0026r05 Submission Potential requirements –Support of mechanisms to prevent tracking of changes in location of a mobile device based on information sent in database queries. –Support of mechanisms to prevent long term tracking of a mobile device’s location based on it's transmissions. Mapping this to existing mechanisms within 802 Mapping this to recommended additional mechanisms Location Privacy: a full System-Picture View February 2009 Slide 12Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine

13 sg-whitespace-09/0026r05 Submission End-to-End Secure Comm. February 2009 Slide 13 802.1x,etc. Modem OSI-Internetworking Modem OSI-Internetworking IPSec, HIP, SMA, etc. Physical Channel Media 802.1x, etc. 802 Interface to the “outside world” IETF’s Secure DataStore and Schema (MAP) IETF’s Secure DataStore and Schema (MAP) OSI-Session Application OSI-Session Application Application-Secured Payload SSL, TLS, etc. FCC Secure WS DataStore FCC Secure WS DataStore TOG’s SMA Secure Datastore and Schema SMA PKI Datastore People/Machines SMA PKI Datastore People/Machines Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams, Nokia; Richard Paine

14 sg-whitespace-09/0026r05 Submission Vulnerabilities Associated with Location February 2009 Slide 14 Modem = 802.xx PHY+MAC OSI-netwk.: IP+TCP Physical Channel Media 802.1x, etc. OSI-Session: HTTP Application: Spectrum Client/Server FCC Secure WS DataStore SMA PKI Datastore People/Machines Vulnerabilities: server address spoofing. Vulnerabilities: tracking of location via IP address tracking Vulnerabilities: tracking of location via MAC ID General Comments: Location privacy can be compromised at every interface Device/user tracking can be done through tracking of MAC IDs, IP addresses, HTTP sessions, etc. A comprehensive solution to location privacy and anonymization is required Alex Reznik, InterDigital; Ranga Reddy, US Army; Michael Williams; Nokia, Richard Paine

Download ppt "Sg-whitespace-09/0026r05 Submission February 2009 Slide 1 Security Ad-Hoc Report Draft Date: 2009-02-19 Authors: Alex Reznik, InterDigital; Ranga Reddy,"

Similar presentations

PAWS: Use Cases I-D: draft-ietf-paws-problem-stmt-usecases-rqmts Basavaraj Patil, Scott Probasco (Nokia) Juan Carlos Zuniga (Interdigital) IETF 82.

PAWS: Use Cases I-D: draft-ietf-paws-problem-stmt-usecases-rqmts Basavaraj Patil, Scott Probasco (Nokia) Juan Carlos Zuniga (Interdigital) IETF 82.
PAWS BOF Protocol to Access White Space DB IETF 80 Gabor Bajko, Brian Rosen.

PAWS BOF Protocol to Access White Space DB IETF 80 Gabor Bajko, Brian Rosen.
Sg-whitespace-08/0006r0 Submission December 2008 Steve Shellhammer, QualcommSlide 1 Coexistence in TV White Space Date: 2008-12-17 Authors:

Sg-whitespace-08/0006r0 Submission December 2008 Steve Shellhammer, QualcommSlide 1 Coexistence in TV White Space Date: Authors:
Geolocation databases for spectrum sharing : ECC findings and studies EC DG CONNECT Workshop, 20 March 2015 Bruno Espinosa, Deputy Director, ECO.

Geolocation databases for spectrum sharing : ECC findings and studies EC DG CONNECT Workshop, 20 March 2015 Bruno Espinosa, Deputy Director, ECO.
Sg-whitespace-09/0023r01 Submission February2009 Alex Reznik, InterDigitalSlide 1 Security Straw Poll Results Date: 2009-02-21 Authors:

Sg-whitespace-09/0023r01 Submission February2009 Alex Reznik, InterDigitalSlide 1 Security Straw Poll Results Date: Authors:
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Doc.: IEEE 802.19-10/0104r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide 1 Channel Selection Support in TVWS Date: 2010-07-14 Authors:

Doc.: IEEE /0104r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide 1 Channel Selection Support in TVWS Date: Authors:
and LMAP liaison Document Number: IEEE R0

and LMAP liaison Document Number: IEEE R0
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Sg-whitespace-09/0026r04 Submission January 2009 Slide 1 Security Ad-Hoc Report Draft Date: 2009-02-04 Authors: Alex Reznik, InterDigital; Ranga Reddy,

Sg-whitespace-09/0026r04 Submission January 2009 Slide 1 Security Ad-Hoc Report Draft Date: Authors: Alex Reznik, InterDigital; Ranga Reddy,
UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Doc.: IEEE 802.22-13/02r0 Submission January 2013 Ranga Reddy, SelfSlide 1 January 2013 TGa Review IEEE P802.22 Wireless RANs Date: 2013-01-12 Authors:

Doc.: IEEE /02r0 Submission January 2013 Ranga Reddy, SelfSlide 1 January 2013 TGa Review IEEE P Wireless RANs Date: Authors:
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG 2012.07.30.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
A new challenge – creating a regulatory environment for implementing geo-location databases for White Space Devices (WSD) Andy Gowans Date (26 th January.

A new challenge – creating a regulatory environment for implementing geo-location databases for White Space Devices (WSD) Andy Gowans Date (26 th January.
PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.

PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Doc.: IEEE 802.19-10/0016r0 Submission January 2010 Joe Kwak, Alex Reznik (InterDigital)Slide 1 TVWS Architecture Options Notice: This document has been.

Doc.: IEEE /0016r0 Submission January 2010 Joe Kwak, Alex Reznik (InterDigital)Slide 1 TVWS Architecture Options Notice: This document has been.
MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.

MWIF Confidential MWIF-Arch Security Task Force Task 5: Security for Signaling July 11, 2001 Baba, Shinichi Ready for MWIF Kansas.
March 2009 Richard Paine, SelfSlide 1 sg-whitespace-09-0061-00-0000-Secure-Datastore-Architecture-Concepts Submission Project IEEE 802 Executive Committee.

March 2009 Richard Paine, SelfSlide 1 sg-whitespace Secure-Datastore-Architecture-Concepts Submission Project IEEE 802 Executive Committee.

Similar presentations

Ads by Google