Ch.12 - Wireless Security

download report

Transcript Ch.12 - Wireless Security

Ch 12. Wireless Security
Myungchul Kim
[email protected]
Wireless Security
•Security principles
•Special issues in wireless security
•Security issues unique to 802.11,
satellites, cellular networks, WAP, etc.
Wireless Security Example
Link to
Public Internet
C
T1
or
DSL
D
LAN Server
Wireless LAN
Cell
Wireless LAN
Cell
Z
Y
Router
and
Firewall
Centrex
1. No physical net security
(server ID/PW)
2. No physical net security
(server ID/PW + encryption)
3. Physical net security
(optional
server ID/PW + encryption)
Fast Ethernet
LAN(Backbone)
Wireless LAN
Cell
X
A
B
Wired Ethernet
LAN
Wireless security Issues
• Several security concerns at all layers
– Wireless networks (cellular, wi-fi, adhoc, satellite)
– Wireless platforms (Mobile IP, WAP, I-Mode,
Wireless Java, Mobile Web services)
– Mobile applications (holding digital certificates in
handsets)
• Too many issues needing attention
–
–
–
–
–
Cellular security (location services)
Satellite security (GAO report)
Mobile adhoc network security
Wireless platform security (WAP, BREW)
M-application security (handset certificates)
• An architecture approach is needed – a solution
that considers tradeoffs and works within
constraints and limitations
Different Views: User View (PIA4)
Privacy
assure privacy of information (i.e., no one other
than the authorized people can see the
information) in storage or transmission
Integrity
the integrity of information (i.e., no unauthorized
modification)
Authentication:
identify for certain who is communicating with
you
Authorization (Access control):
determine what access rights that person has.
Accountability (Auditing): .
assure that you can tell who did what when and
convince yourself that the system keeps its
security promises.
Includes non-repudiation (NR) -- the ability to
provide proof of the origin or delivery of data.
NR protects the sender against a false denial by
the recipient that the data has been received. Also
protects the recipient against false denial by the
sender that the data has been sent.
a receiver cannot say that he/she never received
the data or the sender cannot say that he/she
never sent any data
Availability: access to system when a user needs it
Sample Wireless Security Technologies
Applications
Can use
higher level
services to
compensate
for lower layers
Tradeoffs in
performance
and security
Middleware
TCP/IP
Wireless
Link
•SET for transaction security
•S/MIME and PGP for secure email
•Java security (sandboxes)
•Database security
•SSL and TLS
•WAP security (WTLS)
•Web security (HTTPS, PICS, HTTP Headers)
•Proxy server security
•IPSEC and wirless VPN
•Mobile IP
•802.11 security (WEP)
•Cellular network security
•Satellite link security
•WLL and cordless link security
Security Tradeoffs
Telnet FTP SMTP HTTP
TCP /IP
a) Physical Network Level Security
(encryption at physical network level) Physical Network (layer1 –2)
Telnet FTP SMTP HTTP
b) Transport Level Security
(encryption at IP level)
IPsec (VPN)
Physical network
PGP S/MIME
c) Higher Level Security
(encryption at SSL or application level)
Legend: Darker areas indicate
security (say encryption)
A3
A3
A2 A1
HTTP
SMTP
SSL
TCP /IP
Physical network
Table 12-1 Security Considerations – Mapping Technology to Needs
Technologies
Privacy
Integrity
Encryption
X
X
Password
protection
X
X
Digital
signatures
X
Message
Digest
X
Digital
certificates
ACLs
Audit trails
Redundancy
X
X
Authentication
and
Authorization
Accountability Availability and
(NonDenial of service
repudiation)
X
X
X
X
X
Wireless Security Example
Link to
Public Internet
C
T1
or
DSL
D
LAN Server
Wireless LAN
Cell
Wireless LAN
Cell
Z
Y
Router
and
Firewall
Centrex
1. No physical net security
(server ID/PW)
2. No physical net security
(server ID/PW + encryption)
3. Physical net security
(optional
server ID/PW + encryption)
Fast Ethernet
LAN(Backbone)
Wireless LAN
Cell
X
A
B
Wired Ethernet
LAN
Wireless LAN security
• Issues
–
–
–
–
Random connectivity
Identity issues: MAC address
Access control issues: ACL based on MAC address
Authentication Issues: un-authenticated Diffie-Hellman
algorithm -> man-in-the-middle attack
• Wired Equivalent Privacy (WEP)
– A single key
– Higher-level (e.g. applications) security measures are
needed
• 802.11i
– Much stronger encryption and longer key
• IEEE 802.1X
– Authentication/key management
Cellular wireless network security
• 1G
• 2G: SIM (subscriber information module)
of GSM
• 2.5G: GPRS with Ipsec
• 3G
Mobile ad hoc network security
• Security challenges
–
–
–
–
–
Availability: redundancies
Privacy: trust, protect routing information
Integrity
Authentication: Certificate Authorities
Non-repudiation
• Black hole attack
Wireless PAN security
• Limitations and problems
– Unlicensed 2.4-GHz radio band
– Key management
• PIN code
• Device authentication, no user authentication
–
–
–
–
Mad-in-the-middle attack
Short PIN size
Key size of cipher algorithms
Location and movement
I-Mode security
I-Mode
Phone
Docomo
Wireless Network
using proprietary
protocols and
SSL
Web
Server
with I-Mode
Content
Dedicated
Lines
using SSL
Security
Financial
Institution
Levels of Security View
Applications
Middleware
TCP/IP
Wireless
Link
•SET for transaction security
•S/MIME and PGP for secure email
•Java security
•Database security
•SSL and TLS
•WAP security (WTLS)
•Web security (HTTPS, PICS, HTTP Headers)
•Proxy server security
•IPSEC and VPN
•802.11 security (WEP)
•Cellular network security
•Satellite link security
•WLL and cordless link security
Table 12-2 Security Levels
Security Level
Example of Security
Why Needed?
Why Not Enough?
Application-level
security
SET, PGP, S-MIME
Provide security specific
to and application
Only protection of
application-specific data
Client/Server Security
SSL and WTLS Security
Assures secure
communication over an
unsecure link
Only middleware-level
security
IP Level
IPSec, VPN
Protects the IP path
Does not protect
databases
Network Link Level
Wireless LAN Security,
3G and Satelite Security
Deters breaking in at
physical link level
Protects only one link.
Does not cover other
links in a large network
Summary
• Security principles
•Special issues in wireless security
•Security issues unique to 802.11,
satellites, cellular networks, WAP, etc.