Transcript Security Vulnerabilities

Certain security vulnerabilities
exist in every mode of wireless
communications.
Wired and wireless IP
communications concerns
•
•
•
•
•
•
Traffic Sniffing
Wrong location delivery
Logging
Corporate espionage and spying
Identity Theft
Man in the middle captures
IP traffic sniffing may be different
depending on the mode of
communications used.
• Wireless
– WiFi
– EV-DO
– CDMA
– TDMA
– GPRS
– GSM
– iDEN (Nextel)
– CDPD
• Wired
– Dedicated LAN
– DIA Leased Lined
– Frame Relay
– PRN
– ISDN
– DSL
– Cable
Sniffing WiFi
• Plain Text
– Everything is readable
• WEP
– Encryption is easily broken
• WPA
– More difficult to break
– More difficult to manage
• WPA2
– Harder to break
– Difficult to manage
– Unmanageable for road warriors
Sniffing EV-DO
• Encrypted with 128 bit known method
• Requires at this time special hardware to
monitor and read (i.e. test equipment not
readily accessible)
• Black Hat has published a calculator for
decryption (takes 100 hours on pentium
200 which breaks down to 1 hour on an
HP 2620)
EV-DO Specific Concerns
1)
The data is transmitted in Encrypted using a 64bit key
from the card and 64bit key from the base station (see
http://www.faqs.org/ftp/internet-drafts/draft-lizhimingpppext-eap-cave-00.txt). I am looking for a more up
to date version of this document. Note: not able to
find on US search engines.
2) There is a (black hat) paper out there that includes a
link to a calculator program to decrypt the
communication.
3) Working on receiver modifications so I can capture the
packets from the air and put them back together.
Steps 1 and 2 are done waiting on hardware for
step 3
Sniffing a Dedicated Connection
• Only sniffable with a tap into the circuit or
access point in the network
• Still vulnerable through wireless devices
connected to the wired network
Sniffing DSL
• Less difficult to sniff than dedicated wired
connections
• DSL can be connected into at different
connection points along the way
• Still vulnerable through wireless devices
connected to the wired network
What do you need to sniff cable?
• Requires a modified cable modem
• Access to all traffic along the cable
• More open than WiFi, since few people
know about the modified cable modems
Breaking SSL
• Subject to man in the middle attack (see
Blue Coat – commercial product)
• Can be broken if the handshake is
captured but reqiures significant cpu
resources (5 to10 hours of crunch time on
dual Itanium server)
Sniffing Email
• Email is sent and received via open text
• Utilizes no author validation
• Username and password can be used to
access other messages in the email
account even though those messages
were not captured directly
Why Use Protexx?
• High level of encryption (2048 bits)
• Runs inside of all modes of wireless transmission
•
•
•
and encryption (WEP, WPA, EVDO…)
Wrappers around all known TCP/IP based
technologies such as VPN(s) and SSL
connections
Provides a certificate for user that can be used
to sign and/or encrypt emails in outlook and
thunderbird
Dual level (client/server) authentication
Any Questions?