Kumar`s Security Slides

Download Report

Transcript Kumar`s Security Slides

Security Issues in Wireless Networks
Kumar Viswanath
CMPE 293
What is Cryptography
* Cryptography is the work of people suffering
from delusional paranoia
Security Requirements
* Confidentiality
» Protection from disclosure to unauthorized
persons
* Integrity
» Maintaining Data Consistency
* Authentication
» Assurance of identity of originator of Data
* Non- Repudiation
» Originator of communications cant deny it later
Security Threats
*
*
*
*
*
Information Disclosure /information leakage
Integrity violation
Masquerading
Denial of Service
Generic threats: backdoors, trojans, insider
attacks
* Most Internet Security problems are related to
access control or authentication
Attack Types
Passive Attack
Active Attack
* Passive attack can only observe data or
communications
* Active attack can actively modify data or
communications
» Mail forgery/ Modification
» IP spoofing / session hijacking
Security Mechanisms
* Three basic building blocks are used:
» Encryption is used to provide confidentiality, can
provide authentication and integrity protection
» Digital Signatures are used to provide authentication,
integrity protection and non repudiation
» Checksum and Hash algorithms are used to provide
integrity protection
* One more more of these security mechanisms is
combined to provide a security service
Services , Mechanisms, Algorithms
SSL
Signatures
DSA
RSA
Encryption
DES
Hashing
MD5
* Services are built from mechanisms
* Mechanisms are implemented using algorithms
Conventional Encryption
* Shared Key
* Problem of communicating a large message
in secret reduced to communicating a small
key in secret
Public Key Encryption
* Use Matched public/private key pairs
* Any one can encrypt with public key but only
one person can decrypt with private key
Security In GSM Networks
* Overview
» GSM subscribers MS are traced during their intradomain and inter-domain movements
» Each MS informs the network of its position and this
information is used to update the VLR and HLR
» Communication is established under control of
Authentication center called Auc located within the
Message Switching Center (MSC)
GSM Cont’d
* Every GSM subscriber has a smart card (SIM) containing a
secret key Ki known only to the HLR.
* When MS notifies local MSC of its presence, local VLR
contacts the HLR
* VLR transmits it own identity , MS indentity (IMSI) and
position to HLR.
* HLR queries its AUc for a set of triplets containing a
challenge, a signed response SRES and corresponding
session key Kc.
* The triplets are forwarded to VLR which uses it for
authenticating MS
* Parameters SRES and Kc are computed with proprietary
algorithms A3 and A8 that implement one way functions.
* SRES = A3(Ki,RAND)
* Kc = A8(Ki,RAND)
* Authentication of Mobile Station is achieved using the
challenge response mechanism
* Data Confidentiality is achieved by enciphering all data with
session key Kc.
* A5 is used to encipher data, speech and signaling messages
GSM Authentication Scheme
Security Issues
* The authentication scheme relies on the security of
the inter- network between the VLR  HLR
communication
* Another point of contention is the manner in which the
authentication information is distributed.The Home
domain has to generate on the fly, a set of challenge response pairs
* GSM uses proprietary Algorithms for authentication
and secrecy.
* Security by Obscurity is not effective.
CDPD
* CDPD is not only a value added service but a
complete architecture. The architecture supports
several network layer protocols including IP
* Security Services composed of
» Data confidentiality
» Key Distribution
» Mobile Unit Authentication
* An authentication server AS is present in
every CDPD domain
* The AS is typically co-located with the Mobile
Data Intermediate System (MD-IS)
* Mobile unit (M-ES) authentication requires
contacting the AS in the units Home domain
CDPD cont’d
* The authentication begins with the Diffie-Hellman
key exchange protocol.
* M-ES and MD-IS both share a key Ks.
* M-ES encrypts its credential with Ks and submits it
for authentication
* Credentials consist of a triple [NEI,ARN,ASN]
* The serving MD-IS decrypts the credentials and
forward them to the home MD-IS in cleartext.
* Home MD-IS validates the credentials and
issues a new ARN.
* M-ES authentication is complete when the
serving MD-IS receives a confirmation from
the home MD-IS
CDPD Authentication Scheme
Security Issues
* Authentication scheme is unidirectional
* An intruder can masquerade as the serving
MD-IS and discover M-ES credentials
* The scheme assumes that the fixed network
is secure
* CDPD does not have a long term key unlike
GSM. If an intruder intercepts the M-ES
credentials he can impersonate for ever.
Securing Ad Hoc Networks
* Goals
» Availability: ensure survivability of the network
despite denial of service attacks. The DOS can
be targeted at any layer
» Confidentiality: ensures that certain information is
not disclosed to unauthorized entities. Eg
Routing information information should not be
leaked out because it can help to identify and
locate the targets
» Integrity: guarantee that a message being
transferred is never corrupted.
* Authentication: enables a node to ensure the
identity of the nodes communicating.
* Non- Repudiation: ensures that the origin of
the message cannot deny having sent the
message
Challenges
* Wireless links renders the ad hoc network
susceptible to attacks
* In Ad hoc scenarios like tactical warfare etc.
nodes have a high probability of being
compromised.
* Ad hoc network is dynamic because of
frequent topology changes. Trust relationship
among nodes also changes
Secure Routing
* Two sources of threats:
» External: Intruder nodes can pose to be a part of
the network injecting erroneous routes, replaying
old information or introduce excessive traffic to
partition the network
» Internal: The nodes themselves could be
compromised. Detection of such nodes is difficult
since compromised nodes can generate valid
signatures.
* High Level Solution
» Treat routing information from compromised
nodes as outdated information
* If routing protocol can provide multiple routes
use Diversity Coding techniques
» eg if there are n disjoint routes to a destination
use (n-r) channels to transmit data and other r
channels to transmit redundant information.
Key Management Service
* Use Digital signatures to to protect both
routing and data
* Public Key infrastructure because of
superiority in key distribution.
* Problems:
» Requires a trusted entity called Certification
Authority CA for key management
» Single point of failure
Key Management Service
Key management K/k
K
S1
K1/k1
Sn
K2/k2
Kn/kn
S2
* Key Management consists of n servers. The service as a
whole has a public/private key pair K/k.
* The public key K is known to all nodes and the private key is
divided into n shares s1,s2,… sn.
* Each server ‘i’ has a public/private key pair
Ki/ki and knows the public keys of all other
nodes.
* Nodes as clients can query requests to get
other client’s public keys or update requests
to change their own public keys
* The key management scheme uses (n,t+1)
threshold cryptography.
Threshold Crytography
* An (n,t+1) scheme allows n parties to share the ability
perform cryptographic operations ( eg. digital signatures ) so
that any t+1 parties can jointly perform the operations
* For the service to sign a certificate each server generates
the partial signature using its private key share Si
* All the Si are combined in the combiner.The combiner can
use any valid t+1 partial signatures to generate the Key K.
* Note: Compromised Servers can generate incorrect partial
signatures.
* Proactive schemes use share refreshing.
» Compute new shares from old shares without disclosing the service
private key to any server.
Wired Equivalent Privacy (WEP)
* “ Wired Equivalent Privacy”
* Part of 802.11 Link layer protocol
* Security Goals:
» prevent link layer eavesdropping
» Secondary Goal: prevent network access
» Essentially equivalent to wired access point
security
WEP
* WEP relies on a secret key that is shared between a
mobile station (eg. a laptop with a wireless ethernet
card) and an access point (ie. a base station)
* The secret key is used to encrypt packets before
they are transmitted, and an integrity check is used
to ensure that packets are not modified in transit.
* The standard does not discuss how the shared key
is established. In practice, most installations use a
single key that is shared between all mobile stations
and access points.
Protocol Setup
LAN
Shared
key
Mobile
Station
Access
Point
Mobile
Station
Mobile
Station
* WEP uses RC4 which is a stream cipher
* A stream cipher operates by expanding a short key
into an infinite pseudo-random key stream.
* The sender XORs the key stream with the plaintext
to produce ciphertext.
* The receiver has a copy of the same key, and uses
it to generate identical key stream.
* XORing the key stream with the ciphertext yields
the original plaintext.
Problems
* An attacker can flip a bit in the ciphertext, then upon
decryption, the corresponding bit in the plaintext will
be flipped.
* Also, if an eavesdropper intercepts two ciphertexts
encrypted with the same key stream, it is possible to
obtain the XOR of the two plaintexts.
* Knowledge of this XOR can enable statistical
attacks to recover the plaintexts.
* The statistical attacks become increasingly practical
as more ciphertexts that use the same key stream
are known.
Security Measures
* To ensure that a packet has not been modified in transit,
WEP uses an Integrity Check (IC) field in the packet.
* To avoid encrypting two ciphertexts with the same key
stream, an Initialization Vector (IV) is used to augment the
shared secret key and produce a different RC4 key for each
packet. The IV is also included in the packet.
Conclusions
* Designing secure protocols is harder than it
looks
* Public review is a good idea
* Use previous work ( and their failures ) to
design more robust schemes