1 / 17

IWD2243 Wireless & Mobile Security

IWD2243 Wireless & Mobile Security. Chapter 4 : Security in Wireless Ad Hoc Network. 4.1 Introduction. Ad Hoc – On the fly, as needed basis. Ad Hoc Wireless Net – Ad Hoc that use wireless medium for communication. Mobile Ad Hoc Net (MANET) – nodes that forming ad hoc net are mobile.

blithe
Download Presentation

IWD2243 Wireless & Mobile Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IWD2243Wireless & Mobile Security Chapter 4 : Security in Wireless Ad Hoc Network Prepared by : Zuraidy Adnan, FITM UNISEL

  2. 4.1 Introduction • Ad Hoc – On the fly, as needed basis. • Ad Hoc Wireless Net – Ad Hoc that use wireless medium for communication. • Mobile Ad Hoc Net (MANET) – nodes that forming ad hoc net are mobile. • See figure 19.1 : Examples of ad hoc network, page 446. • Classification for ad-hoc network :- • Geographical coverage – PAN, LAN, WAN • Capable acting as routers • 2 limitation, 1. No dedicated routing devices, 2. Net topology change rapidly and unpredictable. Prepared by : Zuraidy Adnan, FITM UNISEL

  3. 4.1 Introduction • 2 groups of ad-hoc network – 1. Single hop ad-hoc networks and 2. Multihop ad hoc network. • Single hop – Node do not act as routers and therefore communication is possible only between nodes which are within each other RF range. Example, PAN, Bluetooth. • Multihop – node act as router and route the traffic of other nodes. Example, LAN & WAN. Prepared by : Zuraidy Adnan, FITM UNISEL

  4. 4.2 Bluetooth • Wireless ad hoc networking technology • Operates in unlicensed 2.4 GHz freq range • Geographical coverage limited to personal area network (PAN) • Point to point & Point to multipoint links • Supports synchronous and asynchronous traffic • Concentrates on single hop network • Freq hopping spread spectrum (FHSS) with Gaussian freq shift keying (GFSK) modulation at physical layer Prepared by : Zuraidy Adnan, FITM UNISEL

  5. 4.2 Bluetooth • Low power and low cost given important consideration • Adopted as the IEEE 802.15.1 standard for physical layer (PHY) and media access control (MAC) layers. • Bluetooth basics • See figure 19.2 : Bluetooth networks, page 449 • Each piconet has 1 master and up to 7 slaves • Slave communicate with master, if 2 slave want to communicate each other, master should relay the traffic • Piconet = BSS, Master = AP, Slave = Station (STA) • Bluetooth device may participate in more than 1 piconet simultaneously Prepared by : Zuraidy Adnan, FITM UNISEL

  6. 4.2 Bluetooth • Bluetooth basics (cont.) • See figure 19.3 : Piconets and scatternets in bluetooth • Scatternets theoretically possible, rare in commercial deployment • Security modes • Define layer 1 & 2 of OSI stack to achieve comm in single hop ad hoc net • To ease interoperability problem, Bluetooth SIG defined application profiles. • Profile defines an unambiguous description of the comm interface between 2 bluetooth devices or one particular service or application Prepared by : Zuraidy Adnan, FITM UNISEL

  7. 4.2 Bluetooth • Security modes (cont.) • See figure 19.4 : Profiles in Bluetooth, page 451 • Each service / app select appropriate profile depending on its needs – each profiles define different security modes. • Fundamental profile – Generic Access Profile (GAP) • GAP define 3 basic security mode :- • Security mode 1 – unsecured mode in bluetooth. • Security mode 2 – Lies between mode 1 & 2, left the decision to security policy manager. • Security mode 3 – Always on security mode, always initiate authentication procedure. • See Table 19.1 : Security features of Bluetooth connection. Prepared by : Zuraidy Adnan, FITM UNISEL

  8. 4.2 Bluetooth • Key Establishment • Most complex part in bluetooth security • Key hierarchy varies depends on whether unicast or broadcast connection • Pass key • See figure 19.5 : Bluetooth key hierarchy, page 454 • Basically shared secret between 2 communication devices • Two types :- Variable PKEY, Fixed PKEY • Variable PKEY – PKEY that can be chosen at the time of pairing • “Pairing” – process by which 2 bluetooth devices establish a shared secret that they can used for securing communication. • 128 bits • PKEY – shared secret between 2 comm endpoints that ensures the link key is known ONLY to the 2 comm endpoints. Prepared by : Zuraidy Adnan, FITM UNISEL

  9. 4.2 Bluetooth • Key Establishment (cont.) • Initialization key • Initialization key (IK or IKinit). • Short lived temporary key that is used (and exist only) during the pairing process when 2 comm devices start comm for the 1st time. • Derived using E22 algorithm and 3 inputs : PKEY, IN_RAND, Lpkey. • PKEY – Pass key, Lpkey – Length of PKEY in bytes, IN_RAND – 128bit random number generated in devices. • See figure 19.6 : Bluetooth authentication, page 456. • Kinit = E22 (PKEY’,IN_RAND, Lpkey’) Prepared by : Zuraidy Adnan, FITM UNISEL

  10. 4.2 Bluetooth • Key Establishment (cont.) • Link Key • Link key (LK) – shared secret established between 2 comm devices when pairing sequence ends. • Two types :- unit key, combination key. • Unit key – deprecated • Combination key = link key – derived from either existing link key, or Kinit. • The end of pairing process in bluetooth should lead to the establishment of a link key which the 2 devices can use for securing their communication • 3 sources :- existing link key, use of existing link key to establish new link key, use of Kinit to generate link key. Prepared by : Zuraidy Adnan, FITM UNISEL

  11. 4.2 Bluetooth • Key Establishment (cont.) • Encryption key • Link key is used for generating chipering key(CK, or Kc) • Use E3 algorithm • Kc = E3 (K, EN_RAND, COF) • K – link key, EN_RAND – 128bits random number, COF – 96bits chipering offset. • COF = Anthenticationchipering offset (ACO), which derived from authentication process. Prepared by : Zuraidy Adnan, FITM UNISEL

  12. 4.2 Bluetooth • Key Establishment (cont.) • Constraint key • Constraint key (Kc’), constraint encryption key. • Export restrictions – hardware which is capable of encrypting above certain key strength is not exportable. • Bluetooth put in key strength constraining mechanism that reduces the 128bit Kc to 128bit Kc’ whose effective key length (strength) can be any value less than 128 bits • Kc’(x) = g2l(x) {Kc[mod g2l(x)]} Prepared by : Zuraidy Adnan, FITM UNISEL

  13. 4.2 Bluetooth • Key Establishment (cont.) • Payload key • Payload key (Pk) is actual key that is used to encrypt (decrypt) bluetooth packets. • Pk derived from Kc’ using E0 algorithm • Kp = E0 (Kc’,CK_VAL, BD_ADDR, EN_RAND) • BD_ADDR – 48bits bluetooth add for the device, EN_RAND – 128bits random number, CK_VAL – 26 bits of current clock value. Prepared by : Zuraidy Adnan, FITM UNISEL

  14. 4.2 Bluetooth • Key Establishment (cont.) • Broadcast key hierarchy • In braodcast key hierarchy, link key is replaced by the use of a master key (Kmaster). • Derived independently by master without involving any of the slaves • Using E22 algorithm • Kmaster = E22 (LK_RAND1, LK_RAND2,16) • Use overlay key to comm the master key to all slaves in piconet • Koverlay = E22 (K, RAND3, 16) Prepared by : Zuraidy Adnan, FITM UNISEL

  15. 4.2 Bluetooth • Key Establishment (cont.) • The Algorithms • Five algorithm used :-E0,E1, E3, E21, and E22. • E0 – stream chiper, and the other 4 use block chiper. • Use same underlying block chiper :- SAFER+ Prepared by : Zuraidy Adnan, FITM UNISEL

  16. 4.2 Bluetooth • Authentication • Involve 2 endpoints – the claimant, the verifier • For mutual authentication – both end points take on the role of verifier one at a time. • See figure 19.8 : Bluetooth mutual authentication, page 462. • Confidentiality • See figure 19.9 : Bluetooth encryption, page 464 • See figure 19.10 : Bluetooth packet format, page 464. Prepared by : Zuraidy Adnan, FITM UNISEL

  17. 4.2 Bluetooth • Integrity protection • Relies on CRC for integrity • Using linear noncryptographic integrity check mechanism like CRC leaves a lot to be desired as far as integrity protection is concerned. • By choosing CRC, bluetooth fails to provide any real integrity protection, Prepared by : Zuraidy Adnan, FITM UNISEL

More Related