1 / 19

Ch 12. Wireless Security

Ch 12. Wireless Security. Myungchul Kim mckim@icu.ac.kr. Wireless Security. Security principles Special issues in wireless security Security issues unique to 802.11, satellites, cellular networks, WAP, etc. Centrex. Wireless Security Example. Link to Public Internet. C. D. T1 or

rosine
Download Presentation

Ch 12. Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ch 12. Wireless Security Myungchul Kim mckim@icu.ac.kr

  2. Wireless Security Security principles Special issues in wireless security Security issues unique to 802.11, satellites, cellular networks, WAP, etc.

  3. Centrex Wireless Security Example Link to Public Internet C D T1 or DSL LAN Server Wireless LAN Cell Wireless LAN Cell Z Y Router and Firewall Fast Ethernet LAN(Backbone) Wireless LAN Cell 1. No physical net security (server ID/PW) 2. No physical net security (server ID/PW + encryption) 3. Physical net security (optional server ID/PW + encryption) X Wired Ethernet LAN A B

  4. Wireless security Issues • Several security concerns at all layers • Wireless networks (cellular, wi-fi, adhoc, satellite) • Wireless platforms (Mobile IP, WAP, I-Mode, Wireless Java, Mobile Web services) • Mobile applications (holding digital certificates in handsets) • Too many issues needing attention • Cellular security (location services) • Satellite security (GAO report) • Mobile adhoc network security • Wireless platform security (WAP, BREW) • M-application security (handset certificates) • An architecture approach is needed – a solution that considers tradeoffs and works within constraints and limitations

  5. Different Views: User View (PIA4) Privacy • assure privacy of information (i.e., no one other than the authorized people can see the information) in storage or transmission Integrity • the integrity of information (i.e., no unauthorized modification) Authentication: • identify for certain who is communicating with you Authorization (Access control): • determine what access rights that person has.

  6. Accountability (Auditing): . • assure that you can tell who did what when and convince yourself that the system keeps its security promises. • Includes non-repudiation (NR) -- the ability to provide proof of the origin or delivery of data. • NR protects the sender against a false denial by the recipient that the data has been received. Also protects the recipient against false denial by the sender that the data has been sent. • a receiver cannot say that he/she never received the data or the sender cannot say that he/she never sent any data Availability: access to system when a user needs it

  7. Sample Wireless Security Technologies • SET for transaction security • S/MIME and PGP for secure email • Java security (sandboxes) • Database security Applications Can use higher level services to compensate for lower layers Tradeoffs in performance and security • SSL and TLS • WAP security (WTLS) • Web security (HTTPS, PICS, HTTP Headers) • Proxy server security Middleware TCP/IP • IPSEC and wirless VPN • Mobile IP • 802.11 security (WEP) • Cellular network security • Satellite link security • WLL and cordless link security Wireless Link

  8. Security Tradeoffs Telnet FTP SMTP HTTP TCP /IP a) Physical Network Level Security (encryption at physical network level) Physical Network (layer1 –2) Telnet FTP SMTP HTTP b) Transport Level Security (encryption at IP level) IPsec (VPN) Physical network A3 A3 A2 A1 PGP S/MIME HTTP c) Higher Level Security (encryption at SSL or application level) SMTP SSL TCP /IP Legend: Darker areas indicate security (say encryption) Physical network

  9. Table 12-1 Security Considerations – Mapping Technology to Needs

  10. Centrex Wireless Security Example Link to Public Internet C D T1 or DSL LAN Server Wireless LAN Cell Wireless LAN Cell Z Y Router and Firewall Fast Ethernet LAN(Backbone) Wireless LAN Cell 1. No physical net security (server ID/PW) 2. No physical net security (server ID/PW + encryption) 3. Physical net security (optional server ID/PW + encryption) X Wired Ethernet LAN A B

  11. Wireless LAN security • Issues • Random connectivity • Identity issues: MAC address • Access control issues: ACL based on MAC address • Authentication Issues: un-authenticated Diffie-Hellman algorithm -> man-in-the-middle attack • Wired Equivalent Privacy (WEP) • A single key • Higher-level (e.g. applications) security measures are needed • 802.11i • Much stronger encryption and longer key • IEEE 802.1X • Authentication/key management

  12. Cellular wireless network security • 1G • 2G: SIM (subscriber information module) of GSM • 2.5G: GPRS with Ipsec • 3G

  13. Mobile ad hoc network security • Security challenges • Availability: redundancies • Privacy: trust, protect routing information • Integrity • Authentication: Certificate Authorities • Non-repudiation • Black hole attack

  14. Wireless PAN security • Limitations and problems • Unlicensed 2.4-GHz radio band • Key management • PIN code • Device authentication, no user authentication • Mad-in-the-middle attack • Short PIN size • Key size of cipher algorithms • Location and movement

  15. WAP Security Wireless network with uses WTLS Security WAP Phone Internet uses SSL Security • Web Server • CGI Scripts • WAP Gateway • Protocol Adapters • WML Encoder • WMLScript • Compiler WML Browser WML Script Content

  16. I-Mode security Docomo Wireless Network using proprietary protocols and SSL I-Mode Phone Dedicated Lines using SSL Security Financial Institution Web Server with I-Mode Content

  17. Levels of Security View • SET for transaction security • S/MIME and PGP for secure email • Java security • Database security Applications • SSL and TLS • WAP security (WTLS) • Web security (HTTPS, PICS, HTTP Headers) • Proxy server security Middleware TCP/IP • IPSEC and VPN • 802.11 security (WEP) • Cellular network security • Satellite link security • WLL and cordless link security Wireless Link

  18. Table 12-2 Security Levels

  19. Summary Security principles Special issues in wireless security Security issues unique to 802.11, satellites, cellular networks, WAP, etc.

More Related