1 / 27

Challenges of Wireless Security

The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication ... WTLS is based on the widely used TLS security layer used in Internet. ...

EllenMixel
Download Presentation

Challenges of Wireless Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    Slide 1:Challenges of Wireless Security TCP in Wired-Cum-Wireless Environments

    Presented by Vijaiendra Singh Bhatia CSCI 5939 Independent Study Wireless Security

    Slide 2:Introduction

    Most of the wireless technologies were not designed with security as top priority. It is challenging to implement security in wireless devices due to device characteristics. Difficult to consider various security related issues like integrity, confidentiality, authentication and access control at the same time.

    Slide 3:Security approaches in -

    LAN 802.11 standard The Wired Equivalent Privacy (WEP) algorithm is used to protect wireless communication from interception and to prevent unauthorized access to wireless network . WEP relies on a secret key which is used to encrypt data that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (i.e. a base station).

    Slide 4:Security approaches in -

    WAP WAP specifies the WTLS ( wireless transport layer security protocol ) which provides authentication, data integrity and privacy services. WTLS is based on the widely used TLS security layer used in Internet. WTLS generally uses RSA-based cryptography, and can also use elliptic-curve cryptography (ECC), which provides a high level security.

    Slide 5:Security aspects -

    Authentication WPKI provides a set of technologies that relies on encryption and digital certificates. ( slimmed down version of PKI ) Smart Cards it is a local way to authenticate user, provides more security on top of username password structure. NES (Neomars Enterprise Server) act as a single point of access for mobile devices and provides integration with the corporation's management and security infrastructure.

    Slide 6:Security aspects -

    VPN ( Virtual Private Network ) These system uses encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. Firewalls - A system designed to prevent unauthorized access to or from a private network. A WAP gateway can be used as a single point of entry for an enterprises wireless systems.

    Slide 7:Wireless Security Issues -

    In IEEE 802.11 WEP was intended only to provide the basic security found in wireline LANs. It has serious weaknesses as it shares single secret key. Cryptography It has problems with the way WEP uses the cryptographic primitives. 802.11 encryption is readily breakable, 50-70% networks never even turn on encryption.

    Slide 8:Wireless Security Issues -

    WAP Phones - Many e-commerce sites uses SSL security. At the WAP gateway, during the conversion of encryption from WTLS to SSL format, message is briefly unencrypted and is thus subjected to interception.

    Slide 9:Future Standards -

    PIC (Pre-IKE Credential ) - A PIC-based system's authentication server would authenticate devices that are authorized to communicate with the system. OMAP (Open Multimedia Applications Protocol ) - a library of software from various vendors that will permit secure transactions on wireless devices that use TI's digital signal processors. MeT (Mobile electronic Transactions ) - Ericsson, Motorola, Nokia, and Siemens have formed an alliance to develop standards for secure mobile activities.

    Slide 10:TCP in Wired-Cum-Wireless Environments

    Slide 11:TCP in Wired-Cum-Wireless Environment

    TCP assumption Homogeneous: data network Wired transmission error: rare Wireless Environment Heterogeneous network Limited bandwidth Long round trip time (RTT)

    Slide 12:TCP in Wired-Cum-Wireless Environment

    TCP in wireless environment Random loss A segment loss triggers congestion avoidance Frequent restarts and small senders window Retransmissions Poor throughput

    Slide 13:A wired-cum-wireless Internet

    Diversification in end-host capabilities Workstations coexist with WebTVs, wireless phones, and PDAs. Reliable transmissions are needed for web browsing, e-mail, file transfers, etc. Wireless media exhibit different transmission characteristics than wired. Random losses due to fading, shadowing Often, long RTTs and low bandwidth Power consumption becomes an issue

    Slide 14:End-user wireless networks

    Wireless LANs Sufficient bandwidth and relatively small RTTs, but limited user mobility (IEEE 802.11, HIPERLAN/1) Wide Area Wireless Data Networks Limited bandwidth, long RTTs, jitter, increased user mobility (CDPD, GPRS) Cellular Networks Handle voice and data (GSM, IS-95) Same characteristics as WAWDNs, but circuit-switched Not so economical for data transfers

    Slide 15:TCP in a wireless environment

    Limited bandwidth Long round trip times Random losses User mobility Short flows Power consumption

    Slide 16:TCP solution over wireless environment

    Slide 17:Taxonomy of solutions

    Link layer solutions TCP-aware LL protocols (e.g. snoop) TCP-unaware LL protocols (e.g. TULIP) Split connections Indirect-TCP Wireless Application Protocol TCP modifications (e.g. SACK, Santa Cruz) New transport protocols (e.g. WTCP)

    Slide 18:Link Layer Solutions

    Link layer know packet drop Locally buffer and retransmission Fast response Transparent to existing software & hardware Relative reliable delivery, with TCP

    Slide 19:Link Layer Solutions

    TCP-Aware LL Snoop agent in BS Knowledge of TCP Snoop timeout < TCP timeout TCP-Unaware LL Dont have knowledge of TCP Aware of reliable TCP & unreliable UDP More possibility of LL & TCP retransmission LL retransmission timeout < TCP timeout Designed for half-duplex wireless channel

    Slide 20:Split connection

    Indirect TCP Improved throughput Split TCP connection into 2 (wired & wireless) at BS BS acknowledges segment to sender, before the segment reach the receiver Violate TCP semantics Split TCP connection several times

    Slide 21:TCP modifications

    The main cause is TCP assumptions Modify TCP to differentiate congestion loss, random loss and handoff Only peer TCP upgraded Not all to improve TCP over wireless Many variations proposed to improve performance in different scenarios Different perspectives Slow start is too aggressive, causing fast congestion Initial congestion window is too low

    Slide 22:TCP modifications

    TCP SACK (Selective ACK) Instead of cumulative ACK, selective ACK for out of order packet. Less retransmission of successful received. TCP FACK (Forward Acknowledgement) Make intelligent decisions about data that should be retransmitted TCP Santa Cruz Keep records of sending & receiving time Estimate whether congestion is built up

    Slide 23:TCP modifications

    Delayed ACK No loss, cumulative ack. Loss, immediate ack. DAASS (Delayed ACK after Slow Start) After slow start is congestion avoidance, need less traffic ACK Pacing Rate based, instead of window based ECN (Explicit Congestion Notification) Router informs congestion ELN (Explicit Loss Notification) Loss is informed

    Slide 24:New Transport Protocols

    WTCP (wireless TCP) Designed for CDPD or wireless WAN: low BW, high latency WTCP attempts to predict when a segment loss is due to transmission errors or due to congestion Rate based, an algorithm to inform sender of increasing or reducing sending rate Keep track of statistics for non-congestion segment losses Use of ACK and SACK Not been proven

    Slide 25:WAP WAP stack provides WTP which is message oriented, i.e., the basic unit of interchange is entire message not a byte stream as in TCP. WTP offers various security mechanisms as well as data compression and encryption, provided by WTLS protocol.

    Slide 26:Conclusion

    TCP performance is poor under wireless environment TCP over wireless Link layer Split connection TCP modifications Most developments are specific cases, not for general solution New protocol designed for wireless just born, still need developments.

    Slide 27:References

    Facing the challenges of wireless security - http://nas.cl.uh.edu/yang/teaching/csci5939wirelessSecurity/MillerWirelessSecurityJuly01.pdf TCP in wired-cum-wireless environment - http://nas.cl.uh.edu/yang/teaching/csci5939wirelessSecurity/pentikousis.pdf Wireless Security http://www.peterindia.com/WirelessSecurity.html Neomar Server http://www.neomar.com/news/releases/02.01.10developer.html WEP http://www.webopedia.com/TERM/W/WEP.html

More Related