260 likes | 654 Views
Information Security of Wireless Communication Systems. Ezgi Arslan. Outline:. Definition of Information Security Services of security Security of Wi-Fi and cellular systems Solutions to intended or unintended attacks Cryptography Information theoretic security
E N D
Information Security of Wireless Communication Systems EzgiArslan
Outline: • Definition of Information Security • Services of security • Security of Wi-Fi and cellular systems • Solutions to intended or unintended attacks • Cryptography • Information theoretic security • Information theoretic security of MIMO channels
Information Security • Definition of information security under US Code: • Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. • The main concerns of information security are: • Confidentiality • Integrity • Availability • These concerns are more problematic in wireless networks because it is easier to listen or intercept some other channel due to transmission in an open medium.
Confidentiality Alice : Online Banking Provider Bob: Bank customer Eve or Trudy: Bad guy who eavesdrops or attacks the system in some way. [1] Confidentiality aims to prevent unauthorized reading of information, includes protecting personal privacy. Bob doesn’t want Eve to know how much money he has in his savings account. Alice’s job is to make sure the information kept secret, because of laws and regulations.
Integrity Integrity of information is ensured if unauthorized writing or changing of stored information is prevented. It includes ensuring information nonrepudiation and authenticity. Alice must protect the integrity of account information to prevent Trudy from, say, increasing the balance in her account or changing the balance in Bob’s account.
Availability Data availability on both sides (Alice and Bob) is an important part of the communication. Recently, Denial of Service (DoS) attacks become very problematic for ensuring availability. Eve sends fake DoS signals to either Bob or Alice in order to reduce access to information. If Alice’s website is unavailable, then Alice can’t make money from customer transactions and Bob can’t get his business done. Bob might then take his business elsewhere.
Access Control • Issues of Authentication: • It deals with the problem of determining whether a user should be allowed to access to a system or a resource. • Is the one logged on Bob’s computer really Bob, not Trudy? • When Bob logs into his banking account, how does Alice know that it is Bob? • Trudy can intercept, change, insert messages or reply Alice convincing her that she is Bob. • Ways to authenticate: • Something you know : Passwords • Something you have : ATM cards or smart cards • Something you are : Thumbprint or voiceprint
Access Control • Issues of Authorization: • Authorization is the part of access control concerned with restrictions on the actions of authenticated users. • Administrator accounts and firewalls. The job of the firewall is to determine what to let into and out of the internal network. • Multilevel security labels the information as: By this way, Eve can only reach to information of appropriate class.
Solution: • Integrity and availability of the information can ensured by using protocols, software, authentication and authorization processes. • The most important problem in an open wireless medium is to ensure the confidentiality of messages. • Two possible solutions: • Cryptography: • Information theoretic security:
Cryptography => The goal is to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption. Julius Ceasar’s Cipher: (shift of n=3)
Cryptography Cont’d Rather than simple substitution, use time varying key sequences:
Security of Wi-Fi 24-bit Initial Vector(IV) 40-bit fixed key K WEP Encryption: (Wired Equivalent Privacy) Take bitwise XOR of the key with the message. IV is changing periodically, K is fixed and pre-shared between the users.
Security of Wi-Fi WPA Encryption: (Wi-Fi Protected Access) Uses the same blocks as WEP, but improves the weaknesses of WEP encryption. IV is 48 bits and changing for each packet. CRC (Cyclic Redundancy Check) is used in WEP which is proved to be ineffective, so Message Integrity Check (MIC) is integrated into WPA to have the error detection and correction mechanism. WPA provides much stronger keys as compared to WEP.
Security of Cellular Networks In the earlier cell phones, security was not a concern. Since 2G, each mobile has a Subscriber Identity Module, SIM, which is a smartcard to identify the user. SIM also contains a 128-bit key that is only known to itself and the home network. 2G attempts to deal with anonymity, authentication and confidentiality
Information Theoretic Security Question: How much information is too much to leak to an eavesdropping adversary?[3] Information theoretic encryption was first formulated by Claude Shannon in 1949, assuming the adversary has an unlimited computational resources and the objective of the transmitter is to ensure that no information is released to the adversary. [4] It is called information theoretic security, because system security is derived purely from information theory.
Gaussian Wiretap Channel [5] Tx Rx X Y Eve Z Y=X+ny Z=Y+nz Secrecy capacity is the maximum rate at which transmitter sends messages in perfect secrecy. Secrecy capacity of this channel is difference of capacities of intended receiver and eavesdropper channels.
2-2-1 Gaussian MIMO Wiretap Channel [6] Rx Y Tx X Eve Z Optimum achievable scheme is beamforming through the intended receiver. This is shown to be yield upper bound of the secrecy capacity.
Conclusion Wireless security consists of various components. Confidentiality, integrity and availability. Security can be ensured by protocols, software, access control, encryption, etc. The ultimate limits of security is derived and being investigated using information theory.
References: [1] “Information security: Principles and Application” by Mark Stamp, 2006 [2] “Security in Wireless networks”, Ali Gardezi [3] “Securing Wireless Communications at the Physical Layer” by Ruoheng Liu and Wade Trappe 2010 [4] “Communication Theory of Secrecy Systems” by Claude Shannon, 1949 [5] “The Gaussian Wiretap Channel”, by Leung-Yan-Cheong and Martin Hellman, 1978 [6] “Towards Secrecy Capacity of Gaussian MIMO Wiretap Channel: The 2-2-1 Channel” by ShabnamShaifee, Nan Liu and SennurUlukus, 2008