1 / 16

Security in Wireless Networks

Security in Wireless Networks. Mike Swift CSE 802.11b Summer 2003. Standard Preamble. What is different about wireless? No authentication of access port Battery-operated devices Frequent use of broadcast Easy sniffing / packet injection Jamming. What are the problems?.

cora-grant
Download Presentation

Security in Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security in Wireless Networks Mike Swift CSE 802.11b Summer 2003

  2. Standard Preamble • What is different about wireless? • No authentication of access port • Battery-operated devices • Frequent use of broadcast • Easy sniffing / packet injection • Jamming

  3. What are the problems? • Denial of service • Battery usage • Physical layer: jamming (not our problem) • MAC layer and up: injected messages • Confidentiality / integrity - More or less solved • Secure association • Routing -Preventing rogues from obtaining routes

  4. Power DOS attacks • Turn off antenna to save power • Spoof “no messages” message when awakes • Spoof “message poll” so discarded before awakes • Spoof timer so desynchronizes • Receiving / sending packets require power consumption • Attacker can forcer receiver to use use power • Send many packets • Force it to resend packets • Solution: • Power consumption management • Prioritize tasks when limited by power • Authenticate timer messages

  5. MAC Layer DOS Attacks • Problem • MAC layer message direct nodes when not to send messages • RTS/CTS and NAV in 802.11 reserve channel • MAC layer state machine directs nodes to ignore future messages • Unauthenticated / unassociated state causes packets to be dropped silently • States entered as result of unauthenticated messages • Power requirements for DOS very low • Commercial MAC implementations allow sending of arbitrary packets via. aux debug port

  6. Solution to MAC layer DOS attacks • Authenticate every messages • Prevents outsider from disassociating / unauthenticating • Verify messages • Verify channel in use after RTS/CTS • Verify no more messages after disassociation

  7. General approaches • Sign every packet • Prevent attackers from spoofing management packets • Authenticate then associate • Allows authentication of association management packets • Prevents any communication before authentication

  8. Secure association • How does my TV trust my remote? • How does my laptop trust the printer in the airport? • How do I get onto a wireless network?

  9. Solutions for ad-hoc networks • Location limited channels for key exchange • Physical contact • Direction-specific limited range (IR) • Demonstrative identification – easily visible • Pre-authentication: exchange keys before going wireless • Resurrected duckling • First association is binding • Removing binding reincarnates device (loses all state)

  10. Solutions for Access Points • Two-layer protocols • Application layer: key negotiation and authentication • Link layer: message integrity and confidentiality • Access points allow only limited connectivity before association • Communication only for authentication / address acquisition (DHCP)

  11. Routing • Routing works over unknown physical layout • Must infer topology / neighbors from messages sent • Attacks: • Corrupting routing updates • Forwarding messages inappropriately (wormhole) • Result of attacks • Can force all traffic through a node • Can break reachability

  12. Routing security solutions • Solutions: • Cryptography to prevent forging route messages (ask Ratul for details) • Ensure that route metrics can only be increased, not decreased • Ensure that metrics received along two paths are consistent • Ensure that packets received are physically sent (or possibly physically sent) by in-range sender

  13. Wormhole Attack

  14. A(400,150),t1 B A (400,150) B A(400,150),t1 C A(400,150),t1 C (10,30),t3 E D D(50,10),t2 (50,10) Geographic Leashes • E computes distance = 408 • Distance too far! • Requires GPS

  15. Temporal Leashes A,t1 • E computes t3-t1 > c * max distance : denied • E computes t3-t2 < c* max distance: accepted • Requires clocks synchronized to 183 ns • Requires RT OS/MAC to give deterministic packet delivery/receipt times B A B A,t1 C A,t1 C E:t3 E D D,t2

  16. General Principals • Sign everything • Authenticate first • Use limited channels for initial authentication • Trust, but verify • sender confirms intent to disconnect • e.g. no more packets • associates to another AP • sender in range

More Related