200 likes | 437 Views
Ch 12. Wireless Security. Myungchul Kim mckim@icu.ac.kr. Wireless Security. Security principles Special issues in wireless security Security issues unique to 802.11, satellites, cellular networks, WAP, etc. Centrex. Wireless Security Example. Link to Public Internet. C. D. T1 or
E N D
Ch 12. Wireless Security Myungchul Kim mckim@icu.ac.kr
Wireless Security Security principles Special issues in wireless security Security issues unique to 802.11, satellites, cellular networks, WAP, etc.
Centrex Wireless Security Example Link to Public Internet C D T1 or DSL LAN Server Wireless LAN Cell Wireless LAN Cell Z Y Router and Firewall Fast Ethernet LAN(Backbone) Wireless LAN Cell 1. No physical net security (server ID/PW) 2. No physical net security (server ID/PW + encryption) 3. Physical net security (optional server ID/PW + encryption) X Wired Ethernet LAN A B
Wireless security Issues • Several security concerns at all layers • Wireless networks (cellular, wi-fi, adhoc, satellite) • Wireless platforms (Mobile IP, WAP, I-Mode, Wireless Java, Mobile Web services) • Mobile applications (holding digital certificates in handsets) • Too many issues needing attention • Cellular security (location services) • Satellite security (GAO report) • Mobile adhoc network security • Wireless platform security (WAP, BREW) • M-application security (handset certificates) • An architecture approach is needed – a solution that considers tradeoffs and works within constraints and limitations
Different Views: User View (PIA4) Privacy • assure privacy of information (i.e., no one other than the authorized people can see the information) in storage or transmission Integrity • the integrity of information (i.e., no unauthorized modification) Authentication: • identify for certain who is communicating with you Authorization (Access control): • determine what access rights that person has.
Accountability (Auditing): . • assure that you can tell who did what when and convince yourself that the system keeps its security promises. • Includes non-repudiation (NR) -- the ability to provide proof of the origin or delivery of data. • NR protects the sender against a false denial by the recipient that the data has been received. Also protects the recipient against false denial by the sender that the data has been sent. • a receiver cannot say that he/she never received the data or the sender cannot say that he/she never sent any data Availability: access to system when a user needs it
Sample Wireless Security Technologies • SET for transaction security • S/MIME and PGP for secure email • Java security (sandboxes) • Database security Applications Can use higher level services to compensate for lower layers Tradeoffs in performance and security • SSL and TLS • WAP security (WTLS) • Web security (HTTPS, PICS, HTTP Headers) • Proxy server security Middleware TCP/IP • IPSEC and wirless VPN • Mobile IP • 802.11 security (WEP) • Cellular network security • Satellite link security • WLL and cordless link security Wireless Link
Security Tradeoffs Telnet FTP SMTP HTTP TCP /IP a) Physical Network Level Security (encryption at physical network level) Physical Network (layer1 –2) Telnet FTP SMTP HTTP b) Transport Level Security (encryption at IP level) IPsec (VPN) Physical network A3 A3 A2 A1 PGP S/MIME HTTP c) Higher Level Security (encryption at SSL or application level) SMTP SSL TCP /IP Legend: Darker areas indicate security (say encryption) Physical network
Table 12-1 Security Considerations – Mapping Technology to Needs
Centrex Wireless Security Example Link to Public Internet C D T1 or DSL LAN Server Wireless LAN Cell Wireless LAN Cell Z Y Router and Firewall Fast Ethernet LAN(Backbone) Wireless LAN Cell 1. No physical net security (server ID/PW) 2. No physical net security (server ID/PW + encryption) 3. Physical net security (optional server ID/PW + encryption) X Wired Ethernet LAN A B
Wireless LAN security • Issues • Random connectivity • Identity issues: MAC address • Access control issues: ACL based on MAC address • Authentication Issues: un-authenticated Diffie-Hellman algorithm -> man-in-the-middle attack • Wired Equivalent Privacy (WEP) • A single key • Higher-level (e.g. applications) security measures are needed • 802.11i • Much stronger encryption and longer key • IEEE 802.1X • Authentication/key management
Cellular wireless network security • 1G • 2G: SIM (subscriber information module) of GSM • 2.5G: GPRS with Ipsec • 3G
Mobile ad hoc network security • Security challenges • Availability: redundancies • Privacy: trust, protect routing information • Integrity • Authentication: Certificate Authorities • Non-repudiation • Black hole attack
Wireless PAN security • Limitations and problems • Unlicensed 2.4-GHz radio band • Key management • PIN code • Device authentication, no user authentication • Mad-in-the-middle attack • Short PIN size • Key size of cipher algorithms • Location and movement
WAP Security Wireless network with uses WTLS Security WAP Phone Internet uses SSL Security • Web Server • CGI Scripts • WAP Gateway • Protocol Adapters • WML Encoder • WMLScript • Compiler WML Browser WML Script Content
I-Mode security Docomo Wireless Network using proprietary protocols and SSL I-Mode Phone Dedicated Lines using SSL Security Financial Institution Web Server with I-Mode Content
Levels of Security View • SET for transaction security • S/MIME and PGP for secure email • Java security • Database security Applications • SSL and TLS • WAP security (WTLS) • Web security (HTTPS, PICS, HTTP Headers) • Proxy server security Middleware TCP/IP • IPSEC and VPN • 802.11 security (WEP) • Cellular network security • Satellite link security • WLL and cordless link security Wireless Link
Summary Security principles Special issues in wireless security Security issues unique to 802.11, satellites, cellular networks, WAP, etc.