60 likes | 266 Views
Wireless Security III. 2005. 03. 15 교육대학원 분산시스템특론 인천대학교 민병준 032-770-8497, 011-9913-8497, bjmin@incheon.ac.kr. Contents. Introduction to Wireless Wireless World Wireless Threats Wireless Security Protocols and Cryptography Security Considerations for Wireless Devices
E N D
Wireless Security III 2005. 03. 15 교육대학원 분산시스템특론 인천대학교 민병준 032-770-8497, 011-9913-8497, bjmin@incheon.ac.kr
Contents • Introduction to Wireless • Wireless World • Wireless Threats • Wireless Security Protocols and Cryptography • Security Considerations for Wireless Devices • Wireless Technologies and Applications • Cellular Networks • Wireless Data Networks • Wireless Standards and Technologies • Wireless Deployment Strategies • Implementing Wireless LANs : Security Considerations • Enabling Secure Wireless Access to Data • Real Examples from the Wireless World • The Wireless Future • Accessing Wireless LANs
Wireless World (1/2) • History of Wireless Technologies • Transmitting the 1st wireless radio signal in 1894 by G. Marconi • AM radio sets in 1920s by GE, AT&T, RCA • TV, radio, phone took 20-30 years to reach 25% of US population • After world war II • 1970s : 1st wireless networks • analog, operated in a limited frequency range, only a low volume of simultaneous calls • AT&T’s Advanced Mobile Phone Service in 1979 • GSM (Global System for Mobile Communications) standard • 1980s : wireless markets start to evolve • 1990s : wireless networks mature • 1st commercial GSM networks in 1991 (2001, 800 M users) • 2G networks – TDMA, CDMA, Personal Digital Communications • Wireless LAN standard (IEEE 802.11) in 1990 • Bluetooth SIG in 1998 by Ericsson, IBM, Intel, Nokia, and Toshiba • Wireless Internet, WAP in 1997 • Obstacles • Economics : e.g. wireless-internet-capable cell phones, high price Bluetooth chipsets • User experience : slow and inconvenience • Security : stock trading, access to corporate networks • Market forecast • Wireless LAN (more than $3B) vs. Bluetooth (less than $1B) in 2005
Wireless World (2/2) • History of Wireless Security • Eavesdropping and Jamming • Banning radio scanners, testing encrypted voice and data • Communication Act of 1934, Electronic Communications Privacy Act in 1986 • Sending high volume of radio signals – Jamming • Possible breaches • Interception of law enforcement data on specialized mobile radio, or CDPD networks • Interception of credit card authorizations over wireless networks • Stealing of cellular airtime • Interception of e-mail messages on wireless Internet connections • Physical breach of security at base stations • Wireless Internet – Wireless Security • Secure Sockets Layer, Transport Layer Security • WAP Forum : Wireless Transport Layer Security • S니-like alternative • Does not provide end-to-end encryption • Leaving data temporarily in an unencrypted – WAP Gap • Wireless value chain • Device vendors (Nokia, Motorola, Ericsson, Samsung) • Putting security features on handsets • Network operators ( Verizon, Vodafone, Sprint PCS) • Wireless data introduced a new series of issues • Trust relationship • Hardware providers • Contents / Application providers • Potential breaches, loss of consumer confidence
Wireless Threats (1/2) • Uncontrolled Terrain • Anonymous, uncontrolled coverage areas • Eavesdropping • Anonymous attacker passively intercepting radio signals and decoding the data being transmitted • Sensitive data such as username and password in cleartext • Password encryption algorithms such as MS NTLM can be easily broken • Active eavesdropping – ARP spoofing : man-in-the-middle attack • Communications Jamming • DoS jamming • Client jamming : jammed client loses connectivity and cannot access the application • Base station jamming : a rogue stands in for the legitimate base station • Injection and Modification of Data • Inserting commands (control messages) to a base station • Man-in-the-Middle attack • Rogue Client • Rogue Network Access Points • Attack Anonymity – searching network to gain free anonymous access • Client-to-Client Attacks • Infrastructure Equipment Attacks – bypassing virtual LAN security : switch, MAC, routing attacks (Open Shortest Path First, Enhanced Interior Gateway Routing Protocol)
Wireless Threats (2/2) • Attacker Equipment • Wireless Network Interface • Wireless Ethernet NIC • General Packet Radio Service / Cellular Digital Packet Data cellular telephony handset • Jammer and specialized software • Omnidirectional antennas (unity cain -> collinear), yagi antenna, parabolic • Covert Wireless Channels • Bridge air-gap networks • Roaming Issues • Mobile IP – location registration and packet redirection • Replay attacks to capture outbound traffic from the network • Cryptographic Threats • CDMA/GSM cellular network, wireless Ethernet networks • Wired Equivalent Privacy (WEP) – cryptographic mechanism for 802.11 • Implementation flaws, key management issues (single static key for all users)