Link Setup Time (ms) Details : How do sender and receiver synchronize i ? Discovery/binding messages: infrequent and narrow interface  short term linkability.

Slides:

Advertisements

Similar presentations

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Advertisements

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

Improving Wireless Privacy with an Identifier-Free Link Layer Protocol Ben Greenstein, Damon McCoy, Jeffrey Pang, Tadayoshi Kohno, Srinivasan Seshan, and.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

User Fingerprinting Jeffrey Pang 1 Ben Greenstein 2 Ramakrishna Gummadi 3 Srinivasan Seshan 1 David Wetherall 2,4 1 CMU 2 Intel Research Seattle.

CSE 461: Privacy Ben Greenstein Jeremy Elson TAs: Ivan and Alper.

1 MD5 Cracking One way hash. Used in online passwords and file verification.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

1 Tryst: Making Local Service Discovery Confidential Jeffrey Pang Ben Greenstein Srinivasan Seshan David Wetherall.

Srinivasan Seshan (and many collaborators) Carnegie Mellon University 1.

Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

1/40 Quantifying and Preventing Privacy Threats in Wireless Link Layer Protocols Thesis Proposal Jeffrey Pang.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

1 Making Local Service Discovery Confidential with Tryst Jeffrey Pang CMU Ben Greenstein Intel Research Srinivasan Seshan CMU David Wetherall University.

Improving Wireless Privacy with an Identifier-Free Link Layer Protocol Ben Greenstein et.al. MobiSys’08 Presented by Seo Bon Keun.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

WLAN security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents WEP (Wired Equivalent Privacy) No key management Authentication.

15-744: Computer Networking L-23 Privacy. 2 Overview Routing privacy Web Privacy Wireless Privacy.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.

Improving the Privacy of Wireless Protocols Jeffrey Pang Carnegie Mellon University.

Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.

Mobile and Wireless Communication Security By Jason Gratto.

Wireless security & privacy Authors: M. Borsc and H. Shinde Source: IEEE International Conference on Personal Wireless Communications 2005 (ICPWC 2005),

Wireless and Security CSCI 5857: Encoding and Encryption.

ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.

Wireless Networking.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

Chapter Network Security Architecture Security Basics Legacy security Robust Security Segmentation Infrastructure Security VPN.

Wireless Network Security Dr. John P. Abraham Professor UTPA.

COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

1 C-DAC/Kolkata C-DAC All Rights Reserved Computer Security.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CWSP Guide to Wireless Security Chapter 2 Wireless LAN Vulnerabilities.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Network Security David Lazăr.

V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3.

Measuring of the time consumption of the WLAN’s security functions Jaroslav Kadlec, Radek Kuchta, Radimír Vrba Dept. of Microelectronics.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

1 Tryst: The Case for Confidential Service Discovery Jeffrey Pang CMU Ben Greenstein Intel Research Srinivasan Seshan CMU David Wetherall University of.

IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.

WLANs & Security Standards (802.11) b - up to 11 Mbps, several hundred feet g - up to 54 Mbps, backward compatible, same frequency a.

Wireless. Wireless hosts: end system devices; may or may not be mobile Wireless links: A host connects to a base station or host through a communication.

Wireless Security: The need for WPA and i By Abuzar Amini CS 265 Section 1.

Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

Your Wireless Network has No Clothes* William A. Arbaugh, Narendar Shankar Y.C. Justin Wan University of Maryland Presentation by Eddy Purnomo,

Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.

Secure Messenger Protocol using AES (Rijndael) Sang won, Lee

Improving Wireless Privacy with an Identifier-Free Link Layer Protocol Ben Greenstein, Damon McCoy, Yoshi Kohno, Jeffrey Pang, Srini Seshan, and David.

How are Computers Connected? Chapter 8. How do you connect computers? Run wires between two computers Power Cord Plug into a power outlet Two wires needed.

Doc.: IEEE /1022r0 Submission September 2008 Greenstein (Intel) et al. Slide 1 SlyFi: Enhancing Privacy by Concealing Link Layer Identifiers.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

802.11b Security CSEP 590 TU Osama Mazahir. Introduction Packets are sent out into the air for anyone to receive Eavesdropping is a much larger concern.

K. Salah1 Security Protocols in the Internet IPSec.

1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.

Instructor Materials Chapter 6 Building a Home Network

Secure Sockets Layer (SSL)

Jeffrey Pang Carnegie Mellon University

PPP – Point to Point Protocol

0x1A Great Papers in Computer Security

Protocol ap1.0: Alice says “I am Alice”

Presentation transcript:

Link Setup Time (ms) Details : How do sender and receiver synchronize i ? Discovery/binding messages: infrequent and narrow interface  short term linkability is O.K. Data messages: only sent on established connections  expect receiver to get most messages Performs as well as WPA and has stronger security Problem : Third parties can use unencrypted bits such as addresses to track and profile users. How can devices efficiently process packets without addresses? Idea : Sender and receiver agree on sequence of tokens beforehand; attach one token to each packet SlyFi: obscures all transmitted bits Mechanisms to Mitigate Wireless Privacy Threats Jeffrey Pang tcpdump packet size histogram header Is Bob’s Network here? header Bob’s Network is here Discover headerProof that I’m Alice header Proof that I’m Bob Authenticate and Bind header Send Data MAC address, … Is Bob’s PSP here? Proof that I’m Bob Bob’s PSP is here SSID: Bob’s Network Password: [_]pants Username: Alice Public Key: 0x123… transmission sizes Input transmissions Output transmissions 400  Input transmissions Discover Authenticate and Bind Send data Probe “Alice” ClientService Symmetric encryption (e.g., AES w/ random IV) Check MAC: MAC:K’ AB K AB K’ AB TiTi K AB Lookup T i in a table to get K AB AB T i = AES K (i) AB T i = AES K (i) AB T i = AES K (i) where i = transmission # AB T i = AES K (i) where i =  current time/5 min  AB Best security practices still expose identifiers, credentials, and packet sizes/timings to third parties, enabling attacks: Location tracking : identifiers can be linked over time User profiling : info can be cross-indexed with databases Side-channel analysis : sizes/timing reveals packet contents Greenstein, HotOS ’07; Pang, MobiCom ’07; Pang, HotNets ’07; Jiang, MobiSys ’07; Sapanos, Usenix Security ’07; Problem: existing protocols leak information Three essential protocol changes to prevent attacks: 1.Obscure all transmitted bits during all protocol phases 2.Obscure packet sizes/timing that act as side-channels 3.Obscure and automate bootstrapping of keys to prevent communication with untrusted third parties 1. MobiSys ’08; 2. CMU Thesis Proposal ’08; 3. HotNets ’07 Goal: obsure everything from third parties Unlinkability Integrity Authenticity Efficiency Confidentiality WPA MAC Pseudonyms Encrypt Everything SlyFi : Discovery SlyFi : Data Data Only Data Only Data Only Long Term Long Term Problem : Packet sizes and timings reveal sensitive contents in encrypted packet streams (identity, videos…) Idea : Framework for masking side-channel leaks using signature-like rules for packet padding and cover traffic Sudare: obscures side-channel leaks Masking rules, performance constraints Side-channel attack example Problem : Clients often need to communicate with new devices. How does a client know who to trust? Idea : Leverage transitive trust relationships and device reputation to automatically bootstrap keys Tryst: obscures & automates bootstrapping 512 bytes 128 bytes ? bytes “Alice’s Home” Trust Transitive Trust Alice trusts bob.laptop Alice’s secret Alice trusts “Alice’s Home” Alice’s secret Find networks that Alice trusts Attestation Bootstrapping using transitive trust Bootstrap Automatic and private AB tcpdump ? Tokens T i and T j are unlinkable if i ≠ j AB SlyFi protocol