Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS1: Wireless Communication and Mobile Programming

Published byJulius Wilkerson Modified over 6 years ago

Similar presentations

Presentation on theme: "CS1: Wireless Communication and Mobile Programming"— Presentation transcript:

1 CS1: Wireless Communication and Mobile Programming
Security Issues in Mobile Computing Dr. Khaled Mahmud Laurentian University International Global Experience Program Summer 2016

2 Agenda Information Security Security in WLAN
Security Techniques and Algorithm Security Framework for mobile computing environment (c) Khaled Mahmud

3 Reference Chapter 20 [TEL]
Data Communications and Networking- Behrouz A . Forouzan Web references (c) Khaled Mahmud

4 Wireless Security Broadcasting network traffic over the airwaves
Has created an entirely new set of issues for keeping data transmissions secure (c) Khaled Mahmud

5 Risks of Mobile Computing
Mobile computing devices Can store large amounts of data Are highly portable and, Are frequently unprotected Easy to steal or lose Unless precautions are taken, an unauthorized person can gain access to the information stored on them or accessed through them Even if not stolen or lost, intruders can sometimes gain all the access they need If the device is left alone and unprotected If data is "sniffed out of the air" during wireless communications, or If malware is installed (c) Khaled Mahmud

6 Growth of Mobile Computing
Mobile Computing in business Non-fixed/Flexing office space Working from home (or away) Bring Your Own Device (BYOD) Mobile Computing in education ‘Mobile programs’ Simulated labs Mobile Computing in personal life Flexible storage ‘More than eReaders’ in use Online billing/payment (c) Khaled Mahmud

7 Guideline for Corporate Use
Dilemma: Productivity vs. Security For comprehensive mobile program companies can follow these guidelines Data encryption Password enforcement Device management Compliance and configuration management Data access Trust and confidence Enablement and ease of use (c) Khaled Mahmud

8 Security in Converged NW
(c) Khaled Mahmud

9 Identity in Mobile Communication
Authentication Identity management (c) Khaled Mahmud

10 Authentication Credentials
Types of authentication credentials What you have Example: key fob to lock your car What you are Example: facial characteristics recognized by health club attendant What you know Example: combination to health club locker Khaled Mahmud

11 Example Khaled Mahmud

12 Multifactor Security What you have What you know What you are
Physical key Magnetic ID card Hardware token RFID badge What you know Password/passphrase/PIN Personal question/answer Predetermined events What you are Fingerprint Voice recognition Retinal scan Face recognition (c) Khaled Mahmud

13 What You Know: Passwords
User logging in to a system Asked to identify himself User enters username User asked to authenticate User enters password Passwords are most common type of authentication today Passwords provide only weak protection Khaled Mahmud

14 What You Have: Tokens and Cards
Small devices with a window display Synched with an authentication server Code is generated from an algorithm Code changes every 30 to 60 seconds Khaled Mahmud

15 What You Are: Biometrics
Standard biometrics Uses person’s unique physical characteristics for authentication Fingerprint scanners most common type Face, hand, or eye characteristics also used Fingerprint scanner types Static fingerprint scanner Takes picture and compares with image on file Dynamic fingerprint scanner Uses small slit or opening Khaled Mahmud

16 Identity Management Various IDs
Apple ID Windows live ID/Hotmail ID/Skype ID/ Google ID Facebook ID Bank/School/Insurance/Utility Services We can use a single authentication credential shared across multiple networks Called Federated Identity Management (FIM) when networks are owned by different organizations Single Sign-On (SSO) holds promise to reduce burden of usernames and passwords to just one Khaled Mahmud

17 Account Management Managing user account passwords
Can be done by setting password rules Too cumbersome to manage on a user-by-user basis Security risk if one user setting is overlooked Preferred approach: assign privileges by group Microsoft Windows group password settings Password Policy Settings Account Lockout Policy Khaled Mahmud

18 Attacks Against WLANs Some of the most dangerous attacks
Hardware theft Device may contain information that can assist someone in breaking into the network AP impersonation A rogue AP can impersonate a valid device Passive monitoring Data transmissions can be monitored Denial of service (DoS) Flood the network with transmissions and deny others access to the AP (c) Khaled Mahmud

19 Types of Wireless LAN Attacks
Discovering the network Attacks through the RF spectrum Attacks involving Access Points (c) Khaled Mahmud

20 Discovering the Network
One of first steps in attack is to discover presence of a network Beaconing AP sends signal at regular intervals to announce its presence and provide connection information Wireless device scans for beacon frames War driving Process of passive discovery of wireless network locations (c) Khaled Mahmud

21 Attacks Through the RF Spectrum
Using Wireless protocol analyzer Generating interference (c) Khaled Mahmud

22 Wireless Protocol Analyzer
Wireless traffic captured to decode and analyze packet contents Network interface card (NIC) adapter must be in correct mode Six modes of wireless NICs Master (acting as an AP) Managed (client) Repeater Mesh Ad-hoc Monitor (c) Khaled Mahmud

23 Interference Signals from other devices can disrupt wireless transmissions Devices that can cause interference with a WLAN Microwave ovens Bluetooth devices Elevator motors Copy machines Outdoor lighting (certain types) Theft protection devices (c) Khaled Mahmud

24 Attacker Interference
(c) Khaled Mahmud

25 Security Original IEEE committee recognized wireless transmissions could be vulnerable Implemented several wireless security protections in the standard Left others to WLAN vendor’s discretion Protections were vulnerable and led to multiple attacks Initial Approaches MAC Address Filtering SSID Broadcast (hide) Wired Equivalent Privacy (WEP) (c) Khaled Mahmud

26 MAC Address Filtering Method of controlling WLAN access
Limit a device’s access to AP Media Access Control (MAC) address filtering Used by nearly all wireless AP vendors Permits or blocks device based on MAC address Vulnerabilities of MAC address filtering Addresses exchanged in unencrypted format Attacker can see address of approved device and substitute it on his own device Managing large number of addresses is challenging (c) Khaled Mahmud

27 SSID Broadcast Each device must be authenticated prior to connecting to the WLAN Open system authentication Device discovers wireless network and sends association request frame to AP Frame carries Service Set Identifier (SSID) User-supplied network name Can be any alphanumeric string 2-32 characters long AP compares SSID with actual SSID of network If the two match, wireless device is authenticated (c) Khaled Mahmud

28 Wired Equivalent Privacy (WEP)
IEEE security protocol Encrypts plaintext into ciphertext Secret key is shared between wireless client device and AP Key used to encrypt and decrypt packets WEP can only use 64-bit or 128-bit number to encrypt (c) Khaled Mahmud

29 Newer Wireless Security Solutions
Unified approach to WLAN security was needed IEEE and Wi-Fi Alliance began developing security solutions Resulting standards used today IEEE i WPA and WPA2 (c) Khaled Mahmud

30 Wi-Fi Protected Access (WPA)
Introduced in 2003 by the Wi-Fi Alliance A subset of IEEE i Design goal: protect present and future wireless devices Temporal Key Integrity Protocol (TKIP) Encryption Used in WPA Uses longer 128 bit key than WEP Dynamically generated for each new packet (c) Khaled Mahmud

31 Preshared Key (PSK) Authentication
After AP configured, client device must have same key value entered Key is shared prior to communication taking place Uses a passphrase to generate encryption key Must be entered on each AP and wireless device in advance Not used for encryption Serves as starting point for mathematically generating the encryption keys (c) Khaled Mahmud

32 Wi-Fi Protected Access 2 (WPA2)
Second generation of WPA known as WPA2 Introduced in 2004 Based on final IEEE i standard Uses Advanced Encryption Standard (AES) Supports both PSK and IEEE 802.1x authentication (c) Khaled Mahmud

33 IEEE 802.11i Define a Robust Security Network Association (RSNA)
Provide Mutual authentication between client devices and AP Controlled access to the network Establishment of security keys Key management (c) Khaled Mahmud

34 IEEE 802.1x Client device must be authenticated on the network by an external authentication server Remote Authentication Dial In User Service (RADIUS) All communication between the client device and the AP is blocked Until the authentication process is completed 802.1x uses the Extensible Authentication Protocol (EAP) For relaying access requests between a wireless device, the AP, and the RADIUS server (c) Khaled Mahmud

35 IEEE 802.1x Authentication Originally developed for wired networks
Provides greater degree of security by implementing port security Blocks all traffic on a port-by-port basis until client is authenticated (c) Khaled Mahmud

36 AAA Server Authentication, Authorization and Accounting (AAA)
Most popular server RADIUS (Remote Authentication Dial In User Service) Newer protocol Diameter Allows data roaming Mobile computing (c) Khaled Mahmud

Download ppt "CS1: Wireless Communication and Mobile Programming"

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.

Attack and Defense in Wireless Networks Presented by Aleksandr Doronin.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Security Awareness Chapter 5 Wireless Network Security.

Security Awareness Chapter 5 Wireless Network Security.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.

Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.

Computer Networks. Network Connections Ethernet Networks Single wire (or bus) runs to all machines Any computer can send info to another computer Header.
Mobile and Wireless Communication Security By Jason Gratto.

Mobile and Wireless Communication Security By Jason Gratto.

Similar presentations

Ads by Google