Presentation is loading. Please wait.

Presentation is loading. Please wait.

Author: Bob Edwards, Edited by: Nic Shulver Applied Communications Technology Wireless Mobile Security Overview of needs Wireless security Attack types.

Published byMerilyn Burke Modified over 9 years ago

Similar presentations

Presentation on theme: "Author: Bob Edwards, Edited by: Nic Shulver Applied Communications Technology Wireless Mobile Security Overview of needs Wireless security Attack types."— Presentation transcript:

1 Author: Bob Edwards, Edited by: Nic Shulver Applied Communications Technology Wireless Mobile Security Overview of needs Wireless security Attack types GSM and UTMS security Bluetooth Slide1 “Nearly one out of every two recorded digital attacks are now taking place via the wireless route as opposed to one out of every ten, at the start of 2004.” 50% of all network breaches start with Wi-Fi “20% of enterprise CIOs had found unsecured access points on their network.”

2 Author: Bob Edwards, Edited by: Nic Shulver Why is security more of a concern in wireless? F No inherent physical protection F Broadcast communications F Eavesdropping is easy with a modified phone F Impersonation of user’s signals and/or user data to the network F Impersonation of the network, looks like genuine network F Illegitimate access to the network and its services is easy F Denial of service is easily achieved by jamming Slide 2

3 Author: Bob Edwards, Edited by: Nic Shulver Wireless Security Pain points: F “Air” is now a part of corporate networks. It must be monitored! F RF signals can leak out of your office premises F Invisible network. Hard to manage what you cannot see F “No Wi-Fi” policy keeps my network safe (yeah, right…) F 2.4GHz is license free, unregulated medium F Firewalls, VPNs, Wired Intrusion Detection systems are not sufficient F New stringent regulatory compliance Slide 3

4 Author: Bob Edwards, Edited by: Nic Shulver Wireless security requirements F Confidentiality : encrypt messages F Authenticity: verify origin of messages F Replay detection: check freshness of messages F Verify message integrity - possible to modify messages on-the-fly (during radio transmission) F Access control –access to network services only for “legitimate entities” –access control should be constantly reapplied Not enough to check when a user joins the network Or when logical associations are established Logical associations can be hijacked at any time F Protection against jamming Slide 4

5 Author: Bob Edwards, Edited by: Nic Shulver Balancing Security and Access F Careful management of security policies is needed to maintain the balance between transparent access and use and the network security Slide 5

6 Author: Bob Edwards, Edited by: Nic Shulver WLAN Security Wheel Always have a good WLAN Security Policy in place. Secure the network based on the policy Slide 6

7 Author: Bob Edwards, Edited by: Nic Shulver Vulnerabilities –Configuration Default, common or shared passwords Unneeded services enabled Few or no filters – router setup, file permissions etc. Poor device maintenance –Policy Weak security policy (or no explicit security policy) Poorly enforced policy Physical access unrestricted or unsecured Poor or no monitoring – logs, CCD, reporting –Technology TCP/IP – spoofing WEP and Broadcast SSID – relatively easy to break Association process – connection hand-shake spoofing Wireless Interference Slide 7

8 Author: Bob Edwards, Edited by: Nic Shulver WLAN Security Attacks F Reconnaissance –unauthorized discovery (information gathering ) and mapping of systems, services, or vulnerabilities –usually precedes an actual access or DoS attack. F Access –Usually involves running a script and/or “social engineering” –Intruder attempts to gain access to a device for which he does not have an account or password F Denial-of-Service –an attacker disables or corrupts the network with the intent of denying the service to authorized users Slide 8

9 Author: Bob Edwards, Edited by: Nic Shulver The “Parking Lot” Attacker The “Rogue” Access Point Slide 9 WLAN Security Issues

10 Author: Bob Edwards, Edited by: Nic Shulver WLAN Security Considerations F Authentication – only authorized users and devices should be allowed. F Administration Security – only authorized users should be able to access the AP configuration interfaces F Encryption – traffic should be protected from unauthorized access. –FTP, HTTP, POP3, and SMTP are insecure and should be avoided whenever possible. Utilize protocols with encryption. Slide 10 TrafficTraffic No Encryption EncryptionEncryption Web Browsing HTTPSHTTPSHTTPHTTP File Transfer TFTP or FTP SCPSCP EmailEmail Remote Mgmt POP3 or SMTP SPOP3SPOP3 TelnetTelnetSSHSSH

11 Author: Bob Edwards, Edited by: Nic Shulver Slide 11 Wireless LANs Security F MAC address filtering F Encryption is the method which will give the best level of security –If companies wish to use the technology they will want a level of knowledge that only the recipient can read the data and the non-repudiation of the packets sent –Encryption Algorithms WEP, WPA, WPA2

12 Author: Bob Edwards, Edited by: Nic Shulver Slide 12 WEP –Wired Equivalent Privacy F Device is given a “key” which matches with the one in the AP F In a home environment that is fine, consider it though in a company with 1000 wireless users –If person leaves, the remaining 999 now have their encryption key manually updated –Otherwise the network is left insecure F When using 40 Bit WEP encryption the throughput of the network reduces by 20 - 50% F WEP Vulnerabilities –No mutual authentication or user authentication –Small key size and weak encryption –Shared keys need to be changed manually –Subject to “dictionary” attacks as it’s not practical to change keys frequently –Facility to switch off encryption can be misused

13 Author: Bob Edwards, Edited by: Nic Shulver Slide 13 WPA (Wi-Fi Protected Access) F Alternative to WEP introduced by the Wi-Fi Alliance in Oct 2003 as a temporary measure F Replaces RC4 with more robust TKIP (Temporal Key Integrity Protocol) and MIC (Message Integrity check) F Provides mutual authentication and user authentication based on 802.1X/ EAP (Extensible Authentication Protocol) or Pre Shared Keys (PSK) 802.11i and WPA2 F WPA2 was introduced by the Wi-Fi Alliance in Sep 2004 F Equivalent to the IEEE 802.11i security standard ratified earlier in June 2004 F Uses the powerful AES (Advanced Encryption Standard) for encryption. F Provides mutual authentication and user authentication based on 802.1X/ EAP or PSKs similar to WPA F Temporal keying allows the keys to be changed as the communications take place F Supports roaming devices

14 Author: Bob Edwards, Edited by: Nic Shulver 802.11i Operational Phases Slide 14

15 Author: Bob Edwards, Edited by: Nic Shulver Admin Authentication on AP F To prevent unauthorized access to the AP configuration interfaces: –Configure a secret password for the privileged mode access. (good) –Configure local usernames/passwords. (better) –Configure AP to utilize a security server for user access. (best) F SSID Stealth –In this mode, the Access point does not reveal its identity to probe requests from stations –This provides a primitive level of “security by obscurity” F Access Control Lists –The AP maintains a list of MAC addresses of trusted stations and requests from other MAC addresses are ignored Slide 15

16 Author: Bob Edwards, Edited by: Nic Shulver WLAN Security Hierarchy No Encryption, Basic Authentication Public “Hotspots” Open Access 40-bit or 128-bit Static WEP Encryption Home Use Basic Security 802.1x, KIP/WPA Encryption, Mutual Authentication, Scalable Key Mgmt., etc. Business Enhanced Security Slide 16 Virtual Private Network (VPN) Business Traveler, Telecommuter Remote Access

17 Author: Bob Edwards, Edited by: Nic Shulver Slide 17 Attacker Capabilities F Man-in-the-middle –This is the capability whereby the intruder puts himself in between the target user and a genuine network and has the ability to eavesdrop, modify, delete, re-order, replay, and spoof signalling and user data messages exchanged between the two parties. F Network Authentication Compromise –The intruder possesses a compromised authentication vector (challenge-response pairs, cipher keys, integrity keys, etc.) –For his attacks the intruder requires a modified Mobile Station (MS) and/or a modified Base Station (BS)

18 Author: Bob Edwards, Edited by: Nic Shulver Slide 18 Denial of Service (DoS) The following will result in complete or partial denial of services to the target user F User de-registration request spoofing –If the network cannot authenticate messages then an attacker with a modified MS can send a de-registration request to the network, which is complied with by the network and simultaneously sends instructions to the Home Location Register (HLR) to do the same. F Location update request spoofing –Instead of sending requests for de-registration, the attacker sends a location update request from a different area from the one in which the user is presently located. As a result the user is paged in the new area. F Camping on a false BS/MS –The attacker with a modified BS/MS puts himself in-between the Serving Network (SN) and the target user.

19 Author: Bob Edwards, Edited by: Nic Shulver Identity catching F Mobile users are identified by temporary identities, but there are cases where the network requests the user to send its permanent identity in clear text F Passive identity catching –The attacker with a modified MS waits passively for a new registration or a database crash as in such cases the user is requested to send its identity in clear text. F Active identity catching –In this case, the attacker with a modified BS entices the user to camp on his BS and then asks him to send his International Mobile Subscriber Identity (IMSI) Slide 19

20 Author: Bob Edwards, Edited by: Nic Shulver Slide 20 Impersonation of User F By the use of a compromised authentication vector F By the use of an eavesdropped authentication response –Hijacking outgoing calls in networks with encryption disabled –Hijacking outgoing calls in networks with encryption enabled –Hijacking incoming calls in networks with encryption disabled –Hijacking incoming calls in networks with encryption enabled F If you have a user’s authentication details you can send a message as them, even if it’s a temporary authentication

21 Author: Bob Edwards, Edited by: Nic Shulver Impersonation of the network F By suppressing encryption between the target user and the intruder: An attacker with a modified BS entices the user to camp on his false BS and when the service is initiated, the intruder does not enable encryption. F By suppressing encryption between the target user and the true network: During call setup the ciphering capabilities of the MS are modified by the intruder and it appears to the network that there is genuine mismatch of the ciphering and authentication algorithms. After this the network may decide to establish an un-enciphered connection: The intruder cuts the connection and impersonates the network to the target user. F By forcing the use of a compromised cipher key: The attacker with a modified BS/MS and a compromised authentication vector entices the user to setup a call while camped on his false BS/MS. The attacker then forces the use of a compromised cipher key. Slide 21

22 Author: Bob Edwards, Edited by: Nic Shulver Slide 22 Intro to Mobile Phone Security F The original first generation analogue mobile systems employed a simple electronic serial number to confirm that the terminal should be allowed access to the service. –It was not long before the protection afforded to this number was broken. F Second generation systems such as GSM were designed from the beginning with security in mind. –The Home Environment operator can control the use of the system by the provision of the Subscriber Identity Module (SIM) which contains a user identity and authentication key.

23 Author: Bob Edwards, Edited by: Nic Shulver GSM Security Features F Authentication –network operator can verify the identity of the subscriber making it infeasible to clone someone else’s mobile phone –challenge-response authentication protocol –encryption of the radio channel F Confidentiality –protects voice, data and sensitive signalling information (e.g. dialled digits) against eavesdropping on the radio path –encryption of the radio channel F Anonymity –protects against someone tracking the location of the user or identifying calls made to or from the user by eavesdropping –use of temporary identities Slide 23

24 Author: Bob Edwards, Edited by: Nic Shulver GSM Security Architecture F Each mobile subscriber is issued with a unique 128-bit secret key (Ki) F This is stored on a Subscriber Identity Module (SIM) which must be inserted into the mobile phone F Each subscriber’s Ki is also stored in an Authentication Centre (AuC) associated with the HLR (Home Location Register) in the home network F The SIM is a tamper resistant smart card designed to make it infeasible to extract the customer’s Ki F GSM security relies on the secrecy of Ki –if the Ki could be extracted then the subscription could be cloned and the subscriber’s calls could be eavesdropped –even the customer should not be able to obtain Ki Slide 24

25 Author: Bob Edwards, Edited by: Nic Shulver GSM Authentication Principles F Network authenticates the SIM to protect against cloning F Challenge-response protocol –SIM demonstrates knowledge of Ki –infeasible for an intruder to obtain information about Ki which could be used to clone the SIM F Encryption key agreement –a key (Kc) for radio interface encryption is derived as part of the protocol F Authentication can be performed at call establishment allowing a new Kc to be used for each call Slide 25

26 Author: Bob Edwards, Edited by: Nic Shulver The SIM card F Must be tamper-resistant F Protected by a PIN code (checked locally by the SIM) F Is removable from the terminal F Contains all data specific to the end user which have to reside in the Mobile Station: –IMSI: International Mobile Subscriber Identity (permanent user’s identity) –PIN –TMSI (Temporary Mobile Subscriber Identity) –K i : User’s secret key –K c : Ciphering key –List of the last call attempts –List of preferred operators –Supplementary service data (abbreviated dialing, last short messages received,...) Slide 26

27 Author: Bob Edwards, Edited by: Nic Shulver Conclusion on GSM security F Focused on the protection of the air interface F No protection on the wired part of the network (neither for privacy nor for confidentiality) F The visited network has access to all data (except the secret key of the end user) F Generally robust, but a few successful attacks have been reported: –faked base stations –cloning of the SIM card Slide 27

28 Author: Bob Edwards, Edited by: Nic Shulver GPRS Encryption F Differences compared with GSM circuit-switched –Encryption terminated further back in network –Encryption applied at higher layer in protocol stack Logical Link Layer (LLC) –New stream cipher with different input/output parameters GPRS Encryption Algorithm (GEA) –GEA generates the keystream as a function of the cipher key and the ‘LLC frame number’ - so the cipher is re-synchronised to every LLC frame –LLC frame number is very large so keystream repeat is not an issue Slide 28

29 Author: Bob Edwards, Edited by: Nic Shulver Security Features in UMTS F Authentication of the user to the network F Encryption of user traffic and signalling data over the radio link –encryption terminates at the radio network controller (RNC) further back in network compared with GSM –long key length (128-bit) F Enhanced User identity confidentiality over the radio access link a group key is shared by a group of users F Mutual authentication and key agreement –provides enhanced protection against false base station attacks by allowing the mobile to authenticate the network F Integrity protection of critical signalling between mobile and radio network controller –provides enhanced protection against false base station attacks by allowing the mobile to check the authenticity of certain signalling messages –extends the influence of user authentication when encryption is not applied by allowing the network to check the authenticity of certain signalling messages Slide 29

30 Author: Bob Edwards, Edited by: Nic Shulver UMTS Security Architecture F Network access security : provides confidentiality of user identity and that of the user and signalling data, integrity protection of critical signalling data, authentication of user and network, and identification of Mobile Equipment (ME). F Network domain security : enables different nodes in the provider domain to securely exchange signalling data, and protects against attacks on the wire line network. F User domain security : ensures only authorized access to Universal Subscriber Identity Module (USIM). F Application domain security : enables applications in the user and provider domains to securely exchange messages. F Visibility and configurability of security : informs the user whether a security feature is in operation and if the use and provision of services should depend on the security feature. Slide 30

31 Author: Bob Edwards, Edited by: Nic Shulver Bluetooth F Short-range communications, master-slave principle F Eavesdropping is difficult: –Frequency hopping –Communication is over a few metres only F Security issues: –Authentication of the devices to each other –Confidential channel F based on secret link key Slide 31

32 Author: Bob Edwards, Edited by: Nic Shulver Management of Wireless Security F Access Control to prevent any access to any session requested unless identified and authenticated F Accountability and Audit –generate a security log containing information sufficient for after-the-fact investigation of loss or impropriety F Access to Home Location Register (HLR), Authentication Centre (AuC) and Mobile Switching Centre (MSC) should be limited Slide 32

33 Author: Bob Edwards, Edited by: Nic Shulver Slide 33 Conclusion F Wireless and mobile security issues concentrate on the Integrity, confidentiality and authentication of the networks and users. F Access and use of service to avoid or reduce a legitimate charge. F Location privacy: unique to mobile networks. F Mobile devices: –Limited resources –Lack of physical protection F Roaming of users across different networks

34 Author: Bob Edwards, Edited by: Nic Shulver Drive-by Cracking Slide 34

Download ppt "Author: Bob Edwards, Edited by: Nic Shulver Applied Communications Technology Wireless Mobile Security Overview of needs Wireless security Attack types."

Similar presentations

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Myagmar, Gupta UIUC 2001 1 3G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.

Myagmar, Gupta UIUC G Security Principles Build on GSM security Correct problems with GSM security Add new security features Source: 3GPP.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Security in IEEE 802.11 wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.

Security in IEEE wireless networks Piotr Polak University Politehnica of Bucharest, December 2008.
G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.

G53SEC 1 Mobile Security GSM, UTMS, Wi-Fi and some Bluetooth.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
1 Wireless LAN Security Presented by Vikrant Karan.

1 Wireless LAN Security Presented by Vikrant Karan.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
Information Security of Embedded Systems 20.1.2010: Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.

Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.

NCHU AI LAB Implications of Unlicensed Mobile Access for GSM security From : Proceeding of the First International Conference on Security and Privacy for.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Wireless Security Issues Implementing a wireless LAN without compromising your network Marshall Breeding Director for Innovative Technologies and Research.

Similar presentations

Ads by Google