Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Systems Research Group - FAU Wireless Web Services Security Christopher Lo.

Published byLeon Cooper Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Systems Research Group - FAU Wireless Web Services Security Christopher Lo."— Presentation transcript:

1 Secure Systems Research Group - FAU Wireless Web Services Security Christopher Lo

2 Secure Systems Research Group - FAU Overview Main differences between wired and wireless web services  Network connection method  Format supported on mobile devices  Size of screen on mobile devices Mobile Devices  PDAs – Wireless LAN  Mobile phones – WAP & WML

3 Secure Systems Research Group - FAU Wireless LAN Most PDAs can handle 802.11i technology allowing them to access web services through wireless LAN Issues with Wireless LAN  Uncontrolled range with radio signal  Exposed setup allows for drive by hacking  Constantly Changing IPs

4 Secure Systems Research Group - FAU Wireless LAN Encryption Standards WEP - Wired Equivalent Privacy WPA - WiFi Protected Access RSN - Robust Security Network

5 Secure Systems Research Group - FAU WEP The most problematic of the three UC Berkley’s study has shown the RC4 stream cipher can be broken using a series of computation. Small keys and need to manually change keys poses maintenance problems –Dictionary attacks can find keys

6 Secure Systems Research Group - FAU WPA Compatible with existing 802.11i Temporal Key Integrity Protocol (TKIP)  Uses a master key to create encryption values which are then changed and automatically distributed.  Key mixing for each packet  A 64-bit message integrity code  Offers the means to re-key the packet.

7 Secure Systems Research Group - FAU RSN Encrypts with AES-CCMP (AES Counter-Mode Cipher Block Chaining Message Authentication Code Protocol) TKIP is used to handle the older systems User authentication and key management is handled using the IEEE 802.1x Port Based Network Authentication Authentication system is based on Extensible Authentication Protocol (EAP). The authentication server is located on the wired network and may also be the same as the Remote Authentication Dial-In User Service (RADIUS).

8 Secure Systems Research Group - FAU WML Mobile phones are primarily restricted to WAP for accessing web services Older mobile phones are mostly restricted to black and white screens. Size restrictions even with colored screens WML is the primary format for wireless web services WML is an XML application but with much less the processing power Limited user input available

9 Secure Systems Research Group - FAU XML to WML Most companies write their own WML versions of the web service Translation should be moved to the portal/web server (Phone.com, SprintPCS, etc) IBM WebSphere currently supports translation to WML

10 Secure Systems Research Group - FAU WAP Wireless Application Protocol WAP Gateway – translates WTLS to SSL

11 Secure Systems Research Group - FAU WAP Server The WTLS support is built into the web server

12 Secure Systems Research Group - FAU Issues with XML Size is generally too large for mobile devices Increased size = Increased airtime  Problem with constantly changing IPs Need for compression before encryption

13 Secure Systems Research Group - FAU Other Concerns: Tracking Web Services FollowUs, Fleetstar-Online, & Kids OK Rely on tracking GSM or GPS A cell ID must first be registered with a service in order to be tracked. GPS tracking relies on 24 civilian usable satellites that circle the earth.  Assisted GPS system (AGPS) GSM - the SIM card is tracked instead of the actual phone. The legal stipulations are mapped out in a set of Code of Practices.

Download ppt "Secure Systems Research Group - FAU Wireless Web Services Security Christopher Lo."

Similar presentations

Security+ All-In-One Edition Chapter 10 – Wireless Security

Security+ All-In-One Edition Chapter 10 – Wireless Security
Security in Wireless Networks Juan Camilo Quintero D. 1041718.

Security in Wireless Networks Juan Camilo Quintero D
Cryptography and Network Security Chapter 17 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 17 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.

DIMACS Nov 3 - 4, 2004 WIRELESS SECURITY AND ROAMING OVERVIEW DIMACS November 3-4, 2004 Workshop: Mobile and Wireless Security Workshop: Mobile and Wireless.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
15 November 2004 1 Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.

15 November Wireless Security Issues Cheyenne Hollow Horn SFS Presentation 2004.
WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.

WIRELESS NETWORK SECURITY. Hackers Ad-hoc networks War Driving Man-in-the-Middle Caffe Latte attack.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.

WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
Wi-Fi the 802.11 Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.

Similar presentations

Ads by Google