wireless network security and mobile commerce
play

Wireless Network Security and Mobile Commerce Dr. Gordon B. Agnew - PowerPoint PPT Presentation

Dec 05, 2022 •160 likes •899 views

Wireless Network Security and Mobile Commerce Dr. Gordon B. Agnew Electrical and Computer Engineering University of Waterloo gbagnew@engmail.uwaterloo.ca Overview Wireless LANS 1. WLAN Standards and Characteristics Overview of

  1. Wireless Network Security and Mobile Commerce Dr. Gordon B. Agnew Electrical and Computer Engineering University of Waterloo gbagnew@engmail.uwaterloo.ca

  2. Overview Wireless LANS 1. • WLAN Standards and Characteristics • Overview of Security Issues in Wireless Security Architectures and Protocols 2. • WEP • IEEE 802.1x, EAP, etc. • Architectures – GSM, GPRS, etc. • WAP2.0 Future Directions 3. Workshop on Security in Electronic Commerce

  3. What is the Problem? ♦ Until “recently”, networks were wire based connecting computers in fixed locations – Bandwidth not a concern – Computational/transmit power not a concern – Channel error rates small – Physical connection generally required for interception Workshop on Security in Electronic Commerce

  4. What is the Problem? ♦ Wireless networks do not map well into wired structures – Bandwidth limited – Computation power limited – Battery power limited – Relatively large error rates (security functions require perfect fidelity!) – “Features” sell! Workshop on Security in Electronic Commerce

  5. Wireless LAN’s Architectures, Standards, Operability

  6. IEEE 802.11x ♦ Started in 1997 by IEEE as a method of wireless local area networking ♦ Objective was to provide easy to implement wireless environment over a small area (up to about 100+ m) ♦ Three main standards – 802.11a (54 Mbps) – 802.11b (11 Mbps) – 802.11g (54 Mbps) Workshop on Security in Electronic Commerce

  7. IEEE 802.15 ♦ Wireless Personal Area Networks (WPAN) ♦ 802.15.1 – adapted from Bluetooth specification ♦ 2.4 GHz band ~ 1 Mbps ♦ Low power, short range ♦ Frequency-Hopping Spread Spectrum Workshop on Security in Electronic Commerce

  8. Security Issues in Wireless ♦ There are many security threats associated with wireless/mobile devices. These include: – All of the vulnerabilities associated with wired networks! – Unauthorized access – Interception of information (it is a transmitter after all!) – Denial of Services Workshop on Security in Electronic Commerce

  9. The Wired Internet Workshop on Security in Electronic Commerce

  10. Security Issues in Wireless – Impersonation attacks – Tracking of an individual’s movements – Theft of devices and access to information – Theft of data (without detection) – Modification of data (without detection) – Introduction of viruses Workshop on Security in Electronic Commerce

  11. Types of Attacks ♦ There are two general forms of attack – passive and active ♦ A passive attacker simply monitors the channel in an effort to recover information ♦ An Active attacker not only listens, but may actively try to subvert the system Workshop on Security in Electronic Commerce

  12. Passive Attacks ♦ Eavesdropping – in this case the attacker simply listens and tries to interpret the data being exchanged – if the data is in-the-clear, they succeed ♦ Traffic Analysis – the attacker gains information by determining how much activity there is, where access points are located, and what protocols are being used (and what possible weaknesses there are) Workshop on Security in Electronic Commerce

  13. Active Attacks ♦ There are several flavours of active attacks. These include: – Unauthorized system access – Man-in-the- Middle attacks – Message modification attacks – Session Hijacking – Replay Workshop on Security in Electronic Commerce

  14. Unauthorized Access ♦ The attacker tries to gain access to the network to obtain files or free usage (war driving) ♦ Once inside the attacker may do more harmful attacks Workshop on Security in Electronic Commerce

  15. Man-in-the Middle ♦ This is a real-time attack ♦ Many protocols do not enforce mutual authentication (such as Diffie Hellman) ♦ The attacker places him/herself between the two communicating parties and regulates all communications – this can be accomplished with rogue base stations or access points ♦ Address Resolution Protocol (ARP) attacks are very dangerous Workshop on Security in Electronic Commerce

  16. Message Modification ♦ The attacker may attempt to modify messages in the system ♦ They may also try to delay messages in order to cause the system/users to change their behaviour Workshop on Security in Electronic Commerce

  17. Session Hijacking ♦ Here the attacker attempts to take control of an authorized and authenticated session ♦ In a wireless system, the attacker can collect information about the session (enough to appear as the authorized user) then block the authorized wireless device from the system Workshop on Security in Electronic Commerce

  18. Replay ♦ The attacker records traffic from legitimate sessions then replays them into the network at a later date ♦ This may allow the attacker to gain access by convincing the network that they are a valid user Workshop on Security in Electronic Commerce

  19. Attacking 802.11

  20. Modes of Operation ♦ 802.11 allows two modes of operation – Ad hoc or Independent Basic Service Set (IBSS) – Infrastructure or Basic Service Set (BSS) Workshop on Security in Electronic Commerce

  21. Independent Basic Service Set ♦ Applications such as Windows Sharing, peer-to-peer networks, etc. ♦ No central control ♦ Authentication is optional ♦ Attacker may have access to all services and data on a particular machine Workshop on Security in Electronic Commerce

  22. Wired Equivalent Privacy (WEP) ♦ Part of IEEE 802.11 standard ♦ There are several methods employed to provide security – Service Set Identifiers (SSID) – Media Access Control Access List – A Shared RC4 key for Authentication Workshop on Security in Electronic Commerce

  23. WEP ♦ Service Set Identifier can be used as a shared secret and access point will not respond to probe ♦ But, it is transmitted in the clear ♦ Attacker sends a forged disassociate message then waits for target to begin automatic reassociation Workshop on Security in Electronic Commerce

  24. Breaking the WEP Shared Key Protocol ♦ Keystream is XOR’d with data – predictable changes can be made to data/CRC (as we shall see in a second…) Workshop on Security in Electronic Commerce

  25. Attacking WEP ♦ Minimum keys are 40 bits (shared by all stations on the WLAN) and a 24 bit Initialization Vector (IV) intended to randomize ♦ With multiple users – 50% probability that two packets use the same IV after only 5000 packets Workshop on Security in Electronic Commerce

  26. Attacking WEP ♦ At 11 Mbps, all possible IV’s can be exhausted in about 5 hours on a busy access point ♦ This results in repeated use of the same key stream (which is very insecure) ♦ (even better, some wireless cards always start at the same IV and increment for each new packet! Workshop on Security in Electronic Commerce

  27. Attacking WEP ♦ 32 bit CRC is also subject to attack ♦ Only 2 16 or 64K tries are required to have a high probability of a message being accepted (Birthday Paradox) Workshop on Security in Electronic Commerce

  28. MAC ♦ Access points can be set to only allow access to WLAN by certain MAC addresses – Not scaleable to large systems – No protection from inside attacks – Outside attacks are possible Workshop on Security in Electronic Commerce

  29. Transport Layer Security - TLS ♦ Effort by IETF to produce Internet standard version of SSL ♦ Very similar to SSL v3 except: – Uses HMAC – Pseudorandom function generation – Some cipher suite options – Padding methods Workshop on Security in Electronic Commerce

  30. Wireless TLS (WTLS) ♦ Extension of TLS to wireless environment ♦ There are three modes operation: – Class 1 – anonymous authentication – Class 2 – server authentication – Class 3 – authentication of both server and client (this is the most secure) Workshop on Security in Electronic Commerce

  31. WTLS Security Concerns ♦ Some modifications of TLS to WTLS have caused some security problems – Predictable IV’s which lead to a chosen- plaintext attack – WTLS supports a 40-bit XOR- MAC – bits in message can be changed and MAC corrected to prevent detection – 35-bit DES encryption – PKCS#1 attack – attacking the padding bits Workshop on Security in Electronic Commerce

  32. WTLS Security Concerns – Unauthenticated alert messages – some alerts are sent in the clear – alerts take up a sequence number “slot” - attacker can replace an encrypted datagram with an alert – Using exportable keys – IV of each message can be determined from “Hello” message and sequence number – Probable plaintext attacks – ciphers are small enough that brute-force attacks to recover the key can be performed Workshop on Security in Electronic Commerce

  33. IEEE 802.1x ♦ Originally developed as a protocol for port- based authentication of wired networks ♦ Extended to wireless ♦ It provides – User-based authentication – Access control – Key Transport ♦ Relies on Extensible Authentication Protocol (EAP) for authentication Workshop on Security in Electronic Commerce

  34. Extensible Authentication Protocol ♦ EAP originally designed for Point-to-Point protocols ♦ Defines three entities – Client – Access controller (AC) – Authentication Server (AS) Workshop on Security in Electronic Commerce

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues.

Mobile network security issues A very short overview of some mobile security issues. Mobile access is expected to become the main access method. Services and mobile commerce (mCommerce) are expected to become a major business.

818 views • 20 slides
Wireless Networks: Network Protocols/Mobile IP Mo$va$on

Wireless Networks: Network Protocols/Mobile IP Mo$va$on

Wireless Networks: Network Protocols/Mobile IP Mo$va$on Problems Data transfer DHCP Encapsula$on Security IPv6 Adapted from J. Schiller,

441 views • 29 slides
Elements Home network Networks of a wireless Network Regional ISP Yanmin Zhu Institutional

Elements Home network Networks of a wireless Network Regional ISP Yanmin Zhu Institutional

Wireless & Mobile Wireless & Mobile Mobile network TOPIC Global ISP Selected Topics of Wireless and Mobile Elements Home network Networks of a wireless Network Regional ISP Yanmin Zhu Institutional network Department of

541 views • 4 slides
ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch

ECE590 Computer and Information Security Fall 2018 Wireless and Mobile Security Tyler Bletsch Duke University Adapted from Chapter 24: Wireless Network Security by Dr. Hossein Saiedian at Univ. Kansas, which in turn was adapted from

452 views • 27 slides
IGMP and MLD Optimization in Wireless and Mobile Networks

IGMP and MLD Optimization in Wireless and Mobile Networks

IGMP and MLD Optimization in Wireless and Mobile Networks draft-liu-multimob-igmp-mld-wireless-mobile-00 1 Aims Optimize IGMP and MLD to meet wireless or mobile multicast network requirements: Adaptive to link conditions

266 views • 9 slides
Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of

Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of

Security in Wireless Sensor Networks Introduction A Wireless Sensor Network is a network made of many small devices consisting of a battery, radio communications, microcontroller, and sensors. Sensor nodes Task manager Gateway node 2

934 views • 44 slides
Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security Symposium, 2008 Many Protocols Authentication and key exchange SSL/TLS, Kerberos, IKE, JFK, IKEv2, Wireless and mobile computing Mobile IP, WEP,

959 views • 71 slides
Next-Gen Mobile Network Architecture for Advanced Wireless December 2,

Next-Gen Mobile Network Architecture for Advanced Wireless December 2,

Next-Gen Mobile Network Architecture for Advanced Wireless December 2, 2016 Shreyasee Mukherjee The Advanced Wireless Research Ini?a?ve 2/16 Requirements for a Next-Gen Mobile

728 views • 16 slides
Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5

Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5

Introduction Wireless Network Security IT Security Ido Rosen ido@cs.uchicago.edu University of Chicago 5 March 2007 Ido Rosen Wireless Network Security Introduction Introduction 1 Overview Wireless LANs Ido Rosen Wireless Network

397 views • 8 slides
Security in Mobile and Wireless Networks APRICOT Tutorial Perth Australia 27 February, 2006

Security in Mobile and Wireless Networks APRICOT Tutorial Perth Australia 27 February, 2006

Security in Mobile and Wireless Networks APRICOT Tutorial Perth Australia 27 February, 2006 Ray Hunt, Associate Professor Dept. of Computer Science and Software Engineering University of Canterbury, New Zealand 1 Security Issues in Wireless

1.52k views • 131 slides
Introduction Quick overview of Wireless technologies 16: Focus on mobile phones

Introduction Quick overview of Wireless technologies 16: Focus on mobile phones

Introduction Quick overview of Wireless technologies 16: Focus on mobile phones Wireless issues: Networks 2: Wireless world Security Interference Computer literacy 1 Applications of Wireless technology CL1 2007/08

337 views • 4 slides
1 Characteristics of selected wireless link Elements of a wireless network standards 54 Mbps

1 Characteristics of selected wireless link Elements of a wireless network standards 54 Mbps

The Data Link Layer Chapter 6: Wireless and Mobile Networks Our goals: Topics Background: link layer services understand principles # wireless (mobile) phone subscribers now behind data link layer error detection, correction

362 views • 10 slides
CS 4453 Computer Networks Chapter 5 Wireless and Mobile Networks 2015 Winter A wireless network

CS 4453 Computer Networks Chapter 5 Wireless and Mobile Networks 2015 Winter A wireless network

CS 4453 Computer Networks Chapter 5 Wireless and Mobile Networks 2015 Winter A wireless network communication takes place over a wireless channel (which is usually a radio channel, or sometimes an infrared channel). The challenges for wireless

1.42k views • 113 slides
Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to

Wireless Security Wireless Network Attacks Access control attacks These attacks attempt to penetrate a network by using wireless or evading WLAN access control measures, like AP MAC filters and 802.1X port access controls. Type of Attack

184 views • 7 slides
Topic 2b Wireless MAC Chapter 7 Wireless and Mobile Networks Computer Networking: A Top Down

Topic 2b Wireless MAC Chapter 7 Wireless and Mobile Networks Computer Networking: A Top Down

Topic 2b Wireless MAC Chapter 7 Wireless and Mobile Networks Computer Networking: A Top Down Approach 7 th edition Jim Kurose, Keith Ross Pearson/Addison Wesley April 2016 Wireless and Mobile Networks 7-1 Ch. 7: Wireless and Mobile

331 views • 29 slides
Mobile Network Security Refik MOLVA Institut Eurcom B.P. 193 06904 Sophia Antipolis Cedex -

Mobile Network Security Refik MOLVA Institut Eurcom B.P. 193 06904 Sophia Antipolis Cedex -

Mobile Network Security Refik MOLVA Institut Eurcom B.P. 193 06904 Sophia Antipolis Cedex - France Refik.Molva@eurecom.fr Institut Eurecom 2005 Outline Wireless LAN 802.11 (WiFi) Mobile Telecommunications Security

950 views • 60 slides
Mobile Computing Mobile Computing A StarGazing Discussion Colin Higgs colin.higgs@ed.ac.uk

Mobile Computing Mobile Computing A StarGazing Discussion Colin Higgs colin.higgs@ed.ac.uk

Mobile Computing Mobile Computing A StarGazing Discussion Colin Higgs colin.higgs@ed.ac.uk Mobile Computing Colin Higgs Slide 1 Outline Outline Stargazing. Technologies and tasks. A technology led discussion. What the

499 views • 13 slides
Visible Assets, Inc. High Security Government and Healthcare IEEE P1902.1 (RuBee) Applications

Visible Assets, Inc. High Security Government and Healthcare IEEE P1902.1 (RuBee) Applications

Visible Assets, Inc. High Security Government and Healthcare IEEE P1902.1 (RuBee) Applications The Elimination of Eavesdropping, Tempest and Target Risk in Wireless Networks. March 2008 John K. Stevens Ph.D. CEO, Chairman Visible Assets,

963 views • 71 slides
COURSE INTRODUCTION http://wireless.web.unc.edu Jasleen Kaur Fall 2017 1 Introductions q

COURSE INTRODUCTION http://wireless.web.unc.edu Jasleen Kaur Fall 2017 1 Introductions q

8/22/17 COMP 635: WIRELESS & MOBILE COMMUNICATIONS COURSE INTRODUCTION http://wireless.web.unc.edu Jasleen Kaur Fall 2017 1 Introductions q Names q BS/MS, First-year Grad, Senior Grad? q If youre new, where have you come from? q Your

394 views • 13 slides
1 Design guidelines Moving data from disk to cache Protect file system data Tokens cannot

1 Design guidelines Moving data from disk to cache Protect file system data Tokens cannot

University of Michigan Medical Center Major tertiary care center for Michigan FY 1999: 1.2M visits, $1B billable services Zero-Interaction Authentication Results in large data volume and costs 5-8 pieces of paper/patient visit all records in

649 views • 6 slides
Lost Opportunities : Policy and Computing Research Jon M. Peha www.ece.cmu.edu/~peha

Lost Opportunities : Policy and Computing Research Jon M. Peha www.ece.cmu.edu/~peha

1 Jon Peha Lost Opportunities : Policy and Computing Research Jon M. Peha www.ece.cmu.edu/~peha peha@cmu.edu Carnegie Mellon University Associate Director Center for Wireless and Broadband Networks Cyphermint Chief Technical Officer

565 views • 7 slides
The bang-bang funnel controller Stephan Trenn (joint work with Daniel Liberzon, UIUC)

The bang-bang funnel controller Stephan Trenn (joint work with Daniel Liberzon, UIUC)

The bang-bang funnel controller Stephan Trenn (joint work with Daniel Liberzon, UIUC) Technomathematics group, University of Kaiserslautern, Germany Arbeitstreffen SPP 1305 Event based control, M unchen 1. Oktober 2012 Introduction

718 views • 19 slides
The bang-bang funnel controller: time delays and case study Stephan Trenn (joint work with Daniel

The bang-bang funnel controller: time delays and case study Stephan Trenn (joint work with Daniel

The bang-bang funnel controller: time delays and case study Stephan Trenn (joint work with Daniel Liberzon, UIUC) Technomathematics group, University of Kaiserslautern, Germany 12th European Control Conference (ECC13) Thursday, 18.07.2013,

357 views • 12 slides
Time optimal control problems: Bang-bang property and observability estimates from measurable sets

Time optimal control problems: Bang-bang property and observability estimates from measurable sets

Time optimal control problems: Bang-bang property and observability estimates from measurable sets Can ZHANG (zhangcansx@163.com) Paris, June 2016 In honor of Prof. J. M. Corons 60th birthday occasion C. ZHANG Time optimal control problems

443 views • 43 slides

More recommend