Wireless Network Security - Carnegie Mellon...

©2013 Patrick Tague

Wireless Network Security14-814 – Spring 2013

Patrick Tague

Class #3 – Wireless Systems I


Announcements• Project proposals are due in 9 days– Talk to people about topics of interest– Form teams– Choose a topic– Meet with me to discuss possible topics

• Topics must be approved prior to proposal submission

• My Skype ID and phone number are on the course website, and you can find my availability by checking my public Google calendar under [email protected]


Agenda• General wireless network threats

• Overview of systems of interest

• Brief highlights of standards, protocols, etc.

• Discussion of challenges, issues, constraints

• Discussion of potential security concerns


What about threats to networkoperation and performance?


Misbehavior• Misbehavior is any operation that goes against

explicit or implicit protocol requirements, goals, or directions– Malicious, selfish, curious, or accidental– Possible at any layer of the protocol stack

• Targeted misbehavior aims to degrade or interfere with operations of a particular protocol or interaction– Timed/scheduled interference or situational behavior


Physical Layer Misbehavior• Open, shared medium is vulnerable– Anyone can “talk” greedy or malicious nodes can →

easily interfere• Prevention/degradation of communication via jamming

• Cutting off available resources influences network control, operation, and performance

– Anyone can “listen” curious or malicious nodes can →easily eavesdrop on communication

• Recovery of information exchanged by neighbors (violation of data, identity, operation/intention privacy)

• Inference/learning, tracking, observing


MAC Layer Misbehavior• MAC is all about timing: when should you “talk”

• Selfish and malicious nodes are free to transmit whenever they desire– Selfish nodes can transmit early, while others follow

protocols and wait politely– Malicious nodes can use well-timed transmissions to

intentionally interfere with MAC operation and/or reception

– Malicious nodes can initiate channel reservations and then not use them, denying availability to others


Misbehavior in 802.11 MAC


Routing Misbehavior• In distributed multi-hop routing, relays control

route establishment, use, and management– Selfish relays can refuse route establishment

– Malicious relays can attract routes (to get access to data), stretch routes (to waste resources), terminate routes (to deny service), or otherwise modify routes

– Once routes are established, relays can misbehave in forwarding (dropping/inserting/modifying packets, incorrect forwarding), data access (reading/copying packet contents), or mgmt (breaking the route)


Transport Misbehavior• Selfish or malicious routers can interfere with

end-to-end traffic characteristics– Ex: duplicate, drop, or delay packets to trigger

transport-layer retransmission• Waste source and relay energy

• Degrade throughput

• Delay traffic (degrade QoS)

– Ex: modify traffic behaviors so transport-layer retransmission parameters are artificially inflated

• RTT inflation causes future retransmission delays (throughput and QoS degradation)


Cross-Layer Misbehavior• Just like cross-layer design, cross-layer

misbehavior incorporates info from one protocol layer into decision-making at another

• Attackers can use cross-layer reasoning to improve attack impacts or efficiency– Ex: jamming using MAC-layer timing to reduce effort– Ex: dropping packets to trigger end-to-end re-tx– Ex: delaying packets to degrade streaming video


Service Misbehavior• In addition to securing data communication and

providing robust protocol operation, services used by wireless networks themselves are subject to misbehavior and attack

– Any time- or location- stamping services are subject to synchronization and localization misbehavior

– In-network interactions can reveal sensitive information via headers privacy violation→

– “Communication implies relationship”, i.e. if x sends to y, then x and y are in some way related →anonymity may be required to hide relationships


What types of wireless systems are of interest?


Systems of Interest• Public, private, and enterprise WLAN

• Metropolitan area networks

• Personal area networks

• Wireless mesh and ad hoc networks

• Sensor/actuator networks

• Home networks

• Vehicular networks

• Smart Grid


WLAN


Access Network

WLAN Systems• Almost every WLAN system in existence uses the

IEEE 802.11 “WiFi” standard– 802.11 defines lower-layer services (physical, link,

MAC layer) for WLAN connectivity, access, and services

Internet

EnterpriseIntranet


WiFi Physical Layer• The WiFi PHY is responsible for transmission of

raw bits/symbols between host and AP

• PHY has to manage transmission and reception, perform bit-to-symbol (and inverse) mappings, and bit-stream hand-off with layer 2


WiFi PHY Services• Transmission and reception of symbols or bits

• Managing the radio interface:– Spectrum allocation, signal strength, bandwidth,

phase synchronization, carrier sensing, etc.

• Signal processing:– Equalization, filtering, training, pulse shaping, etc.

• Modulation

• Coding (FEC, channel, etc.)


802.11 Standard PHY• 802.11 defines a number of different PHY

specifications– You've probably heard of 11b, 11g, and 11n– There are quite a few others, including upcoming

11ac and 11ad– Most of them use OFDM and/or DSSS


WiFi PHY Security• How can we prevent a curious or malicious party

from– Eavesdropping on WiFi transmissions?

– Injecting messages at the link layer?

– Interfering with WiFi transmission and reception?


WiFi Link/MAC Layer• The WiFi link layer is responsible for managing

interaction between mobile terminal and AP

• Link layer has to manage:– Channel / link formation and management– Medium access (“MAC sublayer”)– Network access control (NAC)


WiFi Link/MAC Security• WiFi link security focuses primarily on access

control and encryption– In private WiFi systems, access is controlled by a

shared key, identity credentials, or proof of payment– Most often, authentication is of user/device only, but

mutual authentication may be desired/required by some users/devices

– Confidentiality and integrity over the wireless link– Shared medium among untrusted WiFi users

– 802.11i and 802.11w describe the link security architecture and protections


WiFi Services• 802.11p: WAVE– Extension of WiFi to vehicular (V2V, V2I) networking,

basis of IEEE 1609 and DSRC

• 802.11s: WiFi mesh networking– Introduces link layer forwarding and extended service

set to allow multi-hop WiFi, primarily among Aps

• 802.11u: 3rd party authorization, cellular network offload– Aids in 4G by allowing seamless authorization of

mobile devices to coordinated WiFi systems


WMAN


Metro Area Networks• MANs are similar to WLANs, only bigger– WiMAX-based MAN systems (WiMAX and LTE) are now

the basis of “4G” systems

– Both independent Internet access systems and cellular components are being deployed

• WiMAX as an alternative to DSL/Cable high-speed internet

• LTE as the next-generation high-speed mobile data

– MANs serve as high-speed backhaul for mesh networks• WiMAX backhaul can serve WiFi APs/hotspots


802.16 Standard• IEEE 802.16 describes the physical and link/MAC

layer for MANs as well as associated services– Essentially, it's a hybrid between what WiFi provides,

what early cell infrastructures tried to do, and what is desired in the ITU 4G standard

• More or less, everything we said about WiFi security can also be said about WiMAX security


WPAN


Personal Area Networks• Local “device-to-device” networking

• Typically short range, few devices, low power

• Commonly used for home, personal, office


802.15 Standard• Personal area networks enable device-to-device

communication without relying on the Internet

• IEEE 802.15 family– 802.15.1: Bluetooth– 802.15.2: coexistence with other wireless systems– 802.15.3: High-rate WPAN, including UWB– 802.15.4: Low-rate WPAN, including ZigBee– 802.15.5: mesh networking– 802.15.6: body area networks (BAN)– 802.15.7: visible light communication (VLC)


Bluetooth• 802.15.1 provides Bluetooth PHY– Short range, few devices, low power, cheap– Commonly used for home, personal, office networks– Bluetooth piconet is similar to WLAN (1 server, n

clients) (1 master, n slaves), only no back-end→


Ultra-Wideband• Based on 802.15.3 standard– Very high data rate (~Gbps), very low power, very

short distances (10-100cm)• High-rate file transfer, streaming audio/video, wireless

display, wireless printing, …

– Coexists with other wireless protocols


ZigBee• Based on (and building on) 802.15.4– Designed for home automation, low-rate control

systems, sensor networks, etc.– ZigBee builds a full network stack on top of the

802.15.4 PHY/MAC


Body Area Networks• 802.15.6 working group, standardization in prog.– Data collection from and control of medical sensors

and implanted medical devices– Incredibly low power, esp. implanted devices


Visible Light Communication• Based on 802.15 WG7– Device-to-device and device-to-infrastructure

communication using visible LEDs / sensors• 428-750 THz, unregulated, potential for high-rate and low-

rate communication


PAN Security Challenges• Most PAN standards specify lower layer

(PHY/MAC) functionality for device-to-device (ad hoc) communication– Higher layer services are not included or needed

– Security in ad hoc communications is notoriously difficult

• Internet security models don't apply, resource constraints prevent straightforward ports of existing techniques, etc.

• Ex: Bluetooth security has been a constant struggle

• Users aren't good at security management; automated solutions are insufficient / incomplete


Next Time• More systems of interest– Brief highlights of standards, protocols, etc.

– Discussion of challenges, issues, constraints

– Discussion of potential security concerns

• MANET, mesh networks, sensor/actuator networks, home networking, VANET, Smart Grid

Date post:	29-Apr-2018
Category:	Documents
Upload:	duongkhue
View:	217 times
Download:	4 times

Wireless Network Security - Carnegie Mellon...

Documents