Introduction to security issues in CellularWLAN internetworking

1
Introduction to security issues in Cellular-WLAN
internetworking

• ??? (Y.M. Tseng)
• Department of Mathematics, NCUE

2
Outline

• Introduction
• Backgrounds
• Attack/Criminal cases
• How to attack
• LAN sniffer tools
• WLAN security
• Authentication for Cellular-WLAN internetworking
• Conclusions future works

3
Introduction - Background

• System Security Levels
• A1B3B2B1C2C1D (Orange Book)
• Authentication
• Access Control
• Auditing
• Security Policy
• Assurance
• Unix/Linux/NT C2 (Weak security)
• Dos/Windows D (No security)
• Firewall or Anti-Virus software

4
Introduction - Background cont.

• Network Environment
• Closed system
• LAN (WAN)
• Internet
• Wireless / mobile networks (Hard to defend)
• Mobile phone (GSM(2G), GPRS(2.5G), 3G)
• WLAN (Wireless local area network. 802.11)
• Mobile ad hoc networks
• Sensor networks
• Integrated heterogeneous wireless networks

5
Introduction - Attack/Criminal cases

• Case 1 Forged E-mail sending address
• Principle Most E-mail SMTP servers check only IP
  address.(PoP3 requires password to authenticate
  user)
• Outlook Express
• Using another users e-mail address to send a
  mail.
• Solution Signature and Encryption
• E-mail SMTP server also requires password
• PGP (pretty good privacy)
• Secure/Multipurpose Internet Mail Extension

6
Introduction - Attack/Criminal cases cont.

• Case 2 IEL, SDOS, ACM, Springer
• On-line Journal service NCUE, NKC, NCTU
• Protection method IP address restriction
• Attacks
• IP cheating (Proxy)
• CCU case IEL systematic download
• Result ?????
• Solution
• Traffic Overloads Locking IP Address

7
Introduction - Attack/Criminal cases cont.

• Case 3.1 Web-shopping (Package interception)
• Solutions (Credit card no.)
• SSL protecting Credit card no.
• E-cash small-payment (Mondex)
• Case 3.2 False Web site (Network Bank)
• Internet fishing
• E-mail containing web address (False)
• Searching Engine (Yahoo, Google,.)
• Solution
• Web Certificate issued by trusted authority

8
Introduction - Attack/Criminal cases cont.

• Case 4 Telnet usage
• Management information system
• Remote login (High priority user)
• Router / Sniffer Package interception
• Solutions
• IP address restriction (e.g. Root)
• SSH software (Secure Shell)
• Someone remote login change to Root

9
Introduction - Attack/Criminal cases cont.

• Case 5 Transfer of important file (Final exam.)
  
• E-mail or uploading/downloading a file
• Sniffer Package interception
• LAN Sniffer tools Ethereal (Free software)
• Monitoring and recording all messages from/to
  some IP
• Solutions
• E-mail
• PGP (pretty good privacy)
• Secure/Multipurpose Internet Mail Extension
• Uploading/downloading a file
• SSL

10
Introduction How to attack - Hackers attack

• Hackers attack steps (Automatic !)
• (1) Target locking Some reasons
• (2) Gathering data (IP,Port)
• DOS Tools Ping, Tracert, Nbtstat
• Integrated Software Angry IP Scanner, SuperScan
• (3) Invading target
• Hacker Software Netbus, NetSpy

11
Introduction How to attack - Angry IP Scanner
12
Introduction How to attack - PortScan- IP and
Port
13
Introduction - LAN Sniffer tools

• Properties of Local Area Network (LAN)
• Broadcast (all nodes inside gateway)
• Recording all packages
• Recording packages sent/received by a special
  IP-Address (163.23.203.221)
• LAN Sniffer Tools
• Network management and analysis
• Intercepting tools Ethereal and SnifMon
• Withstanding methods
• Restriction of remote login account
• SSH/SSL protocol

14
Introduction - LAN Sniffer tools Network
management
15
Introduction - LAN Sniffer tools Ethereal demo
16
Introduction - LAN Sniffer tools Ethereal demo
17
Outline

• Introduction
• WLAN security
• Movie
• WLAN authentication
• Access point (Authenticator)
• Authentication for Cellular-WLAN internetworking
• Conclusions future works

18
WLAN security - Movie (Weakness)
19
WLAN security - WLAN authentication
Account/password of E-mail server For campus usage

• WLAN authentication model

20
WLAN security - WLAN authentication (RFC)
21
WLAN security - Access point (Authenticator)

• Approaches for anti - illegal users
• Service Set identifier (SSID)
• SSID Broadcast disable
• Filter MAC address code on Network card
• Pre-shared key for authentication
• RADIUS server authentication and key
  establishment
• Encryption
• WEP Wired Equivalent Privacy (Weakness ?)
• 40bits key length (Weak) for encryption
• WPA Wi-Fi Protected Access
• Temporal Key Integrity Protocol (TKIP)
• Advanced Encryption Standard (AES)

22
WLAN security - Access point (Authenticator)
cont.
23
WLAN security - Access point (Authenticator)
cont.
24
WLAN security - Access point (Authenticator)
cont.

• Free-pay
• You can gain access Internet by using the
  neighbors wireless AP.
• Price or Pay
• Transmitting messages could have been
  intercepted.
• Solution To keep ones integrity intact.

25
Outline

• Introduction
• WLAN security
• Authentication for Cellular-WLAN internetworking
• GSM(2G), GPRS(2.5G), UMTS(3G)
• Motivation Scenario
• Proposed protocols (1)
• Proposed protocols (2)
• Conclusions Future works

26
Authentication for Cellular-WLAN internetworking
- GSM(2G), GPRS(2.5G), UMTS(3G)

• GSM/GPRS A3, A5, A8 functions (SIM card)
• Authentication protocol for GSM (Secret key)
• No mutual authentication
• Bandwidth consumption between VLR and HLR
• MS Authentication by the HLR of the MS for each
  communication
• UMTS F1- F5 functions (USIM card)
• Mutual authentication
• Challenge-response authentication

27
Authentication for Cellular-WLAN
internetworking- Motivation Scenario
28
Authentication for Cellular-WLAN
internetworking- Motivation Scenario
Vertical handoff
Cellular network
Access Point
Base Station
WLAN
29
Authentication for Cellular-WLAN internetworking
- Motivation Scenario Conceptual papers

• J. Ala-Laurila, J. Mikkonen, and J. Rinnemaa,
  Wireless LAN access network architecture for
  mobile operators, IEEE Communications Magazine,
  Vol. 39, No. 11, pp. 82-89, Nov 2001.
• 3GPP Technical Specification, WLAN interworking
  security, TS33.cde v0.1.0, July 2002
• 3GPP Technical Specs, 3GPP System to WLAN
  Interworking, TS 24.234 v.0.2.0 Release 6,
  November 2003.
• G. Koien, T. Haslestad, Security Aspects of
  3G-WLAN Interworking, IEEE Commun. Mag. 41 (2003)
  8288.

30
Authentication for Cellular-WLAN internetworking
- Motivation Scenario Concrete protocols

• P. Lin, Y.B. Lin, V. Feng, Y.C. Lai, GPRS-based
  WLAN authentication and auto-configuration,
  Computer Communications 27 (2004) 739742.
• S. Mccann, H. Flygare, Hiperlan/2 public access
  interworking with 3G cellular systems, Wireless
  Networks 10 (2004) 43-51.
• G. Kambourakis, A. Rouskas, G. Kormentzas and S.
  Gritzalis, Advanced SSL/TLS-based authentication
  for secure WLAN3G interworking, IEE
  Proc.-Commun., Vol. 151, No. 5, October 2004

31
Authentication for Cellular-WLAN
internetworking- Proposed protocols (1) -
Properties

• Y.M. Tseng, C.C. Yang, J.H. Su, Authentication
  and Billing Protocols for the Integration of WLAN
  and 3G Networks, Wireless Personal Communications
  29 (2004) 351-366.
• Proposed Password Based Protocol
• Mutual Authentication / Key agreement
• Billing
• Proposed Public-Key Based Protocol
• Mutual Authentication/ Key agreement
• Non-repudiation Billing
• All previously proposed protocols suffer from a
  problem
• Some changes are needed for both Authentication
  servers of Cellular and WLAN networks.
• Hard to expansion (One cellular and many WISPs)

32
Authentication for Cellular-WLAN internetworking
- Proposed protocols (1) - System Architecture
33
Authentication for Cellular-WLAN
internetworking- Proposed protocols (2) -
Properties

• Y.M. Tseng, GPRS/UMTS-aided authentication
  protocol for wireless LANs, IEE Proceedings -
  Communications, Accepted and to appear, 2006.
• Proposed Hybrid Protocol
• Mobile node uses Password of SIM/USIM to get a
  temporary certificate (with a time period)
• Enjoying many Hot-spots of various WISPs
• Simple and easy to extension
• Only WISPs authentication servers keep the
  certificate of Cellular networks public-key

34
Authentication for Cellular-WLAN internetworking
- Proposed protocols (2) System Architecture
35
Outline

• Introduction
• WLAN security
• Authentication for Cellular-WLAN internetworking
• Conclusions future works
• Mobile/wireless Ad hoc Sensor networks
• Other security issues
• Movie
• Final Reminding

36
Conclusions Further works- Mobile/wireless Ad
hoc Sensor networks

• Resource-limited mobile nodes
• Power (Battery/Energy)
• Computational capability
• Communication distance
• Properties
• No fixed infrastructure (on-line CA ???)
• Each node might be a router.
• Dynamic network topology
• Applications
• Military, rescue, and monitoring missions
• E-Health
• Integrated heterogeneous wireless networks

37
Conclusions Future works- Other security
issues

• Digital Signature Law http//www.esign.org.tw/
• CA, Certification Authority (GCA)
• Reducing garbage E-mail letters
• Cryptography Modules
• Authentication / Encryption / Digital signature
• Key agreement / Conference key establishment
• E-voting / E-payment / E-cash / E-biding
• Secure E-commerce models
• Security management policy
• System security (Intrusion, Anti-virus,.)
• Computer crime

38
Conclusions Future works - Movie Security
Angle
39
Conclusions Future works- Morality / Law ?

• What kind of people are you ?
• Security angle or Hacker/Cracker ?
• I believe that your mind/action is positive.

40
Conclusions Future works- Information War
41
Conclusions Future works

• Q A
• Thanks for your participation

42

• 1.( ) ?????????????? 1.  SNMP 2.  SMTP 3. 
  POP3 4.  HTTP
• 2.( ) ?????????????? 1.  SNMP 2.  SMTP 3. 
  POP3 4.  HTTP
• 3.( ) ?????????????????????????????,????????????
  ?? 1.  ??? 2.  ??? 3.  ??? 4.  ???
• 4.( ) ???????????????????????,?????????,????????
  ???????????1.  ????(Trojan Horse) 2.  ??(worm)
  3.  ????( Denial of Service,DoS ) 4.  ???(Spam
  mail)
• 5.( ) ????11Mbps?????,????? 1.  IEEE802.11a
  2.  IEEE802.11b 3.  IEEE 802.11g 4. 
  IEEE802.11h

43

• 6.( ) ??????????,???????????????1.  ????????
  2.  ?????? 3.  ??????????? 4.  ?????????????
• 7.( ) ??????????????????????1.  SSH 2.  HTTP
  3.  FTP 4.  SMTP
• 8.( ) ????????????,?????1.  ?????????????????
  2.  ???????????????IP??? 3.  ??????????????????
  4.  ???????????????(CGI)?????????????
• 9.( ) ?????????Web??????? 1.  ??????(PCT)?? 2. 
  ?????????(S-HTTP) 3.  BBS???? 4.  ??????(SET)??
  
• 10.( ) ?WLAN ??????(AD Hoc)??????? 1. 
  ??????(Access Point) ??????? (Peer-to-Peer) ??
  2.  ??????(Access Point) ?????? (Peer-to-Peer) ??
  3.  ???????(Access Point) ?????? (Peer-to-Peer)
  ?? 4.  ???????(Access Point) ???????
  (Peer-to-Peer) ??

44

• 11.( ) ??WLAN?????????,????? 1.  WEP(Wired
  E-quivalent Privacy)????WLAN??????? 2. 
  WEP????????,???????????????,????????? 3. 
  WPA(Wi-Fi Protected Access)????????,??????????????
  ???????????????? 4.  WPA?????,??????WEP,????????
  
• 12.( ) ????????????????????? 1.  telnet 2. 
  https 3.  ftp 4.  smtp
• 13.( ) ????????????,??????????????????1. 
  HTTPS 2.  POP3S 3.  SSL 4.  FTP
• 14.( ) ???????? 1.  ???????,??????? 2. 
  ??????,???? 3.  ??????,?????? 4. 
  ???????,??????
• 15.( ) ?????????Access point (Authenticator)
  ???????? 1.  ????????MAC?? 2.  ??????? 3. 
  ???SSID 4.  ??DHCP