Securing Future Wireless Networks: Challenges and Strategies - PowerPoint PPT Presentation

About This Presentation
Title:

Securing Future Wireless Networks: Challenges and Strategies

Description:

Securing Future Wireless Networks: Challenges and Strategies Pandurang Kamat Wade Trappe Talk Overview Security has been one of the great detractors for wireless ... – PowerPoint PPT presentation

Number of Views:230
Avg rating:3.0/5.0
Slides: 15
Provided by: wade3
Category:

less

Transcript and Presenter's Notes

Title: Securing Future Wireless Networks: Challenges and Strategies


1
Securing Future Wireless Networks Challenges and
Strategies
  • Pandurang Kamat
  • Wade Trappe

2
Talk Overview
  • Security has been one of the great detractors for
    wireless technologies (and the Internet, too!)
  • We have a chance to consider security as we
    redesign the network
  • Think about the questions
  • Should security be considered separately from the
    network?
  • What benefits are there if we integrate security
    into the network?
  • Should we reevaluate the definition of security?
  • How private do we really want our lives?
  • This talk will not focus on classical Internet
    Security but on Wireless Security

3
Through the Looking Glass, the Wireless World
  • Key properties and differentiators that make
    wireless desirable
  • Ubiquity
  • Mobility
  • Resource adaptability
  • Portability
  • Affordability
  • Platform heterogeneity

4
Reevaluating the Security Paradigm
These paradigms have been the traditional framewor
ks for security on conventional networks, but
what can we do differently for wireless systems?
5
Reevaluating the Security Paradigm, pg. 2
Confidentiality
Availability
Integrity
Wireless is easy to sniff. We still need
encryption services and key management. Key
freshness is an issue.
RF energy radiates, and wireless entities within
the radio coverage pattern may serve as witnesses
for the actions of the transmitter.
The value of a wireless network is its promise of
ubiquitous availability. Wireless networks are
easy to break!
Wireless hardware/equipment need to be safe from
modification. Data/control info should not be
modified before or during transit.
We still need traditional security methods. But
the wireless world has additional problems and
new modalities for solutions!
Privacy
Non Repudiation
Perpetual connectivity can mean constant
surveillance! With snooping one can monitor
mobility and handoffs between networks.
The pervasiveness of the wireless networks should
not mean that just anyone can participate! Example
Rogue APs
Location is a new form of information provided by
wireless systems that will facilitate new
services. Location information needs to be
trusted.
Wireless resources (e.g. power and spectrum) must
be managed. Greedy user behavior will cause
resource management to malfunction.
Location Services
Intrusion Detection
Resource Management
6
Drill DownSpecific Challenges and Some
Strategies
7
Availability Attack Radio Interference
Hello
Hi
  • Alice and Bob are attacked by malicious Mr. X.
  • A story for the problem of wireless denial of
    service attack we focus on.
  • Alice and Bob ? two communicating nodes, A and B.
  • Mr. X ? an adversarial interferer X.
  • Mr. Xs insane behavior ? the jamming style DoS.
  • People and nodes in wireless network both
    communicate via shared medium.
  • Jamming style DoS Attack
  • Behavior that prevents other nodes from using the
    channel to communicate by occupying the channel
    that they are communicating on

Bob
Alice
8
Availability Jamming Detection/Defense
  • Detection
  • Challenge is to discriminate between legitimate
    causes of poor connectivity and jamming
  • Motivation from The Art of War by Sun Tze
  • He who cannot defeat his enemy should retreat.
  • Defense Strategies
  • Spectral Evasion (Channel Surfing)
  • Spatial Evasion
  • Latency and synchronicity is an issue as you move
    to many node networks!
  • SDRs will allow more advanced forms of spectral
    evasion.

PDR VS. SS
Jammed Region
SS(dBm)
PDR
Channel Surfing Experiment
1.5
Packet Delivery Rate
1
0.5
Jammer turned on
Change channel
0
Trial Number (Time)
9
Intrusion Detection Wireless Spoofing
  • Many wireless security threats are possible
    because it is easy to spoof legitimate devices
    (ioctl/ipconfig)
  • Example
  • Attacker armed with a laptop having 2 wireless
    cards.
  • One card monitors all TCP traffic on the AP
    channel
  • Second card sends back TCP replies to select TCP
    requests (e.g. all requests for a particular web
    page). These are sent as if appearing from the
    server the user was connecting to.
  • At the MAC layer the attacker spoofs AP by
    injecting custom 802.11x frames with APs source
    MAC address.
  • Results
  • The user session is hijacked.
  • Requested service is DoSed.
  • Easy to launch flooding DoS attacks at
    higher-layer buffers

Internet
MAC x.y.z.w
10
Intrusion Detection Spoofing Defense
  • Spoofing can be addressed through authentication
    services
  • Traditional authentication services employ
    cryptographic solutions (e.g. MACs, signatures)
  • Light-weight alternatives can reduce the load on
    buffers into cryptographic functions
  • A lesson learned from 802.11
  • 802.11 has several fields controlled by firmware,
    which are hard for an attacker to bypass
  • The 12bit sequence field is increased
    monotonically by 1 for each packet
  • Monotonicity provides a rule whose violation is
    easy to detect
  • The sequence number was not intended to be a
    security field, but it can be!
  • We may introduce filters that check monotonic
    conditions (or more generic rules)

11
Wireless Localization Security
  • Location information will facilitate new
    computing services
  • Location-based file access control
  • Problem Localization methods are not secure!
  • Traditional cryptography and network security can
    address cryptographic attacks (Is this beacon
    really from the AP?)

Is cryptography alone enough?
No!
Localization algorithms depend on measurements
that are susceptible to attack!!
12
Attacks on Signal Strength
  • Distance is measured using the relationship
    between received signal strength and distance
  • Adversary may affect the receive signal power by
  • Alter transmit power of nodes
  • Remove direct path by introducing obstacles
  • Introduce absorbing or attenuating material
  • Introduce ambient channel noise

Power Received
r1
d1
Distance
Absorbing Material
13
Defenses for Wireless Localization
  • Dont rely entirely on traditional security!
  • Two-tier approach to defending wireless
    localization
  • Add Security and Robustness!

S E C U R I T Y
R O B U S T A L G
A L G O R I T H M
Add Authentication, Entity Verification, Etc
14
Questions ?
Write a Comment
User Comments (0)
About PowerShow.com