remedies use of encrypted tunneling protocols (e.g. ipsec, secure shell) for secure data...
TRANSCRIPT
Remediesbull Use of encrypted tunneling protocols (eg IPSec Secure Shell) for secure data
transmission over an insecure network bull WEP2bull A stopgap enhancement to WEP implementable on some (not all) hardware not
able to handle WPA or WPA2 based onbull Enlarged IV value bull Enforced 128-bit encryption bull Remains vulnerable to known WEP attacks mdash at most it will just slow an attacker
down a bit bull WEPplusbull AKA WEP+ A proprietary enhancement to WEP by Agere Systems that enhances
WEP security by avoiding weak IVs It is only completely effective when WEPplus is used at both ends of the wireless connection As this cannot easily be enforced it remains a serious limitation It is possible that successful attacks against WEPplus will eventually be found It also does not necessarily prevent replay attacks
bull WPA and WPA2bull Either is much more secure than WEP To add support for WPA or WPA2 some
old Wi-Fi access points might need to be replaced or have their firmware upgraded
Mobile WirelessPersonal NW
Mobile WirelessPersonal NWbull
Roaming personal network such as PDA mobile phone laptop health monitoring devices etc-roaming personal network as the user might carry this network with him and roam from one public network to another1048707 Home personal network devices and components that belong to a userand are located at a remote site -might include home appliances such as TV or washing machine music directory VoIP server Email server and other services and devices -could also be the business environment of the user such as data repository andcalendar manager1048707 Foreign personal network devices and services that might complement theusersrsquo devices and services but do not belong to them -such as a large display screen that might be used by a roaming user as an extension to her personal network1048707 Public network networking infrastructure that connects the user to the Internet and thereby to her home (personal) network as well as to foreign (personal) networks
Service Discoveryamp Securitybull Existing service discovery protocols are Jini Salutation UPnP SLP and the
Bluetooth ServiceDiscovery Protocol
bull Two protocols that stand out here are Splendour and Secure Service Discovery Service
ndash have built in security The latter also handles mobilitybull Any PN will involve separate PANs communicating over shared infrastructure ndash be it
a wired Internet a WLAN or an UMTS cellular network bull Internet security schemes like RADIUS and DIAMETER bull Security features offered by WLANs and UMTS bull RADIUS
ndash is a client server protocol between an access server and a central RADIUS server
ndash Provides hop-by-hop security and a variety of authentication methods bull DIAMETER
ndash is based on RADIUSndash but it also provides end-to-end security and a mechanism for congestion control
bull Security in the IEEE 80211 family of protocols ndash has been bolstered by the introduction of the 8021x and the 80211i standards
bull UMTS provides mutual authentication between mobile terminal and base station bull KASUMI algorithm provides encryption and data integrity in a UMTS network bull Concept of ldquosabdboxrdquo to contain downloadimported apps
Security in Roaming
bull 1048707 Secure device-to-device communication This involves the case when a certain device wants
to join an ad hoc network for instance a Bluetooth device requesting to join a piconet Sincethere is no infrastructure in ad hoc networks it will be difficult to make a decision regardingthe trust of other parties The communication between devices also needs to be encrypted inorder to preserve confidentialitybull 1048707 Secure network communication After establishing a personal network consisting of variousdevices one needs to ensure that the networking aspects such as routing and addressing arehandled securely This involves detecting false routing entries denial of service attacks on thenetworking layers and so onbull 1048707 User to device authentication This involves the secure authentication and authorisation of auser before accessing a device belonging to the personal network Here the issue of userdeviceinteraction and authentication methods such as SIM cards biological prints etc mustbe addressedbull 1048707 Secure application level communication This involves addressing the security aspects ofthe inter-application interaction Here issues such as providing secure messaging or VoIPcommunication are to be addressed This is especially important as many applications usecentralised control points such as a VoIP server or a naming server With personal networksproviding intelligent and advanced services in an ad hoc manner such services and the AAAaspects related to them must be distributed
Credentials Provided to An Identity Provider
RFID Security
bull Types of RFID Tags
bull Types of Attacks
- Remedies
- Mobile WirelessPersonal NW
- Slide 3
- Service Discoveryamp Security
- Security in Roaming
- Credentials Provided to An Identity Provider
- RFID Security
-
Mobile WirelessPersonal NW
Mobile WirelessPersonal NWbull
Roaming personal network such as PDA mobile phone laptop health monitoring devices etc-roaming personal network as the user might carry this network with him and roam from one public network to another1048707 Home personal network devices and components that belong to a userand are located at a remote site -might include home appliances such as TV or washing machine music directory VoIP server Email server and other services and devices -could also be the business environment of the user such as data repository andcalendar manager1048707 Foreign personal network devices and services that might complement theusersrsquo devices and services but do not belong to them -such as a large display screen that might be used by a roaming user as an extension to her personal network1048707 Public network networking infrastructure that connects the user to the Internet and thereby to her home (personal) network as well as to foreign (personal) networks
Service Discoveryamp Securitybull Existing service discovery protocols are Jini Salutation UPnP SLP and the
Bluetooth ServiceDiscovery Protocol
bull Two protocols that stand out here are Splendour and Secure Service Discovery Service
ndash have built in security The latter also handles mobilitybull Any PN will involve separate PANs communicating over shared infrastructure ndash be it
a wired Internet a WLAN or an UMTS cellular network bull Internet security schemes like RADIUS and DIAMETER bull Security features offered by WLANs and UMTS bull RADIUS
ndash is a client server protocol between an access server and a central RADIUS server
ndash Provides hop-by-hop security and a variety of authentication methods bull DIAMETER
ndash is based on RADIUSndash but it also provides end-to-end security and a mechanism for congestion control
bull Security in the IEEE 80211 family of protocols ndash has been bolstered by the introduction of the 8021x and the 80211i standards
bull UMTS provides mutual authentication between mobile terminal and base station bull KASUMI algorithm provides encryption and data integrity in a UMTS network bull Concept of ldquosabdboxrdquo to contain downloadimported apps
Security in Roaming
bull 1048707 Secure device-to-device communication This involves the case when a certain device wants
to join an ad hoc network for instance a Bluetooth device requesting to join a piconet Sincethere is no infrastructure in ad hoc networks it will be difficult to make a decision regardingthe trust of other parties The communication between devices also needs to be encrypted inorder to preserve confidentialitybull 1048707 Secure network communication After establishing a personal network consisting of variousdevices one needs to ensure that the networking aspects such as routing and addressing arehandled securely This involves detecting false routing entries denial of service attacks on thenetworking layers and so onbull 1048707 User to device authentication This involves the secure authentication and authorisation of auser before accessing a device belonging to the personal network Here the issue of userdeviceinteraction and authentication methods such as SIM cards biological prints etc mustbe addressedbull 1048707 Secure application level communication This involves addressing the security aspects ofthe inter-application interaction Here issues such as providing secure messaging or VoIPcommunication are to be addressed This is especially important as many applications usecentralised control points such as a VoIP server or a naming server With personal networksproviding intelligent and advanced services in an ad hoc manner such services and the AAAaspects related to them must be distributed
Credentials Provided to An Identity Provider
RFID Security
bull Types of RFID Tags
bull Types of Attacks
- Remedies
- Mobile WirelessPersonal NW
- Slide 3
- Service Discoveryamp Security
- Security in Roaming
- Credentials Provided to An Identity Provider
- RFID Security
-
Mobile WirelessPersonal NWbull
Roaming personal network such as PDA mobile phone laptop health monitoring devices etc-roaming personal network as the user might carry this network with him and roam from one public network to another1048707 Home personal network devices and components that belong to a userand are located at a remote site -might include home appliances such as TV or washing machine music directory VoIP server Email server and other services and devices -could also be the business environment of the user such as data repository andcalendar manager1048707 Foreign personal network devices and services that might complement theusersrsquo devices and services but do not belong to them -such as a large display screen that might be used by a roaming user as an extension to her personal network1048707 Public network networking infrastructure that connects the user to the Internet and thereby to her home (personal) network as well as to foreign (personal) networks
Service Discoveryamp Securitybull Existing service discovery protocols are Jini Salutation UPnP SLP and the
Bluetooth ServiceDiscovery Protocol
bull Two protocols that stand out here are Splendour and Secure Service Discovery Service
ndash have built in security The latter also handles mobilitybull Any PN will involve separate PANs communicating over shared infrastructure ndash be it
a wired Internet a WLAN or an UMTS cellular network bull Internet security schemes like RADIUS and DIAMETER bull Security features offered by WLANs and UMTS bull RADIUS
ndash is a client server protocol between an access server and a central RADIUS server
ndash Provides hop-by-hop security and a variety of authentication methods bull DIAMETER
ndash is based on RADIUSndash but it also provides end-to-end security and a mechanism for congestion control
bull Security in the IEEE 80211 family of protocols ndash has been bolstered by the introduction of the 8021x and the 80211i standards
bull UMTS provides mutual authentication between mobile terminal and base station bull KASUMI algorithm provides encryption and data integrity in a UMTS network bull Concept of ldquosabdboxrdquo to contain downloadimported apps
Security in Roaming
bull 1048707 Secure device-to-device communication This involves the case when a certain device wants
to join an ad hoc network for instance a Bluetooth device requesting to join a piconet Sincethere is no infrastructure in ad hoc networks it will be difficult to make a decision regardingthe trust of other parties The communication between devices also needs to be encrypted inorder to preserve confidentialitybull 1048707 Secure network communication After establishing a personal network consisting of variousdevices one needs to ensure that the networking aspects such as routing and addressing arehandled securely This involves detecting false routing entries denial of service attacks on thenetworking layers and so onbull 1048707 User to device authentication This involves the secure authentication and authorisation of auser before accessing a device belonging to the personal network Here the issue of userdeviceinteraction and authentication methods such as SIM cards biological prints etc mustbe addressedbull 1048707 Secure application level communication This involves addressing the security aspects ofthe inter-application interaction Here issues such as providing secure messaging or VoIPcommunication are to be addressed This is especially important as many applications usecentralised control points such as a VoIP server or a naming server With personal networksproviding intelligent and advanced services in an ad hoc manner such services and the AAAaspects related to them must be distributed
Credentials Provided to An Identity Provider
RFID Security
bull Types of RFID Tags
bull Types of Attacks
- Remedies
- Mobile WirelessPersonal NW
- Slide 3
- Service Discoveryamp Security
- Security in Roaming
- Credentials Provided to An Identity Provider
- RFID Security
-
Service Discoveryamp Securitybull Existing service discovery protocols are Jini Salutation UPnP SLP and the
Bluetooth ServiceDiscovery Protocol
bull Two protocols that stand out here are Splendour and Secure Service Discovery Service
ndash have built in security The latter also handles mobilitybull Any PN will involve separate PANs communicating over shared infrastructure ndash be it
a wired Internet a WLAN or an UMTS cellular network bull Internet security schemes like RADIUS and DIAMETER bull Security features offered by WLANs and UMTS bull RADIUS
ndash is a client server protocol between an access server and a central RADIUS server
ndash Provides hop-by-hop security and a variety of authentication methods bull DIAMETER
ndash is based on RADIUSndash but it also provides end-to-end security and a mechanism for congestion control
bull Security in the IEEE 80211 family of protocols ndash has been bolstered by the introduction of the 8021x and the 80211i standards
bull UMTS provides mutual authentication between mobile terminal and base station bull KASUMI algorithm provides encryption and data integrity in a UMTS network bull Concept of ldquosabdboxrdquo to contain downloadimported apps
Security in Roaming
bull 1048707 Secure device-to-device communication This involves the case when a certain device wants
to join an ad hoc network for instance a Bluetooth device requesting to join a piconet Sincethere is no infrastructure in ad hoc networks it will be difficult to make a decision regardingthe trust of other parties The communication between devices also needs to be encrypted inorder to preserve confidentialitybull 1048707 Secure network communication After establishing a personal network consisting of variousdevices one needs to ensure that the networking aspects such as routing and addressing arehandled securely This involves detecting false routing entries denial of service attacks on thenetworking layers and so onbull 1048707 User to device authentication This involves the secure authentication and authorisation of auser before accessing a device belonging to the personal network Here the issue of userdeviceinteraction and authentication methods such as SIM cards biological prints etc mustbe addressedbull 1048707 Secure application level communication This involves addressing the security aspects ofthe inter-application interaction Here issues such as providing secure messaging or VoIPcommunication are to be addressed This is especially important as many applications usecentralised control points such as a VoIP server or a naming server With personal networksproviding intelligent and advanced services in an ad hoc manner such services and the AAAaspects related to them must be distributed
Credentials Provided to An Identity Provider
RFID Security
bull Types of RFID Tags
bull Types of Attacks
- Remedies
- Mobile WirelessPersonal NW
- Slide 3
- Service Discoveryamp Security
- Security in Roaming
- Credentials Provided to An Identity Provider
- RFID Security
-
Security in Roaming
bull 1048707 Secure device-to-device communication This involves the case when a certain device wants
to join an ad hoc network for instance a Bluetooth device requesting to join a piconet Sincethere is no infrastructure in ad hoc networks it will be difficult to make a decision regardingthe trust of other parties The communication between devices also needs to be encrypted inorder to preserve confidentialitybull 1048707 Secure network communication After establishing a personal network consisting of variousdevices one needs to ensure that the networking aspects such as routing and addressing arehandled securely This involves detecting false routing entries denial of service attacks on thenetworking layers and so onbull 1048707 User to device authentication This involves the secure authentication and authorisation of auser before accessing a device belonging to the personal network Here the issue of userdeviceinteraction and authentication methods such as SIM cards biological prints etc mustbe addressedbull 1048707 Secure application level communication This involves addressing the security aspects ofthe inter-application interaction Here issues such as providing secure messaging or VoIPcommunication are to be addressed This is especially important as many applications usecentralised control points such as a VoIP server or a naming server With personal networksproviding intelligent and advanced services in an ad hoc manner such services and the AAAaspects related to them must be distributed
Credentials Provided to An Identity Provider
RFID Security
bull Types of RFID Tags
bull Types of Attacks
- Remedies
- Mobile WirelessPersonal NW
- Slide 3
- Service Discoveryamp Security
- Security in Roaming
- Credentials Provided to An Identity Provider
- RFID Security
-
Credentials Provided to An Identity Provider
RFID Security
bull Types of RFID Tags
bull Types of Attacks
- Remedies
- Mobile WirelessPersonal NW
- Slide 3
- Service Discoveryamp Security
- Security in Roaming
- Credentials Provided to An Identity Provider
- RFID Security
-
RFID Security
bull Types of RFID Tags
bull Types of Attacks
- Remedies
- Mobile WirelessPersonal NW
- Slide 3
- Service Discoveryamp Security
- Security in Roaming
- Credentials Provided to An Identity Provider
- RFID Security
-