Smartening the Environment using Wireless Sensor Networks in a Developing Country

Smartening the Environment using Wireless Sensor Networks in a Developing Country

Al-Sakib Khan PathanDepartment of Computer ScienceInternational Islamic University Malaysia

Wireless Network Security

3G, 4G Wireless PAN/LAN/MAN

Wireless Network Security

3G, 4G Wireless PAN/LAN/MAN

UTM, 23 May 2012

Guided and Unguided Media

• All types of communications need some kind of medium.

• The information is encoded in a signal that is carried through a medium.– Quality depends on the characteristics of the

medium.

• Two main groups of transmission media, namely the guided medium and the wireless medium.

2UTM, 23 May 2012

Guided and Unguided Media

• For the guided medium, there is a physical path (such as a cable) for electromagnetic wave propagation.

• For the wireless medium, the electromagnetic wave is transmitted through air, water, or vacuum (space).

• A wireless medium is also called an unguided medium.

3UTM, 23 May 2012

Wireless LAN

• A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier.

• The last link with the users is wireless, to give a network connection to all users in a building or campus.

• The backbone network usually uses cables.

4UTM, 23 May 2012

Wireless Network? Security?

5UTM, 23 May 2012

Source: http://www.pinellascomputers.com/wp-content/uploads/2011/07/wireless-networking-wifi-internet-setup.jpg

Wireless Network Features

• Wireless networks are treated as having more vulnerabilities than wired networks because of their – shared nature– naturally broadcasted states– unclear perimeters– invisible access

6UTM, 23 May 2012

What other “Wireless”?

• 3G Wireless Networks– 3G or 3rd generation mobile

telecommunications is a generation of standards for mobile phones and mobile telecommunication services fulfilling the International Mobile Telecommunications-2000 (IMT-2000) specifications by the International Telecommunication Union.

– Application services include wide-area wireless voice telephone, mobile Internet access, video calls and mobile TV, all in a mobile environment.

7UTM, 23 May 2012

What other “Wireless”?

• 4G Wireless Networks– In telecommunications, 4G is the fourth generation

of cell phone mobile communications standards. It is a successor of the third generation (3G) standards.

– 4G system provides mobile ultra-broadband Internet access, for example to laptops with USB wireless modems, to smartphones, & to other mobile devices.

– Conceivable applications include amended mobile web access, IP telephony, gaming services, high-definition mobile TV, video conferencing, 3D television.

8UTM, 23 May 2012

3G Wireless

9UTM, 23 May 2012

Source: http://www.topglobalusa.com/images/j041.gif

A Cell Tower

10UTM, 23 May 2012

3G and WiFi

11UTM, 23 May 2012

S: http://www.cryptech.com.au/wp-content/uploads/2010/03/difference-between-3g-mobile-broadband-and-wifi-wireless-network.png

What they have in Common?

• Wireless unguided medium.• Potential threat from anybody within the

range of wireless coverage/communication.

• Attenuation.• Distortion during signal propagation.• Noises.

• Do all of these impact security?

12UTM, 23 May 2012

Security Viewing Angles

• Viewing Angle 1– (a) Key Management– (b) Secure Routing – (c) Secure Services– (d) Intrusion Detection Systems (IDS) [outsider, insider]

• Viewing Angle 2– (a) Physical security– (b) Deployment security (sparse or dense, etc.) – (c) Topological security (cluster/flat, hierarchy/tree, etc.)– (d) Wireless communication security– (e) Data security

13UTM, 23 May 2012

Security Viewing Angles

• Viewing Angle 3: Holistic Security– (a) Application layer security– (b) Transport layer security– (c) Network layer security– (d) Data link layer security– (e) Physical layer security

• Holistic Security? – Still open research issue!

14UTM, 23 May 2012

Main Security Aspects

• Authentication• Authorization• Privacy/Confidentiality• Integrity• Non-repudiation

15UTM, 23 May 2012

3G Security: Background

• One of the aspects of GSM that has played a significant part in its global appeal is its set of security features

• GSM was the first public telephone system to use integrated cryptographic mechanisms

• GSM security model has been adopted, modified and extended for DECT, TETRA and 3GPP

16UTM, 23 May 2012

3GPP

• The 3rd Generation Partnership Project (3GPP) is a collaboration between groups of telecommunications associations, known as the Organizational Partners.

• The initial scope of 3GPP was to make a globally applicable 3G mobile phone system specification based on evolved Global System for Mobile Communications (GSM) specifications within the scope of the International Mobile Telecommunications-2000 project of the ITU.

17UTM, 23 May 2012

3GPP Security Principles

• Ensure that 3G security builds on the security of GSM where features that have proved to be needed and that are robust shall be adopted for 3G

• Ensure that 3G security improves on the security of second generation systems by correcting real and perceived weaknesses

• Ensure that new 3G security features are defined as necessary to secure new services offered by 3G

18UTM, 23 May 2012

3G Security Objectives

• Ensure that– information generated by or relating to a user is

adequately protected against misuse or misappropriation.

– the resources and services provided are adequately protected against misuse or misappropriation.

– the security features standardized are compatible with world-wide availability.

– the security features are adequately standardized to ensure world-wide interoperability and roaming between different serving networks.

19UTM, 23 May 2012

3G Security Objectives

• Ensure that– the level of protection afforded to users and

providers of services is better than that is provided in contemporary fixed and mobile networks (including GSM).

– the implementation of 3GPP security features and mechanisms can be extended and enhanced as required by new threats and services.

20UTM, 23 May 2012

3G Requirements Capture

• Based on the threat analysis, a comprehensive list of security requirements were captured and categorized

• The security requirements help identify which security features need to be introduced in order to counteract the threats

• The requirements capture has led to the identification of additional security features beyond those retained from GSM

21UTM, 23 May 2012

3G Security Arch: Background

22UTM, 23 May 2012

Source:Peter Howard , Vodafone, UKPresentation Slides

3G R99 Security Features (beyond GSM)

• Protection against active attacks on the radio interface– New integrity mechanism added to protect critical

signaling information on the radio interface– Enhanced authentication protocol provides

mutual authentication and freshness of cipher/integrity key towards the user

• Enhanced encryption– Stronger algorithm, longer key– Encryption terminates in the radio network

controller rather than the base station

23UTM, 23 May 2012

3G R99 Security Features (beyond GSM)

• Core network security– Some protection of signaling between network

nodes

• Potential for secure global roaming– Adoption of 3GPP authentication by TIA TR-45 /

3GPP2

24UTM, 23 May 2012

3G Security Architecture

25UTM, 23 May 2012

Home Environment (HE)Serving Network (SN)Access Network (AN)Mobile Terminal (MT)Terminal Equipment (TE)User Services Identity Module (USIM)

3G Network Architecture

26UTM, 23 May 2012

Circuit/ SignalingGateway

2G/2.5G2G

IN Services

Call Agent

FeatureServer(s)

RNC

3G

Data + Packet Voice

Circuit Switch

CircuitNetwork

Packet Network(Internet)

Packet Gateway

Radio Access Control

Voice

Mobility Manager

IP CoreNetwork

IP RAN

Intelligent Network (IN)Radio Network Controller (RNC)IP Radio Access Network (IP RAN)

Source: Presentation Slides of Myagmar, Gupta: UIUC, USA, 2001

Improved Security Features, 1

• Network Authentication– The user can identify the network

• Explicit Integrity– Data integrity is assured explicitly by use of

integrity algorithms– Also stronger confidentiality algorithms with

longer keys

• Network Security– Mechanisms to support security within and

between networks

27UTM, 23 May 2012

Improved Security Features, 2

• Switch Based Security– Security is based within the switch rather than

the base station

• IMEI Integrity– Integrity mechanisms for IMEI (International

Mobile Equipment Identity) provided from the start

• Secure Services– Protect against misuse of services provided by

SN and HE

28UTM, 23 May 2012

Improved Security Features, 3

• Secure Applications– Provide security for applications resident on

USIM

• Fraud Detection– Mechanisms to combating fraud in roaming

situations

• Flexibility– Security features can be extended and

enhanced as required by new threats and services

29UTM, 23 May 2012

Improved Security Features, 4

• Visibility and Configurability– Users are notified whether security is on and

what level of security is available– Users can configure security features for

individual services

• Compatibility– Standardized security features to ensure world-

wide interoperability and roaming– At least one encryption algorithm exported on

world-wide basis

30UTM, 23 May 2012

Improved Security Features, 5

• Lawful Interception– Mechanisms to provide authorized agencies

with certain information about subscribers

31UTM, 23 May 2012

Problems of 3G Security, 1

• IMSI (International Mobile Subscriber Identity) is sent in cleartext when allocating TMSI (Temporary Mobile Subscriber Identity) to user.

• The transmission of IMEI (International Mobile Equipment Identity) is not protected; IMEI is not a security feature.

• A user can be enticed to camp on a false BS. Once the user camps on the radio channels of a false BS, the user is out of reach of the paging signals of SN.

32UTM, 23 May 2012

Problems of 3G Security, 2

• Hijacking outgoing/incoming calls in networks with disabled encryption is possible. The intruder poses as a man-in-the-middle and drops the user once the call is set-up.

33UTM, 23 May 2012

4G Security?

• Two issues are at the forefront of 4G development:– the verification of users and – the limitation of network access in the

heterogeneous architecture.

• Other vulnerabilities involve providers utilizing different systems and the basis of user-centered design, which allows users to select their preferred connection method.

34UTM, 23 May 2012

Wireless PAN

• WPAN?– A wireless personal area network (WPAN) is a

personal area network - a network for interconnecting devices centered around an individual person's workspace - in which the connections are wireless.

• IrDA (Infrared Data Association)• Bluetooth• Wireless USB• Z-Wave• ZigBee• Body Area Network

35UTM, 23 May 2012

Wireless LAN/MAN

• WLAN?– Wireless connected LAN.

• WMAN?– A metropolitan area network (MAN) is a computer

network that usually spans a city or a large campus. A MAN usually interconnects a number of local area networks (LANs) using a high-capacity backbone technology, such as fiber-optical links, and provides up-link services to wide area networks (or WAN) and the Internet. Wireless Version!!

36UTM, 23 May 2012

What About Security?

• Common solutions may work in each type of network.

• Basic wireless security barriers are present but based on characteristics and network settings, things may be different and may demand specific security measures.

• Based on different standards, different security requirements are met.

37UTM, 23 May 2012

What About Security?

Two security services are mainly emphasized:

• Authentication– Shared Key Authentication

• Privacy/Confidentiality (Encryption)– Wired Equivalence Privacy

• Other aspects are often requirement specific.

38UTM, 23 May 2012

WLAN Security?

• 802.11 standard specifies the operating parameters of wireless local area networks (WLAN)– History: 802.11, b, a, g, i

• Minimal security in early versions.• Original architecture not well suited for

modern security needs.• 802.11i attempts to address security

issues with WLANs.

39UTM, 23 May 2012

IEEE 802.11b

• Wired Equivalent Privacy (WEP)– Confidentiality

• Encryption– 40-bit keys (increased to 104-bit by WEP2)– Based on RC4 algorithm

• Access Control– Shared key authentication + Encryption

• Data Integrity– Integrity checksum computed for all messages

40UTM, 23 May 2012

IEEE 802.11b

• Vulnerabilities in WEP– Poorly implemented encryption

• Key reuse, small keys, no keyed MIC

– Weak authentication– No key management– No interception detection

41UTM, 23 May 2012

IEEE 802.11b: Attacks

• Successful attacks on 802.11b– Key recovery - AirSnort– Man-in-the-middle– Denial of service– Authentication forging– Known plaintext– Known ciphertext

42UTM, 23 May 2012

IEEE 802.11i

• IEEE 802.11i-2004 or 802.11i, implemented as WPA2 (Wi-Fi Protected Access II), is an amendment to the original IEEE 802.11.

• The draft standard was ratified on 24 June 2004

• Later amendments in 2007 and 2012!

43UTM, 23 May 2012

Original IEEE 802.11i

• Security Specifications– Improved Encryption

• CCMP (AES), TKIP (Temporal Key Integrity Protocol), WRAP (Wireless Robust Authenticated Protocol)

– 2-way authentication– Key management– Ad-hoc network support– Improved security architecture

44UTM, 23 May 2012

802.11i Authentication

45UTM, 23 May 2012

802.11 Encryption

46UTM, 23 May 2012

802.11i: Potential Weaknesses

• Hardware requirements– Hardware upgrade needed for AES (Advanced

Encryption Standard) support• Strength of TKIP and WRAP questionable in the long term

– AS (auth. server) needed for 2-way authentication

• Complexity– The more complex a system is, the more likely it may

contain an undetected backdoor

• Patchwork nature of “fixing” 802.11b

47UTM, 23 May 2012

Connecting WLAN – Control?

• Options:– May be connected securely (WPA2, 802.11i, etc.)– If unsecured, connect to your secure systems

securely:• VPN – Virtual Private Network• SSL connections to secure systems

– Be careful not to expose passwords– Watch for direct attacks on untrusted networks

48UTM, 23 May 2012

802.11i Improvements

• 802.11i appears to be a significant improvement over 802.11b from a security standpoint

• Vendors are nervous about implementing 802.11i protocols due to how quickly WEP was compromised after its release

• Time will tell how effective 802.11i actually is• Wireless networks will not be completely secure

until the standards that specify them are designed from the beginning with security in mind

49UTM, 23 May 2012

Remarks – WLAN Security

• Wireless LAN Security also could be benefited by the advancements of security measures for other networks.

• The main reason that WLANs are attacked is due to their availability for long time and the medium used, where anybody can try to join in.

• All these apply to PAN and MAN as well!!

50UTM, 23 May 2012

References

[1] Marius Popovici, Daniel Crisan, Zagham Abbas, "Wireless Networks", http://ftp.utcluj.ro/pub/users/cemil/rlc/Wireless%20Networks.ppt

[2] Peter Howard, "3G Security Overview", Presentation Slides, Vodafone, UK

[3] http://www.3gpp.org/ftp/Specs/html-info/FeatureOrStudyItemFile-60150.htm

[4] Colin Blanchard, "Security for the Third Generation (3G) Mobile System", Network Systems & Security Technologies.

[5] Myagmar, Gupta , “3G Security Overview”, Presentation Slides of UIUC 2001.

[6] Kim W. Tracy, "Wireless LAN Security", NEIU, University Computing www.neiu.edu/~ncaftori/355/Wireless.ppt

51UTM, 23 May 2012

THANK YOU

52UTM, 23 May 2012

Questions and Answers

sakib.pathan@gmail.com , sakib@iium.edu.my

http://staff.iium.edu.my/sakib/

???53UTM, 23 May 2012

http://staff.iium.edu.my/sakib/ndclab