Your SlideShare is downloading. ×
Applied Networking-IV (2231114)
             Lecture Week-5
            Mobile Security-1




            Lecture by: Djad...
Mobile Security-2
                   Security-




                          Mobile
                         Security




...
Contents
     Introduction to Wireless
            Wireless World
            Wireless Threats
            Wireless Securi...
Wireless World (1/2)
History of Wireless Technologies
   Transmitting the 1st wireless radio signal in 1894 by G. Marconi
...
Wireless World (2/2)
    History of Wireless Security
        Eavesdropping and Jamming
            •   Banning radio scan...
Wireless Threats (1/2)
     Uncontrolled Terrain
            Anonymous, uncontrolled coverage areas
     Eavesdropping
   ...
Wireless Threats (2/2)
     Attacker Equipment
            Wireless Network Interface
             •   Wireless Ethernet N...
Wireless Security Protocols &
                  Cryptography (1/5)
     Removing the FUD (Fear, Uncertainty, Doubt) in
   ...
Wireless Security Protocols &
                  Cryptography (2/5)
     Secure Sockets Layer / Transport Layer Security
  ...
Wireless Security Protocols &
                   Cryptography (3/5)
      Secure Shell (SSH)
             designed to repl...
Wireless Security Protocols &
                  Cryptography (4/5)
     WTLS
            based on SSL/TLS, used by WAP dev...
Wireless Security Protocols &
                  Cryptography (5/5)
     802.1x
            layer 2 protocol
            to...
Security Consideration
                 for Wireless Devices (1/2)
Security Issues
     Devices
       • laptop, PDA, wire...
Security Consideration
                for Wireless Devices (2/2)

     Detailed Device Analysis (cont.)
            Wirel...
Cellular Networks (1/4)
  3 Methods for Spectrum Allocation : provides access to a given
  frequency for multiple users
  ...
Cellular Networks (2/4)
CDMA
    frequency hopping spread spectrum in 1940s - utilizing a wider frequency range
      •   ...
Cellular Networks (3/4)
 Security Threats
      Network Operator's Security Goals
        •    Authentication, Privacy, Da...
Cellular Networks (4/4)
     CDMA
            a 64-bit symmetric key (called A-Key) for authentication, no SIM card
      ...
Wireless Data Networks (1/3)
      General Demands
             faster throughput
             more global roaming capabil...
Wireless Data Networks (2/3)
      Mobitex
             wireless data technology developed by Ericsson in
             198...
Wireless Data Networks (3/3)
General Packet Radio Service (GPRS)
   GSM developed in 1990s
       packet-
       packet-ba...
Conclusion & Final Words




                              Mobile
                              Security
                 ...
Conclusion
   Threats to organizations are real and
   increasing, seamless mobility requires
   careful security planning...
Upcoming SlideShare
Loading in...5
×

Widyatama Lecture Applied Networking IV Week06 Mobile Security 2

1,461

Published on

Widyatama Lecture Applied Networking IV Week06 Mobile Security 2

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,461
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Widyatama Lecture Applied Networking IV Week06 Mobile Security 2"

  1. 1. Applied Networking-IV (2231114) Lecture Week-5 Mobile Security-1 Lecture by: Djadja.Sardjana, S.T., M.M. Djadja.Sardjana, www.slideshare.net/djadja Djadja.sardjana@widyatama.ac.id 18-Mar-10 18-Mar- Widyatama University-Informatics University- 1
  2. 2. Mobile Security-2 Security- Mobile Security 18-Mar-10 18-Mar- Widyatama University-Informatics University- 2
  3. 3. Contents Introduction to Wireless Wireless World Wireless Threats Wireless Security Protocols and Cryptography Security Considerations for Wireless Devices Wireless Technologies and Applications Cellular Networks Wireless Data Networks Wireless Standards and Technologies Wireless Deployment Strategies Implementing Wireless LANs : Security Considerations Enabling Secure Wireless Access to Data Real Examples from the Wireless World The Wireless Future Accessing Wireless LANs - 3-- -10 18-Mar 18 Mar- Widyatama University-Informatics University-
  4. 4. Wireless World (1/2) History of Wireless Technologies Transmitting the 1st wireless radio signal in 1894 by G. Marconi AM radio sets in 1920s by GE, AT&T, RCA • TV, radio, phone took 20-30 years to reach 25% of US population 20- After world war II • 1970s : 1st wireless networks analog, operated in a limited frequency range, only a low volume of simultaneous calls AT&T’ AT&T’s Advanced Mobile Phone Service in 1979 GSM (Global System for Mobile Communications) standard • 1980s : wireless markets start to evolve • 1990s : wireless networks mature 1st commercial GSM networks in 1991 (2001, 800 M users) 2G networks – TDMA, CDMA, Personal Digital Communications Wireless LAN standard (IEEE 802.11) in 1990 Bluetooth SIG in 1998 by Ericsson, IBM, Intel, Nokia, and Toshiba Wireless Internet, WAP in 1997 Obstacles • Economics : e.g. wireless-internet-capable cell phones, high price Bluetooth chipsets wireless-internet- • User experience : slow and inconvenience • Security : stock trading, access to corporate networks Market forecast • Wireless LAN (more than $3B) vs. Bluetooth (less than $1B) in 2005 - 4-- -10 18-Mar 18 Mar- Widyatama University-Informatics University-
  5. 5. Wireless World (2/2) History of Wireless Security Eavesdropping and Jamming • Banning radio scanners, testing encrypted voice and data • Communication Act of 1934, Electronic Communications Privacy Act in 1986 • Sending high volume of radio signals – Jamming • Possible breaches Interception of law enforcement data on specialized mobile radio, or CDPD networks Interception of credit card authorizations over wireless networks Stealing of cellular airtime Interception of e-mail messages on wireless Internet connections e- Physical breach of security at base stations Wireless Internet – Wireless Security • Secure Sockets Layer, Transport Layer Security • WAP Forum : Wireless Transport Layer Security S} -like alternative Does not provide end-to-end encryption end-to- Leaving data temporarily in an unencrypted – WAP Gap Wireless value chain • Device vendors (Nokia, Motorola, Ericsson, Samsung) Putting security features on handsets • Network operators ( Verizon, Vodafone, Sprint PCS) Wireless data introduced a new series of issues Trust relationship • Hardware providers • Contents / Application providers Potential breaches, loss of consumer confidence - 5-- -10 18-Mar 18 Mar- Widyatama University-Informatics University-
  6. 6. Wireless Threats (1/2) Uncontrolled Terrain Anonymous, uncontrolled coverage areas Eavesdropping Anonymous attacker passively intercepting radio signals and decoding the data being transmitted Sensitive data such as username and password in cleartext Password encryption algorithms such as MS NTLM can be easily broken Active eavesdropping – ARP spoofing : man-in-the-middle attack man-in-the- Communications Jamming DoS jamming Client jamming : jammed client loses connectivity and cannot access the application Base station jamming : a rogue stands in for the legitimate base station Injection and Modification of Data Inserting commands (control messages) to a base station Man-in-the- Man-in-the-Middle attack Rogue Client Rogue Network Access Points Attack Anonymity – searching network to gain free anonymous access Client-to- Client-to-Client Attacks Infrastructure Equipment Attacks – bypassing virtual LAN security : switch, MAC, routing attacks (Open Shortest Path First, Enhanced Interior Gateway Routing Protocol) - 6-- -10 18-Mar 18 Mar- Widyatama University-Informatics University-
  7. 7. Wireless Threats (2/2) Attacker Equipment Wireless Network Interface • Wireless Ethernet NIC • General Packet Radio Service / Cellular Digital Packet Data cellular telephony handset Jammer and specialized software Omnidirectional antennas (unity cain -> collinear), yagi antenna, parabolic Covert Wireless Channels Bridge air-gap networks air- Roaming Issues Mobile IP – location registration and packet redirection • Replay attacks to capture outbound traffic from the network Cryptographic Threats CDMA/GSM cellular network, wireless Ethernet networks Wired Equivalent Privacy (WEP) – cryptographic mechanism for 802.11 • Implementation flaws, key management issues (single static key for all users) - 7-- -10 18-Mar 18 Mar- Widyatama University-Informatics University-
  8. 8. Wireless Security Protocols & Cryptography (1/5) Removing the FUD (Fear, Uncertainty, Doubt) in solution OSI model Internet model – simplification of the OSI Wireless LAN security protocols To improve 802.11 security mechanisms Most using security protocols that exist in the network layer and above Cryptography Caesar Cipher (Plain text ↔ Cipher text) Primary areas where cryptography is used • Authentication • Encryption • Integrity - 8-- -10 18-Mar 18 Mar- Widyatama University-Informatics University-
  9. 9. Wireless Security Protocols & Cryptography (2/5) Secure Sockets Layer / Transport Layer Security SSL • solution to the security problems with web browsers TLS • successor of S} S} Other security protocols • Microsoft's Private Communications Technology • Secure Transport Layer Protocols • Wireless Transport layer Security Applications • SSL/TLS HTTP connection TCP established, SSL/TLS established, and then HTTP proceed over SSL/TLS. SSL/TLS relies on TCP for the connection and the addition of the SSL/TLS does not change the HTTP communication. HTTP over SSL/TLS is implemented over TCP port (443) not 80 • used to authenticate and encrypt a connection The authentication is accomplished by using public-key cryptography and is referred to as public- a handshake. The actual communications using SSL/TLS use a symmetrical encryption algorithm - 9-- -10 18-Mar 18 Mar- Widyatama University-Informatics University-
  10. 10. Wireless Security Protocols & Cryptography (3/5) Secure Shell (SSH) designed to replace Unix programs (telnet, rlogin, rshell, rcp) rshell, rcp) much like SSL/TLS • public key to set up and symmetric key for data transfer implementation of SSH protocol - Unix ssh program • eliminate security concerns (sniffing, hijacking, injection) with telenet port forwarding feature • if not (SSH server + SSH tunnel to user), firewall is configured to only allow traffic from the insecure network to the SSH server (and then to E-mail Server) E- Man-in-the- Man-in-the-Middle of SSL/TLS and SSH attack • intercept the handshake and replace the public keys exchanged with counterfeits keys solution • Public Key Infrastructure with Certificate Authority (holding key-signing parties) key- testing • 'dsniff' can be used for testing applications using SSL/TLS and SSH for MITM dsniff' attacks - 10 - -10 18-Mar 18-Mar- Widyatama University-Informatics University-
  11. 11. Wireless Security Protocols & Cryptography (4/5) WTLS based on SSL/TLS, used by WAP devices (handsets, PDAs) while SSL relies on TCP for reliability function (e.g., retransmission of lost packets), WAP devices using WTLS cannot use TCP; WAP devices only use UDP. 3 classes negotiated during the handshake process • WTLS class 1 : No certificates no authentication takes place, simply used to set up an encrypted channel • WTLS class 2 : Server certificate only client (handset) authenticates the server (by firmware of the handset) • WTLS class 3 : Client and server certificates both; implementation of a PKI WTLS similar to SSL/TLS, as WML to HTML, for WAP devices WEP (Wired Equivalent Privacy) included in 802.11 packet encrypted by generating an RC4 stream with a combination of 24-bit 24- initialization vector and shared key WEP key can be compromised in a few hours. common key for all users on a given wireless network 18-Mar-10 - 11Mar- 18- - Widyatama University-Informatics University-
  12. 12. Wireless Security Protocols & Cryptography (5/5) 802.1x layer 2 protocol to authenticate users and can optionally be used to establish encryption keys EAP(Extensible Authentication Protocol) is used to authenticate the users IP Sec lower in the protocol stack than SSL/WTLS, SSH, or WTLS : IP layer tunnel mode • enable all IP traffic to be encrypted and optionally authenticated inside a single session enabling technology behind VPN Implementation • Encapsulated Security Payload, Authentication Header • encryption standard algorithms for ESP : DES, Triple DES, AES • authentication algorithm for AH : Message Digest 5, Secure Hash Algorithm Modes • Transport mode : only encrypt data of the IP packet • Tunnel mode : encrypt entire packet including the headers IPSec VPN tunnel : VPN gateway + IPSec tunnel + remote user 18-Mar-10 - 12 - 18-Mar- Widyatama University-Informatics University-
  13. 13. Security Consideration for Wireless Devices (1/2) Security Issues Devices • laptop, PDA, wireless infrastructure (AP, bridge) mobile phone handset Physical security • loss of device -> lock Information leakage Device security features • factory or master passwords Application security • embedding passwords or keys into an application -> reverse-engineering reverse- • sensitive application Detailed Device Analysis Laptop • loss of data encryption keys (e.g., wired equivalent privacy keys, soft tokens, passwords) • not store the keys on the machine; HIDS, personal firewall software; disabling boot up with CD PDA • poor password protection; input mechanisms (e.g., wireless, infrared port, USB, Bluetooth) • encrypt sensitive data (Elliptic Curve Cryptography) - 13 - -10 18-Mar 18-Mar- Widyatama University-Informatics University-
  14. 14. Security Consideration for Wireless Devices (2/2) Detailed Device Analysis (cont.) Wireless Infrastructure • disable security features (EAP, WEP) or reveal network configuration information • use secure protocols (SSH, SSL, SNMPv3); disable insecure protocols (HTTP, SNMPv1) Handset • SMS handler vulnerable to attack -> DoS or execution of commands; DES key for SIM • WTLS 18-Mar-10 - 14 - 18-Mar- Widyatama University-Informatics University-
  15. 15. Cellular Networks (1/4) 3 Methods for Spectrum Allocation : provides access to a given frequency for multiple users Frequency Division Multiple Access (FDMA) Time Division Multiple Access (TDMA) Code Division Multiple Access (CDMA) FDMA used on the initial analog Advanced Mobile Phone System (AMPS) available spectrum divided into channels; each channel used for a single conversation FDMA assigns channels even if no conversations are taking place - less efficient only for voice transmission 2G wireless technologies • GSM : 80%, CDMA : 11%, PDC : 5%, traditional TDMA : 2%, iDEN : 1% TDMA digitizes the voice signal and turns the signal into a series of short packets uses a single-frequency channel for a very short time and migrates to another single- channel voice packets can occupy different time slots in different frequency ranges at the same time digital signal, better frequency allocation, support for multiple data types Global System for Mobile Communications (GSM) basis 18-Mar-10 - 15 - 18-Mar- Widyatama University-Informatics University-
  16. 16. Cellular Networks (2/4) CDMA frequency hopping spread spectrum in 1940s - utilizing a wider frequency range • increases signal quality and connections • more secure, decrease the risk of the signal being detected by unauthorized parties rather than dividing spectrum by time or frequency, adds a unique code onto each packet before transmission the same code is used at the receiving end to enable the conversation to be reconstructed stronger security, better (8-10 time than FDMA, 5 time than TDMA) frequency allocation, improved call (8- quality, simplified system planning (by using the same frequency in every sector of every cell) TDMA versus CDMA TDMA advantages • longer battery life (less transmitter power), less expensive infrastructure, widest deployment (GSM), international roaming (GSM), data security (GSM's Subscriber Identity Module cart) TDMA disadvantages • hard roaming handoffs, distortion (lower signal-to-noise ratio) signal-to- CDMA advantages • bandwidth efficiency, soft roaming handoffs (polls various cells and switches to the cell that offers the best signal and coverage), less distortion, strong voice security CDMA disadvantage • more expensive, no international roaming, no SIM card PDC (Personal Digital Cellular) based on TDMA in 800MHz and 1500MHz bandwidth efficiency, packet data, only in Japan iDEN (integrated Dispatch Enhanced Network) by Nextel wireless market called specialized mobile radio (SMR), walkie-talkie with a cellular phone, walkie- 18-Mar-10 18-Mar- - 16 - Widyatama University-Informatics University-
  17. 17. Cellular Networks (3/4) Security Threats Network Operator's Security Goals • Authentication, Privacy, Data and voice integrity, Performance Security Risks and Threats • Network and systems availability (DoS), Physical protection, Fraud (cloned or pirated handsets) (DoS), Types of Cellular Fraud • theft of handsets, sign up for services using false id, handset cloning, Combating Fraud • encryption (Electronic Serial Number), blacklist (track the ESNs of stolen phones), traffic analysis, legislation General Security Principles Encryption - size of key : 56-bit in DES 56- GSM handsets with SIM card (smart card with 32K/64K EEPROM) base transceiver station base station controller mobile switching center authentication center home location register / visitor location register operating and maintenance center GSM security authentication algorithm for handset (A3) block cipher algorithm to encrypt voice and data (A5/1 or A5/2) key generation algorithm (A8) - 17 - -10 18-Mar 18-Mar- Widyatama University-Informatics University-
  18. 18. Cellular Networks (4/4) CDMA a 64-bit symmetric key (called A-Key) for authentication, no SIM card 64- A- why not public keys - hardware limitation, infrastructure requirements Authentication • encryption algorithm CAVE (cellular authentication and voice encryption) • to minimize the risk of intercepting the A-Key in the air, dynamic value called shared secret data A- • steps commence a call; MSC retrieve subscriber info from HLR, MSC generates 24-bit random number for unique challenge 24- (RANDU); RANDU is transmitted to the phone, phone generate 18-bit AUTHU, MSC calculates AUTU which should 18- match Confidentiality • 64-bit Signaling Message Encryption Key (SMEKEY) 64- Shortcomings no mutual authentication poor security algorithms (replacing CAVE with SHA-1) SHA- no consistent SIM card mechanism on handset for key storage voice encryption not always 18-Mar-10 - 18 - 18-Mar- Widyatama University-Informatics University-
  19. 19. Wireless Data Networks (1/3) General Demands faster throughput more global roaming capabilities interoperability with internet Wireless Data Networks Cellular Digital Packet Data (CDPD) Mobitex General packet Radio Service (GPRS) Cellular Digital Packet Data (CDPD) standard developed in US in 1990s • offering wireless data services using AMPS (Advanced Mobile Phone Service) infrastructure advantages • speed (19.2 Kbps), TCP/IP based (compatible with Internet), quick call setup architecture • similar to wireless voice networks • mobile end system ... mobile database stations - mobile data intermediate system - Internet (firewall) security • similar to wireless voice network (CDMA) : unique id called NEI (Network Entity Identifier) • no tamper-resistant hardware such as SIM tamper- • Diffie- Diffie-Hellman key exchange • vulnerabilities no mutual authentication, local key storage (no SIM to store NEI) - 19 - -10 18-Mar 18-Mar- Widyatama University-Informatics University-
  20. 20. Wireless Data Networks (2/3) Mobitex wireless data technology developed by Ericsson in 1980s • operate in one of 4 frequency families (80MHz, 400MHz, 800MHz, 900MHz) • 8Kbps rate, 512-bytpe block transmission 512- • royalty-free license royalty- architecture • peer-to-peer ... base station - local switch - regional switch - national switch / peer-to- Internet application of the network : Blackberry wireless e- e- mail pager offered by Canadian-based Research in Canadian- Motion (RIM) • RIM device (32-bit Intel 386 processor, 2MB flash mem, 304Kb static RAM) security (32- mem, model focused on MS outlook & Lotus cc:Mail RIM security architecture • desktop - mail server - firewall - Internet - mobile network ... RIM handheld Mobitex vs. CDPD (Mobitex will outlast CDPD) (Mobitex • network infrastructure (eliminating AMPS hardware), strong industry association (Mobitex Operators Association led by Ericsson), greater coverage - 20 - -10 18-Mar 18-Mar- Widyatama University-Informatics University-
  21. 21. Wireless Data Networks (3/3) General Packet Radio Service (GPRS) GSM developed in 1990s packet- packet-based • compatibility with the Internet • always-on connection always- • efficient networks higher throughput use many time slots in parallel data split into chunks and sent simultaneously on multiple channels to a handset handsets Class A terminal (support GPRS and GSM and the simultaneous operation) Class B terminal (support GPRS and GSM but not simultaneously) Class C terminal (only GPRS) architecture base station - base station controller - SGSN - HLR / GGSN - Internet • SGSN : data router (service GPRS service node) • GGSN : gateway GPRS Support Node • other network components : charging gateway, border gateway, DNS, firewall and NMS DNS, security issues DoS against GGSN IP address spoofing GGSN - Internet - VPN server - corporate LAN • not end-to-end security(SGSN-GGSN), added cost(VPN), trust issue (enterprise - mobile end-to- security(SGSN- operator) - 21 - -10 18-Mar 18-Mar- Widyatama University-Informatics University-
  22. 22. Conclusion & Final Words Mobile Security Demo 18-Mar-10 18-Mar- Widyatama University-Informatics University- 22
  23. 23. Conclusion Threats to organizations are real and increasing, seamless mobility requires careful security planning Security incidents involving mobile and wireless environment are increasing Securing seamless mobility requires holistic approach that address people, process and technology 18-Mar-10 18-Mar- Widyatama University-Informatics University- 23

×