Your SlideShare is downloading. ×
eChallenges2005 Seinit
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

eChallenges2005 Seinit

558

Published on

Presentation made of the paper J. McGibney, M. PoncedeLeon, J. Ronan, Security for Heterogeneous Mobile Network Services, eChallenges, Ljubljana, Slovenia, October 2005.

Presentation made of the paper J. McGibney, M. PoncedeLeon, J. Ronan, Security for Heterogeneous Mobile Network Services, eChallenges, Ljubljana, Slovenia, October 2005.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
558
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SEINIT Security for Heterogenous Mobile Network Services John Ronan, Miguel Ponce de Leon, Jimmy McGibney TSSG, Waterford Institute of Technology Ireland
  • 2. Threats in Mobile/Wireless Networks
    • Eavesdropping by a third party
      • The medium is shared, public
      • Hard to precisely control transmission range
      • Often weak encryption
      • Sometimes no encryption
    • Bogus user
      • Masquerading as genuine customer to gain illegitimate access or perpetrate fraud (e.g. free calls on telecoms networks)
      • WiFi often has no authentication
      • Cloning of Subscriber Identity Module (SIM)
      • Stolen phones
    • Bogus network
      • Base station presenting itself as network to the user, for example to collect user data (not a major problem for GSM/UMTS at the moment)
    • Denial of service
      • e.g. by signal jamming
  • 3. The Need for a smart access point
    • WLAN: An open medium far more vulnerable than its “wired cousin”
    • It needs powerful security functions:
    • Authentication,Firewall, IDS, Honeypot, …
  • 4. What is an intrusion?
    • “ Any attempt to compromise the confidentiality, integrity, or availability of a computer or network”
    • “ Any attempt to bypass the security mechanisms of a computer or network”
  • 5. Intrusion Detection Systems
    • “ Burglar alarm” within the network (or host)
    Protected Network Firewall Internet IDS
    • Network-based Intrusion Detection System
  • 6. Honeypots
    • Definition:
      • “ A resource whose value lies in being probed, attacked or compromised”
      • System or component with no real-world value, set up to lure attackers
      • By definition, all activity on a honeypot is highly suspect
    • Advantages
      • Collect small data sets of high value
      • Reduce false positives
      • Catch new attacks, false negatives
      • Work in encrypted or IPv6 environments
      • Simple concept requiring minimal resources
    • Disadvantages
      • Limited field of view
      • Fingerprinting allows attackers to spot honeypots
      • May introduce risk
  • 7. Outline
    • Major ideas
      • The need for a smart access point
      • Combining IDS and Honeypot
      • Collaboration and “Reputation”
    • Architecture
      • Generic architecture
      • 5 main components
        • Sensor, Alert analysis, Action engine, Data control, Collaboration
      • IDMEF
    • Implementation
      • Prototype architecture
      • Hardware
      • CqureAP
      • Prelude-IDS
      • Snort
      • Honeyd
  • 8. Combining IDS and Honeypots
    • Common components
      • Data collection
      • Analysis and decision algorithm
      • Action module
    • Main differences
      • Honeypot must be used to be effective
      • IDS operate continuously on the data flow
    • Both are necessary:
      • IDS can provide information even if the honeypot is not the target of attacks .
      • When used the honeypot provides more accurate and valuable information .
  • 9. Major O utcomes /Results
    • A network of collaborative access points
    • Exchange security information through a common vehicle
    • Compute a “level of trust” for each host
    • 5 Main components
      • Sensors
      • Alert Analysis
      • Action engine
      • Collaboration
      • Data control
  • 10. Implementation - Use available components
    • CqureAP
      • Linux based a 802.11 wireless AP
    • Prelude-IDS
      • Our core framework: an hybrid IDS
    • Snort
      • Used as a nids and a wireless sensor
    • Honeyd
      • Used to provide various honeypot services
  • 11. Implementation - Prelude IDS
    • An hybrid, modular intrusion detection system, under GPL
    • Reason for choice:
      • Hybrid IDS, means multilayered intrusion detection
      • Modularity: convenient plugin framework to add and remove module
      • Extensibility: easy integration of existing or new application in the framework thanks to the libprelude library
      • IDMEF compliant
    • Main components :
      • Libprelude, prelude-manager, sensors
  • 12. Conclusion and outlook
    • Ideal is a system that:
    • Does not entirely rely on predetermined definitions such as signatures (so it can catch new attacks)
    • Can keep running in the event of an attack
    • Can learn to adapt to changing attack scenarios
    • Generates few false alerts

×