Wireless Network Security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Wireless Network Security

on

  • 1,427 views

 

Statistics

Views

Total Views
1,427
Views on SlideShare
1,427
Embed Views
0

Actions

Likes
0
Downloads
32
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Wireless Network Security Presentation Transcript

  • 1. On Survivability and Security in Wireless Infrastructure Networks and their Interaction Yi Qian, University of Puerto Rico at Mayagüez August 5, 2004 Presentation based on the paper recently submitted to IEEE Wireless Communications Magazine: by Prashant Krishnamurthy, David Tipper, and Yi Qian, “On Survivability and Security in Wireless Infrastructure Networks and their Interaction”
  • 2. Agenda Introduction What is Information Assurance? 4G/Hybrid Wireless Networks Security in Wireless Networks Current approaches Issues and problems Research areas and some results Survivability in Wireless Networks Network design for wireless wide area networks Traffic restoration protocols for recovery under failure Ongoing work and conclusions August 5, 2004 2
  • 3. Introduction Wireless networks are becoming ubiquitous Hospitals, homes, m-commerce, gaming, transportation, etc. 20% of physicians will use handheld devices for daily medical transactions by 2004 (Source: W.R. Hambrecht & Co.) Wireless gaming market estimates (Source: Datamonitor) Asian-Pacific market $10.3 billion in 2006 from $827 million in 2001 The U.S. market $3 billion in 2006 from $20 million in 2001 Banking services, bill payment, ordering, reserving or paying for goods or infotainment using PDAs or Cellphones Information Assurance? August 5, 2004 3
  • 4. Information Assurance Definition1: “Operations undertaken to protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non- repudiation” Availability Survivability and Fault Tolerance Sufficient Working & Spare Capacity Traffic Restoration Protocols, Alarms and Network Management Security Integrity, authentication, confidentiality and non-repudiation 1From From the Information Assurance Advisory Council (IAAC) August 5, 2004 4
  • 5. Information Assurance Information Assurance Information Security Survivability and Fault Tolerance Availability: Confidentiality Design for working capacity Authentication Design for spare capacity Integrity Protocols for automatic Identification reconfiguration Access control Ability to recover from physical and security attacks August 5, 2004 5
  • 6. 4G/Hybrid Wireless Networks All traffic is packet data e.g. Voice will be carried using VoIP There will be a mix of many types of technologies Wide area – 2.5G, 3G or 3G-like systems Local area and hot spots - 802.11/HIPERLAN systems Personal area – Bluetooth & 802.15 systems (sensors etc.) There must be seamless roaming between such systems Already service providers are using 802.11 (BT, T-Mobile and Sprint) for broadband access Information assurance becomes more important Link and node failures, congestion, interference Fraud, exposure of sensitive data, denial of service, etc. August 5, 2004 6
  • 7. 4G/Hybrid Wireless Networks August 5, 2004 7
  • 8. Wireless security/survivability framework Subsystem Components Communication Links Function Mobile units, base Digital radio channels Define physical interface for Radio stations, WLAN access with TDMA, FDMA, or radio communication Network points, BS controllers CDMA, or CSMA, BS cluster management, Subsystem wireline links and/or Radio channel management, (RNS) terrestrial microwave MAC signaling Access BS, BSC, MSC, AP Wireline links and/or Connection management, Network signaling network, terrestrial microwave Mobility management Subsystem SGSN, GGSN (ANS) Intelligent MSC, HLR, VLR, EIR, Wireline links and/or Service management, Network AUC, mobileIP signaling, terrestrial microwave Mobility management Subsystem RADIUS (INS) August 5, 2004 8
  • 9. Information Assurance Information Assurance Information Security Survivability and Fault Tolerance Confidentiality Design for working capacity Authentication Design for spare capacity Integrity Protocols for automatic Identification reconfiguration Access control Ability to recover from failures as well as security breaches August 5, 2004 9
  • 10. Network Security Basics Requirements & Policies Security Architecture Information Security Features or Services Security Attacks Security Mechanisms August 5, 2004 10
  • 11. Terminology Security Attack Examples of Security Attacks Any action that compromises the security of information Interception, masquerade, fabrication, modification, traffic Security Feature or Service analysis Measures intended to counter Examples of Security Features security attacks by employing security mechanisms based on the Data confidentiality, user security requirements authentication, entity authentication, non-repudiation Security Mechanism Examples of Security Mechanisms An element, protocol, or technique used to defend, prevent or recover To implement data confidentiality, against security attacks a stream cipher using a cipher key derived from a master key Security Architecture No single security mechanism All security features and can provide all security features mechanisms taken together Encryption of some sort is necessary for most security features August 5, 2004 11
  • 12. General Remarks No single security mechanism can provide all security features Encryption of some sort is necessary for most security features Secrecy of encryption algorithms is not a guarantee of security Most secret key encryption schemes can only be broken by brute force They need key sizes that are at least 80 bits Public key encryption schemes have mathematical attacks They need larger key sizes (1024 bits) They are computationally more intensive Key management is an onerous task Certificates (based on public-key schemes) have reduced this problem significantly in wired networks Emerging trends – AES, Elliptic curves, and N’tru August 5, 2004 12
  • 13. Wireless Network Security Wireless Infrastructure Network Security Backhaul Security Over-the-air Security Entity Key Confidentiality Authentication Management Zero Knowledge Block Cipher Derived Keys Key Distribution Password Stream Cipher Center Challenge- Public Key Response Certificates Green: Current Implementation Unilateral Red: Some work Secure Routing in Black: Wired networks Ad Hoc Networks Mutual August 5, 2004 13
  • 14. Security Issues and Problems in 4G/Hybrid Networks Data is bursty, not continuous Security features/services need to be different e.g: No message authentication in current networks Encryption is used primarily for confidentiality There is entity authentication when the call is set-up => In current cellular networks, ciphering mode is used on a per-call basis Roaming between networks When there is an inter-tech or vertical handoff, there is need for migrating the “security association” Variety of security levels & capabilities in devices and networks Wireless specific issues Battery life of the MS Will affect the encryption algorithms and Computational complexity security protocols and thus the Bandwidth security policies Effects of the radio channel August 5, 2004 14
  • 15. The Large Questions What security features or services must be enforced when a mobile station (MS) roams from one system to another? Entity authentication, key agreement or set-up, message authentication at the point of access (BS or AP), etc. At what layers should the services be implemented? MAC level, network level, application level, physical layer, etc. Which is more efficient and why? What security architecture must be in place to support such roaming seamlessly? Authentication centers, algorithm-agile base stations, multiple repositories of master keys, separated sets of master keys, certificate infrastructure, etc. What security policies need to be in place in this architecture? August 5, 2004 15
  • 16. Typical Security Issues Sub Network Secret Information Messages Information to be secured System Components RNS MS, BS, WLAN Subscriber identity, Signaling messages Beacon, BCCH, Pilot need to be AP Shared secret master (RRM, MM) checked for integrity; Challenge, key, Session key(s), Challenge, Response response, nonces need to be Random nonces Voice/data traffic authenticated; Voice/data traffic needs to be confidential ANS BS, BSC, Shared keys between Signaling messages All traffic need authentication and SGSN, MSC, entities for each Voice/Data traffic data integrity especially nonces GGSN session, random and RRM, MM messages nonces INS SGSN/GGSN, Certificates, Shared Challenge, Response, Session key needs to be MSC, VLR, secret master key, Session key, key confidential; Challenge, response AuC, RADIUS Subscriber ID, distribution & and nonces need to be tested for server, AP session keys, nonces agreement, Nonces integrity and authentication August 5, 2004 16
  • 17. Information Assurance Information Assurance Information Security Survivability and Fault Tolerance Confidentiality Design for working capacity Authentication Design for spare capacity Integrity Protocols for automatic Identification reconfiguration Access control Ability to recover from failures as well as security breaches August 5, 2004 17
  • 18. Network Survivability Goal Maintain service for certain failure scenarios at a reasonable cost Analysis Understand system functionality after failures Design Adopt network architecture to minimize the impact of failures/attacks on network services Prevention (e.g. backup power supply), security,etc. Topology design and capacity allocation Network management/restoration procedures August 5, 2004 18
  • 19. Wireless Network Survivability Approach Wireless Network Survivability Ad Hoc Hybrid Infrastructure Networks Networks Cellular Networks Wireless LANs Spare Capacity Traffic Restoration Spare Capacity Traffic restoration Design Protocols Design Protocols Integrate the Pieces Wired Backhaul Radio August 5, 2004 19
  • 20. Survivability Approach Develop a survivability framework (IEEE Com. Mag, Jan 2002) Conduct a survivability analysis Quantify impact of different failures/attacks Develop survivable network design algorithms Wide Area cellular network Backhaul (wired) part of network <= focus here Wireless part of network WLAN Design Develop survivable network protocols Split into wireless and wired parts, cellular and WLAN parts Integrate pieces August 5, 2004 20
  • 21. Wireless Access Network Survivability Issues Wireless network characteristics make survivability issues different than wired networks • Tree-like network topology • Wireless Links • User mobility • Power conservation • Security Emerging high data-rate and multimedia services place additional requirements on survivability issues August 5, 2004 21
  • 22. Wireless Survivability Strategies Subsystem Robustness and Traffic Management and Redundancy Restoration Radio Network Spare RF components, Adaptive radio resource management: Subsystem Overlapping/scaleable admission control, packet scheduling, cells for multi-homing, bandwidth management, channel Survivable soft capacity switching, power control, load and coverage planning sharing/adaptation Access Network Spare links, Automatic protection switching, Subsystem Ring topologies, Dynamic rerouting protocols, Multi-homing Self-healing rings, Call gapping, Intelligent Physical diversity in Dynamic routing, Network signaling network links, Checkpoint protocols Subsystem Physical database diversity August 5, 2004 22
  • 23. Survivable Cellular Backhaul Network Design Problem Minimize AUC EIR -Total Network Cost HLR Given: VLR IBM - Traffic requirements MSC Variables: B N tw ks P*8 ay e or x50 R ST O O1 O 30 AO N 6 PWR ETH ALM ER LINK R 232 S C ALM FAN0 FAN1 PWR0 PWR 1 INS ACT ALM PC CARD Centillion 1400 SD B yNe rk P8 0 a two s * x5 OO 0 O 13 AO N 6 RST ETHER LINK RS232 C INS AC ALM T Centillion1400 SD -Topology -Channel capacity PCCARD ALM PWR AL M FAN0 FAN PWR PWR 1 0 1 BSC BSC SD B yNe rk a two s Centillion 1400 -Traffic Routing P8 0 * x5 RST ETHER LINK R 232 S C INS AC ALM T OO 0 O 13 AO N 6 PCCARD ALM PWR AL M FAN0 FAN PWR PWR 1 0 1 BSC -Location of BSC, MSC BS3 Constraints: BS3 BS2 BS4 BS2 BS4 BS1 -Link capacity BS1 BS7 BS5 -Reliability BS7 BS5 BS6 -Quality of service BS6 Split into wireless and wired part August 5, 2004 23
  • 24. Survivable Backhaul Network Design Formulated a set of survivable network design optimization problems APS, Ring, Mesh, look at tradeoffs. Optimization problems are Mixed Integer Programming Problems Include parameters in the model to oversize signaling and spare resources to absorb transients from user movement Consider green field and incremental design cases NP- Hard – solve for small networks using CPLX Developing heuristics for scaling solution to larger cases August 5, 2004 24
  • 25. Wireless Network Survivability: Summary Survivable network design needs to incorporate unique characteristics of wireless access networks Different survivability strategies could be used to guard against various network failures 2-phase network design (minimum cost + mesh restoration) was proposed for designing survivable wireless access networks Adaptive QoS on radio level and overlapping cells. Constraint satisfaction based design of WLANs Ongoing work focuses on 3G/4G including hybrid WLAN/3G wireless networks August 5, 2004 25
  • 26. Ongoing Work Security in 4G/Hybrid Wireless Networks Identification of vulnerabilities and attacks and development of a security architecture Protocol development for seamless roaming between WWANS and WLANs A containment based secure routing scheme for WLANs Survivability in 4G/Hybrid Wireless Networks Network design for 3G and 802.11 systems Network design for 4G/Hybrid wireless networks Traffic restoration protocols for fault tolerance Interaction between security and survivability August 5, 2004 26