SlideShare a Scribd company logo

Mngn2005 wireless security

Download as PPT, PDF
Arpan Pal
Arpan Pal

The document discusses security in wireless networks. It provides an overview of security frameworks and protocols for various wireless standards including 802.11, Bluetooth, 802.15, 802.16 and GSM. It discusses state-of-the-art security measures and limitations. It also discusses needs and challenges for security in next generation converged wireless networks with anytime, anywhere connectivity and communication between people and devices/things.

1 of 42
Arpan Pal, MNGN2005 Wireless Security –Wireless Security – State-of-the-Art and FutureState-of-the-Art and Future Arpan PalArpan Pal Practice Head, DSP and Communications Center of Excellence for Embedded Systems Tata Consultancy Services Ltd.
Arpan Pal, MNGN2005 AgendaAgenda Security Framework State-of-the-art Next Generation Wireless – Security Needs Next Generation Wireless – Work Done @ TCS
Arpan Pal, MNGN2005 Things Required to protect a secure systemThings Required to protect a secure system  Integrity  Message transmitted never corrupted  Confidentiality  Certain information never disclosed to unauthorized entities  Authentication  Verify identity of peer node  Authorization  Perform pre-defined actions after authentication  Availability  Survivability of the network in Denial-of-Service attack  Nonrepudiation  Neither sender nor receiver of a message be able to deny transmission
Arpan Pal, MNGN2005 Security FrameworkSecurity Framework Security Protocol •Secured Session Initiation •Capability Negotiation •Authentication •Secured Data Transmission and Reception •Secure Session Termination Security Algorithms Key Generation Algorithm Cipher Algorithm Digestion Algorithm Digital Certificates Big Integer Math Library
Arpan Pal, MNGN2005 Wireless Local Area Network (WLAN)Wireless Local Area Network (WLAN) IEEE 802.11IEEE 802.11
Arpan Pal, MNGN2005 Wireless Local Area Network (802.11)Wireless Local Area Network (802.11) Infrastructure Ad hoc Networks/ Sensor Networks Acces s Point Acces s Point Distributio n System
Arpan Pal, MNGN2005 Wireless Local Area Network (802.11)Wireless Local Area Network (802.11) Application No security in upper layers Presentation Session Transport Network Data-link (MAC) Authentication, Encryption (WEP) and Integrity check (CRC) Physical Modulation (FHSS, DSSS, OFDM) protects eavesdropping 802.11
Arpan Pal, MNGN2005 Security Framework – 802.11Security Framework – 802.11 Security Protocol •Session Initiation •Start •Scan •Join •Capability Negotiation •Open/Shared Negotiation •WEP enabled or disabled •Authentication •Open Authentication •Challenge Text Password Protocol •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo NULL Cipher Algo RC4 CRC-32 NULL
Arpan Pal, MNGN2005 Wireless Local Area Network (802.11)Wireless Local Area Network (802.11)  WEP – Drawbacks  IV is 24 bits – Keyspace gets exhausted, quicker if packets are smaller  Shared Key is distributed manually  802.1X  Adopts EAP (Extensible Authentication Protocol)  2 – level Authentication  MD5 Wireless Station Access Point Authentication Server
Arpan Pal, MNGN2005 Wireless Local Area Network (802.11)Wireless Local Area Network (802.11)  802.11i  Adopts some part of 802.1X  128 bits encryption key, 128 bits IV – more security  Introduces TKIP (Temporal Key Integrity Protocol) • per-packet keying (PPK) – different key for each packet • a message integrity check (MIC) – better than CRC-32 checksum • a re-keying mechanism  Introduces AES (Advanced Encryption Standard) • Better encryption technology • Resource Consuming, so requires new hardware  Introduces WRAP (Wireless Robust Authentication Protocol)  Introduces CCMP (Counter Mode CBC MAC Protocol)
Arpan Pal, MNGN2005 BluetoothBluetooth
Arpan Pal, MNGN2005 Wireless Personal Area NetworkWireless Personal Area Network Bluetooth [IEEE 802.15.1]Bluetooth [IEEE 802.15.1]
Arpan Pal, MNGN2005 Wireless Personal Area NetworkWireless Personal Area Network Bluetooth [IEEE 802.15.1]Bluetooth [IEEE 802.15.1] Security
Arpan Pal, MNGN2005 Bluetooth SecurityBluetooth Security  3 security Modes – device can only support one at a time  Non-secure  Service-level enforced security  Link level enforced security – prior to channel setup  3 categories of device with 2 levels of trust  Trusted- previously authenticated and marked as trusted  Untrusted devices - known devices that have been previously authenticated, but are not marked as trusted  Unknown untrusted – no security information known
Arpan Pal, MNGN2005 Security Framework - BluetoothSecurity Framework - Bluetooth Security Protocol •Session Initiation •Capability Negotiation •Security Modes (Nonsecure, Service level enforced security, Link-level enforced Security) •Authentication •Exchange of Random Number •Challenge-Response Protocol •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo E2 , E3 Cipher Algo E0 E1 ,CRC NULL
Arpan Pal, MNGN2005 Wireless Personal Area Network (WPAN)Wireless Personal Area Network (WPAN) IEEE 802.15IEEE 802.15
Arpan Pal, MNGN2005 Wireless Personal Area NetworkWireless Personal Area Network [IEEE 802.15.3][IEEE 802.15.3]  Piconet Controller (PNC)  Sole source of local message control and facilitates admission of ordinary devices to the piconet
Arpan Pal, MNGN2005 Wireless Personal Area Network (WPAN)Wireless Personal Area Network (WPAN) [IEEE 802.15.3][IEEE 802.15.3] Security
Arpan Pal, MNGN2005 Security Framework - [IEEE 802.15.3]Security Framework - [IEEE 802.15.3] Security Protocol •Session Initiation •Capability Negotiation •Mode 0 (Unsecured) or Mode 1 (Secured) •Authentication: Challenge- Response Protocol between •DEV-DEV •PNC-DEV •New PNC- Old PNC •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo NULL Cipher Algo AES CRC NULL
Arpan Pal, MNGN2005 Wireless Metropolitan Area NetworkWireless Metropolitan Area Network (WMAN) IEEE 802.16(WMAN) IEEE 802.16
Arpan Pal, MNGN2005 Wireless Metropolitan Area NetworkWireless Metropolitan Area Network – IEEE 802.16– IEEE 802.16 Architecture Architecture 802.16 Base Station Subscriber Station
Arpan Pal, MNGN2005 Wireless Metropolitan Area NetworkWireless Metropolitan Area Network – IEEE 802.16– IEEE 802.16
Arpan Pal, MNGN2005 Security FrameworkSecurity Framework – IEEE 802.16– IEEE 802.16 Security Protocol •Session Initiation •Capability Negotiation •Authentication •Periodic Reauthorization and Key Refresh •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo RSA Cipher Algo DES, AES, TEK (3- DES, AES, RSA) X.509SHA-1
Arpan Pal, MNGN2005 Global System for Mobile CommunicationGlobal System for Mobile Communication (GSM)(GSM)
Arpan Pal, MNGN2005 Global System for Mobile CommunicationGlobal System for Mobile Communication SIM AuC HLR VLR MSC BS MS A3,A8, IMSI, Ki, Kc A5 A5, IMSI, Kc A3,A8, IMSI, Ki RAND, SRES, Kc RAND, SRES, Kc MS: Mobile Station BS: Base Station VLR: Visiting Location Register HLR: Home Location Register MSC: Mobile Switch Center AuC: Authentication Center RAND: Random SRES: Signed Response A3: Authentication Algorithm A5: Ciphering Algorithm A8: Ciphering Key Generation Algorithm IMSI: International Mobile Subscriber Identity Ki: Individual Subscriber Authentication Key Kc: Ciphering Key SIM: Subscriber Identity Module Smart Card
Arpan Pal, MNGN2005 Security Framework - GSMSecurity Framework - GSM Security Protocol •Session Initiation •Capability Negotiation •Exchange of Random Number •Exchange of Cryptographic Service primitives •Authentication •Challenge-Response Protocol •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo A8 Cipher Algo A5 A8, COMP-128 NULL
Arpan Pal, MNGN2005 Next Generation Wireless NetworksNext Generation Wireless Networks
Arpan Pal, MNGN2005 A Mobile LifestyleA Mobile Lifestyle HOME PUBLIC TRANSPORT AUTO WORK OUTDOORS RURAL WWAN WLAN WPAN WMAN HOT SPOTS Vision of Seamless MobilityVision of Seamless Mobility ChallengesChallenges • QoSQoS • SecuritySecurity ChallengesChallenges • QoSQoS • SecuritySecurity  Single-network fixed function devices evolving to multi-network multi-function “Always-on” Communication – anytime, anywhere, any network  Seamless transition across networks Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005
Arpan Pal, MNGN2005 WANWAN MANMAN LANLAN PANPAN 3G3G WCDMA/HSDPAWCDMA/HSDPA GPRS/EDGEGPRS/EDGE EVDOEVDO WiMAXWiMAX 802.16802.16 BroadbandBroadband Wi-Fi*Wi-Fi* 802.11802.11 UWBUWB andand Bluetooth*Bluetooth* Continuum of Wireless TechnologiesContinuum of Wireless Technologies NFCNFC RFID/RFID/ TAGTAG ** Subscriber StationsSubscriber Stations Next Generation Networks Span Usage RangeNext Generation Networks Span Usage RangeNext Generation Networks Span Usage RangeNext Generation Networks Span Usage Range Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005
Arpan Pal, MNGN2005 User Needs for Wireless 2010+User Needs for Wireless 2010+ ServicesServices Audio-Voice-Video-DataAudio-Voice-Video-Data ScalabilityScalability Network & DevicesNetwork & Devices User NeedsUser Needs Next Gen WiMAXNext Gen WiMAX 3GPP-LTE3GPP-LTE ETSI TISPANETSI TISPAN …….. Mobility,Mobility, Interference,Interference, CapacityCapacity Bandwidth,Bandwidth, Throughput, PowerThroughput, Power Consumption,Consumption, ComplexityComplexity Throughput, Latency,Throughput, Latency, Tolerance For Loss,Tolerance For Loss, Symmetric andSymmetric and Asymmetric ServicesAsymmetric Services Wireless RequirementsWireless Requirements Common User Needs Yield Common Wireless RequirementsCommon User Needs Yield Common Wireless RequirementsCommon User Needs Yield Common Wireless RequirementsCommon User Needs Yield Common Wireless Requirements Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005 Cross-layerCross-layer SecuritySecurity Cross-layerCross-layer SecuritySecurity CoverageCoverage AnywhereAnywhere
Arpan Pal, MNGN2005 Three Directions of Mobile EvolutionsThree Directions of Mobile Evolutions 3. Progress of Media Convergence3. Progress of Media Convergence 2. From the Growth in Quantity to the Growth in Quality 2. From the Growth in Quantity to the Growth in Quality 1. From Person to Person Communications to Non-Person Communications 1. From Person to Person Communications to Non-Person Communications Courtesy: Dr. Yasuo Hirata, Chairman, KDDI R&D Labs, IWS 2005Courtesy: Dr. Yasuo Hirata, Chairman, KDDI R&D Labs, IWS 2005
Arpan Pal, MNGN2005 Towards Ubiquitous Network SocietyTowards Ubiquitous Network Society Person Person Things Voice Mail Photo Home Appliance, RFID, Camera Data Video Data Whoever Wherever Whatever ITS 、 Sensor 、 Disk Person ThingsThings Courtesy: Dr. Yasuo Hirata, Chairman, KDDI R&D Labs, IWS 2005Courtesy: Dr. Yasuo Hirata, Chairman, KDDI R&D Labs, IWS 2005 Privacy Policy Core Items in Ubiquitous Environment Core Items in Ubiquitous Environment Security Policy Future Trends
Arpan Pal, MNGN2005 Courtesy: Dr. Henry Tirri, Nokia Research Center, IWS 2005Courtesy: Dr. Henry Tirri, Nokia Research Center, IWS 2005
Arpan Pal, MNGN2005 My personal Adaptive Global NETworkMy personal Adaptive Global NETwork (MAGNET)(MAGNET)  User-centric approach to improve the quality of life for the end-user  More smarter smarter, more responsive, and more accommodating Environments to the needs of the individual  Everything without jeopardizing privacy and security.
Arpan Pal, MNGN2005 My personal Adaptive Global NETworkMy personal Adaptive Global NETwork (MAGNET)(MAGNET) Bluetooth Internet Intranet WLAN Access Point Application Server IrDA WLAN Node B RNC 3G GGSN 3G SGSN UMTS RNC Radio Network Controller SGSN Serving GPRS Support Node GGSN Gateway GPRS Support Node Bluetooth Access Point
Arpan Pal, MNGN2005 Next Generation Service DeploymentNext Generation Service Deployment Courtesy:Courtesy: Ingo Elsen, Ericsson EurolabIngo Elsen, Ericsson Eurolab
Arpan Pal, MNGN2005 Security Requirements of FutureSecurity Requirements of Future – Its all about Convergence– Its all about Convergence  Convergence of heterogeneous networks (clusters)  Generic definition of identities and credentials  Generic AAA (Authentication, Authorization, Accounting)  Secure Roaming and Routing strategy  Convergence of Devices (Any Service Anywhere on Any capable device)  Security at every layer  Secure device discovery  Convergence of Applications and Services (Context-Awareness)  Secure Service discovery  Privacy Policy  Convergence of Content (Audio, Video, Data, Sensors)  Security at every layer  Content level security
Arpan Pal, MNGN2005 Next Generation Wireless Networks –Next Generation Wireless Networks – Work Done @ TCSWork Done @ TCS
Arpan Pal, MNGN2005 Physical Layer EncryptionPhysical Layer Encryption Conventional Stream Ciphering SystemsConventional Stream Ciphering Systems MAC PHY PHY Channel Encryption Function MAC Data Path Encryption Algorithm Key K MAC Decryption Function MAC Data Path Decryption Algorithm Key K Recording Point & Decryption Point Coincide Hardware  Encryption done at MAC layer  At the receiver  The decrypted data is available at Hardware-Software interface – hence recordable  Commutative Property of the Encryption operator (normally XOR) makes it prone to attacks – Vernam Cipher property
Arpan Pal, MNGN2005 MAC Channel Encoder Modulator Channel Demodulator Channel DecoderMAC PHY PHY Encryption Function Encryption Algorithm Key K Decryption Function Encryption Algorithm Key K  Encryption done at PHY layer  Encryption Function - XOR or some other PHY layer transforms like  Scrambling  Phase Shift between I and Q channels etc. Advantages  Decrypted data directly not available to the Hacker for Recording as normally PHY is located within a embedded chipset.  Presence of Difficult-to-Invert blocks like Channel Decoder between the recording point at MAC-PHY interface and Decryption point makes known plain-text attack very difficult Recording Point Decryption Point Hardware Decryption can be moved here also Encryption can be moved here also Physical Layer EncryptionPhysical Layer Encryption Proposed SystemProposed System
Arpan Pal, MNGN2005  Watermark  is the practice of imperceptibly altering a cover to embed a message about that cover  Challenges in Video • Embedding Watermark in the Compressed Domain, e.g. H.264 • Real-time performance • Encrypted Watermarking Content SecurityContent Security
Arpan Pal, MNGN2005 Thank YouThank You

Recommended

Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Tal Lavian Ph.D.
 
Webnesday - Introduction to LoRaWAN
Webnesday - Introduction to LoRaWANWebnesday - Introduction to LoRaWAN
Webnesday - Introduction to LoRaWAN
Martin Haas
 
Practical Examples of LoRaWAN in Action
Practical Examples of LoRaWAN in ActionPractical Examples of LoRaWAN in Action
Practical Examples of LoRaWAN in Action
Robin Harris
 
VPN
VPNVPN
VPN
Swarup Kumar Mall
 
Banv meetup 04162014
Banv meetup 04162014Banv meetup 04162014
Banv meetup 04162014
ozkan01
 
Introduction To LoRaWan
Introduction To LoRaWanIntroduction To LoRaWan
Introduction To LoRaWan
Ahmet Ensar Köprülü
 
IoT and LoRaWAN
IoT and LoRaWANIoT and LoRaWAN
IoT and LoRaWAN
Chris Herbert
 
Time Sensitive Networks: How changes to standard Ethernet enable convergence ...
Time Sensitive Networks: How changes to standard Ethernet enable convergence ...Time Sensitive Networks: How changes to standard Ethernet enable convergence ...
Time Sensitive Networks: How changes to standard Ethernet enable convergence ...
Erik van Hilten
 

Recommended

Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Tal Lavian Ph.D.
 
Webnesday - Introduction to LoRaWAN
Webnesday - Introduction to LoRaWANWebnesday - Introduction to LoRaWAN
Webnesday - Introduction to LoRaWAN
Martin Haas
 
Practical Examples of LoRaWAN in Action
Practical Examples of LoRaWAN in ActionPractical Examples of LoRaWAN in Action
Practical Examples of LoRaWAN in Action
Robin Harris
 
VPN
VPNVPN
VPN
Swarup Kumar Mall
 
Banv meetup 04162014
Banv meetup 04162014Banv meetup 04162014
Banv meetup 04162014
ozkan01
 
Introduction To LoRaWan
Introduction To LoRaWanIntroduction To LoRaWan
Introduction To LoRaWan
Ahmet Ensar Köprülü
 
IoT and LoRaWAN
IoT and LoRaWANIoT and LoRaWAN
IoT and LoRaWAN
Chris Herbert
 
Time Sensitive Networks: How changes to standard Ethernet enable convergence ...
Time Sensitive Networks: How changes to standard Ethernet enable convergence ...Time Sensitive Networks: How changes to standard Ethernet enable convergence ...
Time Sensitive Networks: How changes to standard Ethernet enable convergence ...
Erik van Hilten
 
ZIGBEE NETWORKS
ZIGBEE NETWORKSZIGBEE NETWORKS
ZIGBEE NETWORKS
naimish12
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
NetCraftsmen
 
Internet of Things: Comparison of Protocols & Standards
Internet of Things: Comparison of Protocols & StandardsInternet of Things: Comparison of Protocols & Standards
Internet of Things: Comparison of Protocols & Standards
Ashu Joshi
 
Introduction to Ti wireless solution: ZigBee
Introduction to Ti wireless solution: ZigBeeIntroduction to Ti wireless solution: ZigBee
Introduction to Ti wireless solution: ZigBee
Chiu-Hao Chen (Ted)
 
Zigbee technology2
Zigbee technology2Zigbee technology2
Zigbee technology2
Presentaionslive.blogspot.com
 
Future Proofing your Data Center Network
Future Proofing your Data Center NetworkFuture Proofing your Data Center Network
Future Proofing your Data Center Network
InnoTech
 
Intro to SDN - Part III
Intro to SDN - Part IIIIntro to SDN - Part III
Intro to SDN - Part III
Tallac Networks
 
Zigbee technology [autosaved]
Zigbee technology [autosaved]Zigbee technology [autosaved]
Zigbee technology [autosaved]
vandjadhav
 
Zigbee intro v5
Zigbee intro v5Zigbee intro v5
Zigbee intro v5
rajrayala
 
Intro to SDN - Part IV
Intro to SDN - Part IVIntro to SDN - Part IV
Intro to SDN - Part IV
Tallac Networks
 
The History and Evolution of SDN
The History and Evolution of SDNThe History and Evolution of SDN
The History and Evolution of SDN
Napier University
 
Intro to SDN - Part I
Intro to SDN - Part IIntro to SDN - Part I
Intro to SDN - Part I
Tallac Networks
 
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITBHow to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
SDNRG ITB
 
OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015
Scott Sneddon
 
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding EnginesEnabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Tal Lavian Ph.D.
 
2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Zigbee wireless control made easy
Zigbee wireless control made easyZigbee wireless control made easy
Zigbee wireless control made easy
rajrayala
 
Software Defined networking (SDN)
Software Defined networking (SDN)Software Defined networking (SDN)
Software Defined networking (SDN)
Milson Munakami
 
Wi fi
Wi fiWi fi
Wi fi
kendre1234
 
The Cloudification of the Data Center Network
The Cloudification of the Data Center NetworkThe Cloudification of the Data Center Network
The Cloudification of the Data Center Network
Enterprise Management Associates
 
(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks
Priyanka Aash
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matter
DESMOND YUEN
 

More Related Content

What's hot

ZIGBEE NETWORKS
ZIGBEE NETWORKSZIGBEE NETWORKS
ZIGBEE NETWORKS
naimish12
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
NetCraftsmen
 
Internet of Things: Comparison of Protocols & Standards
Internet of Things: Comparison of Protocols & StandardsInternet of Things: Comparison of Protocols & Standards
Internet of Things: Comparison of Protocols & Standards
Ashu Joshi
 
Introduction to Ti wireless solution: ZigBee
Introduction to Ti wireless solution: ZigBeeIntroduction to Ti wireless solution: ZigBee
Introduction to Ti wireless solution: ZigBee
Chiu-Hao Chen (Ted)
 
Zigbee technology2
Zigbee technology2Zigbee technology2
Zigbee technology2
Presentaionslive.blogspot.com
 
Future Proofing your Data Center Network
Future Proofing your Data Center NetworkFuture Proofing your Data Center Network
Future Proofing your Data Center Network
InnoTech
 
Intro to SDN - Part III
Intro to SDN - Part IIIIntro to SDN - Part III
Intro to SDN - Part III
Tallac Networks
 
Zigbee technology [autosaved]
Zigbee technology [autosaved]Zigbee technology [autosaved]
Zigbee technology [autosaved]
vandjadhav
 
Zigbee intro v5
Zigbee intro v5Zigbee intro v5
Zigbee intro v5
rajrayala
 
Intro to SDN - Part IV
Intro to SDN - Part IVIntro to SDN - Part IV
Intro to SDN - Part IV
Tallac Networks
 
The History and Evolution of SDN
The History and Evolution of SDNThe History and Evolution of SDN
The History and Evolution of SDN
Napier University
 
Intro to SDN - Part I
Intro to SDN - Part IIntro to SDN - Part I
Intro to SDN - Part I
Tallac Networks
 
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITBHow to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
SDNRG ITB
 
OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015
Scott Sneddon
 
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding EnginesEnabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Tal Lavian Ph.D.
 
2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Zigbee wireless control made easy
Zigbee wireless control made easyZigbee wireless control made easy
Zigbee wireless control made easy
rajrayala
 
Software Defined networking (SDN)
Software Defined networking (SDN)Software Defined networking (SDN)
Software Defined networking (SDN)
Milson Munakami
 
Wi fi
Wi fiWi fi
Wi fi
kendre1234
 
The Cloudification of the Data Center Network
The Cloudification of the Data Center NetworkThe Cloudification of the Data Center Network
The Cloudification of the Data Center Network
Enterprise Management Associates
 

What's hot (20)

ZIGBEE NETWORKS
ZIGBEE NETWORKSZIGBEE NETWORKS
ZIGBEE NETWORKS
 
Introduction to SDN
Introduction to SDNIntroduction to SDN
Introduction to SDN
 
Internet of Things: Comparison of Protocols & Standards
Internet of Things: Comparison of Protocols & StandardsInternet of Things: Comparison of Protocols & Standards
Internet of Things: Comparison of Protocols & Standards
 
Introduction to Ti wireless solution: ZigBee
Introduction to Ti wireless solution: ZigBeeIntroduction to Ti wireless solution: ZigBee
Introduction to Ti wireless solution: ZigBee
 
Zigbee technology2
Zigbee technology2Zigbee technology2
Zigbee technology2
 
Future Proofing your Data Center Network
Future Proofing your Data Center NetworkFuture Proofing your Data Center Network
Future Proofing your Data Center Network
 
Intro to SDN - Part III
Intro to SDN - Part IIIIntro to SDN - Part III
Intro to SDN - Part III
 
Zigbee technology [autosaved]
Zigbee technology [autosaved]Zigbee technology [autosaved]
Zigbee technology [autosaved]
 
Zigbee intro v5
Zigbee intro v5Zigbee intro v5
Zigbee intro v5
 
Intro to SDN - Part IV
Intro to SDN - Part IVIntro to SDN - Part IV
Intro to SDN - Part IV
 
The History and Evolution of SDN
The History and Evolution of SDNThe History and Evolution of SDN
The History and Evolution of SDN
 
Intro to SDN - Part I
Intro to SDN - Part IIntro to SDN - Part I
Intro to SDN - Part I
 
How to Implement SDN Technology in ITB
How to Implement SDN Technology in ITBHow to Implement SDN Technology in ITB
How to Implement SDN Technology in ITB
 
OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015OpenContrail Silicon Valley Meetup Aug 25 2015
OpenContrail Silicon Valley Meetup Aug 25 2015
 
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding EnginesEnabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
Enabling Active Flow Manipulation In Silicon-based Network Forwarding Engines
 
2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals
 
Zigbee wireless control made easy
Zigbee wireless control made easyZigbee wireless control made easy
Zigbee wireless control made easy
 
Software Defined networking (SDN)
Software Defined networking (SDN)Software Defined networking (SDN)
Software Defined networking (SDN)
 
Wi fi
Wi fiWi fi
Wi fi
 
The Cloudification of the Data Center Network
The Cloudification of the Data Center NetworkThe Cloudification of the Data Center Network
The Cloudification of the Data Center Network
 

Similar to Mngn2005 wireless security

(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks
Priyanka Aash
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matter
DESMOND YUEN
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
Nilesh Sapariya
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
cmstiernberg
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
cmstiernberg
 
CSG Huawei.pdf
CSG Huawei.pdfCSG Huawei.pdf
CSG Huawei.pdf
chien29091
 
Wpmc2004 phy protection
Wpmc2004 phy protectionWpmc2004 phy protection
Wpmc2004 phy protection
Arpan Pal
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
Rama Krishna M
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
Vishal Agarwal
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
Sreekanth GS
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
guestd7b627
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
Wireless lan
Wireless lanWireless lan
Wireless lan
Sajan Sahu
 
Wireless intelligent networking
Wireless intelligent networkingWireless intelligent networking
Wireless intelligent networking
Manish Kumar
 
WLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALAWLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALA
Saikiran Panjala
 
ICC icXchange Solution Brochure
ICC icXchange Solution BrochureICC icXchange Solution Brochure
ICC icXchange Solution Brochure
International Communications Corporation
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
Robb Boyd
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
International Communications Corporation
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
International Communications Corporation
 
Mobile security
Mobile securityMobile security
Mobile security
Eng Hasan Shamroukh CISCO Exams Author
 

Similar to Mngn2005 wireless security (20)

(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks(SACON) M T Karunakaran  - Quantum safe Networks
(SACON) M T Karunakaran  - Quantum safe Networks
 
Wi fi-security-the-details-matter
Wi fi-security-the-details-matterWi fi-security-the-details-matter
Wi fi-security-the-details-matter
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
 
Wireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring ApplicationsWireless Security Best Practices for Remote Monitoring Applications
Wireless Security Best Practices for Remote Monitoring Applications
 
CSG Huawei.pdf
CSG Huawei.pdfCSG Huawei.pdf
CSG Huawei.pdf
 
Wpmc2004 phy protection
Wpmc2004 phy protectionWpmc2004 phy protection
Wpmc2004 phy protection
 
5169 wireless network_security_amine_k
5169 wireless network_security_amine_k5169 wireless network_security_amine_k
5169 wireless network_security_amine_k
 
Wireless network security
Wireless network securityWireless network security
Wireless network security
 
Security Issues of IEEE 802.11b
Security Issues of IEEE 802.11bSecurity Issues of IEEE 802.11b
Security Issues of IEEE 802.11b
 
Security Issues of 802.11b
Security Issues of 802.11bSecurity Issues of 802.11b
Security Issues of 802.11b
 
Wlan security
Wlan securityWlan security
Wlan security
 
Wireless lan
Wireless lanWireless lan
Wireless lan
 
Wireless intelligent networking
Wireless intelligent networkingWireless intelligent networking
Wireless intelligent networking
 
WLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALAWLAN SECURITY BY SAIKIRAN PANJALA
WLAN SECURITY BY SAIKIRAN PANJALA
 
ICC icXchange Solution Brochure
ICC icXchange Solution BrochureICC icXchange Solution Brochure
ICC icXchange Solution Brochure
 
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless ControllerTechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
TechWiseTV Workshop: Cisco Catalyst 9800 Series Wireless Controller
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
 
Mobile security
Mobile securityMobile security
Mobile security
 

More from Arpan Pal

Mobisys io t_health_arpanpal
Mobisys io t_health_arpanpalMobisys io t_health_arpanpal
Mobisys io t_health_arpanpal
Arpan Pal
 
Tcs tele rehab-hod-0.4
Tcs tele rehab-hod-0.4Tcs tele rehab-hod-0.4
Tcs tele rehab-hod-0.4
Arpan Pal
 
Io t standard_bis_arpanpal
Io t standard_bis_arpanpalIo t standard_bis_arpanpal
Io t standard_bis_arpanpal
Arpan Pal
 
Healthcare arpan pal gws
Healthcare arpan pal gwsHealthcare arpan pal gws
Healthcare arpan pal gws
Arpan Pal
 
Io t of actuating things
Io t of actuating thingsIo t of actuating things
Io t of actuating things
Arpan Pal
 
Arpan pal u-world
Arpan pal u-worldArpan pal u-world
Arpan pal u-world
Arpan Pal
 
Arpan pal csi2012
Arpan pal csi2012Arpan pal csi2012
Arpan pal csi2012
Arpan Pal
 
Arpan pal ncccs
Arpan pal ncccsArpan pal ncccs
Arpan pal ncccs
Arpan Pal
 
Arpan pal tac tics2012
Arpan pal tac tics2012Arpan pal tac tics2012
Arpan pal tac tics2012
Arpan Pal
 
Arpan pal u world2012
Arpan pal u world2012Arpan pal u world2012
Arpan pal u world2012
Arpan Pal
 
Arpan pal gridcomputing_iot_uworld2013
Arpan pal gridcomputing_iot_uworld2013Arpan pal gridcomputing_iot_uworld2013
Arpan pal gridcomputing_iot_uworld2013
Arpan Pal
 
Arpan pal besu
Arpan pal besuArpan pal besu
Arpan pal besu
Arpan Pal
 
Bitm2003 802.11g
Bitm2003 802.11gBitm2003 802.11g
Bitm2003 802.11g
Arpan Pal
 
Contest presentation ocr
Contest presentation ocrContest presentation ocr
Contest presentation ocr
Arpan Pal
 
Contest presentation epg
Contest presentation epgContest presentation epg
Contest presentation epg
Arpan Pal
 
Embedded
EmbeddedEmbedded
Embedded
Arpan Pal
 
Grid computing iot_sci_bbsr
Grid computing iot_sci_bbsrGrid computing iot_sci_bbsr
Grid computing iot_sci_bbsr
Arpan Pal
 
Euro india2006 wirelessradioembeddedchallenges
Euro india2006 wirelessradioembeddedchallengesEuro india2006 wirelessradioembeddedchallenges
Euro india2006 wirelessradioembeddedchallenges
Arpan Pal
 
Generic mac
Generic macGeneric mac
Generic mac
Arpan Pal
 
Heig tcs
Heig tcsHeig tcs
Heig tcs
Arpan Pal
 

More from Arpan Pal (20)

Mobisys io t_health_arpanpal
Mobisys io t_health_arpanpalMobisys io t_health_arpanpal
Mobisys io t_health_arpanpal
 
Tcs tele rehab-hod-0.4
Tcs tele rehab-hod-0.4Tcs tele rehab-hod-0.4
Tcs tele rehab-hod-0.4
 
Io t standard_bis_arpanpal
Io t standard_bis_arpanpalIo t standard_bis_arpanpal
Io t standard_bis_arpanpal
 
Healthcare arpan pal gws
Healthcare arpan pal gwsHealthcare arpan pal gws
Healthcare arpan pal gws
 
Io t of actuating things
Io t of actuating thingsIo t of actuating things
Io t of actuating things
 
Arpan pal u-world
Arpan pal u-worldArpan pal u-world
Arpan pal u-world
 
Arpan pal csi2012
Arpan pal csi2012Arpan pal csi2012
Arpan pal csi2012
 
Arpan pal ncccs
Arpan pal ncccsArpan pal ncccs
Arpan pal ncccs
 
Arpan pal tac tics2012
Arpan pal tac tics2012Arpan pal tac tics2012
Arpan pal tac tics2012
 
Arpan pal u world2012
Arpan pal u world2012Arpan pal u world2012
Arpan pal u world2012
 
Arpan pal gridcomputing_iot_uworld2013
Arpan pal gridcomputing_iot_uworld2013Arpan pal gridcomputing_iot_uworld2013
Arpan pal gridcomputing_iot_uworld2013
 
Arpan pal besu
Arpan pal besuArpan pal besu
Arpan pal besu
 
Bitm2003 802.11g
Bitm2003 802.11gBitm2003 802.11g
Bitm2003 802.11g
 
Contest presentation ocr
Contest presentation ocrContest presentation ocr
Contest presentation ocr
 
Contest presentation epg
Contest presentation epgContest presentation epg
Contest presentation epg
 
Embedded
EmbeddedEmbedded
Embedded
 
Grid computing iot_sci_bbsr
Grid computing iot_sci_bbsrGrid computing iot_sci_bbsr
Grid computing iot_sci_bbsr
 
Euro india2006 wirelessradioembeddedchallenges
Euro india2006 wirelessradioembeddedchallengesEuro india2006 wirelessradioembeddedchallenges
Euro india2006 wirelessradioembeddedchallenges
 
Generic mac
Generic macGeneric mac
Generic mac
 
Heig tcs
Heig tcsHeig tcs
Heig tcs
 

Mngn2005 wireless security

  • 1. Arpan Pal, MNGN2005 Wireless Security –Wireless Security – State-of-the-Art and FutureState-of-the-Art and Future Arpan PalArpan Pal Practice Head, DSP and Communications Center of Excellence for Embedded Systems Tata Consultancy Services Ltd.
  • 2. Arpan Pal, MNGN2005 AgendaAgenda Security Framework State-of-the-art Next Generation Wireless – Security Needs Next Generation Wireless – Work Done @ TCS
  • 3. Arpan Pal, MNGN2005 Things Required to protect a secure systemThings Required to protect a secure system  Integrity  Message transmitted never corrupted  Confidentiality  Certain information never disclosed to unauthorized entities  Authentication  Verify identity of peer node  Authorization  Perform pre-defined actions after authentication  Availability  Survivability of the network in Denial-of-Service attack  Nonrepudiation  Neither sender nor receiver of a message be able to deny transmission
  • 4. Arpan Pal, MNGN2005 Security FrameworkSecurity Framework Security Protocol •Secured Session Initiation •Capability Negotiation •Authentication •Secured Data Transmission and Reception •Secure Session Termination Security Algorithms Key Generation Algorithm Cipher Algorithm Digestion Algorithm Digital Certificates Big Integer Math Library
  • 5. Arpan Pal, MNGN2005 Wireless Local Area Network (WLAN)Wireless Local Area Network (WLAN) IEEE 802.11IEEE 802.11
  • 6. Arpan Pal, MNGN2005 Wireless Local Area Network (802.11)Wireless Local Area Network (802.11) Infrastructure Ad hoc Networks/ Sensor Networks Acces s Point Acces s Point Distributio n System
  • 7. Arpan Pal, MNGN2005 Wireless Local Area Network (802.11)Wireless Local Area Network (802.11) Application No security in upper layers Presentation Session Transport Network Data-link (MAC) Authentication, Encryption (WEP) and Integrity check (CRC) Physical Modulation (FHSS, DSSS, OFDM) protects eavesdropping 802.11
  • 8. Arpan Pal, MNGN2005 Security Framework – 802.11Security Framework – 802.11 Security Protocol •Session Initiation •Start •Scan •Join •Capability Negotiation •Open/Shared Negotiation •WEP enabled or disabled •Authentication •Open Authentication •Challenge Text Password Protocol •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo NULL Cipher Algo RC4 CRC-32 NULL
  • 9. Arpan Pal, MNGN2005 Wireless Local Area Network (802.11)Wireless Local Area Network (802.11)  WEP – Drawbacks  IV is 24 bits – Keyspace gets exhausted, quicker if packets are smaller  Shared Key is distributed manually  802.1X  Adopts EAP (Extensible Authentication Protocol)  2 – level Authentication  MD5 Wireless Station Access Point Authentication Server
  • 10. Arpan Pal, MNGN2005 Wireless Local Area Network (802.11)Wireless Local Area Network (802.11)  802.11i  Adopts some part of 802.1X  128 bits encryption key, 128 bits IV – more security  Introduces TKIP (Temporal Key Integrity Protocol) • per-packet keying (PPK) – different key for each packet • a message integrity check (MIC) – better than CRC-32 checksum • a re-keying mechanism  Introduces AES (Advanced Encryption Standard) • Better encryption technology • Resource Consuming, so requires new hardware  Introduces WRAP (Wireless Robust Authentication Protocol)  Introduces CCMP (Counter Mode CBC MAC Protocol)
  • 12. Arpan Pal, MNGN2005 Wireless Personal Area NetworkWireless Personal Area Network Bluetooth [IEEE 802.15.1]Bluetooth [IEEE 802.15.1]
  • 13. Arpan Pal, MNGN2005 Wireless Personal Area NetworkWireless Personal Area Network Bluetooth [IEEE 802.15.1]Bluetooth [IEEE 802.15.1] Security
  • 14. Arpan Pal, MNGN2005 Bluetooth SecurityBluetooth Security  3 security Modes – device can only support one at a time  Non-secure  Service-level enforced security  Link level enforced security – prior to channel setup  3 categories of device with 2 levels of trust  Trusted- previously authenticated and marked as trusted  Untrusted devices - known devices that have been previously authenticated, but are not marked as trusted  Unknown untrusted – no security information known
  • 15. Arpan Pal, MNGN2005 Security Framework - BluetoothSecurity Framework - Bluetooth Security Protocol •Session Initiation •Capability Negotiation •Security Modes (Nonsecure, Service level enforced security, Link-level enforced Security) •Authentication •Exchange of Random Number •Challenge-Response Protocol •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo E2 , E3 Cipher Algo E0 E1 ,CRC NULL
  • 16. Arpan Pal, MNGN2005 Wireless Personal Area Network (WPAN)Wireless Personal Area Network (WPAN) IEEE 802.15IEEE 802.15
  • 17. Arpan Pal, MNGN2005 Wireless Personal Area NetworkWireless Personal Area Network [IEEE 802.15.3][IEEE 802.15.3]  Piconet Controller (PNC)  Sole source of local message control and facilitates admission of ordinary devices to the piconet
  • 18. Arpan Pal, MNGN2005 Wireless Personal Area Network (WPAN)Wireless Personal Area Network (WPAN) [IEEE 802.15.3][IEEE 802.15.3] Security
  • 19. Arpan Pal, MNGN2005 Security Framework - [IEEE 802.15.3]Security Framework - [IEEE 802.15.3] Security Protocol •Session Initiation •Capability Negotiation •Mode 0 (Unsecured) or Mode 1 (Secured) •Authentication: Challenge- Response Protocol between •DEV-DEV •PNC-DEV •New PNC- Old PNC •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo NULL Cipher Algo AES CRC NULL
  • 20. Arpan Pal, MNGN2005 Wireless Metropolitan Area NetworkWireless Metropolitan Area Network (WMAN) IEEE 802.16(WMAN) IEEE 802.16
  • 21. Arpan Pal, MNGN2005 Wireless Metropolitan Area NetworkWireless Metropolitan Area Network – IEEE 802.16– IEEE 802.16 Architecture Architecture 802.16 Base Station Subscriber Station
  • 22. Arpan Pal, MNGN2005 Wireless Metropolitan Area NetworkWireless Metropolitan Area Network – IEEE 802.16– IEEE 802.16
  • 23. Arpan Pal, MNGN2005 Security FrameworkSecurity Framework – IEEE 802.16– IEEE 802.16 Security Protocol •Session Initiation •Capability Negotiation •Authentication •Periodic Reauthorization and Key Refresh •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo RSA Cipher Algo DES, AES, TEK (3- DES, AES, RSA) X.509SHA-1
  • 24. Arpan Pal, MNGN2005 Global System for Mobile CommunicationGlobal System for Mobile Communication (GSM)(GSM)
  • 25. Arpan Pal, MNGN2005 Global System for Mobile CommunicationGlobal System for Mobile Communication SIM AuC HLR VLR MSC BS MS A3,A8, IMSI, Ki, Kc A5 A5, IMSI, Kc A3,A8, IMSI, Ki RAND, SRES, Kc RAND, SRES, Kc MS: Mobile Station BS: Base Station VLR: Visiting Location Register HLR: Home Location Register MSC: Mobile Switch Center AuC: Authentication Center RAND: Random SRES: Signed Response A3: Authentication Algorithm A5: Ciphering Algorithm A8: Ciphering Key Generation Algorithm IMSI: International Mobile Subscriber Identity Ki: Individual Subscriber Authentication Key Kc: Ciphering Key SIM: Subscriber Identity Module Smart Card
  • 26. Arpan Pal, MNGN2005 Security Framework - GSMSecurity Framework - GSM Security Protocol •Session Initiation •Capability Negotiation •Exchange of Random Number •Exchange of Cryptographic Service primitives •Authentication •Challenge-Response Protocol •Secured Data Transmission and Reception •Secure Session Termination Digestion Algo Digital Certificates Big Integer Math Library Key Gen Algo A8 Cipher Algo A5 A8, COMP-128 NULL
  • 27. Arpan Pal, MNGN2005 Next Generation Wireless NetworksNext Generation Wireless Networks
  • 28. Arpan Pal, MNGN2005 A Mobile LifestyleA Mobile Lifestyle HOME PUBLIC TRANSPORT AUTO WORK OUTDOORS RURAL WWAN WLAN WPAN WMAN HOT SPOTS Vision of Seamless MobilityVision of Seamless Mobility ChallengesChallenges • QoSQoS • SecuritySecurity ChallengesChallenges • QoSQoS • SecuritySecurity  Single-network fixed function devices evolving to multi-network multi-function “Always-on” Communication – anytime, anywhere, any network  Seamless transition across networks Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005
  • 29. Arpan Pal, MNGN2005 WANWAN MANMAN LANLAN PANPAN 3G3G WCDMA/HSDPAWCDMA/HSDPA GPRS/EDGEGPRS/EDGE EVDOEVDO WiMAXWiMAX 802.16802.16 BroadbandBroadband Wi-Fi*Wi-Fi* 802.11802.11 UWBUWB andand Bluetooth*Bluetooth* Continuum of Wireless TechnologiesContinuum of Wireless Technologies NFCNFC RFID/RFID/ TAGTAG ** Subscriber StationsSubscriber Stations Next Generation Networks Span Usage RangeNext Generation Networks Span Usage RangeNext Generation Networks Span Usage RangeNext Generation Networks Span Usage Range Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005
  • 30. Arpan Pal, MNGN2005 User Needs for Wireless 2010+User Needs for Wireless 2010+ ServicesServices Audio-Voice-Video-DataAudio-Voice-Video-Data ScalabilityScalability Network & DevicesNetwork & Devices User NeedsUser Needs Next Gen WiMAXNext Gen WiMAX 3GPP-LTE3GPP-LTE ETSI TISPANETSI TISPAN …….. Mobility,Mobility, Interference,Interference, CapacityCapacity Bandwidth,Bandwidth, Throughput, PowerThroughput, Power Consumption,Consumption, ComplexityComplexity Throughput, Latency,Throughput, Latency, Tolerance For Loss,Tolerance For Loss, Symmetric andSymmetric and Asymmetric ServicesAsymmetric Services Wireless RequirementsWireless Requirements Common User Needs Yield Common Wireless RequirementsCommon User Needs Yield Common Wireless RequirementsCommon User Needs Yield Common Wireless RequirementsCommon User Needs Yield Common Wireless Requirements Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005Courtesy: Dan Dahle, Senior Strategic Architect, Intel Corporation, IWS 2005 Cross-layerCross-layer SecuritySecurity Cross-layerCross-layer SecuritySecurity CoverageCoverage AnywhereAnywhere
  • 31. Arpan Pal, MNGN2005 Three Directions of Mobile EvolutionsThree Directions of Mobile Evolutions 3. Progress of Media Convergence3. Progress of Media Convergence 2. From the Growth in Quantity to the Growth in Quality 2. From the Growth in Quantity to the Growth in Quality 1. From Person to Person Communications to Non-Person Communications 1. From Person to Person Communications to Non-Person Communications Courtesy: Dr. Yasuo Hirata, Chairman, KDDI R&D Labs, IWS 2005Courtesy: Dr. Yasuo Hirata, Chairman, KDDI R&D Labs, IWS 2005
  • 32. Arpan Pal, MNGN2005 Towards Ubiquitous Network SocietyTowards Ubiquitous Network Society Person Person Things Voice Mail Photo Home Appliance, RFID, Camera Data Video Data Whoever Wherever Whatever ITS 、 Sensor 、 Disk Person ThingsThings Courtesy: Dr. Yasuo Hirata, Chairman, KDDI R&D Labs, IWS 2005Courtesy: Dr. Yasuo Hirata, Chairman, KDDI R&D Labs, IWS 2005 Privacy Policy Core Items in Ubiquitous Environment Core Items in Ubiquitous Environment Security Policy Future Trends
  • 33. Arpan Pal, MNGN2005 Courtesy: Dr. Henry Tirri, Nokia Research Center, IWS 2005Courtesy: Dr. Henry Tirri, Nokia Research Center, IWS 2005
  • 34. Arpan Pal, MNGN2005 My personal Adaptive Global NETworkMy personal Adaptive Global NETwork (MAGNET)(MAGNET)  User-centric approach to improve the quality of life for the end-user  More smarter smarter, more responsive, and more accommodating Environments to the needs of the individual  Everything without jeopardizing privacy and security.
  • 35. Arpan Pal, MNGN2005 My personal Adaptive Global NETworkMy personal Adaptive Global NETwork (MAGNET)(MAGNET) Bluetooth Internet Intranet WLAN Access Point Application Server IrDA WLAN Node B RNC 3G GGSN 3G SGSN UMTS RNC Radio Network Controller SGSN Serving GPRS Support Node GGSN Gateway GPRS Support Node Bluetooth Access Point
  • 36. Arpan Pal, MNGN2005 Next Generation Service DeploymentNext Generation Service Deployment Courtesy:Courtesy: Ingo Elsen, Ericsson EurolabIngo Elsen, Ericsson Eurolab
  • 37. Arpan Pal, MNGN2005 Security Requirements of FutureSecurity Requirements of Future – Its all about Convergence– Its all about Convergence  Convergence of heterogeneous networks (clusters)  Generic definition of identities and credentials  Generic AAA (Authentication, Authorization, Accounting)  Secure Roaming and Routing strategy  Convergence of Devices (Any Service Anywhere on Any capable device)  Security at every layer  Secure device discovery  Convergence of Applications and Services (Context-Awareness)  Secure Service discovery  Privacy Policy  Convergence of Content (Audio, Video, Data, Sensors)  Security at every layer  Content level security
  • 38. Arpan Pal, MNGN2005 Next Generation Wireless Networks –Next Generation Wireless Networks – Work Done @ TCSWork Done @ TCS
  • 39. Arpan Pal, MNGN2005 Physical Layer EncryptionPhysical Layer Encryption Conventional Stream Ciphering SystemsConventional Stream Ciphering Systems MAC PHY PHY Channel Encryption Function MAC Data Path Encryption Algorithm Key K MAC Decryption Function MAC Data Path Decryption Algorithm Key K Recording Point & Decryption Point Coincide Hardware  Encryption done at MAC layer  At the receiver  The decrypted data is available at Hardware-Software interface – hence recordable  Commutative Property of the Encryption operator (normally XOR) makes it prone to attacks – Vernam Cipher property
  • 40. Arpan Pal, MNGN2005 MAC Channel Encoder Modulator Channel Demodulator Channel DecoderMAC PHY PHY Encryption Function Encryption Algorithm Key K Decryption Function Encryption Algorithm Key K  Encryption done at PHY layer  Encryption Function - XOR or some other PHY layer transforms like  Scrambling  Phase Shift between I and Q channels etc. Advantages  Decrypted data directly not available to the Hacker for Recording as normally PHY is located within a embedded chipset.  Presence of Difficult-to-Invert blocks like Channel Decoder between the recording point at MAC-PHY interface and Decryption point makes known plain-text attack very difficult Recording Point Decryption Point Hardware Decryption can be moved here also Encryption can be moved here also Physical Layer EncryptionPhysical Layer Encryption Proposed SystemProposed System
  • 41. Arpan Pal, MNGN2005  Watermark  is the practice of imperceptibly altering a cover to embed a message about that cover  Challenges in Video • Embedding Watermark in the Compressed Domain, e.g. H.264 • Real-time performance • Encrypted Watermarking Content SecurityContent Security

Editor's Notes

  1. Authentication is based on a public-key based challenge response protocol, resulting in the establishment of a shared link key between the joining device and the PNC.
  2. Authentication is based on a public-key based challenge response protocol, resulting in the establishment of a shared link key between the joining device and the PNC.
  3. Authentication is based on a public-key based challenge response protocol, resulting in the establishment of a shared link key between the joining device and the PNC.
  4. Authentication is based on a public-key based challenge response protocol, resulting in the establishment of a shared link key between the joining device and the PNC.
  5. <number>
  6. <number>
  7. <number> 1 – Need to capture fixed as well as mobile. Need to make sure coverage comments includes mobility in talking points. 2 – User needs are functional, not qualitative. Should we add confidence/privacy/security. 3 – Moving from power users to mainstream. These exist today, but they are going mainstream.
  8. <number>
  9. <number>