Embed Size (px)
Citation preview
CPET 565 Mobile Computing SystemsCPET 565 Mobile Computing Systems
Mobile and Wireless SecurityMobile and Wireless Security
Lecture 15Lecture 15
Hongli Luo Hongli Luo Indiana University-Purdue University Fort WayneIndiana University-Purdue University Fort Wayne
Mobile and Wireless SecurityMobile and Wireless Security Various Security RisksVarious Security Risks Traditional Security IssuesTraditional Security Issues Mobile and Wireless Security Issues Mobile and Wireless Security Issues Problems in Ad Hoc NetworksProblems in Ad Hoc Networks Additional Types of AttacksAdditional Types of Attacks
Various Security RisksVarious Security Risks Various Security RisksVarious Security Risks
• Physical SecurityPhysical Security• Communications SecurityCommunications Security• Emission Security (Electronic Signals)Emission Security (Electronic Signals)• Computer SecurityComputer Security• Network SecurityNetwork Security• Information SecurityInformation Security
Traditional Security IssuesTraditional Security Issues IntegrityIntegrity ConfidentialityConfidentiality NonrepudiationNonrepudiation AvailabilityAvailability
Traditional Security Issues Traditional Security Issues (cont.)(cont.) IntegrityIntegrity
• System Integrity: perform its intended functions in an System Integrity: perform its intended functions in an unimpaired manner, free from deliberate or unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the systeminadvertent unauthorized manipulation of the system
• Data Integrity: the receiver of the data can verify that Data Integrity: the receiver of the data can verify that the data have not been modified; in addition, no one the data have not been modified; in addition, no one should be able to substitute fake datashould be able to substitute fake data
• Integrity of Files and Information in transmissionIntegrity of Files and Information in transmission ConfidentialityConfidentiality
• Only intended recipient (s) can read the provided dataOnly intended recipient (s) can read the provided data• Access mechanism protection or encryptionAccess mechanism protection or encryption• Confidentiality of Files and Information in transmissionConfidentiality of Files and Information in transmission• Traffic flow confidentiality Traffic flow confidentiality
Traditional Security Issues Traditional Security Issues (cont.)(cont.)
NonrepudiationNonrepudiation• The sender should not be able to falsely deny The sender should not be able to falsely deny
(i.e. repudiate) sending data(i.e. repudiate) sending data• ExamplesExamples
AvailabilityAvailability• A third party with no access should not be A third party with no access should not be
able to block legitimate parties from using a able to block legitimate parties from using a resourceresource
• Denial-of-Service Attacks (DoS)Denial-of-Service Attacks (DoS)
Types of AttacksTypes of Attacks Access AttacksAccess Attacks Modification AttacksModification Attacks Denial-of-Service Attacks (DoS)Denial-of-Service Attacks (DoS) Repudiation AttacksRepudiation Attacks
Types of Attacks Types of Attacks (cont.)(cont.)
Access AttacksAccess Attacks• Snooping (looking through)Snooping (looking through)• Eavesdropping (listens)Eavesdropping (listens)• Interception (active)Interception (active)
Modification AttacksModification Attacks• ChangesChanges• InsertionInsertion• DeletionDeletion
Types of Attacks Types of Attacks (cont.)(cont.)
Denial-of-Service Attacks (DoS)Denial-of-Service Attacks (DoS)• Denial of access to informationDenial of access to information• Denial of access to applicationsDenial of access to applications• Denial of access to systemsDenial of access to systems• Denial of access to communicationsDenial of access to communications
Repudiation AttacksRepudiation Attacks• MasqueradingMasquerading• Denying an eventDenying an event
DoS Attacks - InformationDoS Attacks - Information The Computer Emergency Response The Computer Emergency Response
Team Coordination Center (CERT/CC) Team Coordination Center (CERT/CC) www.cert.org/advisories/www.cert.org/advisories/, , Denial of Services: Denial of Services: http://www.cert.org/tech_tips/denial_of_service.hhttp://www.cert.org/tech_tips/denial_of_service.htmltml
SecurityFocus’s bugtraq, SecurityFocus’s bugtraq, http://www.securityfocus.com/archive/1http://www.securityfocus.com/archive/1
SecuriTeam, SecuriTeam, http://www.securiteam.com/http://www.securiteam.com/
DoS AttacksDoS Attacks Syn_flood, Syn_flood, http://www.cert.org/advisories/CA-1996-http://www.cert.org/advisories/CA-1996-
21.html21.html
• TCP SYNC Flooding and IP Spoofing AttacksTCP SYNC Flooding and IP Spoofing Attacks Smurf, Smurf, http://www.cert.org/advisories/CA-1998-01.html http://www.cert.org/advisories/CA-1998-01.html
• Smurf IP Denial-of-Service AttacksSmurf IP Denial-of-Service Attacks
Ping_of_death, Ping_of_death, http://www.cert.org/advisories/CA-http://www.cert.org/advisories/CA-1996-26.html1996-26.html
• Denial-of-Service via pingDenial-of-Service via ping Teardrop, Teardrop, http://www.cert.org/advisories/CA-1997-http://www.cert.org/advisories/CA-1997-
28.html 28.html
Distributed DoS AttacksDistributed DoS Attacks Distributed Denial of Service (DDos) Distributed Denial of Service (DDos)
Attacks/Tools, Attacks/Tools, http://staff.washington.edu/dittrich/misc/ddos/ http://staff.washington.edu/dittrich/misc/ddos/
““mstream” Distributed DoS,mstream” Distributed DoS, http://www.cert.org/incident_notes/IN-2000-05.html http://www.cert.org/incident_notes/IN-2000-05.html
Distributed DOS attack software,Distributed DOS attack software, http://www.tenebril.com/src/spyware/distributed-dos-http://www.tenebril.com/src/spyware/distributed-dos-attack-software.phpattack-software.php
Mobile and Wireless SecurityMobile and Wireless Security Physical SecurityPhysical Security Information SecurityInformation Security
• EmailEmail• Contact databaseContact database• Price listsPrice lists• Personal Information ManagerPersonal Information Manager• Business plan, documentsBusiness plan, documents
Mobile and Wireless Security IssuesMobile and Wireless Security Issues Physical SecurityPhysical Security
• Detectability Detectability RF signalRF signal Changing frequenciesChanging frequencies Use very directional antennaUse very directional antenna Use minimal powerUse minimal power
• Resource Depletion/Exhaustion attack Resource Depletion/Exhaustion attack Shortens the lifespan of the battery, consumes all Shortens the lifespan of the battery, consumes all
the power in a batterythe power in a battery In Ad Hoc networks – attacks cause key routing In Ad Hoc networks – attacks cause key routing
nodes to fail, and leaving parts of the network nodes to fail, and leaving parts of the network unreachableunreachable
Mobile and Wireless Security Issues Mobile and Wireless Security Issues (cont.)(cont.)
Physical Intercept ProblemsPhysical Intercept Problems• Wireless/broadcastWireless/broadcast• Mitigation: Mitigation:
Directional antennaDirectional antenna Low-power transmissionsLow-power transmissions Frequency-hopping/spread spectrum technologyFrequency-hopping/spread spectrum technology Encryption techniques at higher layers Encryption techniques at higher layers
Mobile and Wireless Security Issues Mobile and Wireless Security Issues (cont.)(cont.)
Theft of ServicesTheft of Services War DrivingWar Driving
• Wireless card running some detection softwareWireless card running some detection software• GPSGPS• Driving around: detect the presence of wireless Driving around: detect the presence of wireless
networks, and GPS gives the location for later networks, and GPS gives the location for later referencereference
References (detection software):References (detection software):• http://www.netstumbler.com/http://www.netstumbler.com/• http://www.kismetwireless.net/ http://www.kismetwireless.net/ • http://www.wardriving.com/ http://www.wardriving.com/
Mobile and Wireless Security Issues Mobile and Wireless Security Issues (cont.)(cont.)
War WalkingWar Walking• Lightweight computer: PDA PocketPC, laptopLightweight computer: PDA PocketPC, laptop• Walking aroundWalking around
War Chalking (symbols)War Chalking (symbols)• Open networkOpen network• Closed networksClosed networks• WEP (Wired Equivalent Privacy) password protected WEP (Wired Equivalent Privacy) password protected
networknetwork
Problems in Ad Hoc NetworksProblems in Ad Hoc Networks Problems in Ad Hoc NetworksProblems in Ad Hoc Networks
• Data pass through several other Ad Hoc networksData pass through several other Ad Hoc networks• Man in the middle attack to copy or corrupt data in Man in the middle attack to copy or corrupt data in
transittransit Routing (risks)Routing (risks)
• SpoofingSpoofing ARP Spoofing: request an address and pass data to ARP Spoofing: request an address and pass data to
impersonatorimpersonator
• ARP cache poisoning: actively corrupt data as it pass ARP cache poisoning: actively corrupt data as it pass throughthrough
• Resource-exhaustion attackResource-exhaustion attack
Problems in Ad Hoc NetworksProblems in Ad Hoc Networks Key managementKey management
• Encryption and AuthenticationEncryption and Authentication• Creating, sharing, storing, encryption keysCreating, sharing, storing, encryption keys
Private key encryption (symmetric)Private key encryption (symmetric) P – plaintextP – plaintext C - ciphertextC - ciphertext
C = EC = Ekk(P)(P) P = DP = Dkk(C)(C) Public key encryption (asymmetric)Public key encryption (asymmetric)
C = EC = Eprivateprivate(P) P = D(P) P = Dpublicpublic(C)(C) C = EC = Epublicpublic(P) P=D(P) P=Dprivateprivate( C ) ( C )
Prekeying: not practical Prekeying: not practical
Problems in Ad Hoc NetworksProblems in Ad Hoc Networks ReconfiguringReconfiguring
• Dynamic nature Dynamic nature • Topology changes over timeTopology changes over time• Route may no longer workRoute may no longer work
Hostile EnvironmentHostile Environment• Unsecured physical locations (coffee shops, Unsecured physical locations (coffee shops,
airports, etc)airports, etc)• Ad Hoc networks of soldiersAd Hoc networks of soldiers
Additional Types of AttacksAdditional Types of Attacks ““Man in the Middle” AttacksMan in the Middle” Attacks Traffic AnalysisTraffic Analysis Replay AttacksReplay Attacks
• Reusing data in a packet observed by a malicious Reusing data in a packet observed by a malicious nodenode
Buffer-Overflow AttacksBuffer-Overflow Attacks• Extra data cause the program to execute different Extra data cause the program to execute different
code by changing variables values, program flow, or code by changing variables values, program flow, or similarsimilar
