Wireless Network Security Prof. Nasir Memon Department of Computer Science

Wireless Network Security

Prof. Nasir Memon

Department of Computer Science

11/28/2001 Wireless Security 2

Overview Introduction Data Encryption

Private Key Cryptography Public Key Cryptography

Digital Signatures Cryptographic Hash Functions Wireless Security Issues WEP


Network Security – Issues. Confidentiality– Can you keep a secret? Integrity – Did you get the message I sent? Availability – Are you there when needed? Identification – Who are you? Authentication – Can you prove who you

are? Access Control – What are you allowed to

do? Non-repudiability – Yes you did! Audit Trails – What have you been up to? Privacy – Can you treat my like a human?


Network Security - Why is it difficult? Complexity. Resource sharing. Unknown Perimeter. Many points of attack. Anonymity. Unknown Paths.


Type of Attacks in Computer Systems


Security Mechanisms Three basic building blocks are used:

Encryption is used to provide confidentiality, can provide authentication and integrity protection

Digital signatures are used to provide authentication, integrity protection, and non-repudiation

Checksums/hash algorithms are used to provide integrity protection, can provide authentication

One or more security mechanisms are combined to provide a security service


Services, Mechanisms, Algorithms A typical security protocol provides one

or more services Services are built from mechanisms Mechanisms are implemented using

algorithms


Protocol Stack

Socket

TCP/UDP

IP/IPSec

Mobile IP

Physical

Session mobility & WTLS

Data link

Application

Session Layer

Transport Layer

Network Layer


Network Layer: IPSec Advantages of IPSec

• Can protect a mix of application protocols running over a complex combination of media• Provides security services in the background• Secure all data communication• Multiple secure sessions can share the exchanged secret

Limitations of IPSec• Does not provide end-to-end security• Does not cover all security features• Does not prevent denial of service attacks• Does not stop traffic analysis


WTLS

Advantages of WTLS• Manages end-to-end as well as end-to-gatewaysecure wireless connections• Supports key refresh and transaction recovery

Limitations of WTLS• Does not cover all security features• Limited prevention against denial of service attacks• Does not stop traffic analysis• Secures data specific to the session only• Secure sessions cannot share exchanged secrets


Data Encryption Encryption is the process of encoding a message

such that its meaning is not obvious. Decryption is the reverse process.

We denote plaintext by P and ciphertext by C. C = E(P), P = D(C) and P = D(E(P)), where E() is

the encryption function (algorithm) and D() the decryption function.

Encryption DecryptionPlaintext PlaintextCiphertext

Secret Key


Symmetric and Asymmetric Cryptosystems

If the encryption key and the decryption key are the same then we have a symmetric encryption scheme (also private key, one-key).

If the encryption key and the decryption key are different then we have an asymmetric encryption scheme (also public key, two-key).


Example – Caesar Cipher Let messages be all lower case from a through

z (no spaces or punctuation).itsnotthathardtoread

Represent letters by numbers from 0 to 25. Encryption function

Ci = E(Pi ) = Pi + K.

where K is secret key and addition done modulo 26.

Decryption isPi = D(Ci ) = Ci - K.

UNIX ROT13 uses K as 13.


Cryptanalysis A cryptosystem should be secure

against the following kinds of attacks: Ciphertext only attack. Known plaintext attack. Chosen plaintext attack. Adaptive chosen plaintext attack. Chosen ciphertext attack. Chosen key attack.


Brute Force Attacks. If key space is finite, given a ciphertext a

cryptanalyst can try and check all possible keys. For above to be not feasible, key space should

be large!! How large? How about 256?

Large enough to make it impractical for an adversary. But what is impractical today, may not be so tomorrow.

In practice, for a “good” cryptosystem, the only possible attack should be the brute force attack, which should be impractical into the foreseeable future, as long as message may have value.


DES – Data Encryption Standard Private key. Encrypts by series of

substitution and transpositions. Worldwide standard for more than 20

years. Has a history of controversy. Designed by IBM (Lucipher) with later

help (interference?) from NSA. No longer considered secure for highly

sensitive applications. Replacement standard (AES - Rijndael)

has been selected.


DES - Overview


DES – Each iteration.


Triple DES

Triple DES (2 keys) requires 2112 search. Is reasonably secure.

3 keys requires 2168 .


Other Private Key Cryptosystems IDEA Twofish Blowfish RC4, RC5, RC6 Rijndael (AES Winner) Serpent MARS Feal


Private key cryptography revisited.

Key distribution and management is a serious problem! N users – O(N2) keys!


Public key cryptography

Key management problem not really that simple as we will see later!!! (trust).


One-way functions and trapdoors. A function f() is said to be one-way if given

x it is “easy” to compute y = f (x), but given y it is “hard” to compute x = f -1(y).

A trap-door one-way function fK() is such that to compute y = fK(x) is easy if K and x are known. x = f -1

K(y) is easy if K and y are known. x = f -1

K(y) is hard if y is known but K is unknown.

Given a trap-door one-way function one can design a public key cryptosystem.


Encryption and 1-way trap doors Two keys:

public encryption key e private decryption key d

encryption easy when e is known decryption hard when d is not known d provides “trap door”: decryption easy

when d is known We’ll study the RSA public key

encryption scheme.


RSA overview - setup Alice wants people to be able to send her

encrypted messages. She chooses two (large) prime numbers, p and

q and computes n=pq and . [“large” = 100 digits +]

She chooses a number e such that e is relatively prime to and computes d, the inverse of e in

She publicizes the pair (e,n) as her public key. She keeps d secret and destroys p, q, and

Plaintext and ciphertext messages are elements of Zn and e is the encryption key.

)(n

( ) ( 1) ( 1)n p q )(nZ

)(n


RSA overview - encryption Bob wants to send a message x (an

element of Zn) to Alice. He looks up her encryption key, (e,n), in

a directory. The encrypted message is

Bob sends y to Alice.

nxxEy e mod)(


RSA overview - decryption

To decrypt the message

she’s received from Bob, Alice

computes

Claim: D(y) = x

nyyD d mod)(

nxxEy e mod)(


Tiny RSA example. Let p = 7, q = 11. Then n = 77 and

Choose e = 13. Then d = 13-1 mod 60 = 37.

Let message = 2. E(2) = 213 mod 77 = 30. D(30) = 3037 mod 77=2

60)( n


Authentication and Authorization Authentication is a service that

allows receivers of a messages to identify its origin. makes is difficult for third parties to masquerade as

someone else. e.g., your driver’s license and photo authenticates

your image to a name, address, and birth date.

Authorization is a service that Allows only entities that have been authenticated

and who appear on an access list to utilize a service. E.g., your date of birth on your driver’s license

authorizes you to drink as someone who is over 21.


Authentication Authentication codes provide assurance that

message has not been tampered with and has indeed originated from a specific source.

Independent of encryption. In fact, encryption may even be undesirable.

Alice(Transmitter)

OscarBob

(Receiver)X Y Y’ X’

Au

then

tic?

Authentication Key Verification Key


Substitution and Impersonation Two types of attacks on authentication

schemes: Substitution attack

Impersonation attack

Hello Bob, I love you- Alice

Hello Bob, I hate you

- Alice

Hello Bob, I love you- Olivia


Digital Signatures Desirable properties of handwritten signatures:

Signed document is authentic. Signature is unforgeable. Signature is not reusable. Signed document is unalterable. Signature cannot be repudiated. (Above not strictly true but mostly so)

Same properties and more can be achieved by digital signatures.

Digital Signatures use public key cryptography.


RSA based signature

Alice signs message by encrypting with private key. Bob decrypts message with Alice’s public key. If meaningful message then it must have been

encrypted with Alice’s private key!

Hello, I love you

EncryptWith

Privatekey

HjkhrkHj837**ji8hj]

DecryptWith

Publickey

Hello, I love you

Message Alice signs Signed messageBob verifies Message


Signing With Message Digests A fixed length “fingerprint” of a

message. Instead of signing message, sign the

message digest.


Cryptographic Hash Functions Requirements of cryptographic hash

functions: Can be applied to data of any length. Output is fixed length. Relatively easy to compute h(x), given x. Infeasible to get x, given h(x). Given x, infeasible to find y such that h(x) =

h(y). Weak collision property. Infeasible to find any pair x and y such that

h(x) = h(y). Strong collision property.


Wireless Security

How is wireless different? 802.11 Security


Wireless Dimension

Access to Medium:Unlike wired medium

(cables) wireless medium (air) is

ubiquitous hence access restrictions to the medium must be handled explicitly, where as in wired environments it is

implicit.

War Dialing:Attacker gains access to wired

medium by exhaustive dialing of

phone numbers

War Driving:Attacker gains

access to wireless medium by just driving by the

network coverage area.


How is wireless different? The Medium

Wireless medium has no explicit packet boundary This property weaken privacy and authentication

mechanisms adopted from wired environment Portability

Wireless devices are smaller in size and portable Data in those devices require more protection than

data on non-portable devices Mechanisms to recover stolen or lost devices are

important Mechanisms for self-destruction of data is also

important


How is wireless different? Mobility

Mobility brings even bigger challenges Trust in infrastructure

Wired networks assume certain level of trust in local infrastructure (we trust our routers)

In wireless networks this is a weak assumption Would you put same level of trust on an Access Point in JFK as

you put on your home AP? Security mechanisms should anticipate these variances in trust Or, security mechanisms should be independent of location or

infrastructure Trust in location

Wired networks implicitly assume network address is equivalent to physical location (128.238.x.x is Poly’s resources)

In wireless networks physical location is not tied to network address. Physical location may change transparent to end nodes.


How is wireless different? Mobility

Privacy of location On wired network privacy of location is not a

concern In wireless networks location privacy of the user is

a serious issue because users can be tracked, their travel behaviors can be used for marketing purposes etc.

Similar scenario exists on the Web: A user’s web surfing pattern can be tracked and this raised several privacy issues in 1999 (Double Click’s Cookie Tracking)


How is wireless different? Processing power, memory & energy

requirements Handheld devices have stringent processing

power, memory, and energy requirements Current security solutions require expensive

processing power & memory Handheld devices mandate inexpensive

substitutes for Crypto algorithms (AES instead of 3-DES) Authentication schemes

Better one-time password schemes with feasible remote key updates


Power consumption & crypto algorithms

Piy

ush

Mis

hra

et

al.


How is wireless different? Network Topologies

Wired networks usually rely on network topology to deploy security solutions

E.g: firewall is installed on a machine where all traffic is visible

Wireless networks (esp. ad-hoc) have dynamic topologies

Wireless networks may not have single point of convergence (hidden host problem!)

Wireless networks put emphasis on host based solutions e.g: distributed firewalls


Wired Equivalent Privacy (WEP) Wired equivalence privacy?

Wireless medium has no packet boundaries WEP control access to LAN via authentication

Wireless is an open medium Provides link-level security equivalent to a closed medium No end-to-end privacy

Security Goals of WEP Access Control

Provide access control to the underlying medium through authentication

Confidentiality Provide confidentiality to data on the underlying

medium through encryption Data Integrity

Provide means to determine integrity of data between links


Wired Equivalent Privacy (WEP) An attack on WEP should compromise at least

one of these properties Three levels of security

Open system – WEP is disabled in this mode. No security. Shared Key Authentication – provides access control to

medium Encryption – provides confidentiality to data on network

You can have confidentiality on an open system! That is, you can encrypt all the traffic and not have

access control to the medium! Which also means, a wily hacker can have all his traffic

encrypted on our network so that no one “see” what s/he is doing!


Properties of WEP It is reasonably strong

Withstand brute force attacks and cryptanalysis It is self-synchronizing

Uses self-synchronizing stream cipher It is efficient

Hardware/software implementation It may be exportable

Rest of the world needs security too! It is optional

WEP layer should be independent of other layers

Documents

Wireless Network Security Prof. Nasir Memon Department of Computer Science