Download Kumar`s Security Slides

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts

Total Information Awareness wikipedia , lookup

Windows Vista networking technologies wikipedia , lookup

5G wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Wireless security wikipedia , lookup

History of cryptography wikipedia , lookup

Transcript 
Security Issues in Wireless Networks
Kumar Viswanath
CMPE 293
What is Cryptography
* Cryptography is the work of people suffering
from delusional paranoia
Security Requirements
* Confidentiality
» Protection from disclosure to unauthorized
persons
* Integrity
» Maintaining Data Consistency
* Authentication
» Assurance of identity of originator of Data
* Non- Repudiation
» Originator of communications cant deny it later
Security Threats
*
*
*
*
*
Information Disclosure /information leakage
Integrity violation
Masquerading
Denial of Service
Generic threats: backdoors, trojans, insider
attacks
* Most Internet Security problems are related to
access control or authentication
Attack Types
Passive Attack
Active Attack
* Passive attack can only observe data or
communications
* Active attack can actively modify data or
communications
» Mail forgery/ Modification
» IP spoofing / session hijacking
Security Mechanisms
* Three basic building blocks are used:
» Encryption is used to provide confidentiality, can
provide authentication and integrity protection
» Digital Signatures are used to provide authentication,
integrity protection and non repudiation
» Checksum and Hash algorithms are used to provide
integrity protection
* One more more of these security mechanisms is
combined to provide a security service
Services , Mechanisms, Algorithms
SSL
Signatures
DSA
RSA
Encryption
DES
Hashing
MD5
* Services are built from mechanisms
* Mechanisms are implemented using algorithms
Conventional Encryption
* Shared Key
* Problem of communicating a large message
in secret reduced to communicating a small
key in secret
Public Key Encryption
* Use Matched public/private key pairs
* Any one can encrypt with public key but only
one person can decrypt with private key
Security In GSM Networks
* Overview
» GSM subscribers MS are traced during their intradomain and inter-domain movements
» Each MS informs the network of its position and this
information is used to update the VLR and HLR
» Communication is established under control of
Authentication center called Auc located within the
Message Switching Center (MSC)
GSM Cont’d
* Every GSM subscriber has a smart card (SIM) containing a
secret key Ki known only to the HLR.
* When MS notifies local MSC of its presence, local VLR
contacts the HLR
* VLR transmits it own identity , MS indentity (IMSI) and
position to HLR.
* HLR queries its AUc for a set of triplets containing a
challenge, a signed response SRES and corresponding
session key Kc.
* The triplets are forwarded to VLR which uses it for
authenticating MS
* Parameters SRES and Kc are computed with proprietary
algorithms A3 and A8 that implement one way functions.
* SRES = A3(Ki,RAND)
* Kc = A8(Ki,RAND)
* Authentication of Mobile Station is achieved using the
challenge response mechanism
* Data Confidentiality is achieved by enciphering all data with
session key Kc.
* A5 is used to encipher data, speech and signaling messages
GSM Authentication Scheme
Security Issues
* The authentication scheme relies on the security of
the inter- network between the VLR  HLR
communication
* Another point of contention is the manner in which the
authentication information is distributed.The Home
domain has to generate on the fly, a set of challenge response pairs
* GSM uses proprietary Algorithms for authentication
and secrecy.
* Security by Obscurity is not effective.
CDPD
* CDPD is not only a value added service but a
complete architecture. The architecture supports
several network layer protocols including IP
* Security Services composed of
» Data confidentiality
» Key Distribution
» Mobile Unit Authentication
* An authentication server AS is present in
every CDPD domain
* The AS is typically co-located with the Mobile
Data Intermediate System (MD-IS)
* Mobile unit (M-ES) authentication requires
contacting the AS in the units Home domain
CDPD cont’d
* The authentication begins with the Diffie-Hellman
key exchange protocol.
* M-ES and MD-IS both share a key Ks.
* M-ES encrypts its credential with Ks and submits it
for authentication
* Credentials consist of a triple [NEI,ARN,ASN]
* The serving MD-IS decrypts the credentials and
forward them to the home MD-IS in cleartext.
* Home MD-IS validates the credentials and
issues a new ARN.
* M-ES authentication is complete when the
serving MD-IS receives a confirmation from
the home MD-IS
CDPD Authentication Scheme
Security Issues
* Authentication scheme is unidirectional
* An intruder can masquerade as the serving
MD-IS and discover M-ES credentials
* The scheme assumes that the fixed network
is secure
* CDPD does not have a long term key unlike
GSM. If an intruder intercepts the M-ES
credentials he can impersonate for ever.
Securing Ad Hoc Networks
* Goals
» Availability: ensure survivability of the network
despite denial of service attacks. The DOS can
be targeted at any layer
» Confidentiality: ensures that certain information is
not disclosed to unauthorized entities. Eg
Routing information information should not be
leaked out because it can help to identify and
locate the targets
» Integrity: guarantee that a message being
transferred is never corrupted.
* Authentication: enables a node to ensure the
identity of the nodes communicating.
* Non- Repudiation: ensures that the origin of
the message cannot deny having sent the
message
Challenges
* Wireless links renders the ad hoc network
susceptible to attacks
* In Ad hoc scenarios like tactical warfare etc.
nodes have a high probability of being
compromised.
* Ad hoc network is dynamic because of
frequent topology changes. Trust relationship
among nodes also changes
Secure Routing
* Two sources of threats:
» External: Intruder nodes can pose to be a part of
the network injecting erroneous routes, replaying
old information or introduce excessive traffic to
partition the network
» Internal: The nodes themselves could be
compromised. Detection of such nodes is difficult
since compromised nodes can generate valid
signatures.
* High Level Solution
» Treat routing information from compromised
nodes as outdated information
* If routing protocol can provide multiple routes
use Diversity Coding techniques
» eg if there are n disjoint routes to a destination
use (n-r) channels to transmit data and other r
channels to transmit redundant information.
Key Management Service
* Use Digital signatures to to protect both
routing and data
* Public Key infrastructure because of
superiority in key distribution.
* Problems:
» Requires a trusted entity called Certification
Authority CA for key management
» Single point of failure
Key Management Service
Key management K/k
K
S1
K1/k1
Sn
K2/k2
Kn/kn
S2
* Key Management consists of n servers. The service as a
whole has a public/private key pair K/k.
* The public key K is known to all nodes and the private key is
divided into n shares s1,s2,… sn.
* Each server ‘i’ has a public/private key pair
Ki/ki and knows the public keys of all other
nodes.
* Nodes as clients can query requests to get
other client’s public keys or update requests
to change their own public keys
* The key management scheme uses (n,t+1)
threshold cryptography.
Threshold Crytography
* An (n,t+1) scheme allows n parties to share the ability
perform cryptographic operations ( eg. digital signatures ) so
that any t+1 parties can jointly perform the operations
* For the service to sign a certificate each server generates
the partial signature using its private key share Si
* All the Si are combined in the combiner.The combiner can
use any valid t+1 partial signatures to generate the Key K.
* Note: Compromised Servers can generate incorrect partial
signatures.
* Proactive schemes use share refreshing.
» Compute new shares from old shares without disclosing the service
private key to any server.
Wired Equivalent Privacy (WEP)
* “ Wired Equivalent Privacy”
* Part of 802.11 Link layer protocol
* Security Goals:
» prevent link layer eavesdropping
» Secondary Goal: prevent network access
» Essentially equivalent to wired access point
security
WEP
* WEP relies on a secret key that is shared between a
mobile station (eg. a laptop with a wireless ethernet
card) and an access point (ie. a base station)
* The secret key is used to encrypt packets before
they are transmitted, and an integrity check is used
to ensure that packets are not modified in transit.
* The standard does not discuss how the shared key
is established. In practice, most installations use a
single key that is shared between all mobile stations
and access points.
Protocol Setup
LAN
Shared
key
Mobile
Station
Access
Point
Mobile
Station
Mobile
Station
* WEP uses RC4 which is a stream cipher
* A stream cipher operates by expanding a short key
into an infinite pseudo-random key stream.
* The sender XORs the key stream with the plaintext
to produce ciphertext.
* The receiver has a copy of the same key, and uses
it to generate identical key stream.
* XORing the key stream with the ciphertext yields
the original plaintext.
Problems
* An attacker can flip a bit in the ciphertext, then upon
decryption, the corresponding bit in the plaintext will
be flipped.
* Also, if an eavesdropper intercepts two ciphertexts
encrypted with the same key stream, it is possible to
obtain the XOR of the two plaintexts.
* Knowledge of this XOR can enable statistical
attacks to recover the plaintexts.
* The statistical attacks become increasingly practical
as more ciphertexts that use the same key stream
are known.
Security Measures
* To ensure that a packet has not been modified in transit,
WEP uses an Integrity Check (IC) field in the packet.
* To avoid encrypting two ciphertexts with the same key
stream, an Initialization Vector (IV) is used to augment the
shared secret key and produce a different RC4 key for each
packet. The IV is also included in the packet.
Conclusions
* Designing secure protocols is harder than it
looks
* Public review is a good idea
* Use previous work ( and their failures ) to
design more robust schemes
Related documents
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
“Stronger” Web Authentication: A Security Review
“Stronger” Web Authentication: A Security Review
Internet Yesterday, Today and Tomorrow
Internet Yesterday, Today and Tomorrow
Authentication of Key Biological and/or Chemical
Authentication of Key Biological and/or Chemical
Network Device Security Options
Network Device Security Options
802.11 Security/Bluetooth
802.11 Security/Bluetooth
Malicious Cryptography : Exposing Cryptovirology
Malicious Cryptography : Exposing Cryptovirology
Lecture 7, Part 2
Lecture 7, Part 2
chap-09v2
chap-09v2
Java SE Security
Java SE Security
Mtech Syllabus - GEHU CS/IT Deptt
Mtech Syllabus - GEHU CS/IT Deptt
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e