Embed Size (px)
Citation preview
Challenges of Wireless Security
TCP in Wired-Cum-Wireless Environments
Presented by –
Vijaiendra Singh Bhatia CSCI 5939 Independent Study – Wireless
Security
2
Introduction
Most of the wireless technologies were not designed with security as top priority.It is challenging to implement security in wireless devices due to device characteristics.Difficult to consider various security related issues like integrity, confidentiality, authentication and access control at the same time.
3
Security approaches in -
LAN 802.11 standard The Wired Equivalent Privacy (WEP)
algorithm is used to protect wireless communication from interception and to prevent unauthorized access to wireless network .
WEP relies on a secret key which is used to encrypt data that is shared between a mobile station (eg. a laptop with a wireless ethernet card) and an access point (i.e. a base station).
4
Security approaches in -
WAP WAP specifies the WTLS ( wireless transport
layer security protocol ) which provides authentication, data integrity and privacy services.
WTLS is based on the widely used TLS security layer used in Internet.
WTLS generally uses RSA-based cryptography, and can also use elliptic-curve cryptography (ECC), which provides a high level security.
5
Security aspects -
Authentication WPKI – provides a set of technologies that
relies on encryption and digital certificates. ( slimmed down version of PKI )
Smart Cards – it is a local way to authenticate user, provides more security on top of username password structure.
NES (Neomar’s Enterprise Server) – act as a single point of access for mobile devices and provides integration with the corporation's management and security infrastructure.
6
Security aspects -
VPN ( Virtual Private Network ) – These system uses encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
Firewalls - A system designed to prevent unauthorized access to or from a private network. A WAP gateway can be used as a single point of entry for an enterprise’s wireless systems.
7
Wireless Security Issues -
In IEEE 802.11 WEP was intended only to provide the basic
security found in wireline LAN’s. It has serious weaknesses as it shares single
secret key. Cryptography – It has problems with the
way WEP uses the cryptographic primitives. 802.11 encryption is readily breakable, 50-
70% networks never even turn on encryption.
8
Wireless Security Issues -
WAP Phones - Many e-commerce sites uses SSL security. At the WAP gateway, during the conversion
of encryption from WTLS to SSL format, message is briefly unencrypted and is thus subjected to interception.
9
Future Standards -
PIC (Pre-IKE Credential ) - A PIC-based system's authentication server would authenticate devices that are authorized to communicate with the system. OMAP (Open Multimedia Applications Protocol ) - a library of software from various vendors that will permit secure transactions on wireless devices that use TI's digital signal processors.MeT (Mobile electronic Transactions ) - Ericsson, Motorola, Nokia, and Siemens have formed an alliance to develop standards for secure mobile activities.
TCP in Wired-Cum-Wireless Environments
11
TCP in Wired-Cum-Wireless Environment
TCP assumption Homogeneous: data network Wired transmission error: rare
Wireless Environment Heterogeneous network Limited bandwidth Long round trip time (RTT)
12
TCP in Wired-Cum-Wireless Environment
TCP in wireless environment
Random loss A segment loss triggers congestion
avoidance Frequent restarts and small sender’s
window Retransmissions Poor throughput
13
A wired-cum-wireless Internet
Diversification in end-host capabilities Workstations coexist with WebTVs, wireless
phones, and PDAs.Reliable transmissions are needed for web browsing, e-mail, file transfers, etc.Wireless media exhibit different transmission characteristics than wired. Random losses due to fading, shadowing Often, long RTTs and low bandwidth
Power consumption becomes an issue
14
End-user wireless networks
Wireless LANs Sufficient bandwidth and relatively small RTTs,
but limited user mobility (IEEE 802.11, HIPERLAN/1)
Wide Area Wireless Data Networks Limited bandwidth, long RTTs, jitter, increased
user mobility (CDPD, GPRS)Cellular Networks Handle voice and data (GSM, IS-95) Same characteristics as WAWDNs, but circuit-
switched Not so economical for data transfers
15
TCP in a wireless environment
Limited bandwidth Long round trip times Random losses User mobility Short flowsPower consumption
16
TCP solution over wireless environment
17
Taxonomy of solutions
Link layer solutions TCP-aware LL protocols (e.g. snoop) TCP-unaware LL protocols (e.g. TULIP)Split connections
Indirect-TCPWireless Application ProtocolTCP modifications (e.g. SACK, Santa Cruz)New transport protocols (e.g. WTCP)
18
Link Layer Solutions
Link layer know packet dropLocally buffer and retransmissionFast responseTransparent to existing software & hardwareRelative reliable delivery, with TCP
19
Link Layer Solutions
TCP-Aware LL Snoop agent in BS Knowledge of TCP Snoop timeout < TCP timeout
TCP-Unaware LL Don’t have knowledge of TCP Aware of reliable TCP & unreliable UDP More possibility of LL & TCP retransmission LL retransmission timeout < TCP timeout Designed for half-duplex wireless channel
20
Split connection
Indirect TCP Improved throughput Split TCP connection into 2 (wired &
wireless) at BS BS acknowledges segment to sender,
before the segment reach the receiver Violate TCP semantics Split TCP connection several times
21
TCP modifications
The main cause is TCP assumptions Modify TCP to differentiate congestion loss,
random loss and handoff Only peer TCP upgraded Not all to improve TCP over wireless Many variations proposed to improve performance in different scenarios Different perspectives Slow start is too aggressive, causing fast
congestion Initial congestion window is too low
22
TCP modifications
TCP SACK (Selective ACK) Instead of cumulative ACK, selective ACK
for out of order packet. Less retransmission of successful received.
TCP FACK (Forward Acknowledgement) Make intelligent decisions about data that
should be retransmitted TCP Santa Cruz Keep records of sending & receiving time Estimate whether congestion is built up
23
TCP modifications
Delayed ACK No loss, cumulative ack. Loss, immediate
ack. DAASS (Delayed ACK after Slow Start) After slow start is congestion avoidance,
need less traffic ACK Pacing Rate based, instead of window based ECN (Explicit Congestion Notification) Router informs congestion ELN (Explicit Loss Notification) Loss is informed
24
New Transport Protocols
WTCP (wireless TCP) Designed for CDPD or wireless WAN: low BW,
high latency WTCP attempts to predict when a segment loss is
due to transmission errors or due to congestion Rate based, an algorithm to inform sender of
increasing or reducing sending rate Keep track of statistics for non-congestion
segment losses Use of ACK and SACK Not been proven
25
WAP
WAP stack provides WTP which is message oriented, i.e., the basic unit of interchange is entire message not a byte stream as in TCP.
WTP offers various security mechanisms as well as data compression and encryption, provided by WTLS protocol.
26
Conclusion
TCP performance is poor under wireless environment TCP over wireless Link layer Split connection TCP modifications
Most developments are specific cases, not for general solution New protocol designed for wireless just born, still need developments.
27
References
Facing the challenges of wireless security - http://nas.cl.uh.edu/yang/teaching/csci5939wirelessSecurity/MillerWirelessSecurityJuly01.pdfTCP in wired-cum-wireless environment - http://nas.cl.uh.edu/yang/teaching/csci5939wirelessSecurity/pentikousis.pdf Wireless Security http://www.peterindia.com/WirelessSecurity.html Neomar Server http://www.neomar.com/news/releases/02.01.10developer.html WEP http://www.webopedia.com/TERM/W/WEP.html
