Security Challenges Facing the Security Challenges Facing the Future Wireless World Future Wireless World

Wade Trappe

((akaaka. Alice and Bob in the Wireless Wonderland). Alice and Bob in the Wireless Wonderland)

Talk OverviewTalk Overview

Security has been one of the great detractors for wireless technologies (and the Internet, too!)We have a chance to consider security as we redesign the networkThink about the questions:– Should security be considered separately from the network?– What benefits are there if we integrate security into the network?– Should we reevaluate the definition of security?– How private do we really want our lives?

This talk will not focus on classical “Internet Security” but on “Wireless Security”– Wireless security has its own “Spam” problems that it needs to

deal with

Through the Looking Glass, the Wireless WorldThrough the Looking Glass, the Wireless World

Key properties and differentiators that make wireless desirable– Ubiquity– Mobility– Resource adaptability– Location– Portability– Affordability– Extendibility– Platform heterogeneity

MPC8260

TMS320C6701XC2V6000FPGA

100BaseT EthernetMegarrayConnector-

244 ConfigurableI/O pins

Reevaluating the Security ParadigmReevaluating the Security Paradigm

Confidentiality

Integrity Availability

System (CIA) Paradigm

Data Confidentiality

Data Integrity

Authentication

Non-repudiation

Algorithmic Paradigm

These paradigms have been the traditionalframeworks for security on conventional

networks, but what can we do differently for wireless systems?

Reevaluating the Security Paradigm, pg. 2Reevaluating the Security Paradigm, pg. 2

ConfidentialityAvailability Integrity

NonRepudiation Forensics

IntrusionDetection

PhysicalSecurity

Privacy

ResourceManagement

LocationServices

We still need traditional security methods.

But the wireless world has additional problemsand new modalities for solutions!

Wireless is easy to sniff.We still need encryption services

and key management.Key freshness is an issue.

Wireless networks will be the platform of choice for attacks.

Should the network keep track of forensic evidence?

The value of a wireless network is its promise of ubiquitous availability.

Wireless networks are easy to break!

Wireless resources (e.g. power and spectrum) must be managed.

Greedy user behavior will cause resource management to malfunction.

Perpetual connectivity can mean constant surveillance!

With snooping one can monitor mobility and handoffs between

networks.

RF signals provide signatures that can be perturbed by physical bodies.

We can integrate wireless trip-wires into future wireless deployments!

The pervasiveness of the wireless networks should not mean that just

anyone can participate!Example: Rogue APs

RF energy radiates, and wireless entities within the radio coverage

pattern may serve as witnesses for the actions of the transmitter.

Wireless hardware/equipment need to be safe from modification.

Data/control info should not be modified before or during transit.

Location is a new form of information provided by wireless systems that will

facilitate new services. Location information needs to be trusted.

Drill Down:Drill Down:Specific Challenges and Some Specific Challenges and Some

StrategiesStrategies

Availability Attack: Radio InterferenceAvailability Attack: Radio Interference

Bob Alice

Hello … Hi …@#$%%$#@&

…

Mr. X

Alice and Bob are attacked by malicious Mr. X.

A story for the problem of wireless denial of service attack we focus on.

– Alice and Bob two communicating nodes, A and B.

– Mr. X an adversarial interferer X.– Mr. X’s insane behavior the jamming style DoS.– People and nodes in wireless network both

communicate via shared medium.

Jamming style DoS Attack:– Behavior that prevents other nodes from using the

channel to communicate by occupying the channel that they are communicating on A B C

D E F G

H I J

K L

X

A

B

X0AP0

AP1

AP2

C

D X1

Availability: Jamming Detection/DefenseAvailability: Jamming Detection/DefenseDetection:– Challenge is to discriminate

between legitimate causes of poor connectivity and jamming

Motivation from “The Art of War” by Sun Tze:– “He who cannot defeat his enemy

should retreat.”Defense Strategies: – Spectral Evasion (Channel

Surfing)– Spatial Evasion

Latency and synchronicity is an issue as you move to many node networks!SDRs will allow more advanced forms of spectral evasion.

Jammed Region

PDR %

PDR VS. SS

SS

(dB

m)

Trial Number (Time)

Channel Surfing Experiment

Pack

et

Deli

very

Rate

Jammerturned

on

Change channel

1

0.5

1.5

0

Availability Attack: Wireless SpoofingAvailability Attack: Wireless SpoofingMany wireless security threats are possible because it is easy to spoof legitimate devices (ioctl/ipconfig)Example– Attacker armed with a laptop having 2

wireless cards. – One card monitors all TCP traffic on the

AP channel– Second card sends back TCP replies to

select TCP requests (e.g. all requests for a particular web page). These are sent as if appearing from the server the user was connecting to.

– At the MAC layer the attacker spoofs AP by injecting custom 802.11x frames with AP’s source MAC address.

Results: – The user session is hijacked.– Requested service is DoSed.– Easy to launch flooding DoS attacks at

higher-layer buffers

Internet

MAC: x.y.z.w

MAC: x.y.z.w

Late!

Availability: Spoofing DefenseAvailability: Spoofing DefenseSpoofing can be addressed through authentication services– Traditional authentication services employ

cryptographic solutions (e.g. MACs, signatures)

– Light-weight alternatives can reduce the load on buffers into cryptographic functions

A lesson learned from 802.11: – 802.11 has several fields controlled by

firmware, which are hard for an attacker to bypass

– The 12bit sequence # field is increased monotonically by 1 for each packet

– Monotonicity provides a rule whose violation is easy to detect

The sequence number was not intended to be a security field, but it can be!We may introduce filters that check monotonic conditions (or more generic rules)

Wireless Localization SecurityWireless Localization Security

Location information will facilitate new computing services– Location-based file access control

Problem: Localization methods are not secure!Traditional cryptography and network security can address cryptographic attacks (Is this beacon really from the AP?)

Localization algorithms depend on measurements that are susceptible to attack!!

Is cryptography alone enough?

No!

Attacks on Signal StrengthAttacks on Signal Strength

Distance is measured using the relationship between received signal strength and distance Adversary may affect the receive signal power by:– Alter transmit power of

nodes– Remove direct path by

introducing obstacles– Introduce absorbing or

attenuating material– Introduce ambient channel

noise

Distance

Pow

er R

ecei

ved

d1

r1

Absorbing Material

r2

d2

Defenses for Wireless LocalizationDefenses for Wireless Localization

• Don’t rely entirely on traditional security!• Two-tier approach to defending wireless localization…

Add Security and Robustness!

SECURITY

ALGORITHM

Attacks

ROBUST

ALG

Add Authentication,Entity Verification,

Etc…See SerLoc, SPINE, ROPE

Intrusion Detection & Intrusion Detection & LocationingLocationingIdea: Use resource management to affect security.– Set up different power

configurations and alternate between them randomly.

Result: Wireless devices will change their association as they can no longer hear a BS/AP– We may use this to locate a

wireless device– Intruders in a wireless network

will not be able to fake a location

Question:– How to modulate the power

configurations to best isolate a mobile device?

– Service degradation from reassociations?

MT1 Associated with AP1, MT2 Associated with AP1

MT1 Associated with AP2, MT2 Associated with AP1