Project Proposal: Security Threats for Wireless Devices
Download
Report
Transcript Project Proposal: Security Threats for Wireless Devices
Project Proposal:
Security Threats for
Wireless Devices
Matt Fratkin
April 11th, 2005
E6886
Project Overview
To investigate the current security threats
among Wireless LANS, Wireless Personal
Area Networks (Bluetooth), and Wireless
Handheld devices
To describe the various problems associated
with the built in security features for each of
these devices
Wireless Technology Overview
Wireless technology can be defined as the
ability for more than one device to
communicate with each other without having
any sort of physical connection
Wireless Technology Threats
Overview
Since wireless technology does not use
cables for transmission, it relies on radio
frequencies to transmit the data
This makes it susceptible for intruders to
intercept the signal and interfere with it how
ever they want whether it be eavesdropping,
stealing information, or causing damage to
the network
Wireless LANs Overview
Connects user’s computers to the network using an
access point device
The access point connects with devices equipped
with wireless network adapters (wired Ethernet LAN
via an RJ-45 port)
These access points usually have coverage areas of
up to 300 feet
Some of these access points can be linked together
so users can remained linked through multiple
access points
Wireless Personal Area
Networks Overview (Bluetooth)
These are networks that are supposed to dynamically
connect devices such as cell phones, laptops, PDAs
These ad-hoc networks have random network
configurations and rely on a master-slave system
connected by wireless links to allow devices to
communicate with one another
Since the devices move in an unpredictable way the
networks need to be reconfigured on the go in order to
handle the change
The routing that the Bluetooth uses allows the master to
establish and maintain these ever shifting networks
Bluetooth Network Example
Bluetooth enabled mobile phone connecting to
mobile phone network, synching with a PDA address
book, and downloading email
Wireless Handheld Devices
These devices can broken down into two
categories: PDAs and Smart Phones
PDAs operate on a proprietary networking standard that
sends email to remote servers by accessing the corporate
network
Smart Phones are mobile phones that contain information
processing and data networking capabilities
Wireless LAN Security
Features
There are three different types of security
features for Wireless LANs
1.
2.
3.
Authentication
Confidentiality
Integrity
Wireless LAN Security
Features - Authentication
Provides a service to the users by needing to
verify the identity of the users for each
communicating station
Denies access to those who can not properly
authenticate themselves
Therefore only authorized personal are
allowed to use the communicating client
stations
Wireless LAN Security
Features- Confidentiality
This feature provides privacy to any user on
the network
Supposed to prevent eavesdropping by
outsiders
Therefore only authorized people are allowed
to view the data on the network
Wireless LAN Security
Features - Integrity
This feature is used to ensure that the data
coming in is the data that was transmitted
Makes sure that no alterations of the data
has been made while it is in transit
Therefore users should feel confident that
they are viewing the data that was meant for
them to see, not some altered version
Wireless LAN Security
Diagram
Problems with the Wireless
LAN Security Features
The standardization of Wireless LAN security is the
IEEE 802.11Standard Security
This provides for cryptographic keys of 40-bits
However, some vendors have implemented products with
keys of up to 104 and 128-bit keys
Many users in a network often share these
cryptographic keys so if one becomes lost or stolen
then the whole network can be at risk
Also, the eavesdropper usually knows 24-bits of
every packet key, so this combined with the
weakness in the key schedule allows for an
analytical attack
Problems with the Wireless
LAN Security Features- cont.
The analytical attack recovers the key after only
analyzing a small amount of traffic in the key
schedule (RC4)
This attack is a very public attack similar to an attack
script and open source code
Since the integrity is checked by a Cyclic
Redundancy Check (CRC) along with checksums,
the integrity can be challenged due to the fact that
the checksums are noncryptographic
This leads to vulnerabilities in the system, allowing
the attacker to be able to systematically decrypt the
incoming packets and those change the information
RC4 Algorithm used for
privacy protection
Diagram of Possible Wireless
LAN attacks
Bluetooth Security Features
There are some built in security features for
Bluetooth technology that address the
following topics
1.
2.
3.
Authentication
Confidentiality
Authorization
Bluetooth Security Features Authentication
The purpose of this feature is to be able to
verify the identity of who the device is
communicating with
There is also an abort feature in case the
device does not authenticate properly
Bluetooth Security Features Confidentiality
This feature once again protects the privacy
of the user
It is intended to prevent others from
viewing/eavesdropping on the information
being sent to and from the user
Therefore the user can feel safe that only
authorized users are seeing the data
Bluetooth Security Features –
Authorization
This feature addresses the question as to
whether or not the device is authorized to use
the service
This prevents non-authorized users from
stealing resources intended for authorized
users
Bluetooth Security Modes
On top of the built in security features,
Bluetooth can operate in the following three
security modes
1.
2.
3.
Security Mode 1: Nonsecure mode
Security Mode 2: Service-level enforced security
mode
Security Mode 3: Link-level enforced security mode
Bluetooth Security Modes
Bluetooth Security Diagram
Problems with Bluetooth
Security Features
Based on a table generated by the National Institute
of Standards and Technology (NIST), some of the
problems/vulnerabilities with the Bluetooth
Technology are:
The random number generator may produce static or
periodic numbers that reduce the effectiveness of the
authentication scheme
Short PINS are allowed for generating link and encryption
keys. These short PINS can be guessed and therefore
decreases the security
There is no way clear way to generate and distribute PINS,
therefore in networks with many users it is difficult to keep
secure PINS from being guessed
Problems with Bluetooth
Security Features - cont
Authentication can be repeated- there is no limit set
for the number of times a user can attempt to
become authenticated
The key length used for encryption doesn’t have a
set minimum length, causing some to have
short/weak keys
Security is not maintained all the way through the
system- individual links are encrypted and
authenticated and data is decrypted at intermediate
points. There is no encryption and decryption
maintained all the way through the system
Wireless Handheld Device
Security Features
There are not a lot of built in security features
in wireless handheld device, but their security
can be threatened as well in the following
areas:
Confidentiality
Integrity
Availability
Wireless Handheld Devices
Security Threats - Confidentiality
The information contained on the wireless devices
can be compromised at a variety of different levels
whether it be on the handheld device itself, the
storage module, the PC, or while being sent over
Bluetooth, USB, or serial communication ports
PDAs are susceptible during the period when data is
being transmitted as the data being sent is
unencrypted so anyone in close proximity can
retrieve that information
Likewise, a Bluetooth device that is not properly
configured is liable to have the data stolen from
someone who has a Bluetooth-enabled device
Wireless Handheld Devices
Security Threats - Integrity
Handheld devices face the same problems as
Wireless LANs as the transmitted data can be
altered before it reaches the user or device thus
interfering with the integrity of the transmitted data
The handheld hardware must be protected from the
insertion or replacement of the read-only-memory
(ROM) by outside parties
Handheld applications must be protected from the
installation of software from unauthorized sources
that may contain malicious software (malware)
Wireless Handheld Devices
Security Threats - Availability
The wireless handheld devices need to also
be protected from attacks that limit their
computational or network resources thus
making these devices unusable for certain
periods of time
These attacks can be in the form of Trojan
horses, worms, viruses and other malware
that effect the networks
All types of wireless handheld devices are
targets for these types of attacks
Conclusion
As it is evident from the previous slides wireless
technology is a wonderful feature for many of
today's most common devices
However, since information is being transmitted
through radio frequencies it is open to interception
and tampering from outside parties
Although many of these devices are built with
security features it seems like many of these
features are not good enough to protect the
transmitted data
Conclusion- cont
Encryption keys for the networks seem to be
built using very small amount of bits, even
though the vendors are building the devices
with large amounts of bits
PINS over large networks with many users
are no good as short PINS are used which
can easily be guessed
With the ever changing technology the
wireless technology needs to make security a
huge priority to protect the customers
Questions/Comments
I can be contacted at [email protected]
if you have any questions or comments
References
Karygiannis, Tom and Owens, Les, “Wireless Network
Security: 802.11, Bluetooth and Handheld Devices,”
http://csrc.nist.gov/publications/nistpubs/80048/NIST_SP_800-48.pdf, 2002.
Uskela, Sami, “Security in Wireless Local Area
Networks,” http://www.tml.hut.fi/Opinnot/Tik110.501/1997/wireless_lan.html, 1997
V-One Corporation, “Smart Security for Wireless
Communications,” http://www.vone.com/docs/whitepaper_wireless.pdf, 2003.
References -Diagrams
All diagrams were taken from the Wireless
Network Security Publication by Tom
Karygiannis and Les Owens