Wireless Device and Network level security

Security at Device, Network &Server Levels

QIP Short Term Course On Wireless Security

Chetan Kumar ShivakumarProtocol Engineering and Technology Unit, IISc.(Currently working at Alcatel Lucent India Limited)

e-mail [email protected]


Organization

Session 1Mobile Device SecurityNetwork Level Security-1

Session 2Network Level Security-2Server Level Security


Session 1

Device Level Security Security Requirements Treats and solutionsOS Level security

Network Level SecuritySecurity Challenges at network level

Security issues in WLAN (part)Cellular Network, Adhoc Network security


What is security

Security is PAINPrivacyAuthenticationIntegrityNon-repudiation

Security is Needed for... Privacy Reasons:

People want to hide certain (culturally specific) things.

Economic Reasons: People (and enterprises) want to protect their property.


Mobile Security specifics

Dynamic connections over multiple access networks (partly untrusted)

Restrictions in communication protocols (bandwidth, latency,…) Restrictions in devices (power, performance)

State of affairs: Client-side technology is still very immature Security management of wireless networks

and devices is inherently complicated Multiple Stake Holders

Owner/Subscriber Service Provider Enterprise


Need for Mobile Device Security

Resources Mobile devices are becoming more

powerful 1Ghz processors are common !!

Portability Wireless devices are smaller in size and

portable Data in those devices require more

protection than data on non-portable devices

Mechanisms to recover stolen or lost devices are important

Mechanisms for self-destruction of data is also important



Mobility Mobility brings even bigger challenges Trust in infrastructure

Wired networks assume certain level of trust in local infrastructure (we trust our routers). In wireless networks this is a weak assumption.

Would you put same level of trust on an Access Point in Airport as you put on your home AP?

Security mechanisms should anticipate these variances in trust Or, security mechanisms should be independent of location or infrastructure.

Trust in location Wired networks implicitly assume network address is equivalent to

physical location. In wireless networks physical location is not tied to network address.

Physical location may change transparent to end nodes.



Services Multiple services are run on mobile devices

I can also talk using my phone !! MultiMedia applications CRM applications on mobile devices Mobile Sales force applications on

mobile devices


Important Data on mobile device

Smart phones and PDA usage55.7% store confidential infor-

mation on mobile device54% of smart phones used for e-mailing

confidential information40% access bank account and credit card10-15% of laptops are stolen with intent of

data


Mobile device security Threat

Device lost by accident OR stolenReplacement costCost of restoring dataLoss of confidential dataCloning threat Impersonation


Mobile device security Threat

Data damage by mobile malwareSome intelligent free app can upload your

banking pin !!An easy way to transmit virus (during sync)


Environmental Threats

Rich interfaces in mobile device, which are software controlled Teathering with wifi !!

Unauthorized mobile device in corporate environmentCan act as sniffer

Threat due to using device in busy environments


Few solutions for device security

Allow only legitimate and valid users into network Network admission control (NAC)

Data encryption and strong authentication management

Centralized device management Remove old devices in system

Patch management for software on mobile devices

Network level management using Firewall, IDS, anti spyware etc.


Policy enforced solutions

Encrypts data transmissions to and from the device and encrypts data on the devices themselves.

Measures the trustworthiness of the hardware, OS and applications to detect an unauthorised configuration.

Allows IT staffers to deactivate, lock and/or wipe devices which have been stolen or lost.

Provides strong user authentication both to activate the device and to access the network. In the case of loss/theft, user authentication can slow or halt an attacker entirely.

Management functions on the device and on the back-end which allow users to centrally create, rollout, change and enforce their security policies.

Password protection on all devices at power-on. Most mobile devices ship with this feature.


OS Security Mechanism

Capability model Provide access to recourses to only applications

that have certain trust level Decided during installation

Data caging model Certain user get full access to vulnerable files.

Password protection and CA based authentication

Remote wipe-out Policy propagation mechanism


Network Level Security


Why do we need network security

I can send mail to all news channels using wifi access from this

building.

No non-repudiation


Why do we need network security

I can get the passwords now sitting outside this

building

Internet Banking is so

easy with WiFi at home

Eves dropping


Why security is more of a concern in wireless ?

Two basic security problems in wirelessConnecting to the network does not need

physical access to the networkJust stand outside a building, you can get

connected to AP that is inside the building

The broadcast nature of radio communicationsWiFi network normally operate at 150mW,

upto 300M radiusHave you ever tried wireshark (or tcpdump)



Other related security vulnerabilities Anyone can generate transmissions, which will be received by other devices in range which will interfere with other nearby

transmissions and may prevent their correct reception (jamming)

Injecting bogus messages into the network is easy

Replaying previously recorded messages is easy



Illegitimate access to the network and its services is easyDenial of service is easily achieved by

jamming


Network Level Security Challenges

Transmission Security at physical, medium access and data link layers

over wireless media. Communication Security

message confidentiality, integrity, and end-point authentication

Authorization and Access Control Network Infrastructure Protection Robustness Efficiency


Wireless LAN Security

Various Schemes in WiFi securityService Set ID (SSID) basedMAC Address based filtering Wired Equivalent Privacy (WEP)eWEP (Enhanced WEP) Wireless Protected Access (WPA)WPA 2 IEEE 802.11i


Service Set Identifier (SSID)

SSID is used to identify an 802.11 network

It can be pre-configured or advertised in beacon broadcast

It is transmitted in clear textProvide very little security


MAC Address Filtering

MAC address filtering is another way people have tried to secure their networks.

NIC’s MAC address is a 12-digit hexadecimal number that is unique to each and every network card in the world.

Uniqueness allows you limit access to the AP to only those MAC addresses of authorized devices.

You can easily shut out everyone who should not be on your network.

However, MAC Address filtering is not completely secure and, if you solely rely upon it, you will have a false sense of security


Issues with MAC Address Filtering

Someone will have to keep a database of the MAC address of every wireless device in your network. Keeping track of hundreds of MAC addresses, this will become a nightmare.

MAC addresses can be changed, so a determined attacker can use a wireless sniffer to figure out a MAC address that is allowed through and set his PC to match it to consider it valid.

Note that encryption takes place at about Layer 2 of the OSI LAYER, so MAC addresses will still be visible to a packet sniffer.


End of session 1

Let us break for tea..


Session 2

Network Level SecuritySecurity issues in WLAN (part)Cellular Network, Adhoc Network security

Server Level SecuritySecurity Threat for serverServer Security StepsSecurity Solutions


WEP - Wired Equivalent privacy

Part of the IEEE 802.11 specification GOAL

make the WiFi network at least as secure as a wired LAN (that has no particular protection mechanisms)

WEP has never intended to achieve strong security

(at the end, it hasn’t achieved even weak security)



There is a lot of misconception surrounding WEP, WEP is not, nor was it ever meant to be, a security

algorithm. WEP is not designed to repel; it simply makes sure that

you are not less secure because you are not keeping your data in a wire.

The problem occurs when people see the word “encryption” and make assumptions.

WEP is designed to make up for the inherent insecurity in wireless TX, as comparezd to wired TX.



WEP makes your data as secure as it would be on an unencrypted, wired Ethernet network.

That is all it is designed to do, period.WEP can be typically configured in three

possible modes: No encryption mode 40-bit encryption 128-bit encryption


What is WPA?

Wi-Fi Protected Access (WPA) is a response by the WLAN industry to offer an immediate, a stronger security solution than WEP.

WPA was created by the Wi-Fi Alliance, an industry trade group, which owns the trademark to the Wi-Fi name and certifies devices that carry that name.


WPA in nut shell…

WPA is designed for use with an IEEE 802.1X authentication server, which distributes different keys to each user.

Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV).

One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used

When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.


WPA in nut shell… ( Cont’d )

In addition to authentication and encryption, WPA also provides vastly improved payload integrity.

The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key.

A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael".

The MIC used in WPA includes a frame counter, which prevents replay attacks being executed.


WPA Modes

Pre-Shared Key Mode Does not require authentication server. “Shared Secret” is used for authentication to

access point. Enterprise Mode

Requires an authentication server Uses RADIUS protocols for authentication and key

distribution. Centralizes management of user credentials.


In Summary

Fixes all known WEP privacy vulnerabilities.

Designed by well-known cryptographers. Best possible security to minimize

performance degradation on existing hardware.


AdHoc Network Security issues

Challenges in AdHoc NetworkLack of infrastructure, absence of trusted

third parties (TTPs)The constraints of the devices and the

communication channelBootstrapping security, providing

authentication and key exchangeEnabling key revocation and key renewing

in public key infrastructures (PKIs).


Server Level Security

Servers provide services to mobile devicesDHCP/DNS/HTTP/File servers etc

Messaging and file services are very critical part of mobile work force in enterprise.


Security Threats in Servers

Malicious entities may exploit software bugs in the server

Denial of Service (DoS) attacks Sensitive information transmitted unencrypted

or weakly encrypted between the server and the client may be intercepted.

Malicious entities may gain unauthorised access to resources elsewhere in the organisation‘s network via a successful attack on the server


Securing the Servers

Planning Identify the Purpose(s) of the Server Install right firewall Install NIDS

Install, Configure, and Secure the Underlying OS

Install, Configure, and Secure the Server Software


Thank You

We can address any questions that you had earlier hesitated to ask

'the security of a computer system degrades in direct proportion to the amount of use the system receives -

(Farmer's Law) '


Backup Slide

Backup slides

Wireless Device and Network level security

Documents

Transcript of Wireless Device and Network level security