Security Issues and Challenges in Wireless Networks

Dr. Mohammad Shoab

1

Introduction

• Wireless stations, or nodes, communicate over a wireless medium
• Networks operating under infrastructure mode e.g., 802.11, 802.16, Cellular networks
• Networks operating with limited or no infrastructural support e.g., ad hoc networks in AODV mode
• Security threats are imminent due to the open nature of communication
• Two main issues: authentication and privacy
• Other serious issues: denial-of-service
• A categorization is required to understand the issues in each situation.

2

Introduction – Wireless Technologies

• Different technologies have been developed for different scenarios and requirements
• WiFi is technology for Wireless LANs and short range mobile access networks
• WiMAX is technology for last mile broadband connectivity
• Wireless USB is technology for Internet connectivity on the go
• Other technologies like Infrared (TV remotes etc), Bluetooth (soon to be obsolete) etc are short range
• Extreme bandwidth but short range technologies are Gigabit wireless etc

3

Introduction

• Fixed Infrastructure
• Base stations that are typically not resource constrained.
• Examples: sensor networks, and cellular networks.
• Mobility of nodes but not of base stations.

4

Introduction

• Ad hoc wireless networks
• No infrastructural support.
• Nodes also double up as routers.
• Mobility of nodes.
• Examples laptops/cellphones operating in ad hoc mode.

Image from www.microsoft.com

5

Introduction

• Mixed mode
• In between the two modes.
• Some nodes exhibit ad hoc capability.

​

6

Introduction

• To formalize study and solutions, need good models for these networks.
• Formal model to characterize the properties and solutions
• Models that are close to reality
• Still allow for solution design and analysis.

7

Introduction

• Solution properties
• Light-weight
• Have to use battery power wisely.
• Other resources, such as storage, are also limited.
• Local control
• Many cases, only neighbours are known.
• Any additional information gathering is expensive.

8

Introduction

• Difficulty of modeling wireless networks as opposed to wired networks:
• Transmission
• Interference
• Resource constraints
• Mobility
• Physical carrier sensing

9

Outline

• Introduction
• Models of Wireless Networks
• Various Layers and Current Solutions for each Layer
• Security Issues and Threats at each Layer
• Security Solutions

10

Models of Wireless Networks

• Unit disk graph model
• Given a transmission radius R, nodes u,v are connected if d(u,v) ≤ R

11

Models of W ireless Networks

• Unit disk graph model
• Given a transmission radius R, nodes u,v are connected if d(u,v) ≤ R.
• Too simple model – transmission range could be of arbitrary shape.

12

Models of Wireless Networks

• Packet Radio Network (PRN)
• Can handle arbitrary shapes
• Widely used
• Nodes u, v can communicate directly if they are within each other's transmission range, r_t.

u

v

w

v'

13

What is the problem?

• Model for interference too simplistic

14

• w can still interfere at u
• PRN model fails to address certain interference problems in practice

What is the problem?

15

• Transmission Range, Interference Range
• Separate values for transmission range, interference range.
• Interference range constant times bigger than transmission range.

Models of Wireless Networks

u

r_t

v

w

u'

r_i

16

Carrier Sensing

• Virtual carrier sensing using request to send(RTS)/clear to send(CTS).
• Physical Carrier Sensing
• Provided by Clear Channel Assessment (CCA) circuit.
• Monitor the medium as a function of Received Signal Strength Indicator (RSSI)
• Energy Detection (ED) bit set to 1 if RSSI exceeds a certain threshold
• Has a register to set the threshold in dB

17

Outline

• Introduction
• Models of Wireless Networks
• Various Layers and Current Solutions at each layer
• Security Issues and Threats at each Layer
• Security Solutions

18

Various Layers of Interest – Physical Layer

• Physical Layer
• 802.11 standard supports several data rates between 11 Mbps and 54 Mbps
• 802.16 support multiple data rates from 2Mbps to 300 Mbps
• Several modulation schemes in use and support different conditions and data rates
• AM, FM, PSK, BPSK, QPSK, FDM, OFDM, OFDMA, ...

19

Physical Layer – WiFi

• Stands for Wireless Fidelity Range of Technologies
• Technology that uses IEEE 802.11 protocol standards
• 802.11b operates at 2.4 Ghz using DSSS
• Has three non-overlapping channels with 11mbps max
• 802.11g operates at 2.4 Ghz resp, with 20 Mhz, OFDM
• Achieves 54 Mbps and inter-operable to 802.11b
• 802.11a operates at 5GHz using OFDM
• About 4-8 (depending on country) non-overlapping channels
• Bandwidth achieved is 54 Mbps

20

Various Layers of Interest – MAC Layer

• MAC Layer
• Medium access control is an important requirement.
• Collision detection (CSMA/CD) not possible unlike wired networks.
• Hence using Collision avoidance (CSMA/CA)
• Functions of MAC
• Scanning, Authentication, Association, WEP, RTS/CTS, Power Save options, Fragmentation

21

Various Layers of Interest – MAC Layer

• 802.11 MAC
• Use Physical Carrier Sensing to sense for a free medium.
• Explicit ACKs to indicate reception of packet.
• Results in the problem of hidden node.
• Use Virtual Carrier Sensing using RTS/CTS.

DATA

DATA

22

MAC Layer

• More recent solutions address issues such as, especially with respect to ad hoc networks
• self-stabilization
• Dynamism
• Efficiency
• Fairness

23

Various Layers – Network Layer

• Route packets in the network.
• Routing in infrastructure based networks is similar to IP routing
• All the base stations have a wired IP interface which is used by the routers/switches to forward data
• Issues like handoffs are handled through techniques like Mobile IP or Cellular Handoffs or Soft-handoffs as done in Mobile WiMAX
• Now, for network without infrastructure the problem is difficult as the routes are transient

24

Various Layers – Network Layer

• Ad hoc networks
• No easy solutions but different proposals exist.
• Two kinds: proactive and reactive
• Proactive: Maintain lot of state, proactive updates.
• Example: DSDV, DSR
• Reactive: Minimal state, react to changes.
• Example: AODV

25

Other Important Layers

• Transport layer
• This is important layer especially since the wireless medium suffers from high bit-error rate and collisions.
• To offset this wireless technologies rely less on TCP’s reliability mechanism
• This is mostly handled at physical layer through techniques like FEC and other error correcting codes
• Application Layer
• Notion of an application layer protocol
• Email/Web/Games/SMS/MMS

26

Outline

• Introduction
• Models of Wireless Networks
• Various Layers and Current Solutions for each Layer
• Security Issues and Threats at each Layer
• Security Solutions

27

Threats in Present Solutions – MAC Layer

• Denial of Service
• Can hog the medium by sending noise continuously.
• Can be done without draining the power of the adversary.
• Depends on physical carrier sensing threshold.

z

A

28

Threats in Present Solutions – MAC Layer

• 802.11 standard uses Access Control Lists for admission control.
• If MAC address not in the list, then the node is denied access.
• But easy to spoof MAC addresses.

00:1A:A0:FD:FF:2E

00:0C:76:7F:DF:49

00:13:D3:07:2F:A8

00:2F:B8:77:EA:B5

29

Threats in Present Solutions – Network Layer

• Ad hoc networks
• Network layer
• Denial-of-service attacks
• Broadcast nature of communication
• Packet dropping
• Route discovery failure in ad hoc network
• Packet rerouting

​

30

Threats in Present Solutions – Network Layer

• Denial-of-service
• Easy to mount in wireless network protocols.
• One strategically adversary can generally disable a dense part of the network.

z

A

Nodes Disrupting Routes

Source

Source

Destination

31

Threats in Present Solutions – Network Layer

• Can simply engage in conversation and drain battery power of other nodes – power exhaustion attack
• Send lot of RREQ messages but never use the routes.

z

A

RREQ(a)

RREQ(b)

RREQ(c)

….

32

Threats in Present Solutions – Network Layer

• Broadcast nature of communication
• Each message can be received by all nodes in the transmission range
• Packet sniffing is a lot easier than in wired networks.
• Poses a data privacy issue

s

t

A

33

Threats in Present Solutions – Network Layer

• Packet dropping
• Wired networks can monitor packet drops reasonably
• Such mechanisms are resource intensive for wireless networks
• Ad Hoc On-Demand Distance Vector (AODV) has timeouts but no theoretical solutions
• Difficult to distinguish packet drops, say route requests (RREQs), from non-existence of route itself
• Nodes some times behave selfishly to preserve resources

34

Threats in Present Solutions – Network Layer

• Packet rerouting – also known as data plane attacks.
• Attacker reveals paths but does not forward data along these paths.
• Control plane measures do not suffice.
• Difficult to trace in wired networks also.

s

t

35

Threats in Present Solutions – Network Layer

• Application Layer
• Easy to infect mobile devices.
• Rerouting content through the base station poses privacy issues.
• Bluetooth networks and ad hoc networks do not have a base station facility.
• Contrast with wired networks with firewalls, filters, sandboxes.

36

Outline

• Introduction
• Models of Wireless Networks
• Various Layers and Current Solutions for each Layer
• Security Issues and Threats at each Layer
• Security Solutions

37

Security Solutions

• Requirements
• Need solutions that do not add any perceivable burden
• Cryptography can help
• Public key solutions
• Public key operations about 1000 times slow compared to symmetric key operations.
• Cost of SHA-1 = 2 microseconds
• Cost of RSA signature verification = order of millisec
• Symmetric key solutions for privacy and authentication
• Issue: How to distribute and manage keys?

38

Security Solutions for 802.11 Networks

• Previous WEP (Wired Equivalent Privacy) based on RC4 is prone to attacks
• Privacy is not guaranteed as the key streams could be easily recovered
• Weaknesses in RC4 are well documented
• Authentication is weak as well due to weak encryption technique
• Challenge-response using pre-shared keys is prone to attacks if encryption is weak

39

WEP Authentication Model

WEP Authentication Based on RC4

• Authentication key is distributed out-of-band
• Access Point generates a randomly generated challenge
• Station encrypts challenge using pre-shared secret
• Problem: Challenge-responses of valid users can be recorded and key stream can be recovered due to RC4 working
• Attacker can use the keys to encrypt any future challenges

​

Wireless Node

AP

Decrypted nonce OK?

40

Security Solution for 802.11 Networks: 802.11i Model

• Solution Requirements
• Mutual authentication
• Scalable key management for large networks
• Central authorization and accounting
• Support for extended authentication like smart cards
• Key Management Issues
• Need to dynamically manage keys to avoid manual reconfiguration difficulties especially for large networks

41

802.1X Authentication

42

802.1X Authentication

43

Security in Ad Hoc Mode

• Ad hoc networks cannot use RADIUS type authentication
• Problem: if RADIUS type authentication is used, every station will need to store every other station’s credentials
• Moreover, authentication will have to be using EAP-TLS which is computationally intensive
• Problem: mutual authentication is trouble some
• Other Security Requirements
• Cryptographic mechanisms for confidentiality
• Key establishment for confidentiality
• Public-key management to prevent replacement of keys
• Symmetric key management to protect from compromise
• Denial-of-service resistance in contention mechanisms at MAC layer

44

Security in Ad Hoc Networks

• Security Mechanisms
• Pro-active : Prevents an attacker from launching an attack say by using cryptographic mechanisms
• Requirement is establishment of necessary cryptographic material
• E.g., Routing Attacks
• Reactive : Relies on detection and mitigation of attacks
• Benign behaviour is defined and behaviour analysis is done to detect malicious behaviour
• E.g., Packet Forwarding attacks

45

Thank You!

46