Professional Documents
Culture Documents
Wireless Security by Sandeep Kumar Sharma
Wireless Security by Sandeep Kumar Sharma
of
Wireless & mobile
Security
Submitted by:
Sandeep Sharma
M.TECH(NM)
DAVV(SCSIT)
Overview
Security Basics
Wireless Security
WTLS & SSL
WAP Security Models
WIM, WMLScript, Access Control
Summary
References
Security Primer
Security Goals
-Authentication
-Confidentiality
- Data Integrity
-Authorization
-Non-Repudiation
Different Views
Privacy
Assure privacy of information (i.e., no one other than the
authorized people can see the information) in storage or
transmission
Integrity
The integrity of information (i.e., no unauthorized
modification)
Authentication:
Identify for certain who is communicating with you
with WML-Script
WML Encoder CGI
WML Decks
WML- Scripts
WSP/WTP WMLScript HTTP etc.
Script
Compiler
WTAI
Protocol Adapters Content
Etc.
Security in WAP
GSM Security
WAP can secure
Wireless Network communication between
terminal and WAP
gateway.
Terminal For communications
between gateway and
origin server, other
means e.g. SSL are
FIREWALL
Leased required.
modem
pool
FIREWALL
Internet
WAP S
ecurit
y
WAPCompan
Gateway Origin Server
y Internet Security
intranet
Wireless security Issues
Several security concerns at all layers
Wireless networks (cellular, wi-fi, adhoc,
satellite)
Wireless platforms (Mobile IP, WAP, I-
Mode, Wireless Java, Mobile Web services)
Mobile applications (holding digital
certificates in handsets)
Too many issues needing attention
Cellular security (location services)
Satellite security (GAO report)
Mobile adhoc network security
Wireless platform security (WAP, BREW)
M-application security (handset certificates)
Anarchitecture approach is needed – a
solution that considers tradeoffs and
Sample Wireless Security Technologies
•SET for transaction security
•S/MIME and PGP for secure email
Applications •Java security (sandboxes)
Can use •Database security
higher level
services to
compensate •SSL and TLS
for lower layers Middleware •WAP security (WTLS)
•Web security (HTTPS, PICS, HTTP Headers)
•Proxy server security
Tradeoffs in
performance
and security TCP/IP
•IPSEC and wireless VPN
•Mobile IP
PGP S/MIME A3 A3 A2 A1
Client/Server Security SSL and WTLS Security Assures secure Only middleware-level
communication over an security
unsecured link
Network Link Level Wireless LAN Security, Deters breaking in at Protects only one link.
3G and Satellites physical link level Does not cover other
Security links in a large network
WAP Security
Wireless
network
WAP with uses
Phone WTLS
Security
Internet
WAP Gateway uses Web Server
•Protocol Adapters SSL • CGI Scripts
WML Browser
WML Script •WML Encoder Security
•WMLScript
Compiler Content
Digital authentication
process.
Security Technologies
Cryptography
Symmetric:3DES, RC4, etc.
Asymmetric: RSA, Diffie-Hellman
Key Generation
Registration
Verification
Certificate Creation
Some digital signature
algorithms
RSA
DSA
ECDSA
ElGamal signature scheme
Undeniable signature
SHA (typically SHA-1) with RSA
Types of Digital Certificates
E-MailCertificates
Browser Certificates
Server (SSL) Certificates
Software Signing Certificates
CERTIFICATE
AUTHORITY
KUa CA =E k R auth[time1,iDa,ku a]
KUb
5
4
1 CB = E k R auth[time1,IDb,ku b]
2
3 CA
6 CB
Sample X.509 certificates v1
Certificate:
Data: Version: 1 (0x0)
Serial Number: 7829 (0x1e95)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting
cc, OU=Certification Services Division, CN=Thawte Server
CA/emailAddress=server-certs@thawte.com
Validity Not Before: Jul 9 16:04:02 2008 GMT Not After : Jul 9 16:04:02
2010
GMT Subject: C=India, ST=M.P., D=indore, O=D.A.V .V., OU=FreeSoft,
CN=www.freesoft.org/emailAddress=sandeep24nm@gmail.com
Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA
Public Key: (1024 bit) Modulus (1024 bit):
00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb:
33:35:19:d5:0c:64:b9:3d:41:b2:96:fc:f3:31:e1:
66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66:
70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17:
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d:
92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:19:f6:ad:ef:63:2f:92:
ab:2f:4b:cf:0a:13:90:ee:2c:0e:43:03:be:f6:ea:8e:9c:67:
d0:a2:40:03:f7:ef:6a:15:09:79:a9:46:ed:b7:16:1b:41:72:
0d:19:aa:ad:dd:9a:df:ab:97:50:65:f5:5e:85:a6:ef:19:d1
Process of x.509 certificate obtaining
Steps of Communication
How does a stream cipher
work?
Keystream Keystream
IV+Key IV+Key
Generator Generator
Keystream Keystream
Encrypt Decrypt
Message CRC
XOR
Keystream = RC4(v, k)
IV Ciphertext
Transmitted data
Encryption with WEP
RC4 used with 40-bit key
„128-bit“ implementation
Per-packet 24-bit IV
WEP allows re-use of IV
32-bit CRC is a linear function of the
message and does not depend on the
key
No non- repudiation
3
Sorry, I can not decide this!
2
I did not receive any me
by Alice.
1 The log file has been fak
I have canceled the by Alice!
contract for my flat
3 months ago.
WTLS
Logfile