An Introduction

of
Wireless & mobile
Security

Submitted by:
Sandeep Sharma
M.TECH(NM)
DAVV(SCSIT)
 Overview
 Security Basics
 Wireless Security
 WTLS & SSL
 WAP Security Models
 WIM, WMLScript, Access Control
 Summary
 References
 Security Primer
Security Goals

-Authentication

-Confidentiality

- Data Integrity

-Authorization

-Non-Repudiation
 Different Views
Privacy
 Assure privacy of information (i.e., no one other than the
authorized people can see the information) in storage or
transmission
Integrity
The integrity of information (i.e., no unauthorized
modification)
Authentication:
Identify for certain who is communicating with you

Authorization (Access control):

Determine what access rights that person has.
Accountability (Auditing): .
assure that you can tell who did what when and convince
yourself that the system keeps its security promises.
Includes non-repudiation (NR) -- the ability to provide
proof of the origin or delivery of data.
NR protects the sender against a false denial by the
recipient that the data has been received. Also protects the
recipient against false denial by the sender that the data
has been sent.
a receiver cannot say that he/she never received the data
or the sender cannot say that he/she never sent any data
Availability: access to system when a user needs it
WTLS
 WAP System Architecture

Client Web Server

WAP Gateway
WML

with WML-Script
WML Encoder CGI

WML Decks
WML- Scripts
WSP/WTP WMLScript HTTP etc.
Script
Compiler
WTAI
Protocol Adapters Content
Etc.
 Security in WAP
GSM Security
WAP can secure
Wireless Network communication between
terminal and WAP
gateway.
Terminal For communications
between gateway and
origin server, other
means e.g. SSL are

FIREWALL
Leased required.
modem
pool
FIREWALL
Internet
WAP S
ecurit
y

WAPCompan
Gateway Origin Server
y Internet Security
intranet
Wireless security Issues
 Several security concerns at all layers
 Wireless networks (cellular, wi-fi, adhoc,
satellite)
 Wireless platforms (Mobile IP, WAP, I-
Mode, Wireless Java, Mobile Web services)
 Mobile applications (holding digital
certificates in handsets)
 Too many issues needing attention
 Cellular security (location services)
 Satellite security (GAO report)
 Mobile adhoc network security
 Wireless platform security (WAP, BREW)
 M-application security (handset certificates)
 Anarchitecture approach is needed – a
solution that considers tradeoffs and
 Sample Wireless Security Technologies
•SET for transaction security
•S/MIME and PGP for secure email
Applications •Java security (sandboxes)
Can use •Database security
higher level
services to
compensate •SSL and TLS
for lower layers Middleware •WAP security (WTLS)
•Web security (HTTPS, PICS, HTTP Headers)
•Proxy server security
Tradeoffs in
performance
and security TCP/IP
•IPSEC and wireless VPN
•Mobile IP

•802.11 security (WEP)

Wireless •Cellular network security
Link •Satellite link security
•WLL and cordless link security
 Security Tradeoffs
Telnet FTP SMTP HTTP

a) Physical Network Level Security TCP /IP

(encryption at physical network level) Physical Network (layer1 –2)

Telnet FTP SMTP HTTP

b) Transport Level Security
(encryption at IP level) IPsec (VPN)
Physical network

PGP S/MIME A3 A3 A2 A1

c) Higher Level Security SMTP HTTP

(encryption at SSL or application level) SSL

Legend: light areas indicate TCP /IP

security (say encryption) Physical network
Table 12-1 Security Considerations – Mapping Technology to Needs
Technologies Privacy Integrity Authentication Accountability Availability and
and (Non- Denial of service
Authorization repudiation)
Encryption X X
Password X X
protection
Digital X X
signatures
Message X
Digest
Digital X X X
certificates
ACL X
Audit trails X
Redundancy X
 Table 12-2 Security Levels
Security Level Example of Security Why Needed? Why Not Enough?

Application-level SET, PGP, S-MIME Provide security specific Only protection of

security to and application application-specific data

Client/Server Security SSL and WTLS Security Assures secure Only middleware-level
communication over an security
unsecured link

IP Level IPSec, VPN Protects the IP path Does not protect

databases

Network Link Level Wireless LAN Security, Deters breaking in at Protects only one link.
3G and Satellites physical link level Does not cover other
Security links in a large network
 WAP Security

Wireless
network
WAP with uses
Phone WTLS
Security
Internet
WAP Gateway uses Web Server
•Protocol Adapters SSL • CGI Scripts
WML Browser
WML Script •WML Encoder Security
•WMLScript
Compiler Content
Digital authentication
process.
 Security Technologies

 Cryptography
Symmetric:3DES, RC4, etc.
Asymmetric: RSA, Diffie-Hellman

 Key Exchange( RSA, Diffie-

Hellman)
 Digital Signatures (RSA,DSS)
 Digital Certificates(x.509.wtls)
 PKI
 Wireless Security

 Link Layer Security

GSM
CDMA

 Application Layer Security

WAP: WTLS, WML, WMLScript, & SSL
I Mode: N/A
SMS: N/A
Sample Of Digital
Certificate
Digital Certificate
Subject name : Sandeep
Public key : <san_cse22>
Serial Number : 10291021
Other data : Email
Sandeep24nm@gmail.com
Valid from : 8 july 2008
Valid to : 8 july 2010
Issuer Name : DAVV (scsit)
Digital Certificate creation
steps

Key Generation

Registration

Verification

Certificate Creation
 Some digital signature
algorithms

RSA
 DSA
 ECDSA
 ElGamal signature scheme
 Undeniable signature
 SHA (typically SHA-1) with RSA
Types of Digital Certificates

 E-MailCertificates
 Browser Certificates
 Server (SSL) Certificates
 Software Signing Certificates
 CERTIFICATE
AUTHORITY

KUa CA =E k R auth[time1,iDa,ku a]
KUb
5
4
1 CB = E k R auth[time1,IDb,ku b]
2

3 CA

6 CB
 Sample X.509 certificates v1
 Certificate:
 Data: Version: 1 (0x0)
 Serial Number: 7829 (0x1e95)
 Signature Algorithm: md5WithRSAEncryption
 Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting
cc, OU=Certification Services Division, CN=Thawte Server
 CA/emailAddress=server-certs@thawte.com
 Validity Not Before: Jul 9 16:04:02 2008 GMT Not After : Jul 9 16:04:02
2010
 GMT Subject: C=India, ST=M.P., D=indore, O=D.A.V .V., OU=FreeSoft,
CN=www.freesoft.org/emailAddress=sandeep24nm@gmail.com
 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA
Public Key: (1024 bit) Modulus (1024 bit):
00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb:
33:35:19:d5:0c:64:b9:3d:41:b2:96:fc:f3:31:e1:
66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66:
70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17:
Exponent: 65537 (0x10001)
 Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d:
92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:19:f6:ad:ef:63:2f:92:
ab:2f:4b:cf:0a:13:90:ee:2c:0e:43:03:be:f6:ea:8e:9c:67:
d0:a2:40:03:f7:ef:6a:15:09:79:a9:46:ed:b7:16:1b:41:72:
0d:19:aa:ad:dd:9a:df:ab:97:50:65:f5:5e:85:a6:ef:19:d1
Process of x.509 certificate obtaining
Steps of Communication
 How does a stream cipher
work?
Keystream Keystream
IV+Key IV+Key
Generator Generator

Keystream Keystream

Plaintext Ciphertext Plaintext

Encrypt Decrypt

IV: Initialization vector

Encryption with WEP
Plaintext

Message CRC

XOR

Keystream = RC4(v, k)

IV Ciphertext

Transmitted data
 Encryption with WEP
 RC4 used with 40-bit key
 „128-bit“ implementation
 Per-packet 24-bit IV
 WEP allows re-use of IV
 32-bit CRC is a linear function of the
message and does not depend on the
key
 No non- repudiation
3
Sorry, I can not decide this!

2
I did not receive any me
by Alice.
1 The log file has been fak
I have canceled the by Alice!
contract for my flat
3 months ago.
WTLS
Logfile

Reason: The record protocol is based on

symmetric cryptography
 Wireless IDS
HYPE: External wIDS sensors are the best way to detect and remediate all wireless attacks
REALITY: Most attacks/events occur on the AP/Client channel
ROGUES and AD HOCs: Detected quickly via intelligent off channel scanning

On-channel attack detected 802.11a Channel 153

Off channel rogue detected Rogue AP
AP contains rogue client
Off channel ad hoc net detected
AP contains ad 802.11g Channel 1
hoc net Ad Hoc client ent
i nm
Co
RFntaContainment
RF

802.11a Channel 153 802.11g Channel 1

Rogue client Ad Hoc client

802.11g Channel 6 802.11g Channel 6 802.11a Channel 152

Valid client Attacker Valid client
THANKS FOR
LISTENING
ANY DOUBT ?