Chapter 12

Wireless Security
 Traditional security issues
• Integrity
• Confidentiality
• Nonrepudiation
• Availability
 Integrity
• Integrity can refer to either system integrity or
data integrity. A system provides integrity if it
performs its intended function in an
unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the
system. Data maintains its integrity if the
receiver of the data can verify that the data
have not been modified; in addition, no one
should be able to substitute fake data.
 Confidentiality
• Confidentialityrefers to data and is provided
when only intended recipient(s) can read the
data. Anyone other than the intended
recipients either cannot retrieve the data
because of access mechanism protections, or
other means, such as encryption, protect the
data even if they are stolen or intercepted.
 Non-repudiation
• Non-repudiation is a property of data and means
that the sender should not be able to falsely deny
(i.e., repudiate) sending the data. This property is
important for electronic commerce because
vendors do not want clients to be able to deny
that they made purchases and thus must pay for
any services or goods they received.
• E.g. Any online vendor would want non
repudiation to prevent customers from claiming
that they never made a purchase.
 Availability
• Availability is a property of systems where a third
party with no access should not be able to block
legitimate parties from using a resource.
• Denial-of-service(DoS) attacks are fairly
commonplace on the Internet. They can involve
one site flooding another with traffic or one site
sending a small stream of packets designed to
exploit flaws in the operating system’s software
that take the site down (either crash or hang the
operating system or disable any network
communication to or from the site).
 Mobile and Wireless security issues
• Detectability
• Resource depletion/exhaustion
• Physical intercept problems
• Theft of service
• War driving/walking/chalking
 Resource depletion/exhaustion
• This leaves these devices open to resource-
depletion and exhaustion attacks. The former
involves an attack that shortens the lifespan of
the battery, causing it to fail “naturally” at a
later date but much sooner than it would
normally. The latter involves an attack that
consumes (and wastes) all the power in the
battery, leaving the unit unable to function
 Physical intercept problem
• In wireless systems, the signal is broadcast through
the air, where any receiver can intercept it. This
problem is related to the detectability problem
because once the signal can be discerned, the data
can be read. In general, the approaches to mitigate
this problem involve directional antennas, low-power
transmissions, and frequency-hopping/spread-
spectrum technology at the physical layer and
encryption techniques at higher layers.
 Theft of service
• A user may be sitting outside a coffee shop known to have a
public wireless Internet connection.
• A business next door also may have a wireless network, and
because of the user’s physical location, she may have better
reception to the next-door business’s wireless network and
connect to it, thinking that she is connecting to the coffee
shop’s network.
• Of course, this example assumes that the user has no
malicious intent, nor any knowledge of what network she is
using. Much effort has been put forth to document many of
these networks, as we will see below
 Problems in Adhoc network
• Routing
• keying
• Reconfiguring
• Hostile environment
• Additional issues: Commerce
• Liability
• Fear, Uncertainty and doubt
• Fraud
• Big bucks at stake
 Attacks
• ‘Man in the middle’ attack
• Traffic analysis
• Replay attacks
• Buffer-overflow attacks