Security Issues, Concepts

and Strategies in Wireless

And Mobile Systems
Lecture 04
 The Wireless Environment

 Communications in the wireless environment has its own issues and challenges.
 Generally, it has the following characteristics:
 Relatively low bandwidth and data rate.
 Relatively high error rates.
 Need for low power consumption to preserve battery life of mobile systems.
 Mobility of the nodes adds more complexity because of topology changes.
 Signal fading.
 Handoff issues.
 And other challenges.
 All of these issues affect design and design for security
 Categories of Wireless Communication
 There exists many forms of wireless communications and networking, and the
number of these forms dynamically increasing.
 The following is a list of the some very popular forms of wireless
communications.
 Satellite Communications:
 Uses microwave links and provides global connection of many network
infrastructures.
 Three types of satellites:
GEO: Geostationary Earth Orbit Satellites.
MEO: Medium Earth Orbit Satellites.
LEO: Low Earth Orbit Satellites.
 Categories of Wireless Communication

 Cellular Networks:
 Widely used recently. Quickly increasing in popularity all over the world.
 Geographic area is divided into cells.
 Each cell is serviced by a base station (BS).
 Several stations are served by a Mobile Telecommunications Switching
Office (MTSO), or a similar structure.
 Base station connects mobile users to MTSO.
 MTSO connects base station (BS’s) to telephone switching office.
 Categories of Wireless Communication
 Cellular Networks:
 The first generation of systems was AMPS (Advanced Mobile Phone Service) which used analog
communications
 The second generation uses digital traffic channels, encryption, error detection, correction,
and allow channel access to be dynamically shared by all users.
 Third generation systems have:
 Good voice quality that is comparable to public switched telephone networks.
 Higher data rates, Support for both packet and circuit switched data services.
 Adaptive interface to the Internet to reflect common asymmetry between inbound and outbound traffic.
 More efficient use of available spectrum, Support for wide variety of mobile equipment.
 More flexibility to accept new services and techniques.

 Long Term Evolution (LTE), Fourth generation, fifth generation…

 Security Issues

 Sensitivityof information shared on wireless systems (increasingly

important) financial, personal, social, confidential, etc.
 example: wireless cameras (watching nanny and baby in house…the
whole block watching).
Wireless Security Threats

 Denial of Service Attacks

 Theft of Service
 Industrial and Foreign Spying
 Rouge Access Points
 Malicious Code/Viruses
Denial of Service Attacks

 The purpose is to deny the victims’ access to a particular resource, which

usually means cutting off access to the service or network as a whole.

 The network is flooded with information, through flooding the 2.4GHz

frequency or packet flooding.
Theft of Service

 Hacker gains access to the internet or anything else by using someone else’s
resources.

 Leads to a much more serious type of threat that can cost companies and
individuals a lot of problems and money.
Industrial and Foreign Espionage

 Specific to wireless networks, and is probably the most prominent, and often
the most costly type of attack.

 Also known as sniffing or eavesdropping.

 Two types of eavesdropping: Passive and Active.

 Industrial and Foreign Spying

Passive: The attacker simply monitors the wireless session after

gaining access to the transmission. The attacker can read the
actual data being transmitted and learn about its source and
destination.

Active: The attacker must have access to the network itself so

that instead of simply listening in, he or she may actually make
changes to the packet itself.
 Unprincipled Access Points

 Unauthorized access points that leave open doors to a company’s network.

 Two types: unintentional and intentional.

 An employee may wish to have more mobility at work, without setting up security parameters.
 Hackers will mimic the current Access Point to gain access to the network.
 Malicious Code/Viruses

 Anyprogram (or code) that is used intentionally to cause

adverse affects to a system.

 Most commonly known as Viruses.

 Mostthreatening type of Virus is a Worm. For example,

the Code Red worm replicated itself over 250,000 times
in approximately nine hours on July 19, 2001.
 Security services needed

 (especially in e-commerce transactions)

 User authentication: The process of proving to the system that the user is whom he/she says he/she is.

 Data authentication: It is further subdivided into two sub-services.

 The first is data integrity, which is the process of guaranteeing to the receiver that the data was not changed during
the transmission process.
 The second is data origin authentication is the process of proving to the receiver that the data was actually sent by the
stated sender.
 Data confidentiality: It ensures that unintended parties are not able to
read the data while in transit. Encryption is used to achieve this
objective.

 Audit: An audit trail is used to keep track of who, when, what, and how
transactions took place in a system. This audit trail can be an essential
tool for after the fact analysis in cases intentional or unintentional
security attacks. It can also be used by intrusion detection algorithms to
detect and prevent current and future attacks.


 Authorization: It is the process of ensuring that only authorized users are allowed to access the
data/resources.

 Non-repudiation: It is the process of guaranteeing that a certain user actually did issue a certain order or
required a certain transaction. Non-repudiation is usually implemented using digital signatures, which are
unique to users and provide proof that a particular user initiated a particular transaction.
Security in selected mobile and wireless systems

 Some Commonly Used Mobile and Wireless Systems and Protocols:

 802.11
 Bluetooth
 Mobile IP
 Security in IEEE 802.11

 The 802.11 architecture uses the wired equivalent privacy protocol (WEP).
 Data is encrypted with WEP to protect the wireless link between clients and access points.
 Network administrators distribute a WEP-algorithm-based key for authorized users, which prevents access by
unauthorized users.
 The protocol has authentications, deauthentication (this service is invoked whenever an existing authentication
is to be terminated), and privacy provisions.
 Authentication and deauthentication services are used for establishing identity of a station.
 The standard does not specify any particular authentication scheme.
 Privacy services are used to prevent the content of messages from being read by other than intended
recipients.
 Security in Bluetooth

 The Bluetooth baseband specification defines a facility for link security between any two Bluetooth devices,
consisting of the following elements:
- Authentication
- Encryption (privacy)
- Key management and usage.
 The authentication process is used to provide verification of the claimed identity of one of the two Bluetooth
devices involved in an exchange. Authentication is done by verifying that the two devices share the same
preconfigured authentication key.
 Encryption of packet payload can be used to protect user information. The access code and the packet header
are never encrypted. For each packet transmission, a new encryption key is generated.
 Security in Mobile IP

 Mobile IP has security features, which are essential to its operation. This is because a wide variety of attacks
could be used by an unauthorized user to access information of another user.
 It uses message authentication, registration request and reply contain authentication extensions with security
parameter index (SPI) and authenticator.
 Authentication procedures are carried out to secure mobile-home (mobile node/home communication), mobile-
foreign (mobile node/foreign agent communications), and foreign-home (foreign agent/home agent
communications).