Upload
cora-grant
View
28
Download
0
Embed Size (px)
DESCRIPTION
Security in Wireless Networks. Mike Swift CSE 802.11b Summer 2003. Standard Preamble. What is different about wireless? No authentication of access port Battery-operated devices Frequent use of broadcast Easy sniffing / packet injection Jamming. What are the problems?. - PowerPoint PPT Presentation
Citation preview
Security in Wireless Networks
Mike Swift
CSE 802.11b
Summer 2003
Standard Preamble
• What is different about wireless?– No authentication of access port– Battery-operated devices– Frequent use of broadcast– Easy sniffing / packet injection– Jamming
What are the problems?
• Denial of service– Battery usage– Physical layer: jamming (not our problem)– MAC layer and up: injected messages
• Confidentiality / integrity - More or less solved
• Secure association• Routing -Preventing rogues from obtaining
routes
Power DOS attacks
• Turn off antenna to save power– Spoof “no messages” message when awakes– Spoof “message poll” so discarded before awakes– Spoof timer so desynchronizes
• Receiving / sending packets require power consumption– Attacker can forcer receiver to use use power
• Send many packets• Force it to resend packets
• Solution:– Power consumption management– Prioritize tasks when limited by power– Authenticate timer messages
MAC Layer DOS Attacks
• Problem– MAC layer message direct nodes when not to send
messages• RTS/CTS and NAV in 802.11 reserve channel
– MAC layer state machine directs nodes to ignore future messages
• Unauthenticated / unassociated state causes packets to be dropped silently
• States entered as result of unauthenticated messages
– Power requirements for DOS very low– Commercial MAC implementations allow sending of
arbitrary packets via. aux debug port
Solution to MAC layer DOS attacks
• Authenticate every messages– Prevents outsider from disassociating /
unauthenticating
• Verify messages– Verify channel in use after RTS/CTS– Verify no more messages after disassociation
General approaches
• Sign every packet – Prevent attackers from spoofing management
packets
• Authenticate then associate– Allows authentication of association
management packets– Prevents any communication before
authentication
Secure association
• How does my TV trust my remote?
• How does my laptop trust the printer in the airport?
• How do I get onto a wireless network?
Solutions for ad-hoc networks
• Location limited channels for key exchange– Physical contact– Direction-specific limited range (IR)– Demonstrative identification – easily visible– Pre-authentication: exchange keys before going
wireless
• Resurrected duckling– First association is binding– Removing binding reincarnates device (loses all state)
Solutions for Access Points
• Two-layer protocols– Application layer: key negotiation and
authentication– Link layer: message integrity and
confidentiality
• Access points allow only limited connectivity before association– Communication only for authentication /
address acquisition (DHCP)
Routing
• Routing works over unknown physical layout– Must infer topology / neighbors from messages
sent
• Attacks:– Corrupting routing updates– Forwarding messages inappropriately (wormhole)
• Result of attacks– Can force all traffic through a node– Can break reachability
Routing security solutions
• Solutions: – Cryptography to prevent forging route
messages (ask Ratul for details)• Ensure that route metrics can only be increased,
not decreased• Ensure that metrics received along two paths are
consistent– Ensure that packets received are physically sent (or
possibly physically sent) by in-range sender
Wormhole Attack
Geographic Leashes
• E computes distance = 408
• Distance too far!
• Requires GPS
A(400,150),t1A
B
C
D(50,10),t2
B
C
D
(400,150)
(10,30),t3
(50,10)
A(400,150),t1
A(400,150),t1
E
Temporal Leashes
• E computes t3-t1 > c * max distance : denied• E computes t3-t2 < c* max distance: accepted• Requires clocks synchronized to 183 ns• Requires RT OS/MAC to give deterministic packet
delivery/receipt times
A,t1A
B
C
D,t2
B
C
D
E:t3
A,t1
A,t1
E
General Principals
• Sign everything• Authenticate first• Use limited channels for initial
authentication• Trust, but verify
– sender confirms intent to disconnect• e.g. no more packets• associates to another AP
– sender in range