DOC PREVIEW
USC CSCI 530 - 08_wireless

This preview shows page 1-2-3 out of 10 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 10 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

CS530Wireless Technologies &ImplicationsBill Chenghttp://merlot.usc.edu/cs530-s10 CSCI 530, Spring 2010 Copyright © William C. Cheng T1CSCI 530, Spring 2010 Copyright © William C. Cheng T2What’s Different About Wirelesswireless communication involves transmission of data byradio or similar means, and this allows an attacker to readthe data more readily without requiring physical access tothe networkEasy (but wrong) answer:if you have been paying attention during this course, youwill likely note that we have been assuming it is easy foran attacker to intercept data anyway, even on wirednetworksThe problem with this explanation:good security design should assume thisyes, it is a little easier for an attacker to eavesdrop withwireless, but there are so many other ways to get the datathat wireless doesn’t really change this partsuch systems create a less accountable path into thenetworkcan trace back TCP connectionsbut it can be hard to determine last hop for wireless(MAC address can be spoofed in 802.11) CSCI 530, Spring 2010 Copyright © William C. Cheng T3What’s Different About Wireless (Cont...)wireless communications devices are often disconnectedsometimes it is harder to solve security problems ifyou do not have access to the network (e.g., to reachKDC, DS)The real answer:such devices may have limited storage or limitedcomputation abilitiessuch systems may be more vulnerable to jammingbut on the other hand, it’s harder to "cut the line"CSCI 530, Spring 2010 Copyright © William C. Cheng T4A False Sense of SecurityWEP: Wired Equivalent Privacy is just thatdoesn’t solve the end to end problemsNeed to be careful about marketing24-bit IV - small space, IV reused in short periodSolutions that provide encryption at the network layer orbelow provide a false sense of securitywires aren’t that hard to tap anywayattacks on WEPrepeated IV on encryption enables recovery of the keystreamauthentication reveals secretlink layer, per packet encryptionshould always use things such as SSH and VPN ontop of WEPCSCI 530, Spring 2010 Copyright © William C. Cheng T5RC4/* state information */static uns8 static[256], x, y;void rc4init(uns8 *key, uns16 length) /* initialization */{ int i; uns8 t, j, k=0; for (i=256; i--; ) state[i] = i; for (i=0, j=0; i < 256; i++, j=(j+1)%length) { t = state[i]; state[i] = state[k+= key[j] + t]; state[k] = t; } x = y = 0;}uns8 rc4step() /* * return next * pseudo-random * octet */{ uns8 t; t = state[y += state[++x]]; state[y] = state[x]; state[x] = t; return state[ state[x]+state[y] ];}CSCI 530, Spring 2010 Copyright © William C. Cheng T6A False Claim of Securitywritten by one of the Bluetooth architectan alternative doesn’t exhibit the same vulnerabilities isnot at all surprisingBeware of papers like the Bluetooth paper in the assignedreadingsthese kinds of papers appear all the time, pointing tovulnerabilities in competing products or protocols andshowing how their solution does not exhibit theseweaknesskeep in mind that weakness and vulnerabilities are usuallyapproach specifice.g., when you stand close enough to a store, your devicemay get an instant message from the storewould you like to get a $20 coupon from this store thatyou are standing next to?Bluetooth was designed such that even when a connectionis refused, data can be receivedbluetooth philosophy is that physical proximity canprovide protection - not a good assumption CSCI 530, Spring 2010 Copyright © William C. Cheng T7Bluetooth Vulnerabilitiessimilar to SSL URL authentication problemsi.e. that you know the name of the server you weretalking to, but not that it was the right serverBluetooth exhibits serious vulnerabilities in its interface tothe userattacker can than steal dataSNARF Attackconnect to device without alerting ownerBackdoor Attackestablish trust by pairing, but remove from list of pairdevicesproblem is too few protection domainsconnection grants access to most data on the device CSCI 530, Spring 2010 Copyright © William C. Cheng T8Bluetooth Vulnerabilities (Cont...)CSCI 530, Spring 2010 Copyright © William C. Cheng T9Wireless to Improve Securitytopology of network is not constrained by physical wireshome burglary example - you can cut phone line, butthe security system can use a cell phoneWireless promotes less constrained reconfigurationexamples in sensor netsif codes secret, useful to hide communicationSpread spectrum can be used as a security toolresistant to jammingCSCI 530, Spring 2010 Copyright © William C. Cheng T10Peer to Peer and Ad Hoc Securityimportance of not sharing keys among devicesSecurity protocols may have phases independent of centralinfrastructureServices may be provided by untrusted nodesMessages need to be relayed by untrusted nodesDevices may be overrun (taken over by enemies)Collusion is possible (Byzantine


View Full Document

USC CSCI 530 - 08_wireless

Download 08_wireless
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view 08_wireless and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view 08_wireless 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?