Professional Documents
Culture Documents
Wireless Sec Pres
Wireless Sec Pres
Outline
Introduction
The wireless environment and systems
Concepts and terminologies used in wireless
security
Some commonly used wireless and mobile
systems and protocols
Wireless application protocol (WAP)
Signal fading.
Handoff issues.
And other challenges.
All of these issues affect design and design for
security
Satellite Communications:
Uses microwave links and provides global
connection of many network infrastructures.
Three types of satellites:
GEO: Geostationary Earth Orbit Satellites.
MEO: Medium Earth Orbit Satellites.
LEO: Low Earth Orbit Satellites.
Cellular Networks:
Widely used recently. Quickly increasing in
popularity all over the world.
Geographic area is divided into cells.
Each cell is serviced by a base station (BS).
Several stations are served by a Mobile
Telecommunications Switching Office
(MTSO), or a similar structure.
Cordless Systems:
Used inside homes and buildings.
Allow wireless communications between
cordless devices such as a telephone to a single
multiple base stations using TDMA (Time
Division Multiple Access) and TDD (Time
Division Duplex) communications.
Mobile IP:
Allows nomadic access to the Internet from
different access points.
A user is able to maintain connectability to the
Internet while moving from one access point to
another.
It uses process registration, agent solicitation,
move detection, and tunneling to achieve this
objective.
Cross-building Interconnect:
Used to provide wireless connections between
buildings.
Uses microwave communications with dish
shaped antennas.
More of a link than a LAN.
Nomadic Access:
Used to provide connectivity from mobile units
such as a laptop, PDA or other computing
devices to a fixed campus network per example.
Ad Hoc Networking:
Also called rapidly deployable networks.
An increasingly popular form of establishing
networks between mobile computing devices,
such as laptops, computers inside moving
vehicles.
The temporary wireless network is established
dynamically on the fly.
Bluetooth:
A wireless communications protocol.
Originally started by Ericsson.
Quickly became adopted by a consortium of
companies in the computer industry.
Grew from a few companies to thousands
including all of the major companies in the
industry.
Security Issues
Importance of wireless systems.
In every aspect of our lives.
Sensitivity of information shared on
wireless systems (increasingly important)
financial, personal, social, confidential, etc.
example: wireless cameras (watching nanny
and baby in housethe whole block
watching).
Authorization:
It is the process of ensuring that only authorized users are
allowed to access the data/resources. In a closed system
a user is not allowed access without explicit authorization.
Typically, this is the desired model of secure systems. On
the other hand, in an open system a user is allowed
access (implicit authorization) unless specifically
deauthorized by the system. The latter model is
undesirable for the design of secure systems, unless
absolutely necessary because of the nature of the
application (a public library, etc.)
IEEE 802.11
This is a wireless LAN standard.
which is increasingly being adopted by
many wireless devices to establish
communications at the physical and data
link layers of the OSI model.
In 2000 vendors sold around a million
802.11 network interface cards, and sales
are expected to go up to 3.9 million in 2004
Bluetooth
This is a wireless communications protocol,
which was originally started by Ericsson.
quickly became adopted by a consortium of
companies in the computer industry.
The consortium grew from a few companies
to thousands including all of the major
companies in the industry.
Mobile IP
It is used to enable computers to maintain
Internet connectivity while moving from
one Internet attachment point to another.
It uses the concept of home and foreign
networks and home and foreign agents.
Messages intended for a certain node, which
are sent to its home network, are forwarded
to a care of address to the mobile node at
the foreign network where it is registered
previously when the move was detected.
<wml>
<card id=card1>
<p>
</p>
</card>
</wml>
A microbrowser specification: It
defines how WML and WMLScripts are
determined in the wireless device.
A lightweight protocol stack: Wireless
Session Protocol is equivalent to HTTP in a
compressed format. Designed to minimize
bandwidth use allowing different wireless
networks, with varying bandwidth
capacities, to run WAP applications.
Client
Gateway
Encoded requests
Encoded response
Original Server
Requests
Encoders and
Decoders
Response (content)
CGI
Scripts, etc.
Content
WMLScript
UDP
Wireless Datagram Protocol (WDP)
IP
GSM
D-AMPS
IS-95
3G
Bluetooth
WTLS
Handshake
Protocol
WTLS Change
Cipher Spec
Protocol
WTLS Alert
Protocol
WDP or UDP/IP
WTP
Non-repudiation in WAP:
It requires client side certificates that bind the
users signing key with their name.
The WAP browser, on the WAP device,
provides WMLScript function,
Crypto.signText() [25], which achieves this
purpose using different scenarios depending on
the implementation.
Concluding Remarks
Wireless systems are quickly becoming an
important and increasingly essential part of
our every day activities.
They provide unlimited potential for
convenience, more independence,
portability, availability, instantaneous, and
ubiquitous connectivity wherever we go.
Some experiments show that SSL, which is a welltested and evaluated technology, is able to be
practically and efficiently used in current and the
future wireless and portable devices.
This is particularly the case considering that the
capabilities of the CPUs, memory, and bandwidth
of these devices is significantly improving every
day.
References
1. Sandra Kay Miller, Facing the Challenge of Wireless Security, IEEE Computer. July
2001. Pages: 16-18.
2. S.F. Russell, Wireless Network Security for Users, Information Technology: Coding
and Computing, 2001. Proceedings. International Conference on, 2001. Pages: 172177.
3. William Stallings, Wireless Communications and Networks, Prentice-Hall, 2002.
4. W. Stallings, Network and Internetwork Security Principles and Practice, PrenticeHall, 1995.
5. P. Bahl, S. Venkatachary, Secure Wireless Internet Access in Public Places,
Communications, 2001. ICC 2001. IEEE International Conference on, Volume: 10,
2001. Page(s): 3271-3275.
6. V. Gupta, S. Gupta, Experiments in Wireless Internet Security, Wireless
Communications and Networking Conference, 2002. WCNC2002. 2002 IEEE, Volume:
2, Mar 2002. Page(s): 860 864.
7. A.S. Tosun, Feng Wu-Chi, Lightweight Security Mechanisms for Wireless Video
Transmission. Information Technology: Coding and Computing, 2001. Proceedings.
International Conference on, 2001. Pages: 157-161.
8. M.S.M.A.Notare, A. Boukerche, C. Westphal, Safety and security for 2000
telecommunications, EUROCOMM 2000. Information Systems for Enhanced Public
Safety and Security. IEEE/AFCEA , 2000. Page(s): 359 -363
9. D. Van Thanh, Security issues in mobile ecommerce, Database and Expert Systems
Applications, 2000. Proceedings. 11th International Workshop on, 2000. Page(s): 412 425
10. P. Ashley, H. Hinton, M. Vandenwauver, Wired versus Wireless Security: The
Internet, WAP and imode for E-commerce, Computer Society Applications
Conference, 2001. ACSAC 2001. Proceedings 17th Annual, 2001. Page(s): 296-306.
11. Rolf Oppliger, Internet and Intranet Security, Artech House Inc.,Norwood, MA. 1998.
12. Pekka Niskanen, Inside WAP, Programming Applications with WML and
WMLScripts, Addison-Wesley, 2001.
13. Eric Rescorla, SSL and TLS, Designing and Building Secure Systems. AddisonWesley, 2001.
14 .D. Denning, Information Warfare and Security, Addison-Wesley Publishers, 1999.
15. Eric Maiwald, Network Security: A Beginners Guide, Osborne/McGraw-Hill, 2001.
16. The WAP Forum, http://www.wapforum.org
17. GSM Association, http://www.gsmworld.com
18. Wireless Application Protocol Wireless Transport Layer Security Specification
(WTLS), http://www.wapforum.org/tech/documents/WAP-199-WTLS-20000218-a.pdf.
19. T. Dierks, C. Allen, The TLS Protocol Version 1.0, RFC 2246, 1999.
20. R. Mann, The Wireless Application Protocol, Dr. Dobbs Journal, October 1999.
21. J. Menezes, P.C. van Oorschot, and S.A. Vanston. Handbook of Applied
Cryptography, CRC Press, 1997.
22. Dankse Bank, Denmark, www.danskebank.dk
23. Nokia, KPN Mobile and Interpay Test Mobile Commerce Solution,
http://press.nokia.com/PR/200104/816440_5.html
24. Wireless Application Protocol Identity Module Specification,
http://www1.wapfoum.org/tech/documents/WAP-198-WIM-20000218-a.pdf
25. Wireless Application Protocol WMLScript Crypto Library Specification,
http://www1.wapforum.org/tech/documents/WAP-161-WMLScriptCrypto-19991105a.pdf
26. National Institute of Standards and Technology (NIST), Data Encryption Standard,
FIPS PUB 46-2, U.S. Department of Commerce (December 1993).