NETWORK SECURITY WIRELESS SECURITY ISSUES MAI Xuân Phú xuanphu150@gmail.com 1 CONTENT 2  Attacks on Wireless Networks  Wired Equivalent Privacy (WEP) Protocol o Mechanism o Weaknesses in the WEP Scheme  Wi-Fi Protected Access (WPA)  IEEE 802.11i/WPA2  Virtual Private Network (VPN) o Point-to-Point Tunneling Protocol (PPTP) o Layer-2 Transport Protocol (L2TP)  Internet Protocol Security (IPSec) Thanks  Some contents of this course are referenced and copied from: o J. Wang, Computer Network Security Theory and Practice. Springer 2008 o Pascal Meunier, Network Security, Section 7, May 2004, updated July 30, 2004 o K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks o Randy H. Katz, Wireless Communications and Mobile Computing, Berkeley o Jim Kurose & Keith Ross, “Computer Networking: A Top-Down Approach”, 3th edition, 2004 3 Contents 4  Attacks on Wireless Networks  Wired Equivalent Privacy (WEP) Protocol o Mechanism o Weaknesses in the WEP Scheme  Wi-Fi Protected Access (WPA)  IEEE 802.11i/WPA2  Virtual Private Network (VPN) o Point-to-Point Tunneling Protocol (PPTP) o Layer-2 Transport Protocol (L2TP)  Internet Protocol Security (IPSec) Internet security threats Mapping: o before attacking: “case the joint” – find out what services are implemented on network o Use ping to determine what hosts have addresses on network o Port-scanning: try to establish TCP connection to each port in sequence (see what happens) o nmap (http://www.insecure.org/nmap/) mapper: “network exploration and security auditing” Countermeasures? 5 Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition, Chapter 8: Network Security Internet security threats Mapping: countermeasures o record traffic entering network o look for suspicious activity (IP addresses, pots being scanned sequentially) 6 Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition, Chapter 8: Network Security Internet security threats Packet sniffing: o broadcast media o promiscuous NIC reads all packets passing by o can read all unencrypted data (e.g. passwords) o e.g.: C sniffs B’s packets A B C src:B dest:A payload Countermeasures? 7 Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition, Chapter 8: Network Security Internet security threats Packet sniffing: countermeasures o all hosts in organization run software that checks periodically if host interface in promiscuous mode. o one host per segment of broadcast media (switched Ethernet at hub) A B C src:B dest:A payload 8 Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition, Chapter 8: Network Security Internet security threats IP Spoofing: o can generate “raw” IP packets directly from application, putting any value into IP source address field o receiver can’t tell if source is spoofed o e.g.: C pretends to be B A B C src:B dest:A payload Countermeasures? 9 Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition, Chapter 8: Network Security Internet security threats IP Spoofing: ingress filtering o routers should not forward outgoing packets with invalid source addresses (e.g., datagram source address not in router’s network) o great, but ingress filtering can not be mandated for all networks A B C src:B dest:A payload 10 Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition, Chapter 8: Network Security [...]... Network Security  Wireless stations, or nodes, communicate over a wireless medium  Security threats are imminent due to the open nature of communication o Two main issues: authentication and privacy o Other serious issues: denial-of-service…  A categorization is required to understand the issues in each situation Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Wireless. .. Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Threats in Present Solutions Network Layer  Ad hoc networks o Network layer • Denial-of-service attacks • Broadcast nature of communication • Packet dropping • Route discovery failure in ad hoc network • Packet rerouting Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Threats in... Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Threats in Present Solutions Network Layer s t A  Broadcast nature of communication o Each message can be received by all nodes in the transmission range o Packet sniffing is a lot easier than in wired networks o Poses a data privacy issue Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Threats... Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Threats in Present Solutions Network Layer s t  Packet rerouting – also known as data plane attacks  Attacker reveals paths but does not forward data along these paths  Control plane measures do not suffice Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Threats in Present... filters, sandboxes Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Wireless Network Attack Types  Access control attacks  Confidentiality attacks  Integrity attacks  Authentication attacks  Availability attacks Access control attacks Type of Attack Description Methods and Tools War Driving Discovering wireless LANs by listening to beacons or sending probe... Solutions Network Layer Source Source A z Destination Nodes Disrupting Routes  Denial-of-service o Easy to mount in wireless network protocols o One strategically adversary can generally disable a dense part of the network Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Threats in Present Solutions Network Layer RREQ(a) RREQ(b) RREQ(c) … A z  Can simply engage in... most attackers in the neighborhood of a wireless node o Near-impossibility of establishing a clear physical security boundary • Higher gain antennas can be used to overcome distance or a weak signal  Remote attackers can aim at: o The physical layer o The link layer • Media Access Control (MAC) • Logical link o The network layer Source: Pascal Meunier, Network Security, Section 7 Threats  DoS attacks... detect route discovery failures o Also vulnerable to RREP replays Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Threats in Present Solutions Network Layer  Packet dropping o Wired networks can monitor packet drops reasonably o Such mechanisms are resource intensive for wireless networks o AODV has timeouts but no theoretical solutions • Difficult to distinguish packet... account owners Source: Pascal Meunier, Network Security, Section 7 Threats in Present Solutions MAC Layer A z  Denial of Service o Can hog the medium by sending noise continuously o Can be done without draining the power of the adversary o Depends on physical carrier sensing threshold Source: K Kothapalli & B Bezawada, Security Issues and Challenges in Wireless Networks Threats in Present Solutions... Internet security threats Denial of service (DOS): countermeasures o filter out flooded packets (e.g., SYN) before reaching host: throw out good with bad o traceback to source of floods (most likely an innocent, compromised machine) C A SYN SYN SYN SYN SYN B SYN SYN Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition, Chapter 8: Network Security Wireless . edition, Chapter 8: Network Security Wireless Network Security  Wireless stations, or nodes, communicate over a wireless medium  Security threats are imminent. NETWORK SECURITY WIRELESS SECURITY ISSUES MAI Xuân Phú xuanphu150@gmail.com 1 CONTENT 2  Attacks on Wireless Networks  Wired Equivalent