Wireless Communications Security Issues,Solutions and Challenges Michel无线通信安全问题解决方案和挑战米歇尔(-56)

1、Wireless Communications Security Issues, Solutions and Challenges Michel Barbeau and Jeyanthi HallOutlineAvailabilityPrivacyIntegrityLegitimate ParticipantsAbsence of misbehavior2Security RequirementsAvailabilityno jamming, adaptability to unforeseen topologiesPrivacynondisclosure of cell phone comm

2、unications and 802.11 framesIntegritydata is not intercepted and tamperedLegitimate participantsno cell phone cloning and 802.11 frame spoofingAbsence of misbehaviorfairness, greedy user detectionAvailabilityJammingInability to deal with unforeseen topologiesJammingShannons model:How to Deal With Ja

3、mming?Increase the bandwidthFrequency Hopping/Direct Sequence Spread Spectrum801.11(b) : 2.4 - 2.4835 Giga Hertz801.11(a): 5.15- 5.35 Giga Hertz; 5.725- 5.825 Giga Hertz Ultra Wide BandBandwidth greater than 25% if center frequencyIncrease the powerGPS III, planned for 2010 Ashley, Next-Generation G

4、PS, Scientific American, September 2003.Inability to Deal With Unforeseen Topologies Images by: J.&G. Naudet (9/11/2001)PrivacyCellular phone eavesdroppingOverview of privacy techniques in 2G and 3G of cellular mobile radiophonesRefs.:V. Niemi and K. Nyberg, UMTS Security, Wiley, 2003.M.Y. Rhee, CDM

5、A Cellular Mobile Communications and Network Security, Prentice Hall PTR,1998.GSM, UMTSChallengesFutureReconfigurable securityChaotic communicationQuantum cryptographyCellular Phone EavesdroppingInexpensive equipment for intercepting analog communications is easy to obtain in Canada. In US, the regu

6、lations authorize the sale of scanners to the general public only is cellular frequencies are blocked. However, there are several workaroundsWeb sites publish modifications to restore reception of cellular frequencies by scanners.Frequency converters can translate cellular frequencies to the frequen

7、cy range supported by a receiver.With receivers using non quadrature mixing, the image frequency technique can be used.Digital communications can also be intercepted with the appropriate equipment!Generations of Cellular Mobile Radiophones*1GAdvanced Mobile Phone System (AMPS): 1980s, Frequency Modu

8、lation (FM), Frequency Division Multiple Access (FDMA), handover between cells, limited roaming between networks2GGlobal System for Mobile communications (GSM): 1990s, digital-coding of voice, Time Division Multiple Access (TDMA), Subscriber Identity Module (SIM), data communications3G3G Partnership

9、 Project (3GPP), Universal Mobile Telecommunications System (UMTS): 1998-, Wideband Code Division Multiple Access (WCDMA), use of GSM network model, global roaming; 2 Mbps data4GAll-IP-based, 100 Mbps data* List of cited technologies is not exhaustive.Security Associations in GSMAuthentication in GS

10、MRAND Random NumberSRES Signed ResponseEncryption/Decryption in GSMStream Cipher WeaknessSecurity Holes in GSM Niemi & Nyberg 03Active attackAttacker masquerades as a legitimate base station/cell phoneEncryption keysPlain text session key inter-network forwardingBrute force attackSome encryption alg

11、orithms are kept secretWere not subjected to a comprehensive analysis/peer reviewSecurity Associations in UMTSMutual Authentication and Key Agreement in UMTSAUTN Authentication TokenRES User ResponseXRES Expected ResponseEncryption/Decryption in UMTSCOUNT-C: Frame number plus Hyper frame number, inc

12、remented when the frame number wraps aroundDirection: up/down-link Integrity in UMTSCOUNT-I: similar to COUNT-C, replay protectionFRESH: start value of COUNT-IChallenge: Co-existence of analog technology and digital technologyThe digital technology has higher potential for being secure than analog t

13、echnology. For example, the Cellular Digital Packet Data (CDPD) uses data encryption and provides privacy.Most of the cellular phones use hybrid technology, both analog and digital. The reason for that is that digital communications require a relatively stronger signal, for intelligibility, than ana

14、log communications, all other things being equal (such as bandwidth of a voice channel). A cell phone will hence operate in digital mode over relatively short distances.In order to enable long range communications, cell phones fall back to the analog mode when the signal gets too weak for digital co

15、mmunications. As a result, digital systems inherit all the security vulnerabilities of analog systems.Co-existence of legacy analog technology and digital technology is a challenge for system security design.Challenge: Introduction of new defense method in existing systemsAttack methods evolveDefens

16、e methods evolveNew defense methods are difficult to introduce in existing systemsReconfigurable securityReferenceAl-Muhtadi at al., A lightweight reconfigurable security mechanism for 3G/4G mobile devices, IEEE Wireless Communications, April 2002.DefinitionSecurity mechanisms are reconfigured dynam

17、ically according to capabilities, processing power, and needsLoading/configuration/unloading of software components that implement security servicesChaotic Communication (1)Chaotic Communication (2)BackgroundAbel and Schwarz, Chaos CommunicationsPrinciples, Schemes, and System Analysis, Proceedings

18、of the IEEE, 2002.Itoh, Spread Spectrum Communication via Chaos, World Scientific Publishing Company, International Journal of Bifurcation and Chaos, 1999.Theoretical AttacksGuojie, Zhengjin, and Ruiling, Chosen Ciphertext Attack on Chaos Communication Based on Chaotic Synchronization, IEEE Transact

19、ions on Circuits and Systems, 2003.Ogorzatek and Dedieu, Some Tools for Attacking Secure Communication Systems Employing Chaotic Carriers, IEEE, 1998.Theoretically Broken Chaotic Communication (contd)Chaotic maskingLow amplitude modulating signal, high amplitude chaotic carrierChaotic switchingTwo w

20、aveforms representing binary values zero and oneHas a differential versionChaotic modulationChaotic carrier influenced by a non invertible function, according to the informationQuantum CryptographyWiesner, “Quantum Money”, 1960 (unpublished)Polarity of photons (angle of vibration) can be verified, b

21、ut not measuredBennett, Brassard, and Ekert, Quantum Cryptography, Scientific American, October 1992.Hughes et al., Quantum cryptography for secure satellite communications, Aerospace Conference Proceedings, 2000.0.5 km free-space linkKurtsiefer et al., Long Distance Free Space Quantum Cryptography,

22、 SPIE, 2002.23.4 km free-space link (try to achieve 1000 km)First Quantum Cryptography Network Unveiled, news service, June 2004.Quantum Net: six servers, 10 km links, software-controlled optical switchesLegitimate DevicesPROBLEM AUTHENTICATION OF USERS IS INSUFFICIENT DUE TO MALLEABILITY OF USER ID

23、ENTITYNeed for Device AuthenticationOutlineProblem: User Authentication is incapable of detecting identity theft Malleability of user identityResultUnauthorized access to network resourcesWithin cellular domain (cloning fraud) and wireless network domain (Media Access Control MAC address spoofing)Wi

24、reless Network (e.g. 802.11)MAC address spoofing (over the air)MAC Address*List of Authorized MAC Addresses (Access Control)Wired NetworkMAC Address123* MAC address is sent in the clear even with WEP Arbaugh et al., 2002IntruderSniff MAC Addressand use itLegitimateUserWireless Network (e.g. 802.11)W

25、ith 802.11i standard uses 802.1x Extensible Authentication Protocol: Mishra and Arbough, 2002Absence of authentication of access point by deviceMan-in-Middle attack using (*) Session Hijacking using (*) * MAC address of access point and supplicantCellular Network - Identification of 1G Cell PhoneEve

26、ry cellular phone is assigned, by the service provider, a phone number (Mobile station Identification Number (MIN):10 digits: area code (3), switching station (3), and individual number (4)by the manufacturer, an Electronic Serial Number (ESN)Identification of 2G or 3G Cell Phones Koien, 2004Interna

27、tional Mobile Station Equipment Identity (IMEI)- Check against the Equipment Identity RegisterTypes of Cellular Phone FraudCellular theftStolen phone is used by thief until theft is reported to the service provider who blocks the number and adds IMEI to the EIR Countermeasures: PINs and biometrics S

28、chiller, 2000Subscription fraudA subscription with a cellular phone provider is obtained using false or stolen pieces of identificationTumbling fraudCellular phone service providers grant automatic access for the first call to every visitor subscriberCellular Network Cloning fraudGeneration/Informat

29、ionOver the AirDirect Extraction1G (Analog) ESN and MINUsing readily available tools 1 Transfer MIN from ROM and ESN - back of phone2G (GSM) IMSI, Ki Using differential cryptanalysis and rogue base station 2Extract secret key Ki from SIM 2,3 3G (GSM) - IMSI, Ki Possible but no specific attack has be

30、en documented.Possible but no specific attack has been documented.1 J. Hynninen, 20002 I. Goldberg and M. Briceno, 2002With a smartcard reader, derive the secret key by challenging the SIM-card (approx. 150,000 queries; eight to 11 hours)3 , 2002Ask seven questions and analyze electromagnetic field

31、changes and power fluctuations for each responseUser Authentication in GSMRAND Random NumberSRES Signed ResponseSIM Subscriber Identity Module(IMSI, AuthKey Ki, CipherKey Kc, Algorithms, PIN)SIMReferencesWireless NetworkArbaugh et al. Your 802.11 Wireless Network has no clothes, IEEE Wireless Commun

32、ications. Dec. 2002.Mishra and Arbough. An Initial Security Analysis of the IEEE 802.1X Standard. 2002.Cellular NetworkG. Koien et al. An Introduction to Access Security in UMTS, IEEE Wireless Communications. Feb. 2004.I. Goldberg and M. Briceno. GSM Cloning. 2002 Web.J. Hynninen. Experiences in Mob

33、ile Phone fraud. Helsinki University of Technology Web. IBM: Cell phones easy targets for hackers. CNET News. 2002.OthersJ. Schiller. Mobile Communications. Addison-Wesley. 2000.Radio Frequency FingerprintingMechanism for addressing the malleability of user identityRadio Frequency Fingerprinting (RF

34、F)BackgroundTechnique used by research teams including H. Choe et al., 1995, Ureten 1999 for the purpose of identifying RF transceiversPremise: a transceiver can be uniquely identified based on the characteristics of the transient section of the signal it generatesPrimary benefit: Non-malleability o

35、f device identitybased on hardware characteristics of the transceiverKey Objective:Create a profile of the users device (transceiver) using RFFMake use of both user and device profiles for authentication purposesWireless Network device profile and MAC addressCellular Network device profile and IMSIR

36、FFKey PhasesCreate profile for each transceiver Phase 1: Collection of SignalsPhase 2: Extraction of TransientPhase 3: Extraction of Features (transceiverprint - TP)Phase 4: Definition of Transceiver ProfileClassify/Compare an observed TP with transceiver profilesPhase 1-3: Repeated for each observe

37、d TP Phase 5: Identification of transceiver Improve Classification Success Rate (CSR) Proposed Extension to RFF processPhase 6: Enhancement of CSR (work in progress) RFF: Phase 1 - Collect SignalsCMMMRRLAPDm TDMA FrameRadio - BurstCM Call ManagementMM Mobility ManagementRR Radio Resource ManagementL

38、APD Link Access Procedure for D-Channel in ISDN systemLayer 1MAC - FramePHY FHSS/DSSS Frame GSM Protocol Stack 802.11 Protocol Stack Schiller, 2000 Analog Signal transmitted by physical layer = 1 frameAuthentication Response = more than 1 frame/signalLLC Logical Link ControlFHSS Frequency Hopping Sp

39、read SpectrumDSSS Direct Sequence SpreadSpectrumTCPIPLLCRFF: Phase 1 - Collect SignalsCapture analog signals from each transceiver and convert it to a digital format using an ADCView/Analyze digital signal in the time, frequency, phase domainRFF: Phase 2 Extraction of TransientExtract transient sect

40、ion of digital signalStep 1: PreprocessingSegmenting the signal and applying first-order statistics (data reduction exercise)Results in a smaller vector data/fractal trajectoryStep 2: Detection of the start of the transient using data trajectory Using the variance in the amplitude characteristics of

41、 the signalThreshold Detection Bayesian Step Change DetectionUsing the variance in the phase characteristics of the signalThreshold Detection using Phase CharacteristicsRFF: Phase 2 Extraction of TransientThreshold Detection Shaw and Kinsner, 1997RFF: Phase 2 Extraction of TransientBayesian Step Cha

42、nge Detection Ureten, 1999RFF: Phase 2 Extraction of TransientThreshold Detection using Phase Characteristics Hall, Barbeau, Kranakis (IASTED, 2003)demoRFF: Phase 3 Extraction of ComponentsExtract components/characteristics from the transientInstantaneous amplitude Proakis and Manolakis, 1996Instant

43、aneous phaseInstantaneous frequency components Polikar, 1999using Discrete Wavelet Transform (Daubechies filter)Wavelet functionScaling function RFF: Phase 3 Extraction of ComponentsRFF: Phase 3 Extraction of FeaturesExtract features from components (vector of 1000 samples)Average, Standard Deviatio

44、n, Energy, VarianceRepresentation of features (dependent on classification tool)Challenge/Goal: Select features (transceiverprint) that accentuate the distinguishing characteristics of transceivers, especially those from the same manufacturerClassification ToolComponentFeaturePattern Recognition Neu

45、ral NetworkInstantaneous amplitude (1000 data samples)Variance in amplitude (100 data points) window=10Statistical ClassifierInstantaneous amplitude (1000 data samples)Variance in amplitude (1 variable)RFF: Phase 4 Definition of ProfileCreate profile for each transceiverObtain TPs from each signal i

46、n the collected data set (Phases 2-3) Select a subset of TPs and store them in a profile (remaining TPs used for testing/classification)Using Self-Organizing Maps Fausett, 1994Take TPs from the data set as inputCreate group(s) / cluster(s) of transceiverprints based on their distance (Euclidean dist

47、ance) from a given centroidSelect a representative sample of TPs from the various clusters to create a profileOther approaches includeRandom selection of TPs from the data setUse of probabilistic neural network Hunter, 2000RFF: Phase 5 Identification of transceiverClassification TechniquesPattern ma

48、tching e.g. Neural Networks (Artificial NN, Probabilistic NN, etc.) Fausett, 1994 Based on Bayes Probabilistic ModelGenetic Algorithms Toonstra and Kinsner, 1995Achieve an optimized solution through multiple iterationsStatistical classifiers Brickle, 2003Determine probability of a match between an o

49、bserved transceiverprint (TP) and each of the transceiver profiles TP to be classified centroid center of cluster covariance matrix of TPs in profileModified Kalman FilterVRFF: Phase 6 Enhancement of CSRWeakness in current classification techniquesattempt to identify transceiver using a single obser

50、vation (TP)unable to accommodate moderate level of variation (interference and noise) in the TPs being classifiedAddress weakness using the Bayes Filter Fox et al., 2003Identify transceiver with highest probability after several rounds (using consecutive TPs) of classificationxt = Transceiver at tim

51、e tBel(xt) = Probability of Transceiver x at time tp(xt | ot) = Probability of TP belonging to transceiver x at time tBel(xt-1) = Probability of transceiver x at t-1Bel(xt) = p(xt|ot)Bel(xt-1)RFF: Phase 6 Enhancement of CSRConclusionsUse of RFF can prove beneficial in addressing malleability of iden

52、tity (MAC address spoofing, cloning fraud)Level of confidence can be increased by using the Bayes Filter before rendering a final decision (legitimate user/intruder)The issue of scalability can be addressedApplication of Bayes filter to the target transceiver profile only for transceiver recognition/confirmationBased on the final probability, Bayes filter can then be applied to identify other potential transceiversFuture Research InitiativesEnhancing the composition of TPs improve classification rateUsing RFF with Bluetooth and cellular phonesAssessing