NETWORK SECURITY
WIRELESS SECURITY ISSUES
MAI Xuân Phú

1
CONTENT
2

Attacks on Wireless Networks

Wired Equivalent Privacy (WEP) Protocol
o
Mechanism
o
Weaknesses in the WEP Scheme

Wi-Fi Protected Access (WPA)

IEEE 802.11i/WPA2

Virtual Private Network (VPN)
o
Point-to-Point Tunneling Protocol (PPTP)
o
Layer-2 Transport Protocol (L2TP)

Internet Protocol Security (IPSec)
Thanks

Some contents of this course are referenced and copied
from:

o
J. Wang, Computer Network Security Theory and Practice.
Springer 2008
o
Pascal Meunier, Network Security, Section 7, May 2004, updated
July 30, 2004
o
K. Kothapalli & B. Bezawada, Security Issues and Challenges in
Wireless Networks
o
Randy H. Katz, Wireless Communications and Mobile
Computing, Berkeley
o
Jim Kurose & Keith Ross, “Computer Networking: A Top-Down
Approach”, 3th edition, 2004
3
Contents
4

Attacks on Wireless Networks

Wired Equivalent Privacy (WEP) Protocol
o
Mechanism
o
Weaknesses in the WEP Scheme

Wi-Fi Protected Access (WPA)

IEEE 802.11i/WPA2


Virtual Private Network (VPN)
o
Point-to-Point Tunneling Protocol (PPTP)
o
Layer-2 Transport Protocol (L2TP)

Internet Protocol Security (IPSec)
Internet security threats
Mapping:
o
before attacking: “case the joint” – find out what
services are implemented on network
o
Use ping to determine what hosts have addresses
on network
o
Port-scanning: try to establish TCP connection to
each port in sequence (see what happens)
o
nmap ( mapper:
“network exploration and security auditing”
Countermeasures?
5
Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet,
3rd edition, Chapter 8: Network Security
Internet security threats
Mapping: countermeasures
o
record traffic entering network

o
look for suspicious activity (IP addresses, pots
being scanned sequentially)
6
Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet,
3rd edition, Chapter 8: Network Security
Internet security threats
Packet sniffing:
o
broadcast media
o
promiscuous NIC reads all packets passing by
o
can read all unencrypted data (e.g. passwords)
o
e.g.: C sniffs B’s packets
A
B
C
src:B dest:A payload
Countermeasures?
7
Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet,
3rd edition, Chapter 8: Network Security
Internet security threats
Packet sniffing: countermeasures
o
all hosts in organization run software that checks periodically if host interface
in promiscuous mode.
o

one host per segment of broadcast media (switched Ethernet at hub)
A
B
C
src:B dest:A payload
8
Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet,
3rd edition, Chapter 8: Network Security
Internet security threats
IP Spoofing:
o
can generate “raw” IP packets directly from application, putting any value into IP source
address field
o
receiver can’t tell if source is spoofed
o
e.g.: C pretends to be B
A
B
C
src:B dest:A payload
Countermeasures?
9
Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet,
3rd edition, Chapter 8: Network Security
Internet security threats
IP Spoofing: ingress filtering
o
routers should not forward outgoing packets with invalid source
addresses (e.g., datagram source address not in router’s network)

o
great, but ingress filtering can not be mandated for all networks
A
B
C
src:B dest:A payload
10
Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet,
3rd edition, Chapter 8: Network Security
Internet security threats
Denial of service (DOS):
o
flood of maliciously generated packets “swamp” receiver
o
Distributed DOS (DDOS): multiple coordinated sources swamp receiver
o
e.g., C and remote host SYN-attack A
A
B
C
SYN
SYNSYNSYN
SYN
SYN
SYN
Countermeasures?
11
Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet,
3rd edition, Chapter 8: Network Security
Internet security threats

Denial of service (DOS): countermeasures
o
filter out flooded packets (e.g., SYN) before reaching host: throw out
good with bad
o
traceback to source of floods (most likely an innocent, compromised
machine)
A
B
C
SYN
SYNSYNSYN
SYN
SYN
SYN
12
Source: Jim Kurose & Keith Ross, Computer Networking: A Top Down Approach Featuring the Internet,
3rd edition, Chapter 8: Network Security
Wireless Network Security

Wireless stations, or nodes, communicate over a
wireless medium

Security threats are imminent due to the open nature of
communication
o
Two main issues: authentication and privacy
o
Other serious issues: denial-of-service…


A categorization is required to understand the
issues in each situation
13
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks
Wireless Threats

Medium is open to most attackers in the neighborhood of a
wireless node
o
Near-impossibility of establishing a clear physical security boundary
•
Higher gain antennas can be used to overcome distance or a weak signal

Remote attackers can aim at:
o
The physical layer
o
The link layer
•
Media Access Control (MAC)
•
Logical link
o
The network layer
14
Source: Pascal Meunier, Network Security, Section 7
Threats

DoS attacks
o

Jamming
o
Fake collisions
o
Amplification

Integrity attacks
o
Packets captured, modified and re-injected

Confidentiality attacks
o
Capture passwords, authentication tokens, etc

Authentication and Accountability attacks
o
Anonymity for attacker
o
Reassign accountability to network or account owners
15
Source: Pascal Meunier, Network Security, Section 7
Threats in Present Solutions
MAC Layer

Denial of Service
o
Can hog the medium by sending noise continuously.
o
Can be done without draining the power of the adversary.
o

Depends on physical carrier sensing threshold.
16
z
A
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks
Threats in Present Solutions
MAC Layer

802.11 standard uses Access Control Lists for
admission control.

If MAC address not in the list, then the node is denied
access.
o
But easy to spoof MAC addresses.
00:1A:A0:FD:FF:2E
00:0C:76:7F:DF:49
00:13:D3:07:2F:A8
00:2F:B8:77:EA:B5
17
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks
Threats in Present Solutions
Network Layer

Ad hoc networks
o
Network layer
•
Denial-of-service attacks
•

Broadcast nature of communication
•
Packet dropping
•
Route discovery failure in ad hoc network
•
Packet rerouting
18
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks
Threats in Present Solutions
Network Layer

Denial-of-service
o
Easy to mount in wireless network protocols.
o
One strategically adversary can generally disable a
dense part of the network.
z
A
Nodes Disrupting Routes
Source
Source
Destination
19
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks

Can simply engage in conversation and drain battery
power of other nodes – power exhaustion attack
o

Send lot of RREQ messages but never use the routes.
z
A
RREQ(a)
RREQ(b)
RREQ(c)
….
Threats in Present Solutions
Network Layer
20
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks
Threats in Present Solutions
Network Layer

Broadcast nature of communication
o
Each message can be received by all nodes in the
transmission range
o
Packet sniffing is a lot easier than in wired networks.
o
Poses a data privacy issue
s
t
A
21
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks
Threats in Present Solutions
Network Layer


Route discovery in ad hoc networks
o
AODV discovers route by RREQ/RREP.
o
Few adversarial nodes can fail route discovery.
o
Difficult to detect route discovery failures.
o
Also vulnerable to RREP replays.
RREQ
RREQ
22
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks
Threats in Present Solutions
Network Layer

Packet dropping
o
Wired networks can monitor packet drops reasonably
o
Such mechanisms are resource intensive for wireless
networks
o
AODV has timeouts but no theoretical solutions
•
Difficult to distinguish packet drops, say RREQs, from non-
existence of route itself
o
Nodes some times behave selfishly to preserve
resources

23
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks
Threats in Present Solutions
Network Layer

Packet rerouting – also known as data plane
attacks.

Attacker reveals paths but does not forward data
along these paths.

Control plane measures do not suffice.
s
t
24
Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks

Easy to infect mobile devices.

Rerouting content through the base station
poses privacy issues.
o
Bluetooth networks and ad hoc networks do not have
a base station facility.

Contrast with wired networks with firewalls,
filters, sandboxes.
Threats in Present Solutions
Application Layer
25

Source: K. Kothapalli & B. Bezawada, Security Issues and Challenges in Wireless Networks