Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Sponsoring Organizations
• AGILE
• SAFECOM
• NIST/OLES
The Problem
Image © CNN
The Obstacles
Agenda
• The Context– Public Safety Communications Network– Public Safety Security Requirements
• The Issues– Security Protocols– Known Attacks
• A Simple Experiment
Public Safety Communications Network
JAN
EANPAN
JAN
IAN• Personal Area Network (PAN)• Incident Area Network (IAN)• Jurisdiction Area Network (JAN)• Extended Area Network (EAN)
The System of Systems involves interaction between the:
Different communications systems seamlessly integrate to form the
various networks
Public Safety Communications Network
JAN
EAN
JAN
IAN
An emphasis on the individual public safety practitioner
• Practitioners seamlessly move between Jurisdictional Area Networks
• Practitioners join and leave networks as needed
• Allows for the creation and Growth of Temporary Networks
• System can recognize, register, authorize, and grant interoperable communications with the new resources
System Capabilities
Public Safety Communications Network
Local jurisdiction,
single discipline Local
jurisdiction,multiple
disciplines
One region, multiple disciplines
Multiple regions and
multiple disciplines
Magnitude of Event
Complexity of Administration
Public Safety Security Requirements
• Access Control– Authentication– Authorization
• Integrity– Tamper resistance
• Monitoring– Non-repudiation– System wide monitoring
• Privacy– Confidentiality– Low probability of detection
• Attack Detection and Prevention– Passive and active defense deployment– Geo-location of attacker
Pertinent Security Protocols• WEP
– Authentication• Not implemented by most manufacturers• Is totally insecure and allows KPA
– Access control• Based on the MAC, and is easily spoofed
– Replay prevention• Non-existent
– Modification• The CRC used is linear which allows for “bit flipping” (Borisov et al.) even
though encrypted– Privacy
• IV reuse birthday paradox; possible to store frames for reuse attack• RC4 weak keys a few bits in the key determine a disproportionately large
# of bits in the key stream• Direct key attacks Wait for weak keys and directly attack the key
Pertinent Security Protocols• 802.11i
– WPA• Cannot be used in ad hoc mode• Is a subset of RSN that provides
– Replay prevention– Privacy (TKIP) new protocol (dangerous)– Modification (MIC) new protocol (dangerous)
– RSN• Can be used in ad hoc mode• Supports AES (FIPS compliant)
– Both WPA and RSN use 802.1x and EAP– Doesn’t prevent layer 2 DoS attacks
Pertinent Security Protocols
• 802.1x– Port based access control– 802.1AA
• EAP (EAPOL for 802.11)– An extensible protocol for authentication
• i.e. TLS over EAP (default mandatory mode)– Defines the messages used for authentication
The RSN Standards(courtesy of Edney and Arbaugh)
TCP/IP
802.11
802.3
802.1x EAPOL
EAP RFC 2284
TLS over EAP RFC 2716
TLS RFC 2246
EAP over RADIUS RFC 2869
RADIUS RFC 2865
Known Attacks
• Eavesdropping– Traffic Analysis (w & w/o 802.11i)
• Protocol used• Number of users• Shared key or not• Amount of data
– Passive Eavesdropping (w/o 802.11i)
Known Attacks
• Masquerading– Man in the Middle (w & w/o 802.11i)– ARP cache poisoning (w/o 802.11i)– Replay attack (w/o 802.11i)– Session hijacking (w & w/o 802.11i)
Known Attacks
• Modification– Store and forward– On the fly– Active Eavesdropping (w/o 802.11i)
Known Attacks
• Denial of Service– Routing (w/o 802.11i)– Identity (w & w/o 802.11i)– MAC (w & w/o 802.11i)
Known Attacks
• Distributed Denial of Service
A Simple ExperimentPeriod BSSID Name WEP Last IV Channel Packets Encrypted Weak IV Password
2 d 00:0D:88:B6:D1:CA default Y 38:0E:01 6 112839 7323 30 unknown
2 d 00:09:5B:3E:EC:3B Office Y FA:37:37 6 152955 25505 14 unknown
14 d 00:0D:88:B6:D1:CA default Y 7B:86:07 6 426775 22443 109 unknown
14 d 00:09:5B:3E:EC:3B Office Y 0F:FF:00 6 2823081 501334 261 unknown
Period of test Name Ratio of encrypted to unencrypted packets
Ratio of encrypted to weak IV packets
2 days default 1:15 1:244
2 days Home Office 1:6 1:1821
14 days default 1:19 1:206
14 days Home Office 1:6 1:1921
A Simple ExperimentPeriod of test Name Range of days to crack the key
2 days default 80 – 267 days
2 days Home Office 171 – 571 days
14 days default 154 – 514 days
14 days Home Office 64 – 215 days
Conclusion
• Public Safety is slow to adopt new technology– Must work to mitigate current security
problems• WPA is better than WEP• RSN will be better than WPA• Denial of service remains a major threat
Questions?
Related Documents
