Security Aspects of the Wireless Systems

Get Complete Project Material File(s) Now! »

Personal Digital Assistants (PDA)

Basically PDAs are data organizers that are small enough to fit into a shirt pocket or a purse. Personal Digital Assistants has applications like office productivity, address books and to do lists. PDAs make it possible for users that they can synchronize their data between their personal computer and PDAs or between two PDAs at the same time.
Today most of the PDAs can has their access to Internet, intranet or to the wireless wide area). New versions allow users to download their e-mail and to connect to the Internet.

Smart Phones

Mobile phones which have information-processing and data networking capabilities are called smart phones. Basically a Smartphone is any electronic handheld device that integrates the functionality of a cell phone, PDA or other information appliance.
Smartphone features tend to include Internet access, e-mail access, scheduling software ,built in-camera, contact management, GPS navigation software have the ability to read business documents in a variety of formats such as PDF and Microsoft office as well. Mobile wireless telephones, or cell phones, are telephones that have shortwave analogy or have digital transmission capabilities that allow users to establish wireless connections to nearby transmitters available. As in case of WLANs, the transmitter’s span of coverage is called a “cell.” As the cell phone user moves from one cell to the next, the telephone connection is effectively passed from one local cell transmitter to the next transmitter available.
Now a day’s cell phone is rapidly evolving to integration with PDAs, thus providing users with increased wireless e-mail and Internet access.

WIRELESS WIDE AREA NETWORKS (WWANs)

As compared to wireless LANs, Wireless WANs cover a very much more extensive area. In shortly WWANs allow users to maintain access to work-related applications and information while away from their office. As in wireless WANs, communication occurs through the use of radio signals over analog, digital cellular, or PCS networks, although signal transmission through microwaves and other electromagnetic waves is also possible.

CELLULAR GENERATIONS

Cellular systems were based on typical or conventional cellular architecture and used direct analogue modulation for the transmission. Its different systems were working in different countries with a transmission rate of around 2.4 kbps. They had some drawbacks which were sorted out or tried to be solved in their future generations. Their voice quality was very poor and also they used unsecured unencrypted communication, which resulted in the spoofing of identities. At the same time they also had a low traffic density of a cell per radio channel and their communication mode was based on circuit switching standards.
Second generation cellular systems were developed late eighties. These designed systems were mainly used to transport voice data or traffic on the digital link, at this time. They were the first digitized systems including digital signal processing and they provided circuit, which switched data communications at a low speed. The initial success in these systems led to a competitive rush to design digital systems, but this resulted in the implementation of a variety of incompatible standards all over the world such as GSM (Global System for Mobile) mainly in Europe. TDMA (Time Division Multiple Access, IS-54 / IS-136) in the US and Personal Digital Cellular (PDC) in Japan and another system in the US named CDMA (Code Division Multiple Access, IS-195).
All these systems are operational in different parts of the world but the data rate they provide to their users was limited. There were some interim steps, before directly jumping to third generation systems that were taken between 2G and 3G, the 2.5G systems. Actually this enhancement is done to provide increased capacity and higher throughput for data service up to 384kbps. The most the importance of this generation is the optimization of channels for packet switched data to provide access to internet, whether its through mobile phone, PDA or laptop.
But still the data rates of 2.5G are not enough. So in the 1990’s organizations have started working towards the launch of 3G systems, which could eliminate the drawbacks associated with previous generations and will emerge as a truly global system. These systems provide high voice quality and broadband qualities up to 2Mbps.
Although, the 3G provides high data rates but at the same time the user’s needs are arising for higher access speed multimedia communication in today’s environment. And another feature of seamless integration of different standards all over the world and mobility support reinforces the fact that this is the right time to start work towards implementing beyond 3G systems. Because according to historical indication, generation revolution occurs once in a decade.

Wired Equivalent Privacy WEP Protocol

As the name indicates that the goal of WEP is to provide the level of privacy on the wireless system that is equivalent to that of the wired LAN. It is a scheme to protect the IEEE 802.11wireless networks. Actually this protocol was designed to provide confidentiality for network traffic using wireless protocols. Basically WEP depends on a secret key which is shared between a mobile station and an access point as well.
The packets are encrypted by using the secret key before transmission, and an integrity check is used to ensure that packets are not modified on the way during transmission. However in reality most of the installations use a single key which is shared in between all mobile stations and access points.
More sophisticated key management techniques can be used to help defend from the attacks. But there are several serious weaknesses which were identified by cryptanalysts, with the help of readily available software a WEP connection can be cracked within a few minutes. In 2003 WEP was superseded by WI-FI protected access.
In WEP RC4 encryption algorithm is used, which is known as a stream cipher. The sender XORs the key stream with the plaintext to produce cipher text. The receiver generates an identical key as he has copy of the same key. XORing the key stream with the cipher text extracts the original plaintext.
For the 802.11 standard, the open system authentication is the default form. This scheme authenticates every user that requests authentication. It depends on the default set of keys that are shared between the wireless access points and the wireless devices. The users without the correct key, requesting for connection, will be rejected and only the users with the correct key will be connected. Before transmitting the data is encrypted and also the integrity check is done to make sure that the packets are not tampered on the way during transmitting.
The IEEE 802.11 standard specifies two methods in order to use the WEP. The first method provides the window of four keys only. In this, a station or an access point can decrypt packets enciphered with any of the four keys. The transmission is limited to any one of the four manually entered keys known as the default key. The second method is the key mapping table where each unique MAC address can have separate keys which are useful in a way that the cryptographic attacks on other keys are eased, but the disadvantage is that all of the keys have to be configured manually on each device.

Passive Attack for the Decryption of Traffic

A hacker can intercept whole traffic. When an IV collision occurs, by XORing two packets that use the same IV, the attacker obtains the XOR of the two plaintext messages. The resulting XOR can be used to gather data about the contents of the two messages. As IP traffic has a lot of redundancy predicable. This redundancy can be used to eliminate many possibilities for the contents of messages. If these statistical analysis are on only two messages then attacker even can look for more collisions of the same IV .Hence it becomes possible to recover a modest number of messages which are encrypted with the same key stream, so the success rate of these statistical analysis grows rapidly .If only once it becomes possible to recover entire plaintext for one of these messages, then the plaintext for all other messages follows directly.

READ  Post-partum reproduction in suckling beef cows

Active Attack for the Injection of Traffic

We suppose that for one of the encrypted message, a attacker knows the exact plaintext. Then he will be able to construct the correct encrypted packets, and then he can generate a new message and by calculating the CRC-32 and by performing the bit flips on the genuine encrypted message in order to change the plaintext to the one message. This packet then can be sent to the mobile station or to the access point, and it will be accepted as a valid packet.
A slight little alteration to this attack makes it much more menacing. Even one has not the complete knowledge of the packet, it is possible to flip selected bits in a message and can then successfully adjust the encrypted CRC), to obtain a correct encrypted version of a modified packet. If an attacker has a partial knowledge about the contents of a packet, then he can intercept this packet and he can perform selective modifications on it.

Active Attack from the Both Ends

For the decryption of traffic signals ,the attacker makes presumption regarding the headers of a packet but not about its This information about the header is usually quite easy in particular to obtain or , all that is necessary to guess is the destination IP address .When the attacker Equipped with this knowledge ,he can flip suitable bits to transform the destination IP address and send the packet to a machine he controls, somewhere in the Internet, and transmit this using a mobile station. Now most wireless installations have Internet connectivity, the packet will be successfully decrypted by the access points and forwarded unencrypted through appropriate gateways and routers to the attacker’s machine, that revealing the plaintext .An attacker if has made exact guess about the TCP headers of the packet, then it may become possible to change the destination port on the packet to be port 80 and which allow it to be forwarded through most of the firewalls.

Attacks based on Table

Basically an attacker can build a decryption table as there is only a small gap of possible initialization vectors which allows an attacker to build it conveniently, Once when an attacker learns about the plaintext for some packets, then he can compute the RC4 key stream generated by the inilination vectors IV used. This key stream can be used to decrypt all other packets that use the same IV. Using the previous techniques, the attacker can build up a table of IVs and related key streams. Once an attacker build tables, he can decrypt each packet which is sent over the wireless links, and at the same time these tables require a very small storage almost up to 15GB only.

MOBILE IP

A greater degree of connectivity is almost becoming a need for the business user on the go, as PDAs and the next generation of cellular phones become more widely deployed, Network providers and cellular service providers and wanting to position wireless LAN technologies need to have a solution which will grant this greater freedom.
Users and mobile IP provide want to maintain their home IP address while roaming beyond their home subnet. This enables transparent routing of IP datagram’s to mobile users during their movement, so that data sessions can be initiated to them while they roam. This also enables sessions to be maintained in spite of physical movement between points of attachment to the Internet or other networks.
Redirection attacks are the only security problem while using this mechanism. The home agent is informed, the user has a new care of address and all IP datagram’s are addressed to the actual user is redirected to the malicious user.
The Mobile IP is designed to resist two kinds of attacks:
1. A malicious user that may reply to old registration messages and cut the nodes from its network. 2. A node which may pretend to be a foreign agent and send a registration request to the home agent in order to divert traffic that is intended for the mobile node to itself. Message authentications and proper uses of the identification field of the registration request and reply messages are often used in order to protect mobile IPs from these kinds of attacks.

Damage a virus can cause to a cellular phone

The present cellular phone viruses have only a little impact to users. In order to increase threat, the malware authors works continuously on it so that users have to buy their anti-virus software. This information can be deleted, modified or stolen. In a future scenario, therefore, it is most important not to ignore the risk of attacks designed to seize valuable information, be it personal or professional.
One of another disturbing threat is spamming. In the near future it seems that cellular phones may become valid tools for the propagation of unwanted SMS and MMS messages. That is way that mobile devices could become the primary device for the spreading of viruses aimed at infecting a large number of cellular phones that, once hit, would start sending unwanted spam SMS and MMS messages to all the numbers listed in the phone by the user: all this while the unaware user is charged for the costs of this fraud.
Basically other way of propagating can be through the sending on infected messages, opening TCP/IP connections directly from the applications and offering greater opportunities for the malware to spread. The risk is limited, for traditional cellular phones that do not use an open operating system such as Symbian OS. The susceptibility of wireless devices to viruses and malicious code threats appear to follow the same patterns of vulnerabilities that the wired world has experienced. The threats to the wireless community can be divided into three groups:
• Threats based on applications.
• Threats based on contents.
• Mixed threats based on applications and contents.

Table of contents :

CHAPTER ONE: Introduction
1.1 The need for electromagnetic spectrum
1.2 Benefits of wireless technology
1.3 Wireless networks
1.4 Wireless devices
1.5 Wireless LAN overview
1.6 Benefits
1.7 Wireless Personal Area Networks (WPAN)
1.8 Wireless Wide Area Network (WWAN)
1.9 Cellular generations
1.10 Second to Third Generation bridge
1.11 Third Generation
1.12 Fourth Generation
CHAPTER TWO: Security Aspects of the Wireless Systems
2.1 Need for security
2.2 Attacks on wireless networks
2.3 Classification of security attacks
2.4 An ideal security system
2.5 Wired Equivalent Privacy (WEP) protocol
2.6 Flaws in the WEP scheme
2.7 Mobile IP
2.8 Virtual Private Network (VPN)
2.8 Protocols associated with VPN
CHAPTER THREE: What is a Malware?
3.1 Virus
3.2 Worms programs
3.3 Hoaxes
3.4 Trojans
3.5 Potentially unwanted programs
3.6 A look at mobile viruses
3.7 PALM OS viruses
3.8 Overview of threats and possible damage
CHAPTER FOUR: Threat Assessment
4.1 Countermeasures
4.2 What is an antivirus?
4.3 Symantec’s solution for handhelds
4.4 F-Secure solution
4.5 McAfee solution
4.6 Trend Micro’s virus/malicious code protection solution
4.7 Security measures for WLANs
4.8 Preventive measures to avoid mobile viruses
4.9 The future of Wireless devices and Viruses
CHAPTER FIVE: Conclusion & Suggestion
References

GET THE COMPLETE PROJECT

Related Posts