This document discusses security issues and techniques for various types of wireless networks. It begins with an overview of general wireless network security goals and mechanisms like encryption standards. It then focuses on specific wireless technologies, examining threats and security protocols for WLANs, cellular networks, ad hoc networks, and sensor networks. Key points covered include the evolution of WLAN security from WEP to WPA/WPA2 in response to vulnerabilities, authentication and encryption methods used in 3G cellular networks like UMTS, and addressing security at different layers for ad hoc and sensor networks. The document concludes by discussing security issues related to wireless user mobility.
Roadmap to Membership of RICS - Pathways and Routes
Wireless Networks Security Techniques
1. Wireless Networks Security
Mohammed Abdalhakam Taha
Abstract:
Throughout the previous decades, all communications tend to be wireless, this includes
computers, PDAs, phones and even sensors and actuators; as a result a higher concern is given to
wireless network security to cope with various threats in all the networks levels.
This paper discuss various wireless networks and their security, for each type, structure and
related threats are described and how different techniques are applied to achieve security goals starting
by general case. Discussion entails 802.11 WLANs, 3G cellular and ad hoc networks; for the later type
one section is devoted for sensor networks. The paper ends with security issues related to mobility.
Keywords: security, WLAN, cellular, ad hoc, sensor, mobility
Table of Contents
1. Introduction
2. Network security issues
2.1 Security Main Goals
2.2 Data Cryptography
2.4 Summary
3. WLAN Security
3.1 802.11 Overview
3.2 802.11 Security Threats
3.3 Wired Equivalent Privacy (WEP)
3.4 WEP upgrade
3.5 802.11i Protocol
3.6 Summary
4. Cellular Networks Security
4.1 UMTS Overview
4.2 Cellular Security Threats
4.3 UMTS security mechanisms
4.4 Summary
5. Wireless Ad hoc Security
5.1 Ad hoc network overview
2. 5.2 Ad hoc networks security threats
5.3 Ad hoc Data-level security solutions
5.4 Ad hoc link layer security solutions
5.5 Brief overview about Bluetooth security
5.6 Summary
6. Wireless Sensors Security
6.1 Wireless sensors network overview
6.2 Wireless sensor network security threats
6.3 Wireless sensor network security Solutions
6.4 Summary
7. Security issues in mobility
7.1 Wireless mobility overview
7.2 Wireless Mobility Security
7.3 Summary
8. Conclusion
References
List of Acronyms
1. Introduction:
Wireless networks saw a tremendous growth through the past decades due to its various
facilities including rapid installation for the network, user mobility, flexibility of nodes modifications
and scalability; in the other side these make it more vulnerable to attack [kryg02]
.
Wireless networks have the same threats objected to the wired networks, in addition many
factors make it harder to secure like [Yang06]
:
Open access medium nature: since the signals are propagated through the air, it can be detected
and analyzed more easily, enabling others to intercept or inject messages using available tools.
Limited bandwidth: since all users share the same channel (frequencies), this make it more
threatened to denial of service (DoS) attack.
Complex structure: supporting better mobility facility and channel utilization make it more
complex and hence more vulnerable to threats throughout these various structure levels.
Back to Table of Contents
2. Network security issues:
Security of the network can be achieved by applying certain mechanisms to attain security main
goals.
2.1 Security Main Goals:
3. We can measure a security of the system depending on two main factors [Tmim06] [Krse04]
:
1. Information Security:
Authentication: We want to ensure that the sender and receiver are the intended parties.
Confidentiality: Only sender and receiver must be able to 'understand' the message.
Integrity: The message must reach complete and correct (without any deletion or injection).
Non-Repudiation: To ensure that the sender will not wrongly deny the message he sent.
2. Network Security
Service reliability: We must verify the availability and accessibility of the service at any
time.
While cryptography of messages can solve confidentiality problem, it can also be used in some
scenarios to ensure authentication. Digital signature (achieved using some Hashing functions) can
affirm the integrity and non-repudiation.
2.2 Data Cryptography:
As addressed, data encryption has a core role in the security jargon, by which a sender decrypt
his message so that only aimed receiver can decrypt it. It can be categorized according to whether it is
symmetric or asymmetric and in the other side whether it is block cipher or stream cipher cryptography
[Tmim06]
.
2.2.1 Symmetric/Asymmetric Encryption:
In symmetric encryption, a single shared key is used between the sender and receiver; so, they
need to agree on it firstly, then they can use it for both encryption and decryption.
In asymmetric encryption both sides A and B has its own private key and another public key,
when A want to send to B it uses B's public key(which is earlier sent to it) and send it, then only B can
decrypt it using its own private key.
While symmetric encryption is more secure the management of key sharing is difficult.
2.2.2 Block/Stream Cipher:
In block cipher, the message is encrypted block by block depending on the key of encryption,
three common method are used [Chdr05]
:
Electronic Codebook Mode (ECB): a basic configuration where encrypted output is a direct
function of the key (fig. 1.a).
Chain Block Chaining Mode (CBC): where an output block from a previous phase will be
used with the key to produce the current block (fig. 1.b).
Output Feedback Mode (OFB): here an initialization vector is encrypted to produce a vector
that is used to produce the output block and encrypted for the next phase and continue like
that (fig. 1.c).
In stream cipher, the message stream (bit by bit) is encrypted by a generated key from the
secured shared key. It can be generally categorized into either synchronous stream where the
produce vector key depends only on the shared key (fig. 2.a), or self-synchronized where it rely
also on the previous state generated (fig. 2.b).
In spite of stream cipher simplicity and speed, block cipher is better and recommended for its
security [Chdr05]
.
2.2.3 Encryption Standard Protocols:
4. famous encryption standards are DES, AES and RC4 [Chdr05] [Tmim06]
.
Data Encryption Standard (DES): an ECB encryption, for 56-bit key recommended by National
Institute of Standards and Technology (NIST) since 1974 but because of short key size, a newly
enhanced standard is proposed 3DES where the algorithm is cycled 3 times (in CBC manner).
Advanced Encryption Standard (AES): a newly block cipher recommended standard to replace
DES (1997), it is being used in the 802.11i.
RC4: is a variable key-size stream cipher algorithm, used in Secure Socket layer (SSL) and
Wired Equivalent Privacy (WEP).
2.4 Summary:
Nature of wireless networks which offer more facilities has also generated security limitations
5. entails complexity, bandwidth and detection which reveals the importance of achieving authentication,
confidentiality, integrity and availability through various techniques, most important method is
encryption where various standards where made according to complexity, management and speed
needed. These issues are considered in the subsequent sections for various types of wireless networks.
Back to Table of Contents
3. WLAN Security:
The IEEE 802.11 defines standards for WLAN that widely used in establishments for its
benefits mentioned; hence a lot of attention is given for its security.
3.1 802.11 Overview:
The 802.11 defines a set of implementation (802.11a~802.11g) for the physical (PHY) and data
link layer (MAC/LLC) for WLAN. WLANs are grouped into Basic Service Sets (BSS) that consists of
Station Terminals (STA) and Access Point (AP) which is linked to the remaining network structure
[Chdr05]
.
3.2 802.11 Security Threats:
A lack of any of the security features mentioned in section 2.2 make the system vulnerable to
attacks; some of the famous types of attacks [Tmim06]
:
Traffic Analysis: in which the attacker can collect information about the network, including IDs,
type of protocols, AP location.
Packet Eavesdropping: where the attacker can 'listen' to and moreover can act actively by
injecting some packets to the stream.
Unauthorized Access: where the attacker tries to get access to a network that he is not
authorized to.
Man-in-the-Middle attack: when the attacker can get packets before a receiver he can change
the contents of message, ACKs or IP addresses.
Replay attack: where the attacker 'records' the authentication information to use it to access the
network.
DoS attack: Also known as Channel jamming [Yang06]
, where frequent packets are sent
simultaneously for the target making it unable to manipulate other legitimate user packets.
To cope with such threats two known protocols (WEP and WPA) were made to guarantee
authentication, data confidentiality and integrity.
3.3 Wired Equivalent Privacy (WEP):
WEP is the first security protocol provided by 802.11, yet it is widely used since it offered some
sort of security, but not anymore, because of some critical defects on its architecture [Yang06]
.
3.3.1 WEP structure:
WEP defines Encryption, Authentication and integrity for the transmitted data, the payload data
concatenated with its CRC are encrypted using RC4 stream cipher encryption (that use a 24 bit
6. initialization vector IV, and 40 bit key) [Krse04] [Tmim06]
, the IV (which is changing each frame) along
with encrypted data and headers constitute the transmitted frame shown in fig. 3.a. Fig. 3.b shows this
process.
3.3.2 WEP Weaknesses:
As described, some flaws were found in the WEP protocol mentioned, these includes [Tmim06]
:
The small key size (40 bit) that can be easier to be resolved.
Using the 'linear' CRC can give an intruder a chance for changing both the data and the CRC
(message forgery).
The 24 IV bits which is sent as plain text, will eventually be repeated, 'Real implementations
show that it requires only 20 000 packets to recover the key, which takes less than 1 min in a
fully loaded AP' [Yang06]
.
3.4 WEP upgrade:
To overcome WEP holes, some protocol was added while keeping the same RC4 protocol, these
new set of standards is known as Wi-Fi Protected Access (WPA) [Yang06]
:
For RC4 key problem: Temporal Key Integrity Protocol (TKIP) is used to produce a unique 128
bit RC4 key through multiple phases.
For integrity: Message Integrity Codes (MIC) is used as an alternative to the linear CRC so
avoiding message forgery.
For authentication: 802.1x protocols are used [Chdr05]
, the Extensible Authentication Protocol
over LAN (EAPoL) is for the client to AP, to authenticate the 802.11 network by the RADIUS
server as shown in fig. 4.
7. 3.5 802.11i Protocol:
The 802.11i protocol, released in June 2004, intended to be a 'final' solution for the wireless
security where it solve problems of integrity, encryption and authentication; it is commonly known as
WPA2 [Tmim06]
:
For authentication: the 802.1x described before is supported in addition to another method in
which a shared key is used (as in WEP) is used to derive other Pre-shared Key (PSK).
For integrity: using MIC as in WPA
For encryption: it supports the TKIP/MIC and the AES based algorithm CCMP (Counter Mode
with Cipher Block Chaining Message Authentication Code Protocol).
3.6 Summary:
With coming of the WLAN and its 802.11 protocol, great deal of interest is directed to security
side, especially because of various threats that includes unauthorized access, data eavesdropping and
modifying or even affecting network reliability. WEP was designed to give high level of security, but
some weaknesses rose which lead to the 802.1x 'batch' solution to overcome these holes, and finally
802.11i protocol is released with stronger authentication, integrity and encryption facilities.
Back to Table of Contents
4. Cellular Networks Security:
Throughout the last two decades a rapid progress is observed in wireless telecommunication to
reach the current 3G networks; the widely used circuit-switched-based GSM networks was evolved to
the 2.5G General Packet Radio Service (GPRS) networks as an intermediate phase to 3G giving a
better pace for packet data transmission, Security issues description here is limited to the third
generation extension to GSM: Universal Mobile Telecommunication System (UMTS), other 3G
systems shares a lot of these concepts.
4.1 UMTS Overview:
The existing GSM/GPRS system is integrated with the UMTS that actually based on the
WCDMA; so, in addition to the available Radio Access Network (RAN), the system is incorporated
with the UMTS-RAN (URAN) as shown in fig. 5 [Grdz06]
, where another Packet Switching-Core
8. Network (PS-CN) is added to the existing circuit-based one. The Radio Network Controller (RNC)
connect the mobile station through the BTS to the core network, Roaming is supported through the
Boarder Gateway (BG) while connection to the internet is achieved through the Gateway GPRS
Support Node (GGSN). Other existing information servers include the HLR that holds user
information, other IP servers (DNS, RADIUS...) and the Authentication Center (AuC).
Actually the mobile station SIM contains an International Mobile Subscriber Identity (IMSI)
that to be authenticated with the core network (i.e. the AuC), moreover, the new UMTS SIM (USIM),
has the capability of encryption [Yang06]
.
4.2 Cellular Security Threats:
The attacks described in section 2.2 for WLAN (like eavesdropping and DoS) is applicable here
too; we may have noticed the complexity of the cellular network that leads to think of more ways of
attacks [Yang06]
:
1. Through the internet interface (Gi link): crossing the network for the targeted node, Similar to
other IP networks attack but result in problems for the whole cell decreasing its reliability.
2. From other CN (Gp link): can be firewalled, but if attacker could pass through near CNs, it is
likely to attack the current one (with similar security).
3. From the user plane of the RAN: if the attacker success then he might get the ability to harm the
data system severely, including various servers and proxies inside the CN, one example is the
distributed DoS (DDoS) that makes a lot of traffic problem in the network.
4. From the signal plane of the RAN.
The good news is that, it is difficult to achieve an attack targeting cellular networks for many
reasons, these includes [Yang06]
:
Traffic generated by a single mobile station is limited due to the channel capacity and capacity
processing of the handset or the USIM.
Targeting the CN needs very special tools, not like the case of WLAN where off-the-shelf Wi-Fi
9. card can work.
Human direct reaction, since usually service is paid by volume and an attack can drop down the
service (in case of DDoS).
Most importantly, to start an attack you need to get some nodes identities which is difficult due
to the Authentication and encryption mechanisms (described later).
4.3 UMTS security mechanisms:
In order to recover from security holes in the GSM, UMTS architecture retains a lot of the GSM
basic features in addition to its enhancements.
4.3.1 Anonymity:
UMTS inherits from GSM the use of temporal MSI (TMSI) to avoid tracing the MS by its IMSI
while routing calls. After ensuring authentication and data encryption, another TMSI is assigned for the
session [Chdr05]
.
4.3.2 Authentication:
UMTS uses Authentication and Key Agreement (AKA) mechanism where the network
Authenticate the USIM and then the USIM authenticate the network through the Challenge/Response
mechanism.
In the first phase, the USIM sends request from the VLR/MSC to access the network. the MSC
in turn requests a generation of security vector from the AuC/HLR that entails encryption key, integrity
key, the verification of the MS and a random number challenge for the MS. in the second phase if the
response from the USIM coincides with expected one then the AKA has completed [Chdr05]
.
4.3.3 Confidentiality:
UMTS uses a block cipher encryption algorithm known as KASUMI which uses 128-bit session
key CK maintained from authentication process. As shown in fig. 6, inputs to this algorithm are: CK,
32-bit COUNT-C (a ciphering sequence number updated each block), 5-bit BEARER channel
identifier, DIRECTION bit and 16 bit key stream block LENGTH, the result key block is XORed with
the plain text and the same key in the other side is used to recover the data [Chdr05]
.
4.3.4 Integrity:
Not like the GSM, UMTS guarantee integrity of message. It uses UMTS Integrity Algorithm
(UIA) [Grdz06]
. As shown in fig.7, the resulted integrity key IK from the authentication phase, COUNT-I
bits, DIRECTION bit and the per-connection FRESH nonce are incorporated with message using f9
10. algorithm to produce Message Authentication Code (MAC-I) that is concatenated with message to
ensure integrity when compared with the receiver XMAC-I [Chdr05]
.
4.4 Summary:
Taking the UMTS as an example for the 3G structure we might observe clearly the complexity
of such wireless system and hence threats can emerge from different sides. Consequently UMTS uses
various mechanism to ensure security goals; where it uses temporal MSI for anonymity, AKA for
authentication, KASUMI block cipher algorithm for confidentiality and its own integrity algorithm
method for integrity.
Back to Table of Contents
5. Wireless Ad hoc Security:
In the wireless ad hoc networks, multiple nodes interact directly without presence of a central
backbone (like the case in Wi-Fi or 3G networks), this simple and cost-effective feature make it popular
structure in many fields.
5.1 Ad hoc network overview:
In the Mobile Ad hoc network (MANET), there is no routing devices, so here we can classify
them to either single-hop network (e.g. PAN) where source and destination have a direct link, or
general multi-hop network (e.g. sensors and ad hoc LANs) where each node can additionally route
messages to other nodes. The later ability raises a new security challenge regarding network layer.
According to algorithms, routing protocols can be categorized into [Yang06]
:
1. Link State: where the source calculate the shortest path according to global information about
other links cost.
2. Distance Vector: where information about each neighbor cost is received and then judging to
which node to forward.
3. Source Routing: where the source explicitly specify the complete path to the destination.
According to updating routing information actions it can be divided into [Yau03]
:
1. Proactive routing: where updates are sent periodically, (e.g. Optimized Link State Routing
(OLSR) and Topology Broadcast Reverse Path Forwarding (TBRFP)).
2. Reactive routing: where updates are sent on-demand, so a discovery phase is needed, (e.g. Ad
hoc On-Demand Distance Vector (AODV) and Dynamic Source Routing (DSR)).
3. Hybrid routing: a hierarchical routing where both of previous types are included, an example is
Zone Routing Protocol (ZRP).
5.2 Ad hoc networks security threats:
Threats mentioned before for wireless networks targeting data is also applicable here,
furthermore, issues related to routing layer must also be considered, generally speaking, causes of
insecurity may result either from internal or external nodes.
5.2.1 External threats:
11. External attacker can try to eavesdrop passively (e.g. to locate nodes), or actively (e.g. DoS attack), in
the jargon of MANETs, a known such attack is the sleep deprivation torture attack targeting wasting
nodes’ power [Yau03]
.
5.2.2 Internal threats:
Here the effect is more severe, that can affect the whole topology. Fault can result from [Yau03]
:
Failed node: where the node cannot forward message (e.g. for power or environmental reason).
Badly failed node: where the node can send wrong data like information about non-existing
nodes, producing DoS problems.
Selfish node: Where a node use resources without participation (e.g. achieving no forwarding).
Malicious node: Where a node may contain many of the above features, making a lot of attacks
includes: DoS as in badly failed node, misdirecting traffic by declaring short paths or virtual
nodes or replay attack by changing sequence numbers.
5.3 Ad hoc Data-level security solutions:
Different nature of the distributed Ad hoc network results in special consideration in
authentication, integrity and confidentiality.
5.3.1 Key establishment, distribution and authentication:
Not like other networks, using centralized certificate authority (CA) that is accessible from all
nodes is impractical (and insecure), so a distributed CA has to be used instead; an example is ‘threshold
secret sharing’ [Chdr05]
, where any set S of nodes out of specific Q nodes (S<Q) can be used to give an
authentication service, that is, to get the destination public key, the source ask nearest S trusted nodes
which in turn send some related keys to a combiner to produce the destination key (the combiner can be
multiple combiners with majority-based response scheme). After getting the key (decrypting the result
from CA) the source can use it to authenticate the destination using challenge/response for example.
5.3.2 Confidentiality and integrity:
The selection of algorithm depends mainly on the environment of specific MANET, for the
Public key scheme, using stream-cipher is common because of its low computation overhead [Chdr05]
.
While some uses message authentication codes (HMAC) for symmetric key scheme that uses one-way
hash function for integrity [Yang06]
.
5.4 Ad hoc link layer security solutions:
As discussed, Ad hoc is vulnerable to link layer attacks; we consider both routing and
forwarding security.
5.4.1 Routing security:
Securing routing message to the correct path (before sending it) depends principally on the
algorithm of routing [Yang06]
, for example:
For distance vector (like AODV): the goal is to guarantee the correctness of the declared links’
cost of the nodes, this is achieved through some mechanisms that uses one-way hash function.
For link state (like OSPF): the goal is to ensure the existence of all the declared links, this is
done where both a specific message and the link update have the same digital signature.
For the source routing (like DSR): the goal to ensure the order of the whole link (without any
modification), which is achieved by authentication of each hop in the route.
12. 5.4.2 Forwarding security:
The aim here is to guarantee that message sent will take the correct path; this is done through two
phases: detection of any forwarding error and correspondent reaction [Yang06]
.
In detection phase: the objective is to know where the packet has been dropped, this can be
maintained either by using a localized detection where each node can hear its next node
forwarding failure and inform the source, or by using acknowledgement from the destination
hence the source can detect the fault in the link by forwarding messages using various links
attached to the faulty link’s nodes.
In reaction phase: after detection of attacked node reaction is either Network-wide reaction
where that node is known to be isolated from future routing; or End-host reaction where each
node down-rate differently, giving it a lower priority in future routing.
5.5 Brief overview about Bluetooth security:
Bluetooth is a PAN ad hoc protocol; it uses a single-hop routing however its complexity emerge
from its hierarchical structure to support various types of services and security modes according
to devices capabilities [Chdr05]
. It supports both unicast and broadcast. Security issues are
implemented in the link layer.
Authentication achieved by a challenge/response mechanism using Link key which is generated
either from user pass key, preconfigured key or regenerated one (using block-cipher
encryption).
Data encryption is attained using the payload key which is derived from the link key and device
MAC address; stream-cipher is used for data.
For integrity CRC is used (but data is encrypted).
5.6 Summary:
In wireless ad hoc networks, in addition to other wireless network data threats, link layer threats
emerged where faulty routing or forwarding might be taken (because of multi-hop nature). For data
level issues security goals are achieved peering in mind the nature of distributed-self-routing nodes and
power/speed requirements. For link layer level, type of routing specify how to secure it, and forwarding
fault is solved reactively after detecting location of error.
Bluetooth is an example of single-hop ad hoc network where we tackle the data level threats;
we will consider in the next section another ad hoc protocol, wireless sensor network which in contrast
uses a multi-hop protocol.
Back to Table of Contents
6. Wireless Sensors Security
Sensor networks, which have various applications (as in environmental, medical and security
fields), have special features related to limitations in power and cost that results in different security
threats and countermeasures.
13. 6.1 Wireless sensors network overview:
WSN is a multi-hop ad hoc network in which data sensed and processed using simple circuit
node is routed using neighbor nodes up to the network manager as shown in fig. 8. The gateway sensor
node (base station) is a special node with higher computation, memory and communication capabilities
to deal with the manager side (or other network), tunneling all the network information like keys and
data [Klta09]
.
RF communication is usually used, which results in broadcasting as a simpler method to
forward data, requests and routing beacons, and using clustering to reduce messages transmitted [Srgi05]
.
Management
Gateway sensor node
Sensor node
Figure 8. WSN structure
6.2 Wireless sensor network security threats:
WSN is subjected to all the ad hoc threats mentioned in section 5.2, like eavesdropping, DoS
attacks and Sybil attack (where the malicious node declares itself with multiple identities). Moreover,
some other WSN specific attacks are [Klta09]
:
Hello Flooding: when an attacker with higher transmission power is considered to be a
neighbor and hence starting exchanging data.
Sinkhole attack: when a malicious node announce a high quality link to the base station to
attract packets and allowing other types of attacks.
Wormhole attack: where packets are bypassed between two malicious nodes, the first act as a
sinkhole and forward packet to the other node.
6.3 Wireless sensor network security Solutions:
To achieve the security requirements like confidentiality, authentication and integrity to cope
with various attacks described before, many studies and protocols are published that rely on the
symmetric key concept (considering that using public-key encryption is too expensive), below is a brief
description of three of them[Srgi05]
.
6.3.1 Security Protocols for Sensor Networks (SPINS): protocol proposed by Perrig et al, designed
for limited resource sensor environment. Mainly has two secure blocks: SNEP and µTESLA.
Sensor Network Encryption Protocol (SNEP): uses chaining block cipher (CBC) to achieve
14. security requirements between two nodes using symmetric key combined with initialization
vector, to decrease communication overhead IV is not actually sent but an agreed counter is
used between source and destination (with long counting to minimize chance of repetition).
Micro Timed Efficient Stream Loss-tolerant Authentication (µTESLA): used for security in
broadcasting scenario, even though the asymmetric is costly, normal symmetric key is insecure
for broadcasting, µTESLA work around this by introducing ‘asymmetry with delayed key
disclosure and one-way function key chains’[Srgi05]
.
6.3.2 TinySec: is a link layer security protocol integrated into the sensor operating system TinyOS,
TinySec has two versions one that support authentication and encryption (TinySec-AE) and another
that supports authentication only (TinySec-Auth), for encryption, also IV and CBC is used (Skipjack
Block cipher protocol), for integrity, message authentication code is computed using CBC (CBC-
MAC).
6.3.3 Localized Encryption and Authentication Protocol (LEAP): is a key management protocol in
which every node has four keys; depending on the type of the destination it uses the specific key.
Group key: shared with all the nodes, for general message broadcasting.
Individual key: shared with the base station (e.g. for security alerts).
Cluster key: shared with neighbors (e.g. for routing control information).
Pairwise key: with specific neighbor (e.g. for secure communication route).
6.4 Summary:
Wireless sensor networks have the same security concerns discussed for the multi-hop ad hoc
network, moreover, specific attacks targeting wireless sensor networks includes hello flooding,
sinkhole and wormhole attack. various solutions released to deal with security issues like SPINS
protocols suite that provide data confidentiality and two-party and broadcasting data authentication,
TinySec which can guarantee authentication and encryption and LEAP key management protocol that
specify with whom the key is shared.
Back to Table of Contents
7. Security issues in mobility:
In the previous sections we consider the security of wireless networks looking at the ‘air
medium’ effects, another side is the mobility of nodes offered by various protocols; talking about IP
mobility, many flaws in IPv4 has been healed in IPv6 as we will see.
7.1 Wireless mobility overview:
In a wireless system, when a node moves from a sub-network to another it needs to register
itself in the new network and inform the home network so it can be reachable. In mobile IPv4 an
indirect routing is used where the mobile node (MN) is reached via the home agent and current foreign
agent. A similar scenario when considering mobility in cellular networks [Krse04]
, in IPv6 direct routing
is available (route optimization), where the correspondent node can directly connect to MN.
15. 7.2 Wireless Mobility Security:
The main problem to be tackled in mobility is the identification and authentication between the
MN, current network and home network. Considered below are these security issues in Mobile IPv4
and Mobile IPv6.
7.2.1 Mobile IPv4 Security:
The main issue in IPv4 is registering care-of-address (COA) to MN with the home agent (HA)
through the foreign agent (FA) since insecure authentication can lead to redirecting all data between
HA and MN to another side. This authentication must also provide protection against replay attack
[Fnsl03]
. For authentication, HMAC-MD5 is used to produce 128-bit “message digest” [Krse04]
.
When MN migrates to another network key distribution mechanism is needed, this is achieved
through Authentication, Authorization, and Accounting (AAA) server like RADIUS.
Replay protection can be achieved in Mobile IPv4 by two methods [Fnsl03]
:
1. Using timestamp by the sender for the message, the receiver can then check the validity of the
message; this is mandatory method.
2. The optional one is by using a ‘nonce’, dividing them to upper and lower 32-bits, MN map the
message to HA through FA using the lower bits of the nonce, HA in turn replies and append
other upper 32-bit random number half, this last half is copied in the next registration request in
lower half of MN, so that HA insures no replay.
7.2.2 Mobile IPv6 Security:
One important difference in Mobile IPv6 is that it is being integrated inside the IPv6 and hence
there is no FA since the mobility is supported from the IP itself.
Mobile IPv6 support both direct and indirect routing [Fnsl03]
. Indirect routing (bidirectional
tunneling) is similar to Mobile IPv4 where the MN update the HA with the binding info, which in turn
‘tunnel’ the packets from the correspondent to the MN (compatible with IPv4). In direct routing, the
binding update is sent also to the correspondent giving it the pace for better routing.
Binding update authentication for the HA is achieved using IPSec protocols, either the
authentication header (AH) protocol or the encapsulation security payload (ESP) protocol; in both
cases security association (SA) logical channel is made between the HA and MN [Krse04]
.
For the correspondent authentication, a challenge/response mechanisms is used, then the MN
create a binding management key derived from data through this process, this key is used by the
correspondent as an entry point for next communications [Fnsl03]
.
For integrity, HMAC-SHA1 is used to calculate the MAC and the Secure Hash Algorithm
version-1(SHA1) is used for hash value generation.
Remember that in IPv6 there’s no need for key distribution mechanisms since there is no FA and
the mobility is integrated by default in the protocol as we mentioned.
7.3 Summary:
A special feature for wireless network is mobility; therefore attention in security is directed to
the node identification and authentication with new and original network. Mobile IP is considered. In
Mobile IPv4, Authentication is achieved by HMAC-MD5 and key distribution using AAA server and
protected against packet replay by using timestamp or 'nonce' method. In IPv6, mobility is integrated in
the protocol itself, so no need for key distribution, in addition direct routing is also supported so node
16. authentication with both home network and correspondent is needed; the first is achieved using IPSec
protocols and the later by some challenge/response mechanism.
Back to Table of Contents
8. Conclusion:
Various wireless systems have common features and security goals to address; however, and
depending on the network hierarchy, complexity and special requirements as we saw in WLAN,
cellular, ad hoc and sensor networks, selection of security protocol and methods like encryption and
authentication get narrower.
We might also notice that different attacks and flaws contribute in producing better new security
solution, we observe this clearly in case of WLAN, cellular and Mobile IP.
Back to Table of Contents
References:
1. [Yang06] Hao Yang, Fabio Ricciato, Songwu Lu and Lixia Zhang, "Securing A Wireless World"
Proceedings Of The IEEE, Feb 2006, v. 94 no. 2.
http://ieeexplore.ieee.org/iel5/5/33381/01580512.pdf?arnumber=1580512
2. [Chdr05] Praphul Chandra,"Bulletproof Wireless Security: GSM, UMTS, 802.11 and Ad Hoc
Security", Elsevier Inc. Pub.,2005, Chapter 1,3,6 and 8
http://www.amazon.com/BULLETPROOF-WIRELESS-SECURITY-Communications-
Engineering/dp/0750677465
3. [Tmim06] Abdel-Karim R. Al Tamimi,"Security in Wireless Data Networks: A Survey Paper",
Washington University survay paper, 2006
http://www1.cse.wustl.edu/~jain/cse574-06/ftp/wireless_security.pdf
4. [Grdz06] Ali I. Gardezi, "Security In Wireless Cellular Networks", Washington University
survey paper, 2006
http://www1.cse.wustl.edu/~jain/cse574-06/ftp/cellular_security.pdf
5. [Srgi05] Mayank Saraogi, "Security in Wireless Sensor Networks", University of Tennessee,
Knoxville, a survay paper, 2005
http://web.eecs.utk.edu/~saraogi/594paper.pdf
6. [Fnsl03] Edvard Fonsell, "Security in IP Mobility Solutions", Helsinki University of
Technology-Telecommunications Software and Multimedia Laboratory paper, May 2003,
http://www.tml.tkk.fi/Studies/T-110.551/2003/papers/7.pdf
7. [Yau03] Po-Wah Yau and Chris J. Mitchell, “Security Vulnerabilities in Ad Hoc Networks”, In
17. Proc. of the 7th Int. Symp. on Communications Theory and Applications, 2003
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.64.7599&rep=rep1&type=pdf
8. [Klta09] Hemanta Kumar Kalita and Avijit Kar, "Wireless Sensor Network Security Analysis",
International Journal of Next-Generation Networks (IJNGN), December 2009, Vol.1, No.1,
http://airccse.org/journal/ijngn/papers/1.pdf
9. [Krse04] James F. Kurose and Keith W. Ross, “Computer Networking: A Top-Down Approach
Featuring the Internet”, 3rd Edition, Addison Wesley publishing, 2004, Chapter 8,
http://www.amazon.com/Computer-Networking-Top-Down-Featuring-
International/dp/B003F89KJG
10. [Kryg02] Tom Karygiannis and Les Owens, "Wireless Network Security: 802.11, Bluetooth and
Handheld Devices", National Institute of Standards and Technology special publications,
November 2002,
http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
Back to Table of Contents
List of Acronyms:
AES Advanced Encryption Standard
AKA Authentication and Key Agreement
AODV Ad hoc On-Demand Distance Vector
AuC Authentication Center
CBC Chain Block Chaining (cipher)
CRC Cyclic Redundancy Check
D/DoS Distributed/Denial of Service
DES Data Encryption Standard
DSR Dynamic Source Routing
ECB Electronic Codebook (cipher)
FA Foreign Agent
GPRS General Packet Radio Service
HA Home Agent
HLR Home Location Register
I/MSI International/Mobile Subscriber Identity
IV Initialization Vector
MANET Mobile Ad hoc network
MIC Message Integrity Codes
MN Mobile Node
MSC Mobile Switching Centre
OFB Output Feedback (cipher)
18. OSPF Open Shortest Path First
RADIUS Remote Authentication Dial In User Service
TKIP Temporal Key Integrity Protocol
U/RAN UMTS/Radio Access Network
U/SIM UMTS/Subscriber Identity Module
UMTS Universal Mobile Telecommunication System
VLR Visitor Location Register
WEP Wired Equivalent Privacy
WPA Wi-Fi Protected Access
X/MAC Expected/Message Authentication Code
Back to Table of Contents
Date Last Modified: 13/1/2011