Wireless systems security
Active In SP
Joined: Sep 2010
08-10-2010, 04:48 PM
Wireless systems security.docx (Size: 95.13 KB / Downloads: 53)
Wireless systems security
The four traditional, intertwined areas of security are
• secrecy, (or confidentiality or privacy) which involves keeping information out of the hand of unauthorized users,
• authentication, which involves making sure one is communicating with the intended person,
• non repudiation, which deals with signatures, and which ensures that a person cannot go back on his/her earlier communication, and
• integrity control, which deals with ensuring that the received message was not tampered with.
Security threats to wireless network
• Accidental attack: This gives rise to exposure due to frequent failure of devices and components, because of their small sizes and capabilities.
• Passive attack: Here the goal of the intruder is only to monitor or get information that is being transmitted. Attacks may include releasing message contents or traffic characteristics. Since no data is altered, passive attacks are difficult to detect.
• Active attacks: In this type of attack, modification of data or false data transmission takes place, giving rise to masquerade or replay. Denial of Service (DoS), is possible, where either there is temporary prevention of communication facilities or disruption of the entire network. This is done by flooding it with a large number of messages to degrade the performance of the system.
• Unauthorized usage: This attack takes place because of the growing use of the Internet, which leaves the network vulnerable to hackers, viruses and intruders. It can be prevented by using proper user authentication techniques.
• Broadcast based: An eavesdropper is able to tap the communication into the wireless communication channels, by positioning itself within transmission range.
• Device vulnerability: Mobile devices can be hijacked easily, and if secret IDs or codes are embedded in the device, hackers may get access to private information stored on it and to other network resources.
• Heterogeneity: Mobile nodes need to adjust to potentially different physical communication protocols as they move to different locations.
• Resource depletion / exhaustion: In mobile systems resources like processing power and battery life are very limited. Hence techniques such as public key cryptography cannot be used during normal operations to conserve power.
• It may also leave the device open to an attack that reduces the normal lifespan of the battery. A DoS attack may consume and waste all the power in the battery, leaving the unit unable to function. In ad hoc networks, these attacks can cause routing nodes in the network to fail, making the network partially unreachable. 
• Detectability: Mobile systems used in the military do not want to be detected. Even if strong encryption is being used, and the data cannot be deciphered, just detecting the signal puts the mobile user at risk if its position can be located. The device can be jammed by local radio frequency (RF) interference or the user attacked.
• Theft of service: It is very easy to install wireless LANs by just taking them ‘out of the box’ and plugging them into the network, so that they work. In such systems, security settings are either disabled by default, or factory-set default passwords are commonly known. Unauthorized, nearby users, malicious or otherwise, can get a dynamically assigned IP address and connect to the Internet.
• War driving/walking: This is like the popular war game called war dialing, which was an earlier technique for searching phone numbers with modems attached to them. As wireless LANs gain popularity, hackers can find them, by just taking a notebook computer or pocket PC, fitted with a wireless card and some detection software like netstumbler, kismet, airsnort, etc., an optional Global Positioning System (GPS) and driving /walking round the city, detecting and locating wireless networks. This information is then used to build a network from the identified access points.