Security in Short Range Wireless Networks - Case Study Example

Security in Short Range Wireless Networks FahadAlkurdi Computer Science SECURITY IN SHORT RANGE WIRELESS NETWORKS Introduction In recent times, communication has seen a tremendous evolvement. This evolvement has led to a production of various devices that can be interconnected to facilitate sharing of services, and resources among them. As a result, various technologies have been invented to facility the sharing process. Some of these technologies include WI-FI, Bluetooth, Near Field Communication (NFC), among others. Despite the fact this technologies facilitate sharing of resources and services; they are faced with security challenges. The security challenges faced by these technologies expose the resources and services being shared to unauthorized persons. To combat the security threats faced by this short range wireless communication, several techniques have been brought forward. This paper is aimed at evaluating the various threats faced by the short range wireless networks and the effective solutions to these security threats. First of all, the general problems faced by short range wireless communication are as outlined below. One of the security problems is eavesdropping. In this case, the attacker ‘listens’ and monitors contents in a message being transmitted. For instance, an attacker may tune into transmissions between a base station and a wireless handset. Another common security problem is denial of service attack. In this scenario, an attacker prohibits usage of vital network services to the legitimate users. Masquerading is also a problem. The attacker may impersonate an authorized user and gain access to unauthorized information. This thesis will also provide security problems and solutions to each of the mentioned wireless network. Security problems and counter-measures of Wireless Fidelity (Wi-Fi) Wi-Fi is a local networking technology that works on IEEE 802.11 standard implemented by Wi-Fi compatible devices (Davis, 2004). It is used at homes, offices and public hotspots and offer a relatively higher peak data rates than 3G systems do. However, it also creates new security threats as follows. Wi-Fi has a security problem of Evil twin APs. In this case, the hacker creates a rogue Wi-Fi access point to eavesdrop on wireless communications, which appears to be a legitimate one. As a result, wireless clients can easily connect to them, since fraudulent APs can easily advertise the same network SSID as legitimate connections. Once the victim clients connect, traffic is routed using DHCP and DNS through the evil twin, and this may lead to man-in-the-middle attacks (Lemstra, Hayes, & Groenewegen, 2010). Data interception is another security problem encountered. Eavesdroppers can easily capture data that is sent over Wi-Fi within a short distance or even longer with directional antennas. This is done using cracking tools like ElcomSoft Wireless Security Auditor that locates wireless networks and intercepts data packets. Wi-Fi also encounters denial of service attacks, where an attacker frequently sends bogus requests, premature successful/failure connection messages and other commands to Access Points that are targeted. These attacks make channels busy, disconnect users and prevent legitimate users to get into the network, consume AP resources and may lead to the crash of the network (Miller, 2003). Caffe latte attacks are also another security flaw of Wi-Fi. This attack does not force the attacker to be in the area of the targeted network coverage. An attacker may obtain WEP key from a remote client using a process that targets Windows Wireless Stack. The attacker sends many ARP encrypted requests and use the ARP responses to acquire WEP key in a very short time (Miller, 2003). Network injection can also be encountered by Wi-Fi technology. An attacker makes use of access points that are exposed to broadcasting network traffic such as HSRP, RIP and OSPF. The attacker may also inject bogus reconfiguration commands that affect switches, routers, hubs, which can bring the whole network to a halt (Labiod, Afifi, & Santis, 2007). Address Resolution Protocol (ARP) spoofing is also another method used by attackers to violate Wi-Fi security. This allows an attacker to sniff network traffic, modify or stop them. The attacker’s MAC address is associated with the victim’s IP address by fake ARP messages sent by ARP spoofing. He/she may then forward data after modifying it (Miller, 2003). The following measures should be considered to curb Wi-Fi security flaws. Compatible WAP/WEP encryption should be turned on. Encryption scrambles messages and traffic on the network that cannot be read by attackers. Access points (APs) must also be well secured by eliminating rogue access points using 802.1 x protocols to authenticate all legitimate users. 802.1x is basically composed of a client who wants to be authenticated, an authenticator (an access point) which is a ‘go-between’, acting as proxy for the end user and restricting communication with the end server, and finally an authentication server which decides whether to accept client access or reject. The access points themselves do not need to know how to authenticate clients. They only pass authentication information from the client to the authentication server which handles the actual verification of client details. The default settings for Wireless access points should be changed since they are well known and prone to attacks by intruders (Curran, 2004). WEP (Wired Equivalency Privacy) should NOT be used, since it can be cracked easily because it uses relatively short Initialization Vectors with 24 bits only for different data packets. The reoccurrence of IVs can happen within short periods and transmission of frames having keystreams that are too similar results. In the case where enough frames are collected based on same IV, one can determine and decrypt the shared secret key among them. Instead, WPA2 (Wi-Fi Protected Access) should be used, because it fully implements the security elements defined in IEEE 802.11i and uses AES (Advanced Encryption Standard) algorithm to encrypt data. WPA dynamically generates a new key for each packet, therefore prevents the attacks compromised by WEP. It also includes a message integrity check that prevents attacker from capturing, altering and resending data packets. WPA2 supports two authentication modes: WPA2-PSK (Pre-shared key) WPA2-Personal mode. Here, one provides the router with a passphrase (between 8-133 characters long). Using TKIP (Temporal Key Integrity Protocol), the passphrase alongside network SSID, is used to generate dynamic encryption keys which keep on changing. WPA2-Personal mode is designed for home and smaller enterprises where all wireless clients of a particular SSID share a common passphrase. For larger enterprises with large networks, WPA2-Enterprise mode should be used. This mode allows the use of WPA2with 802.1x authentication. Legitimate clients authenticate with a RADIUS (Remote Authentication Dial in User Service - a networking protocol that provides centralized Authentication) server using personal login credentials. In such enterprises, greater control over who gets access to information is achieved, and a more secure wireless network is made. Static IP addresses should be assigned to devices. This should be done by turning of the Dynamic Host Configuration Protocol (DHCP) on the access point or router. A fixed IP address range must be set instead, and then configuration of each legitimate connecting device should be matching the IP. The router’s pre-set password must be changed for administration. Manufacturers usually assign a default password to the router. This password must be change to a stronger one in order to curb intruders from gaining access. Administrators must enable firewall on the router and each connected device. Once enabling is done, the administrator should add firewall rules and access control to meet the desired security needs. The administrator should first use the ‘deny all’ rule where everything is kept out of network, and then decide on who and what should be let in. The configuration should not allow in any traffic that was not requested by a computer on the network. For more protection, the administrator should consider installing personal firewall software on each device connected to the router, for example, McAfee Personal Firewall Plus, Symantec Norton Firewall 2004 and ZoneAlarm Pro.(Miller, 2003). Today’s Wireless technology gives a wide area of opportunities by helping institutions and businesses cut costs, increase productivity, and create new efficiencies in streamlining and budget cuts. As long as secure administrative practices benefits from safe, reliable network connectivity will be achieved.The correct usage of security tools assist in configuration changes andupdates to reduce errors and detect security threats such as rogue APs and other threats. Security problems and counter-measures of Bluetooth technology Bluetooth is a wireless radio specification defined by the Bluetooth Special Interest Group (SIG) that assists electronic devices to send voice and data signals without the use of cables as a medium(Labiod, Afifi, & Santis, 2007). This technology operates in the range of 2400–2483.5 MHz. It is based on master-slavestructure where one master can communicate up to seven slaves in a network established by Bluetooth (piconet). However, the technology has been susceptible to security flaws as attackers have consistently defined more sophisticated ways to violate its security. Bluetooth is vulnerable to bluesnarfing attack. This is the unauthorized access of information from a device through Bluetooth connection. It may be done using a special software, for instance, Bloover that ‘sucks’ information from the target device. Using the Object Exchange (OBEX) Protocol used to exchange information between devices, the software connects to a target device via OBEX push profile and pulls information using a ‘get’ request for known file names such as phonebook. The attacker forcefully connects to the targeted device without owner notification of a new connection and gets access to all memory portions of the attacked device including contacts, messages, settings, IMEI among others (Gehrmann, Persson, & Smeets, 2004). Another security flaw is bluebugging. This can be done using a Bluebugger which enables the attacker to make a connection. Once the connection has been established correctly, the attacker can make calls, send messages and can set call forwarding and receive calls intended for the victim. With the connection, the attacker can control the mobile device using AT (abbreviation for ATtention) commands. AT commands are instruction used to control a mobile device. (Scarfone, 2009). Bluejacking is another security problem, where the attacker sends an unsolicited message to another device (Bluetooth-enabled) expressing themselves, spread propaganda and entice the device user to respond to the message in a certain fashion. This works out in the instance when the attacker writes the malice-intended message as a name of a contact, then sending it to connected Bluetooth devices as a business card. This attack does not actually harm the user’s device, but can cause harm if the device owner makes a reply to the message that was sent with a harmful intention. The technology is also susceptible to Warnibbling attack. This is where the attacker makes an attempt to gain access as many Bluetooth phones as possible that are discoverable. Attackers often use high gain antennas personal computers and some special software such as Redfang to sniff for available devices. They may move around from station to station aiming at violating security of many consumers (Gehrmann, Persson, & Smeets, 2004). In order to curb the above security issues, the following should be considered. Firstly, introduction of Secure Simple Pairing (SSP) improves security through the addition of Elliptic Curve Diffie Hellman (ECDH) public key cryptography that protects users against eavesdropping and man-in-the-middle attacks (MITM) during pairing. This works by allowing the Numeric Comparison model associated with Bluetooth to prompt a user to enter a “yes” or “no” response. During pairing, a six-digit number is shown on each display and the user is supposed to provide “yes” response on each device if the numbers match. Otherwise, the user responds “no” and pairing will fail. Security passwords and PINS must be used in Bluetooth. This is in order to users from bluebugging and prevents attackers from eavesdropping conversations through phone calls and built-in hands-free car kits. Bluetooth users should not open mysterious messages that come into their devices. This can prevent the attackers from spreading malicious messages through bluejacking. Users must also not accept pairing requests from unknown devices, which can give intruders an opportunity to access them. The best method of protecting oneself from various attacks described above is disabling/switching off Bluetooth when it is not in use. This practice, especially protects users from snarf attacks which cannot be prevented by turning off the discovery mode of Bluetooth(Scarfone, 2009). In conclusion, Bluetooth offers a convenience ways of sharing data and information access. It is not a perfect standard currently, but as long as everyone takes measures against attacks, Bluetooth is a sufficient step to secure ad hoc networks. Security problems and counter-measures of Near Field Communication (NFC) NFC is a short-range wireless communications technology with a working distance of about 10cm. It is a technology that builds upon Radio-Frequency Identification (RFID) and contactless smart card technology that enables data to be read at some distance. It can be used for data exchange with other devices, micro-payment, data presentation for access gaining and discounts, among others(Labiod, Afifi, & Santis, 2007).NFC builds upon the strengths of RFID remote identification technologies. NFC specifications restrict the physical separation of NFC devices and tags to a close proximity, which require user intervention. NFC has three modes of operation: Reader/Writer mode enables devices to read data stored in passive RFID tags embedded in posters and products, hence act upon that data containing instructions. Secondly, Card Emulation mode enables owners of devices to make contactless business transactions similar to smartcard transactions. Thirdly, Peer mode allows mobile devices to interact. Each phonemust be equipped with NFC and the enabling applications forsharing data, including business cards, photos, important documents, among others. NFC is susceptible to security flaws as follows. A common security issue is the lack of adequate user information and prompts. The user experience for NFC is ‘Tap n Go’ and provides easy and quick connection. This is risky when if the NFC request from an attacker is an attack that is trying to create a data connection to a risky service, or to share unwanted or threatening content. This may lead to phishing of user sensitive data by an attacker (Kazmi, 2012). NFC is vulnerable to eavesdropping. In this case, an attacker can use antennae to receive the data that is being transmitted. Devices sending data in active mode are the most vulnerable to eavesdropping since it can be done up to a distance of 10m, unlike passive devices, where eavesdropping can be reduced up to 1m. If the data being transferred is sensitive, for instance credit card information, the attacker may gain access to it. Another security problem is data corruption and disruption. This is a type of denial of service attack, where the attacker interferes with the data being transferred, so that it reaches the destination when it is incorrect, invalid and useless. The attacker does the interference by transmitting radio signals to reduce the original signals to random noises, hence destroying the information. Sometimes the criminal may go to the extent of blocking the data channel so that the recipient receives no data at all (Agbinya, 2011). Theft is also another security flaw that NFC is vulnerable to. If a smartphone with NFC capability is stolen, the thief will easily wave the phone over a card reader at a store and make a purchase, as long as there is no security password set on the smart phone by the owner. Another problem is man-in-the-middle attack, where after an attacker successfully intercepts into the communication, simply reads and records it, then passes it on to the receiver. There is also the risk of data insertion. This is possible during communication between two devices and the receiving device takes too long to answer to the sending device. The attacker may insert his/her own messages into the communication that becomes successful if they are transmitted before the original recipient starts with the answer. If messages from the attacker and the recipient overlap, corrupt message is transmitted (Coskun, Ok, & Ozdenizci, 2011). Mobile malware is also another security problem. The malware can sniff sensitive user data such as stored credit card information and pass it to the attacker via the web or NFC channel. This gives the attacker easy access to sensitive user information. Since NFC technology is being used to store and share sensitive data, the following solutions and recommendations should be done. The NFC application developers should design it in a way that it notifies the user of a pending NFC request. The user should also be given an opportunity to confirm a pending request for certainty. Eavesdropping can be minimized by transmitting data via secure channels, whereby, a standard key agreement protocol like Diffie-Hellmann could be applied to establish a shared secret between two devices. This is a method of encryption that uses numbers raised to specific powers to produce decryption keys on the basis of components that are never directly transmitted. During the usage of secure channels, data is encrypted, and only the authorized device can decrypt it. Use of secure channels provides integrity, authenticity and confidentiality of the transmitted data. NFC users must ensure that companies they do business with have established secure channels to protect their sensitive data(Ahson& Ilyas, 2011). Data corruption and disruption should be countered by NFC devices through checking the Radio Frequency field which they are transmitting data. The power to detect corruption of data is significantly lower than the power needed to corrupt data; hence such attacks should be detected by the NFC devices. Data modification and man-in-the-middle can be dealt with through use of secure channels. Similarly, active-passive pairing mode ought to be utilized by devices where one device sends information while the other one receives it, instead of both devices sending and receiving information. The NFC devices should also check the RF field while sending data so that the sending device stops immediately an attack is detected. Theft can be prevented by NFC users to enforce security measures on their phones by installing/setting strong passwords or other kind of lock that appears when the phone screen is turned on so that the thief cannot figure out the right password and access the sensitive data and do unwanted transactions. Data insertion can be prevented through the answering device making no delays in answering, so that the attacker does not get the chance to have his/her message transmitted earlier. The answering device should also listen to the channel when it is open and the starting point of data transmission, so that it can detect the attacker who wants to insert wrong data (Ahson & Ilyas, 2011). The mitigation for mobile malware is installing anti-malware software that prevents malwares from sniffing sensitive user data. To conclude, NFC offers new conveniences and ease of use to users. However, it cannot protect by itself against security threats discussed. Security can be achieved through establishment of a secure channel and specific key agreement mechanism. The speed and is ease of access is a positive feature of this technology. Finally, short range networks offer good avenues for data exchange, communication and development. Although maximum security cannot be ensured, taking above measures into consideration can lead to a more secure world of wireless technology. References Agbinya, J. I. (2011). Principles of Inductive Near Field Communications for Internet of Things. Aalborg: River Publishers. Ahson, S. A., & Ilyas, M. (2011). Near Field Communications Handbook. Boca Raton: CRC Press. Chandra, P., & Lide, D. (2011). Wi-Fi Telephony: Challenges and Solutions for Voice over WLANs. Oxford: Newnes. Coskun, V., Ok, K., & Ozdenizci, B. (2011). Near Field Communication (NFC): From Theory to Practice. John Wiley & Sons. Curran, K. (2004). WiFi Security. CreateSpace Independent Publishing Platform. Davis, H. (2004). Absolute Beginners Guide to Wi-Fi Wireless Networking. New York: Que Publishing. Gehrmann, C., Persson, J., & Smeets, B. (2004). Bluetooth Security. Norwood: Artech House. Kazmi, H. (2012). Security and Privacy Issues in Near Field Communication (NFC) Systems: Contactless Communication in Digital World. LAP Lambert Academic Publishing. Labiod, H., Afifi, H., & Santis, C. D. (2007). Wi-Fi™, Bluetooth™, Zigbee™ and WiMax™. Springer. Lemstra, W., Hayes, V., & Groenewegen, J. (2010). The Innovation Journey of Wi-Fi: The Road to Global Success. Cambridge: Cambridge University Press. Miller, S. S. (2003). Wi-Fi Security. McGraw Hill Professional. Scarfone, K. (2009). Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology. Gaithersburg: DIANE Publishing. Read More