Wireless Networking Technology and Security  Research Proposal
- Length: 22 pages
- Sources: 16
- Subject: Education - Computers
- Type: Research Proposal
- Paper: #11971670
Excerpt from Research Proposal :
Bluetooth devices use encryption security and this makes the requirement of a "unique key session key to derive per-packet keys thus avoiding frequent key reuse." (Kennedy and Hunt, 2008, p.4)
Kennedy and Hunt report that ZigBee is a reasonably priced low energy consumption two-way CDMA/BA-based wireless communications standard which is based on IEEE 802.15.4 which is referred to commonly as a 'Low Rate Wireless Personal Area Networks (LR-WPANs) and which is targeted primarily "at radio frequency applications requiring low data rate, long battery life and secure networking." (p.4)
LP-WANS "offer device level wireless connectivity..." And as well "they enable a range of new applications as well as enhance existing applications." (2008, p.4) These devices are low in cost and low in their energy use and due to their self-organization features are useful for public security applications as well as for tracking inventory and automation in the home and office. A wireless device may be jammed in what is equal to a DOS attack. The jamming can take place at the PHY layer through sending transmissions continuously. It is also possible for collisions to be created by an attacker.
Kennedy and Hunt report that the 'void address' is a much more powerful attack since the LR-WPANs use 16-bit short addresses and the cluster-tree may use only part of the address, the attacker is able to send a packet to an address that is nonexistent which is beyond the cluster-tree address scope and while the address is not in existence, the packet will be sent up the tree and when it arrives there may be failure on the part of the root to validate the address and the packet is then forwarded to a branch that does not exist. Since the root does not receive a package acknowledgement, that packet will then be retransmitted.
The LR-WPAN device has its key management "based on the trust centre which is neither robust nor efficient. Communications between the trust centre and a device can be lost, especially in a multi-hop and/or mobile environment." (p.4) This reliance on the trust centre results in a reduction of the system's robustness and this is particularly true for key transports and for updates since the key are current unicast. The result is that the trust centre is heavily burdened and the devices near it are as well due to the need to relay traffic between other devices and the trust centre. For this reason, Kennedy and Hunt state that distributed or hierarchical key management schemes should be considered for large-scale networks.
Kennedy and Hunt relate that 'Near Field Communications' (NFC) is a "short-range wireless connectivity technology" that provides "intuitive and simple communication between electronic devices." (2008, p.5) Communication takes place when two NFC compatible devices are "brought within a few centimeters of each other and is compatible with existing RFID (Radio Frequency Identification) standards. This type of communication technology operates in the 13.56MHz frequency band and transfers data "at up to 242 Kpbs as defined by ISO 14445 ." (Kennedy and Hunt, 2008, p. 3)
Due to the short transmission range transactions enabled by NFC are potentially secure. The possibility of an eavesdropping attack is a high risk with NFC communication since antennas can be used to receive signals. NFC communication generally takes place between two devices which are 10 centimeters apart or less and while this range does not limit attackers the operating mode is limited including whether the RF field is used by the sender for generation or as to whether the RF field being used is generated by a separate device. When the NFC is generating its own RF field this is referred to as the 'active' mode and when the NFC uses the RF field of another device this is referred to as the 'passive' mode of generation. There are various transmission methods and this makes it more difficult to attack through eavesdropping on devices being operated in passive mode. When the active mode is being used to send data eavesdropping can occur within about 10 meters distance.
Also a risk with NFC communication is the data corruption attack which is a basic DOC type attack. The most simple form of attack is one in which the communication of the receiver is disturbed by the attacker rendering the data transmitted being failed to be understood by the receiver and this is perpetrated through the transmission of frequencies of the data spectrum that are valid and transmitted at a correct time. The attacker with an understanding of the modulation and coding scheme will be able to calculate the correct time. Finally another form of attack is the 'Data Insertion' attack which is the insertion of messages into the data that the two devices are exchanging however, this may only occur when the device that is answering accepts replies that are delayed.
The Data Insertion attack enables the attacker to insert the message prior to the reply sent which will be successful if the message makes it to the answering device first. If the data stream winds up overlapping then the data will become corrupt. While the passive mode of transmitting data is much safer there is still a possibility that eavesdropping may occur and for this purpose the NFC device can establish a secure channel through examining the RF field during transmission and check the RF field during the course of the transmission.
There are three possible countermeasures to a 'Data Insertion' attack: (1) the answering device answers with no delay making it impossible that the attacker could be as fast as the correct device; (2) the answering device can listen to the channel during transmission making it more difficult for an attacker to insert data and making it easier to detect this if it does occur; (3) secure the channel between the two devices. (Kennedy and Hunt, 2008)
The Data Insertion countermeasures can be performed through establishing a secure channel between the two NFC devices and then having a standard key agreement protocol "such as Diffie-Hellman based on RSA or Elliptic Curve cryptography. Since the "man-in-the-middle is no significant threat, the unauthenticated version of Diffie-Hellman will be adequate. The shared secret can then be used to derive a key to be used in symmetric encryption algorithm such as 3 DEC or AES which then secures the channel. (Kennedy and Hunt, 2008)
Kennedy and Hunt (2008) state: "Although application of the key security principles of encryption and authentication are clearly required in any wireless network architecture, they are more difficult to achieve as the size and scale of wireless devices is reduced. Implementing authentication and encryption algorithms in hardware on an IEEE 802.11 device installed, for example, in a laptop is not difficult, but the same cannot be said for a number of WPAN devices. Encryption and authentication need to be fast -- particularly in a highly mobile environment which demands hardware implementation." (Kennedy and Hunt, 2008, p. 5) The WPAN devices are to small to handle this challenge and current cryptographic algorithm demands including AES, MD5 as well as others results in difficulty in achieving due to the requirements of mathematical process that are quite complicated in addition to the miniature power sources. Stated to be a technology that might "...significantly alter this landscape is Ultra Wide Band (UWB), which operates by spreading pulses across a very wide frequency spectrum (3.1 to 10.6 GHz) although currently it is still in the standards specification phase. The combination of this larger spectrum, lower power and pulsed data improves speed and reduces interference with other wireless devices. This short-range radio technology could be very valuable for WPANs, as it would provide a cost-effective, power-efficient, high bandwidth solution for relaying data between hosts and intermediate devices (up to 10 meters). UWB is establishing partnerships with Bluetooth (draft version 3.0, May 2008) and Wireless USB to gain value from this new technology which may change the face of next generation of mobile devices." (Kennedy and Hunt, 2008, p.5)
II. P2P Wireless Technology
The work of Liu and Koenig (2008) entitled: "Security Policy Management for Peer Group Meetings" states that the privacy of P2P meetings needs "...appropriate security architecture." (p.1) Security architecture "specifies how to incorporate the needed cryptographic methodologies and the security functions (key management) into the system to meet the defined security requirements." (Liu and Koenig, 2008, p.68) Security architecture is reported to built up in a "modular manner" for the purpose of easing the systems expansion and maintenance and each module "serves as a specific security function in the system such as key management and the security policy management." (Liu and Koenig, 2008, p. 68)
The level of protection of a conference is determined by the security policy which also sets out the application of security algorithms. Therefore, it is the…