The security threats and challenges to wireless and mobile networks
The increasing reliance on wireless and mobile networks for data transmission makes it critical to maintain secure communications even in the wake of security breach. Three taxonomies of security threats are described, in terms of wireless and mobile channel, the OSI layers, and the attack technologies respectively. There are no specific descriptions on threats, only the general scope and different aspects of threats.
Wireless and mobile network is increasing popularity due to attractiveness of location independent network access and configuration flexibilities. Although wireless technology is widely supported and implenmented, it is still immature and quite possibly disruptive. It is more vulnerable than wired networks since most common way of transmitting data via wireless networks is radio waves. Capturing these physical signal is relatively easy, and anyone with the technology can intercept the data sent into air. Due to limited bandwidth, memory, and processing capabilities, wireless network, by its nature, does not obey the principle of security. It does not assure user identity, which violates authentication, nor does it prevent the sender from denying the origin of the message, which violates non-repudiation. In this research, we firstly get to know the background of wireless and mobile network, and their security requirements. We will then discuss characteristics that strongly affect wireless network security from the points of view of wireless channels and mobile. This paper addressees known and upcoming security threats to wireless networks, as well as new challenges. Brief solutions are included, and followed by unsophisticated analysis of development.
According to Wang (n.d.) and Zorz (2002), wireless network has been classified to the following three categories, and each has given some examples:
- Wireless Local Area Network (WLAN) - Wi-Fi
- Wireless MAN (Metropolitan Area Networks) - used to connect several wireless LANs, GPRS
- Mobile Devices Networks - Global System for Mobile communication (GSM), 3GPP (The 3rd Generation Partnership Project)
- Others - PAN (mainly bluetooth), Ad hoc and sensor network etc.
Wireless network has been widely used by business, educations, governments, and the military. Over the years, they have demanded more flexibility in the location and when they work, this lowered the hardware costs of wired network components. This resulted the evolution of cellular and wireless technology generations, as well as the need for security mechanisms. Wireless communication can transmit data between nodes by broadcasting using electromagnetic waves. The signals carrying the data are beamed over a wide range. It makes lives more convenient to receive information for not only legitimate receivers but also malicious ones. Therefore, without security measures in place, data can be transparent and cryptographically secured information can be attacked even by using published automated tools.
Illustrated by Nichols and Lekkas (2002), the fundamental differences for wireless services are: bandwidth, allowable error rates, latency and variability, as well as power constraints. Wireless networks are generally characterized by low quality of service (QoS). It is less secure, more packet losses, unreliable, and not stable. A guideline of what a more secure mobile device should have is listed in the article corresponding to the weaknesses mobile devices have.
Security is the combination of processes used to ensure the confidentiality, integrity, and availability of information. The security threats to wireless network can also be categorized according to these criteria. The most obvious requirements are authentication, access control, confidentiality of information exchanged, integrity, and privacy.
According to Welch and Lathrop (2003), wireless security technology was classified into three categories based on the research they did. The first category is authorization, which determines whether an identity has access to a certain zone. The second category is to maintain the privacy of the session once a user has logged in the WLAN, which is normally encryption. The final category specifies on verification of integrity of information. Security measures of protecting the device, data, and corporate network, including VPN, antivirus, firewall, network admission control (NAC) appliance, and intrusion detection and prevention solutions (Intel and Cisco WLAN Deployment Guide for Healthcare).
3. Security threats and challenges
We firstly discusses vulnerabilities of wireless networks with respect to the other two characteristics, which are wireless channel and mobile channel, addressed by Buttyan and Hubaux (2007). Wireless channel, which is usually a radio channel, but can also be an infrared channel, have quite a few threats to its security as mentioned below.
- Channel eavesdropping: information can easily be overheard on the way of transmission if an antenna is placed in the right position. However, it can be used to detect passive attack that consist spying on the network without interference. Such attack can also be illustrated with the drawback of WEP. The protection of information is simply encrypting the data.
- Modification on data: this is an active attack that an attacker alters the message between the transmission nodes. For example, Man in the middle attack.
- Fake identification via wired links: attacker can move around and pretend to be authenticated user as it is wireless.
- Overuse of radio channel: user may overuse the radio spectrum as it is a shared resource. To issue a licensed piece of the spectrum can solve the problem between cellular operators, not when several operators share the same spectrum, which is the same situation as WiFi today.
- Jam of the channel: Denial of service attack by transmitting the data at the same time the victim transmits data so that communication is invalid. To solve this problem we can use either spread spectrum or frequency hopping or both.
The other characteristic is that the user are usually mobile, by that we mean either communicates, moves, or communicates while moving. There are vulnerabilities shown hereafter.
- The device tracks the mobile device user, hence privacy is kind of explored.
- Mobility also indicates capability of roaming via wireless network controlled by different operators.
- As the device is relatively small, it normally has limited storage, computing power and energy. It can also be easily stolen, which may be misused or reverse engineered and the data contains are accessed. Solution to this is just encrypting the data and embedding a tamper-resistant component in order to protect the cryptographic keys.
Another taxonomy of security features of wireless network taxonomy is illustrated by Nichols and Lekkas (2002). They represente the differences and features in the logical OSI layer because security features differ between each of the protocol stacks, and security policy implementation and enforcement is dependent on those carriers. The following tables demonstrate the threats in application, network, and physical layer.
Welch and Lathrop(2003) pointed out another interesting view of looking at threats, which are from an insider and an outsider. From a insider point of view, the attacker might be an authorized organization member or an attacker who steals the laptop from an authorized user that with software, and certificates, etc. He/ she can access information and wireless network without extra authentication. The other point of view is from that of an outsider. This attacker knows little professional skills or just using reconnaissance tools that can be obtained publicly.
Threats that Welch and Lathrop(2003) introduces seven attack techniques in this taxonomy. Traffic analysis, passive eavesdropping, and active eavesdropping, are the three that violating just the confidentiality of the session. Man-in-the-middle attack violate confidentiality and/or integrity. The last three attacks violate the integrity of network traffic are: unauthorized access, session high jacking, and the replay attack.
Brief solution to attacks
Authentication: IEEE 802.11 Standard or Wired,WEP, SSID, MAC list, PEAP, etc.
Encrypted Tunnel or Virtual Private Network (VPN)
OSI Network Layer and Endpoints
- Encryption Layer
- WEP CRC-32 Checksum
- Cryptographic Checksum or Message Integrity Codes (MIC)
- Secure Hash Algorithm SHA-1
As discussed before, wireless devices are small and wireless networks are bandwidth limited, some of the major challenges in wireless networks are shown below:
- data rate enhancements
- minimizing size and cost
- low power networking
The diagram above simply shows topology of big challenges. Another long term challenge is network encryption. Safety of algorithm and data are the two challenges to it. With a few exceptions, no algorithms are proven secure unconditionally. Data and keys can be reasonably well protected today against compromise with trusted hardware, software keys.
In this research, consideration of the security of wireless communication systems, we discussed about what computer security threats apply to wireless systems and how they relate to the goals of CIA (confidentiality, data integrity, and availability). Applying wireless security concepts to networks form different aspects. Several taxonomies have been presented to broaden what needs to consider to provide security for wireless networks, and better solutions. We were concerned with the security of existing wireless networks at first, and then identified the important characteristics of wireless networks that have a strong effect on their security. By understanding the taxonomies and simple comparisons, we know how wireless differed from wireled networks, possible threats and solutions can be implemented. We did not address too much details on how the individual security threats works. As there are indeed quite a lot of attacks that threatens the security of wireless network, we could not have all of them in comparison and illustrate in details. It was mainly giving an idea of why security of wireless network is important, different aspects and taxonomies of threats to wireless and mobile networks, and some challenges it is facing. Due to limited timeline, there was supposed to have more researches to be investigated.
Mirko Zorz(October , 2002).Wireless Security Threats. Retrieved from http://www.net-security.org/article.php?id=202&p=2
Nichols and Lekkas(2002). Wireless security models threats and solutions. The McGraw-Hill Companies, Inc. [Book]
Donald Welch, Senior Member, IEEE, and Scott Lathrop(June, 2003). Wireless Security Threat Taxonomy. Proceedings of the 2003 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY. [Book]
Guilin Wang(2006). wireless n.w security[PowerPoint slides]. The school of computer science, Uni of Birminghan.
Sam Samuel(April 2009). Big Challenges: Wireless Networks and Services[PowerPoint slides]
Burt Kaliski, RSA Security(Sept., 2004). Network Encryption: Long-Term Challenges[PowerPoint slides].
Christina Fragouli, Dina Katabi, Athina Markopoulou, Muriel Medard, Hariharan Rahul(n.d.) Wireless Network Coding: Opportunities & Challenges. Retrieved from http://nms.lcs.mit.edu/~dina/pub/Milcom.pdf
Levente Buttyan and Jean-Pierre Hubaux (July, 2007). Security and cooperation iin wireless networks. Thawarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing. Version 1.5.1