Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager - PowerPoint PPT Presentation

Loading...

PPT – Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager PowerPoint presentation | free to download - id: 6b28b1-OTU4N



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager

Description:

Molde University College Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager – PowerPoint PPT presentation

Number of Views:17
Avg rating:3.0/5.0
Slides: 20
Provided by: Bj164
Learn more at: http://kursinfo.himolde.no
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Mobile and Wireless Security INF245 Guest lecture 17.10.2007 by Bjorn Jager


1
Mobile and Wireless SecurityINF245 Guest
lecture 17.10.2007 by Bjorn Jager
Molde University College
2
Overview of lecture
  • Litterature
  • Wireless and Mobile Security (Ch 6 Mallic)
  • VPN portals http//forskningsnett.uninett.no/wlan/
    vpn.html
  • Background for further studySee on-line
    references for info on 802.11 security
    http//www.drizzle.com/aboba/IEEE/

3
Overview of lecture
  • What are you afraid of?
  • Security is
  • Security Threats
  • Security Technologies
  • Products and Standards

4
1. What are you afraid of?
  • Brainstorming session with the students ....
  • Relate to data traffic in wireless and mobile
    environments, and related to voice using mobile
    phones
  • Mention some examples
  • In norwegian 5.9.07 Mobilen hører alt
    http//pub.tv2.no/nettavisen/it/article1318955.ece
  • http//www.nrk.no/programmer/tv/schrodingers_katt/
    1.3340261
  • MMS Flooding (PocketPC can use WAPPush)

5
2. Security is
  • Confidentiality
  • Integrity
  • Authentication
  • Nonrepudiation

6
3. Security Threats
  • Exposure Sniffing, theft
  • Violates Confidentiality
  • Tampering change or delete
  • Violates Integrity
  • Spoofing, Exposure
  • Violates Authentication
  • Repudiation
  • Violates Non-Repudiation
  • NOTE Be careful to distinguish between threats
    on something you are afraid of
  • and the reason for the threat!
  • E.g. You may fear exposure of sensitive
    information, the reason can be to weak
  • authentication, virus or other malware that cause
    exposure, etc.

7
4 Security Technologies
  • Cryptology
  • Cryptology
  • Cryptology
  • Cryptology
  • All security issues (Confidentiality, Integrity,
  • Authentication, and Nonrepudiation) are solved
  • using Cryptology!

8
5. Products and Standards
  1. PKI
  2. IPSec
  3. VPN
  4. SSL. TLS
  5. HTTPS
  6. Firewalls
  7. WEP WPA
  8. Voice Encryption
  9. Security Development Tools and Kits

9
Cryptology basics
  • We look at major principles for
  • Symmetric encryption schemes
  • Asymmetric encryption schemes
  • Hybrid encryption systems

10
Code excerpt for synchronous encryption in Java
  • We looked at code from
  • Beginning J2ME at page 363
  • The remaining parts of the presentation was
    skipped due to time limits....

11
Layered Architecture
12
Encryption can be done at each layer!
  • Layer 1 Physical
  • Layer 2 Link layer by link protocol
    (WPA-protocol, Access list at MAC layer)
  • Layer 3 Network layer by link protocol
    (IPsec-protocol, VPN)
  • Layer 4 Transport layer (SSL, TLS, HTTPS)
  • Layer 5-7 Up to Application layer BY YOU!
    Develop your own solutions using Java framework
    or other.
  • (See e.g. http//www.opus1.com/www/whitepapers/802
    1xbindingproblem.pdf)

13
VPN
  • Threat evesdropping at hotspots etc.
  • All through the infrastructure WLAN, Micro Wave
    Systems, Internet routers, ...
  • By connecting a mobile device with the home
    office via VPN ALL TRAFFIC to the home office AND
    all traffic to/and from the public Internet is
    sent through the encrypted VPN connection.
  • VPN connects to host
  • VPN Client establish a connection
  • The mobile user is prompted for proof of identity
    using a token such as a SecurID password or a
    digital certificate.
  • A VPN tunnel is established between the mobile
    phone and the corporate network and all data
    traveling to and from the device is encrypted.
  • See VPN portals http//forskningsnett.uninett.no/
    wlan/vpn.html

14
SSL Secure Sockets Layer
  • SSL is part of many standard applications E.g
  • Browsers and WEB servers
  • E-mail clients and servers
  • FTP (file transfer protocol) etc.
  • To use SSL you need a Server ID, i.e. a Digital
    Certificate for a Web-server. Web-clients
    (browsers use this to authenticate a server and
    encrypt information).
  • SSL forerunner of TLS used by HTTPS

15
WPA
  • WPA Wi-Fi Protected Access
  • Industry standard by Wi-Fi Alliance
  • WPA is WEP with fast change of keys
  • WPA consists of
  • WEP( Wireless Equivalent Privacy)
  • TKIP
  • Checksum that ensures that no single bit is
    changed (CRC)
  • 802.1x authentification is an option

16
Bluetooth security issues.www.trifinite.org See
trifinite.stuff
  • BlueSnarf
  • Read SMS, contacts, calender
  • BlueBug
  • Complete control of mobile
  • HeloMoto
  • Connect to headset/handsfree
  • BlueSmack
  • DoS-attack, buffert overflow
  • BlueStab
  • Makes the phone crash
  • BlueSnarf
  • Read files, full read and write access, access to
    memory card

17
Get address book from Sony Ericsson T610
  • You need
  • Linux distribution with hcitool and obexftp

18
Get address book from Sony Ericsson T610
  • Do
  • hcitool scan
  • Scanning .
  • 000AD9150B1C T610-phone
  • obexftp -b 000AD9150B1C --channel 10 -g
    telecom/pb.vcf -v
  • Browsing 000AD9150B1C ...
  • Channel 7
  • No custom transport
  • Connecting...bt 1
  • done
  • Receiving telecom/pb.vcf...\
  • done
  • Disconnecting...
  • done

19
This works on
  • Nokia
  • 6310
  • 6310i
  • 8910
  • 8910i
  • Sony Ericsson
  • T68
  • T68i
  • R520m
  • T610
  • Z600
About PowerShow.com