HPCS 2007 INVITED TALK
Wireless Network Security: Threats and Counter Measures
Ratan K. Guha
School of Electrical Engineering and Computer Science
University of Central Florida
Orlando, Florida, USA
Wireless networks (WNs) have become constitutional in businesses today. A large number of financial institutions, defence agencies, companies, and home users are using wireless technologies in their environments. However, with this unhindered mobility and flexibility lurks opportunities for violators to infringe the privacy of wireless network users. This is because the air interface is a shared medium over which data is transmitted. As companies rely on these networks for business communication and occupational activities, security threats become a major concern. There is a necessity to employ safe protocols to protect WNs from intrusion and leak of potentially sensitive information. Such protocols need to be intelligent enough to detect threats and in the advent of a breach, be robust enough to continually work against them. Thus, users should be aware of the security risks associated with the wireless networks so that they can apply appropriate measures safeguard their data/information.
In this talk, we present existing IEEE wireless standards and the efforts taken by the industry to realize these standards. IEEE 802.16 (also known as WiMAX), provides Wireless Metropolitan Area Network (WMAN) users with high-speed broadband access to the Internet, whereas, IEEE 802.11 (also known as WiFi), allows users to establish wireless connections Wireless Local Area Network (WLAN). In addition, IEEE 802.15 (also known as Bluetooth) provides short-range connectivity for portable devices.
As mentioned above, in order to capitalize the benefits of WNs, a security policy needs to be put in place to mitigate security risks. The security policy of a WN must define what is to be protected and what are the expectations of WN users. The definition of the objectives of this policy serves as a basis for security planning when new applications are designed or current networks are expanded. We consider the most common security objectives of a WN to be authentication and access control, confidentiality, integrity, and availability. The interpretation of these objectives varies as do the contexts in which they arise. These objectives aim to keep the intruders (or adversaries) at bay and allow only legitimate users to access authorized systems and services.
The standard IEEE 802.11 provided a mechanism called Wired Equivalent Privacy (WEP) to protect wireless links. WEP was a subject of criticism for many years which led to the development of IEEE 802.11i. IEEE 802.11i enhances WEP by introducing a Temporal Key Integrity Protocol (TKIP) and Counter-Mode/CBC-MAC Protocol (CCMP) with a 128-bit key to improve security. Also, it uses (Extensible Authentication Protocol (EAP) for authentication and EAP encapsulation over LANs (EAPOL) for key exchange.
Bluetooth devices establish a secure connection by using a PIN code during the initial pairing process. This PIN serves to generate a key which is used for authentication. IEEE 802.16 standard implements security in the form of a privacy sublayer, present in MAC’s internal layering. Functions of the privacy sub-layer include access control and privacy of the data link.
In this talk, we present how security and privacy are fortified in all these standards.
Ratan K. Guha is a professor in the School of Electrical Engineering and Computer Science (www.eecs.ucf.edu) at the University of Central Florida (www.ucf.edu), Orlando. He received his B.Sc. degree with honors in Mathematics and M.Sc. degree in Applied Mathematics from University of Calcutta (www.caluniv.ac.in) and received the Ph.D. degree in Computer Science from the University of Texas at Austin (www.utexas.edu) in 1970. His research interests include distributed systems, computer networks, security protocols, modelling and simulation, and computer graphics. He has authored over 125 papers published in various computer journals, book chapters and conference proceedings. His research has been supported by grants from ARO, NSF, STRICOM, PM-TRADE, NASA, and the State of Florida. He has served as a member of the program committee of several conferences, as the general chair of CSMA’98 and CSMA’2000 and as the guest co-editor of a special issue of the Journal of Simulation Practice and Theory. He is a member of ACM, IEEE, and SCS and served as a member of the Board of Directors of SCS from 2004 to 2006. He is currently serving in the editorial board of two journals: International Journal of Internet Technology and Secured Transactions (IJITST) published by Inderscience Enterprises (www.inderscience.com), and Modelling and Simulation in Engineering published by Hindawi Publishing Corporation (www.hindawi.com).