Wireless Security Awareness
Ludwig Slusky, CISSP, CIS Department,
Parviz Partow-Navid, CIS Department
California State University, Los Angeles
Secure IT Conference 2009
March 4-6, 2009
Regional Information Systems Security Center
A Consortium for Security Education, Training & Service
Wireless Computing
Wireless Computing
WIRELESS INTERNET
GROWTH GROWTH
 The next time you're sipping a
latte and surfing the Net at your
favorite neighborhood wireless
web access
café, someone just a few seats
instant messaging
away could be breaking into your
e-mail
file transfer
laptop and causing irreparable
location services
damage to your computer's
news feeds
operating system by secretly
search
tapping into your network card's
streaming audio
unique device driver.
& video
(http://www.sciencedaily.com/releases/2006/09/060912214943.htm)
RF & DIGITAL MOBILE
TECHNOLOGY SOFTWARE
Wireless Security Awareness
3/5/2009
2
Wireless: Many Applications
Wireless: Many Applications
" Personal area networks: cell phone, laptop, wrist watch
" Military Applications: soldiers, tanks, planes
" Emergency Operations: search and rescue, police, fire fighters
" Civilian Environments:
- Taxi cab network
- Meeting rooms
- Sports stadiums
- Boats
Wireless Security Awareness
3/5/2009
3
New Developments
New Developments
" World population - about 6.6 billion (2008), mobile users - 3 billion
" Focus on Mobile Internet  instant messaging, exchange pictures, other.
" Mobile TV  bundling DSL + wireless
" Wireless LAN market
 2006 - surpassed $3.6 billion
 2009  likely to reach $4.3 billion
" Wireless - a replacement, not an alternative to wired networks
" User perspective
 Broadband users under 35 are most likely to ignore wireless security
 Wireless communication in USA 7-9 cents/min, in Europe 15 cents/min, in
China and India  2 cents/min
 Financial transactions (money transfers) on the mobile (Kenya, India)
Wireless Security Awareness
4
3/5/2009
Cybercrime
Cybercrime
" Hacking ( cracking ) - big business.
 Hacking - Gaining unauthorized access to networks/devices
by algorithms or penetration programs
 Cracking - Extending the use of devices past original intentions
" Hackers often working in cahoots with organized crime
" Wireless technology  more ways for hackers to break in
" 10% - of large UK business have computer systems broken to steal
confidential information (thousands of attempts every year)
" 13% - large UK companies detected unauthorized outsiders in their
networks (vs. 1% just two years ago)
" 6% - UK corporations admitted loss of confidential information
" Mobile spam in Asia; emerging in Europe and North America
" 30% of SMS messages in China and India are spam
" Mobile zombies  reality; several smart phone viruses exist today
Wireless Security Awareness
3/5/2009
5
The Economics of Spam
The Economics of Spam
Spamming is a successful business*
Classic business models apply
Spammers business model evolving
Broader Distribution: Botnets/zombies
Higher Profits: Phishing, stock scams
Spam as a % of Worldwide Email Volume
Increasingly sophistication
100%
90%
Higher volume of abuse
80%
70%
2002: 25% of email is spam
60%
50%
2007: 95+% of email is spam
40%
30%
Expanding to new markets
20%
10%
Blogs, IM, social networking, mobile
0%
02 03 04 05 06 07
*9 percent of web users fall victim to spam-based
scams.
- Radicati Group
Jamie de Guerre; CTO, Cloudmark. Addressing Network Security  In the Era of Open Access & Fully
Jamie de Guerre; CTO, Cloudmark. Addressing Network Security  In the Era of Open Access & Fully
Functional Mobile Multimedia Devices (CTIA Wireless 2008).
Functional Mobile Multimedia Devices (CTIA Wireless 2008).
Wireless Security Awareness
3/5/2009
6
Wireless Attack Scenario
Wireless Attack Scenario
A. Primary target - wired network using the wireless network as a
medium.
B. Primary target - wireless users using the wireless network as a
medium; the user may or may not be connected to a wireless network.
C. Primary target - wireless network infrastructure using rogue access
point or wireless controllers
The wireless network - frequently the first step, not the goal
Raśl Siles. HoneySpot:The
Wireless Honeypot. Monitoring the
Attacker s Activities in Wireless
Networks
The Spanish Honeynet Project
(SHP).
http://www.honeynet.org.es
Wireless Security Awareness
3/5/2009
7
Wireless Vulnerabilities
Wireless Vulnerabilities
Password-guessing
Administrative Password. User Name: Admin; Password: Password
Wireless Network Encryption: WEP (under 3 min to crack) and WPA
Media access control (MAC) address spoofing
Threats & attack sophistication is evolving, a big challenge
Day-zero attacks
Bluesnarfing - the theft of information through a Bluetooth connection.
Attacker can leave no evidence when access mobile device
Device drivers - a primary source of security holes in modern OS (Sandia National
Laboratories) (http://www.sciencedaily.com/releases/2006/09/060912214943.htm)
Wireless Security Awareness
3/5/2009
8
New Security Challenges
New Security Challenges
Wireless networks are more susceptible to hackers/crackers
RF signals allow for more unauthorized attempts
New viruses can throw off antivirus software
Massive increases in bandwidth from data services
Signaling protocols for wireless networks - key communications
target for attacks
Need for a rich ecosystem of technologies and vendors with 4G
Attacks include rogue access points
Wireless Security Awareness
3/5/2009
9
Radio Frequency Fingerprinting
Radio Frequency Fingerprinting
Radio frequency fingerprinting (RFF) for wireless intrusion detection
systems (IDS)
anomaly-based intrusion detection approach with RFF
Uniquely identifies a transceiver based on the transceiverprint (set of
features) of the signal it generates.
MAC address can be spoofed, but the transceiverprints from the
illegitimate device would not match the profile of the legitimate device.
Wireless Security Awareness
3/5/2009
10
Increase of Mobile Threat
Year Spam Threats Solutions
2005 <1% Mass texting Closed network
2006 5-10% Contest scams Protocol filter
Toll calls Handset policies
Premium rate numbers Internet gateway
2007 10-20% SMS Spoofing Anti-Spoofing
SMS Faking Anti-Faking
SMS Flooding Anti-Flooding
Increase in MMS Viruses Handset Security
2008 30-50% On Network Attacks Fingerprinting
Stock Scams Content analysis
Distributed network intelligence
Future >75% Zombies & Bots Fingerprinting
Spyware Content analysis
Distributed network intelligence
Jamie de Guerre; CTO, Cloudmark. Addressing Network Security  In the Era of Open Access & Fully
Jamie de Guerre; CTO, Cloudmark. Addressing Network Security  In the Era of Open Access & Fully
Functional Mobile Multimedia Devices (CTIA Wireless 2008).
Functional Mobile Multimedia Devices (CTIA Wireless 2008).
Wireless Security Awareness
3/5/2009
11
A, B& ..G? Older Wireless Standards
A, B& ..G? Older Wireless Standards
802.11A
Bandwidth up to 54 Mbps.
Limited range; more difficulty penetrating walls and other obstructions.
Outdated technology
802.11B
Bandwidth up to 11 Mbps.
Much better range than 802.11a; not as easily obstructed by walls or
other objects.
Can suffer from more interference from other electronic devices such as
microwaves.
Are being replaced by the newer 802.11g devices.
802.11G
Bandwidth up to 54 Mbps; range will cover most average homes.
Common but are being replaced by the newer 802.11n devices.
Wireless Security Awareness
3/5/2009
12
802.1n New Wireless Standard
802.1n New Wireless Standard
802.11n standard  a major part of future growth
Bandwidth up to 248Mbit/s (vs. 54Mbit/s for 802.11g).
Throughput - 74Mbit/s (vs. 19Mbit/s for 802.11g).
Range of access points is double vs. 802.11g
Operational frequency 2.4 GHz and 5 GHz (vs. 2.4 GHz for 802.11g)
802.11n as a wired replacement for new LAN deployments
Supports reliability, consistency in connectivity and performance
Approval tentatively scheduled for 7/2009
Wireless Security Awareness
3/5/2009
13
Mobile Broadband
Mobile Broadband
3G Wireless
Not sufficient for multi-media, full-motion video, or teleconferencing
4G Wireless
End-to-end IP and high-quality streaming video
Currently testing 4G at 100Mbps while moving and 1Gbps stationary
Supports dozens of DVD-quality and HD video streams simultaneously
Supports  three screen entertainment: content is shared across multiple
devices - TV, mobile, PC, other  at home or on the go
Interactive, personalized, context-specific live or on-demand mobile TV
High data rate, smooth handovers across heterogeneous networks
LTE taking the lead in the 4G wireless development
Underlying architectures of WIMAX and LTE are similar
Verizon and AT&T to roll out their LTE networks early next decade.
http://searchmobilecomputing.techtarget.com/news/article/0,289142,sid40_gci929575,00.html#2
http://searchmobilecomputing.techtarget.com/news/article/0,289142,sid40_gci929575,00.html#2
Wireless Security Awareness
3/5/2009
14
WiMAX
WiMAX
Sprint, Verizon and Clearwire have embraced the technology.
High cost of deployment - $5B
Plans to make pricing to be "comparable" to cable and DSL.
Some WiMAX infrastructure providers are Alcatel-Lucent and
Nortel
Eric Bangeman. Verizon decides on LTE for 4G wireless broadband. Published: November 29, 2007
Eric Bangeman. Published: November 29, 2007
Wireless Security Awareness
3/5/2009
15
LTE - Long Term Evolution
LTE - Long Term Evolution
Broad standard for 4G encompassing technology standards
100MBits/sec downloads, 50Mbps uploads
1000MBits/sec download in hot spots
Will be 3-5 times more powerful than anything today
Handle up to 200 simultaneous users per 5MHz slice of spectrum
2008 - the first set of LTE trials completed.
LSTI, the European LTE testing group, will continue trials through
2009 with deployments beginning in 2010.
Expected LTE announcements by Vodafone, Verizon, Mobile China.
Wireless Security Awareness
3/5/2009
16
New technologies & more vulnerabilities
New technologies & more vulnerabilities
 Over the last several years, the mobile handset pendulum swung towards
the convergence of handsets as multi-function tools in order to be all
things to all people. As this trend continued, the challenge for the industry
became creating open networks that can handle the transference of mobile
data across a variety of handsets and carriers. (Rich Nespola, CEO of
TMNG Global)
 Handset Feature Set Road Map  How to mix a variety of data on the
device screen that is easy for a user? For example, if a user types 1456781,
will the device assume it is a phone to dial or just a note? Will the user
continue to use different Internet Browser as text editor vs. phone input?
Wireless Security Awareness
3/5/2009
17
Applications: Privacy Concerns
Applications: Privacy Concerns
Yahoo! oneConnect
Yahoo! oneConnect
Draws information from social-networking sites such as MySpace, AOL
Instant Messenger, and e-mail to build a picture of the mood, location, and
activities of friends and colleagues.
Integrated mobile messaging - integration of IM and SMS (Short Message
Services), including threaded conversations and popular services.
Status - view the contacts by their most recent status updates on popular
social networks and automatically broadcast it to their friends.
Pulse - see a dynamic overview of what friends are up to, including recent
photos, their status, profile updates, and recommendations based on their
most recent actions on popular social networks.
Favorites - messaging shortcuts to make reaching out as quick as possible.
Social contact card - to aggregate the relevant information on any contact
Innovative location-sensing technology - locate, chat with, and exchange
contact information with nearby Yahoo! oneConnect users; proximity alerts.
An open communications platform - functionality to communicate via
multiple communications tools - such as IM, SMS, and social networks
(http://mobile.yahoo.com/oneconnect)
Wireless Security Awareness
3/5/2009
18
Applications: Privacy Concerns
Applications: Privacy Concerns
Yahoo! onePlace
Yahoo! onePlace
Brings together all person s interests and important information into a
single location
Everything about that person is highly personalized, instantly
organized, dynamically kept up to date, and delivered the way you
want.
Links practically any piece of content (news feeds, websites, videos,
images, emails, search queries, etc.)
A snap to instantly link to other favorite content that have already
been personalized on Yahoo! (like My Yahoo! Feeds)
http://mobile.yahoo.com/oneplace
Privacy concerns ??
Wireless Security Awareness
3/5/2009
19
Special Applications:
Special Applications:
Mobile Ad-hoc Networks
Mobile Ad-hoc Networks
A network may be difficult to maintain if its routers come and go at
random intervals.
Most IP routing techniques for relatively static router configurations
Combat or other highly dynamic scenarios require dynamically
formed, ad-hoc networks
Rogue Access Point is a particularly strong security threat
Joab Jackson. Mobile routing protocol advances
Joab Jackson. Mobile routing protocol advances
Wireless Security Awareness
3/5/2009
20
Regional Information Systems Security
Regional Information Systems Security
Center (RISSC)
Center (RISSC)
Mt San Antonio College
Cal Poly Pomona
Cal State University, Los Angeles
Long Beach City College
Cal State University, Dominguez Hills
Goal: Providing information security education for traditionally underrepresented
students.
Wireless Security Awareness
3/5/2009
21
Regional Information Systems Security
Regional Information Systems Security
Center (RISSC)
Center (RISSC)
RISSC addresses information security needs in the following ways:
Workforce Development
Curriculum Development, Revision, and Dissemination
Faculty Professional Development
Outreach and Partnership Development
Wireless Security Awareness 3/5/2009
22
CSU Security Awareness
CSU Security Awareness
CSU Security Awareness Training Course Project (RFP, February 04, 2008)
A system wide course
For delivery to all CSU faculty, staff, affiliates, auxiliary employees and
third-party vendors/contractors hired by the CSU. Not intended for student
use.
The average length should not exceed 30 minutes.
Interactive modular course structure; randomized assessments
SCORM and AICC compliant.
Additional courses can be hosted in the web-based system.
Health Insurance Portability and Accountability Act (HIPPA),
Family Educational Rights and Privacy Act (FERPA)
Security awareness specifically for students.
Wireless Security Awareness 3/5/2009
23
Securing Wireless Network
Securing Wireless Network
Encrypt your communication over the network
Install anti-virus, and firewall software
Stop identifier broadcasting mechanism
Change the router s identifier from the default
Change the router s default password
Deny all permit some approach
Don t assume that public hot-spots are safe
Source: http://www.onguardonline.gov
Wireless Security Awareness 3/5/2009
24
Learning to Write Viruses?
Learning to Write Viruses?
"  Not Teaching Viruses and Worms is Harmful (Sonoma State
University)
" "Race to Zero virus contest at the Defcon 16 (August 8-10, 2008)
 Hackers to find new ways of beating antivirus software. Contestants will
get some sample virus code that they must modify and try to sneak past
the antivirus products.
 Announced 4/25/08 (http://seclists.org/dailydave/2008/q2/0046.html)
 Security companies are already having difficulty keeping up with the
torrent of new malware.
 "It's hard to see an upside for encouraging people to write more viruses &
It's a dumb idea. (Roger Thompson, chief research officer at AVG
Technologies; via instant message.
(http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9080658&source=NLT_AM&nlid=1)
" Beating antivirus software: a beta testing or an organized crime
again antivirus software vendors?
Wireless Security Awareness
3/5/2009
25