Lejla Deko

Professor adi Matar

CITA 260

25 November 2015

Security aspects in wireless communication systems

Wireless communication is one of the greatest successes in the last 30 years. It all
started with Maxwell and Hertz with their scientific theory on electromagnetic waves and
Tesla demonstrating the whole process of sending information through electromagnetic
waves. Later in 1909 Marconi won Nobel Prize as a lead innovator on that field. We can even
say Native Americans using smoke signals or drums was sort of wireless communication. But
as I stated in the beginning, with the last 30 years growth it became Worldwide, therefore,
more insecure. From purely military and industry use it developed in to necessity. It hit the
market widely and changed our working habits making it harder for security to maintain. Not
only its used in military and healthcare with lives in danger, but we also put our entire life in
to devices connected to wireless networks. Our money, safety, personal conversations and
much more is hooked to those systems so the in detail review on those aspects could
never be completely explained.

When discussing general issues, by my opinion there are three issues from the
devices used for communication itself. Every wireless device comes with constrains in
processing power due limited space, price of the device itself and need for flexibility which
ends up with these problems. So we can say that limited power of wireless devices and its
processing is the first issue. Most of our smart phones today cant go more than 2 days
without charging. When making one, manufactures needs to balance the consumption
between security and performance. We can notice those issues ourselves; For example,
Apples iPhones had a security breakdown this year where millions of customers were
affected, and its known that Apple devices come with long lasting battery and nice
performance. On the other side, we all notice how our computers and other tech devices
slightly slow down when we install an Antivirus system. Without special knowledge on
security itself, and with using logic, we can conclude why is the power one of the sources
that creates security issues. Then we have limited communications bandwidth. It is always at
least one order of magnitude above the limit for wired networks. Radio frequency spectrum
can be viewed as finite resource, and entire wireless communication is using that resource.
Raising that bandwidth would create mutual interference among devices making them all
insecure. With limited bandwidth and the third issue, unreliable network connection, we
have a system with limited space, different architectures, and millions of devices on it which
is greater challenge than with wired network. It would be perfect with single protocol to
control security, but different architectures and needs require multiple protocols. For
example the IEEE 802.11i Standard provides security upgrade in MAC layer in local networks.
For data integrity we have protocols to follow in order to have well-designed cryptographic
functions, because integrity is a must have feature. When creating security protocols for
wireless networks, we need to look at all possible vulnerabilities. For example, the Link Layer
of a WLAN has three possible types of frames: Management Frames, Control Frames, and
Data Frames. Any manipulation or change in these frames that directly or potentially
jeopardizes data confidentiality, integrity, mutual authentication, and availability (security
requirements) should be considered a threat to entire communication system. All these
general issues leave space for lack of security and create extra job for providing security.

When letting your data to a signal thats in the air, it is hard for a user to determine
who is the provider and likewise. Theres a lot more steps when securing wireless
communication. I will focus on three general security requirements:

1. Data confidentiality and integrity

2. Mutual Authentication
3. Availability

Definition of data confidentiality and integrity states that only those who are communicating
can understand the received and sent messages, generate or modify valid messages.
Commonly used breaking technique into wireless communication systems is replaying
messages. Intruder can break into system without being able to encrypt them, but by using
them once they passed integrity check, which is only one of the requirements. Another flaw
has been found in using MAC-address-based Access Control List (ACL), but the MAC address
can be easily traced down in your traffic even if you had it protected. Even using closed
system authentication becomes useless if the intruder breaks into request frame of
validated user. Using wired system the end user can be traced by simply following the wire.
In the wireless system, to provide security, protocol is more like: Who are you? What is your
position? When did you accessed? What device are you using? etc.. Mutual authentication is
required in wireless system. Back and end users must authenticate their identities.
Availability is the core for security. Shutting down for even one individual can prevent
systems security from working making the entire network completely blind, which is the
step mostly dependent on backend users. Before, availability had lowest priority when
comes to security which ended up with a large number of DoS attacks. There comes our
primary issue from communication devices, power processing. This only shows the need of
investing more power into security.

And finally, it is important to know every possible treat in wireless systems and
solution for the same. As a conclusion I will name most general treats that can affect security
requirements from this essay, and are created by general issues stated at the beginning:

1. Traffic and encrypted messages analysis Not all traffic can be well hidden in
wireless systems, so it is vital to analyze encrypted messages first and make sure that
there are not even partial information on the encryption key or the plaintext.
2. Eavesdropping While most of the resources is being spent on performance, in
wireless networks better performance itself can be enough to access internal
information by inserting a message with Network Interface Card or similar. Even
though firmware and wireless standards can control packets, by eavesdropping from
the inside, intruders can learn systems flaws and break through protocols.
3. Message Interception A huge problem of wireless communication, which not only
ends up with message deletion but allows intruders to control the network.
Interception makes raising the bandwidth impossible until price is balanced among
performance and safety
4. Session Hijacking and Masquerading It is possible to break into successfuly
authenticated user, and gain control of every communication and pactects connected
to the hijackted user. Therefore, authentication is not secured without internal
 protocols for data integrity and making sure that a message is understandable by
those who are supposed to understand it.

Until we found a solution for low bandwidth, power life of devices we are dependent on,
and unstable networks, cryptography and security aspects need to adapt to these restrains,
authentication needs to be scalable in order to support mobility of devices. And although
security grows rapidly with technology, it is still behind the performance.

Literature:

1. http://www.artechhouse.com/uploads/public/documents/chapters/imai_520_CH03.
pdf
2. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.95.2921&rep=rep1&type
=pdf
3. http://www.itl.nist.gov/lab/bulletns/bltnmar03.htm
4. http://web.cs.ucdavis.edu/~liu/289I/Material/book-goldsmith.pdf
5. http://lup.lub.lu.se/luur/download?func=downloadFile&recordOId=40705&fileOId=1
037682
6. http://wsl.stanford.edu/~ee359/verdu_wireless.pdf
7. http://theory.stanford.edu/~changhua/thesis_full.pdf
8. 1 Week presentation by Professor