IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security...
Transcript of IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security...
![Page 1: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/1.jpg)
IBM ResearchWireless Security
Initiatives
Douglas DykemanManager Computer Science
IBM Zurich Research Laboratory
![Page 2: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/2.jpg)
New YorkTJ WatsonAlmaden
Zurich
HaifaTokyo
Cryptographic FoundationsSecure government workstations
Trust ManagementPrivacy Policies
Digital WatermarkingXML SecurityVLSI Design for Cryptography
Cryptographic FoundationsMultiparty ProtocolsPrivacyIDS systems and alert correlationJava CryptographySmartcard systems and applications
Cryptographic FoundationsInternet SecuritySecure Systems and Software"Ethical Hacking"IDS sensors and vulnerability analysisAntiVirusBiometrics
IBM Global Security Research
NewDelhi
High-performance crypto software
China
![Page 3: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/3.jpg)
Mobile and Wireless: Security Problems
Access to confidential information
Transactions
Security of wireless infrastructure
Privacy
No system is 100% secure but they should be secure against hackers with a PC attached to the Internet.
Protect thedevice
Ensureprivacy
Protect theinfrastructure
![Page 4: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/4.jpg)
Secure Client Systems
Authentication: PKIcomplicatedexpensiveinflexible processesbusiness model?
Secure Repository: Smart Cards and SIMsproprietary systems
cards and applications come from a single vendorexpensive
![Page 5: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/5.jpg)
Changes in Smart Card Industry
JavaCard
Java Applications
OpenPlatform
PK
CS
#15
PKCS#11 driver
proprietary mgmt
proprietary protocol
& environemnt
proprietary Applications
proprietary driver
Open Systems
![Page 6: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/6.jpg)
JavaCard
eCheck Applet
Logon Applet
. . .
Java Virtual Machine ROM
Secure Applet Install (OpenPlatform)
JavaCard Class Library (JavaCard)
ROM
eCash Applet
ROM / EEPROMLoyalty Applet
Smart Card Hardware Hardware
Device Drivers for Communications, Cryptography (RSA, DSA, ...) ROM
![Page 7: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/7.jpg)
State of the Art
JavaCard + OpenPlatformPKI1024-2048 bit crypto16-32 Kbytes free EEPROMsigning: 200-400 mskey generation: 6-9s on card$3.50
![Page 8: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/8.jpg)
PKI Public or Closed User Groups
Home banking client
1. Generate keys on card
certificateauthority
2. Generate user certificate
public key
certificate
3. Install certificate
4. Issue card
"Cost and Control"
![Page 9: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/9.jpg)
Secure Home Banking Solution
Home banking client
Banking server
Internet
SSL
AuthenticationDigital Signature
JavaCard
Data Encryption
![Page 10: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/10.jpg)
Internet/Mobile/In-Store Commerce
ConsumerOnline Merchant
Clearing
Offline Merchant System
Internet
Devices: PC, phone, banking and merchant terminals...Applications: banking, payment, identification, tickets...
![Page 11: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/11.jpg)
Secure Client Platform
PKISmart "cards"Taking off now! (Visa, Home Banking, US)
Watson Research: Side-Channel Cryptanalysis
![Page 12: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/12.jpg)
Privacy technology & services
Privacy Management Technology
Privacy Security Technology
Privacy-enabled Svcs & Apps
Information Security and Audit
Privacy Assessment
Design for Privacy
idemix
myPrivacy
Privacy-preservingdata mining
WES Location-Based Services
![Page 13: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/13.jpg)
MobileDevice
WESAuthentication
Server
WES LocationProxy
Self-carePortalpage App
WPS WAS
LFE
HTTP
MIN/MSISDN
SGSFL M
WLI
SGSFLocal.info
SII
RCI
HTTP+MIN/MSISDN
WirelessGateway
1
2
87
6
34
Tivoli PolicyDirector
5
WebSphere Everyplace SuiteLocation Based Services
LocationProcessing
![Page 14: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/14.jpg)
Privacy-preserving data mining
Data Mining Algorithms Model
Reconstruct Distribution of
Salary
Reconstruct Distribution of
Age
50 | 40K | ...30 | 70K | ... ...
65 | 20K | ... 25 | 60K | ...
Randomizer Randomizer
...
The primary task in data mining: development of models about aggregated data.Can we develop accurate models without access to precise information in individual data records?Approach: Using randomization to protect privacy
![Page 15: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/15.jpg)
FirewallsFirewalls Host-based Host-based IDsIDs Web IDsWeb IDs
Tivoli Risk ManagerCorrelation
EngineTEC Server
TEC Console TEC Console
TEC Event
DB
Risk MgrIDS Rules
TEC: Tivoli Enterprise Console
Network IDsNetwork IDs
Intrusion Detection at Work
Standards
Filtering
Filtering
![Page 16: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/16.jpg)
Often you must trust devices and systems that you cannot control
Motivated adversaries may have direct accessA user might be the adversary. . .
A merchant might be the adversary. . .
An employee might be the adversary
Why Secure Hardware?
![Page 17: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/17.jpg)
The Family of Hardware Security ModulesSmart cards
Portable tokens
Mobile phones
PCMCIA cards Standalone boxes
PCI cards for servers
(Crypto Accelerators are a related family)
The Family of Hardware Security ModulesSmart cards
![Page 18: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/18.jpg)
Acceleration of security operations (e.g.cryptography, random number generation)
Physical protection of information assets
encryption keyselectronic valuables (e.g. e-cash, postage, coupons)
software (e.g. meters, risk calculation)
What do applications need from secure hardware?
![Page 19: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/19.jpg)
IBM 4758 PCI Cryptographic Coprocessor
Performs high speed cryptographic operationsProvides secure key storage
Detects physical attacks: probe, voltage, temperature, radiation
Programmable!
Field upgradeableFIPS 140-1 overall level 4 certified (hardware and microcode)
Popular PCI bus interface for servers
Device drivers for NT, Win2000, AIX, OS/400, z/OS, Linux, Solaris
![Page 20: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/20.jpg)
Develop a secure operating system for pervasive devices (smart card, GSM phone SIMs, USB tokens, etc)
use hardware to enforce the security
allow controlled sharing of data
Common Criteria security evaluation by an independent third party at a very high assurance level
Code written by companies who don't know or trust each other's programs (or programmers)
Interpreted and native OS interface to applications inside
Field loadable applications and applets
Joint development with Philips Semiconductors
Goals of IBM Research's Secure Embedded Operating System Project
![Page 21: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/21.jpg)
Side-Channel Cryptanalysis
countermeasures that were provably resistant to power.
This is cryptanalysis using information leaked by a device during
the computation of cryptographic primitives.
Several researchers have published attacks based upon power or
timing attacks
In ’99 the team at Watson produced analysis attacks.
![Page 22: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/22.jpg)
SPA - Simple Power Analysis
Code execution sequence is easily observable
If code is key dependent, then key can be read from a SINGLE power profile
For example, conditional jumps easy to detect
des_check_parity: � for (byte = 7; byte >=0; byte--) {� count=0; �
for (bit = 7; bit >= 0; bit--) {� if (parity(bit, byte)) � count++� }� }
SPA - Simple Power Analysis
![Page 23: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/23.jpg)
802.11b defines two security featuresWEP encryptionShared Key authentication
Security IssuesManagementBroken Cryptography
802.11b Wireless LAN Security
![Page 24: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/24.jpg)
WEP and Shared Key are OPTIONAL
Access points ship with both turned off
Intranet exposed to “drive by” hacking
Question:
what AP’s exist?
Are they configured correctly?
802.11 Management Issue
![Page 25: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/25.jpg)
802.11 Cryptographic Issues
http://www.crypto.com/papers/others/rc4_ksaproc.ps
Recover WEP key in 5 - 6 Million packets
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
WEP encryption broken
simple passive eavesdropping attackshard active attacks
http://www.cs.umd.edu/~waa/attack/v3dcmnt.htm
added authentication attack,
extended passive attacks
![Page 26: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/26.jpg)
Fixing 802.11Cryptography
802.1x providescallout to application provided per session keyingcan prevent recovering key
Cisco has LEAP per-card, per-session keying "now"
802.11g (WEP2)firmware only tweak to WEP (128 bit IV)
802.11i (AES/OCB)firmware/driver change on clienthardware change on AP
complete fix
VPN - harder/more expensive, but available/strong
![Page 27: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/27.jpg)
Audit 802.11 Access Points forWEP configurationFirmware/driver revision
Thinkpad, or IPAQ based
Cisco/Intersil pcmcia card
IBM T23 Embedded 802.11 card
Linux
Wireless Auditor Project
![Page 28: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/28.jpg)
Wireless Auditor Main Program
No policy violations seenInsufficient information
Policy violation
Out of range
Old firmware
Invalid AP
![Page 29: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/29.jpg)
Source MAC address
Base station ID
“Network” ID
AP name
Policy violation
Insufficient data
(June, IBM Hawthorne, 3rd floor)
Wireless Auditor Detail
![Page 30: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/30.jpg)
Back-up slides
Back-up slides
![Page 31: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/31.jpg)
WEP Encapsulation
WEP Encapsulation Summary: Encryption Algorithm = RC4 Per-packet encryption key = 24-bit IV concatenated to a pre-shared key WEP allows IV to be reused with any frame, at sender’s choice
Data integrity provided by CRC-32 of the plaintext data (the “ICV”) Data and ICV are encrypted under the per-packet encryption key
Data
Data
802.11 Hdr
ICV
DecapsulateEncapsulate
IV802.11 Hdr
![Page 32: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/32.jpg)
WEP encryption
The WEP encryption algorithm RC4 is a Vernam Cipher (One Time Pad). For each packet:
Pseudo-random number generator
(RC4)
Encryption Key KEncryption Key K
Plaintext data byte p
Plaintext data byte p
Random byte b
?
Random byte bRandom byte b
? Ciphertext data byte p
Ciphertext data byte p
Decryption works the same way: p = c ? b
Plaintext IV (24b)Plaintext IV (24b)
The WEP encryption algorithm RC4 is a Vernam Cipher (One Time Pad). For each packet :
Encryption Key
Plaintext
Random byte
Cypher Data byte
(24b)
Plaintext Data byte
Decryption works the same way : =
Pseudo-randomnumber generator
(RC4)
![Page 33: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/33.jpg)
WEP encryption issues
Only 2^24 unique pads per K
Total codebook only 2^35 bytes
Duplicate IV in 2^12 packets (birthday paradox)frequent reuse of “one time” pad!
IV may be freely chosen
xor of two packets gives xor of plaintext
CRC is not cryptographically strong
known plaintext gives codebook
![Page 34: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/34.jpg)
WEP Authentication
APAP
Shared secret distributed out of bandShared secret distributed out of bandShared secret distributed out of hand
Response (Nonce RC4 encrypted under shared key)
Challenge (Nonce)
Decrypted nonce OK ?
802.11 Authentication Summary: Authentication key distributed out-of-band Access Point generates a “randomly generated” challenge Station encrypts challenge using pre-shared secret
STA
![Page 35: IBM Research Wireless Security Initiatives - IBM WWW … · IBM Research Wireless Security Initiatives ... Smart Card Hardware Hardware ... Mobile phones PCMCIA cards Standalone boxes](https://reader031.fdocuments.us/reader031/viewer/2022032210/5b2909b37f8b9ac4328b45f5/html5/thumbnails/35.jpg)
Sniffed successful authentication givesplaintext, ciphertext, IV, pad
Given one IV, pad attacker canauthenticatesend (not receive) packets
WEP Authentication issues