Soli Deo gloria - To God alone be glory

Released : October 12th' 2002

Editor : Arun Koshy

Contributors : Charles Hornat

DISCLAIMER : [Insert the biggest, most comprehensive lawyerspeak here]. Basically, the author(s) are NOT RESPONSIBLE for anything arising out of the information presented below. Enjoy.


Contents

Suggested Links : Issue #4 , usenet postings

Movies : Race The Sun (James Belushi, Halle Berry)

Music : Oasis (Wonderwall), Bob Marley (Don't Worry, Be Happy)


An unwired Universe
By Charles Hornat

Overview

After seeing many articles and the huge wave of interest in wireless technology, I felt it's time for a buffet on the subject, also highlighting the pros and cons. Here's hoping that, you would gain a better understanding and position to read further (comfortably) on the subject.

Please be aware that this is much like a "crash" course, You are adviced to go thru the references given for further study.

Quick Jump

  • Wireless LAN Network Architectures

  • Wireless Technologies
  • Infrared Wireless
  • Radio Frequency (RF)
  • Wireless LAN Network Architectures

    1. Ad-Hoc : is a peer-to-peer setup where one wireless client talks directly to another without passing through any additional access point or proxy.  A common network identifier is used for peers to communicate with each other.

    2. Single Point of Access : an AP (Access Point) is used in this type of setup to connect wireless users to a wired network. This acts like a bridge between the wireless users and the network with which they wish to connect to. The AP is responsible for authenticating the wireless users via password and MAC address. Network performance is inversely proportional to the distance between the node and its AP.

      E.g. A system that is 5 feet from the Access Point could monopolize the bandwidth from other nodes while another one 20 feet away could experience degraded network performance.

      The area surrounding the AP is called “Basic Service Set”, or BSS.

    3. Multiple Access Point : This setup allows multiple APs for the network. The network “hand-off” the users' info and ensures the best network performance available by allocating the closest free AP.

    Wireless Technologies

    Infrared Wireless

    Radio Frequency (RF)

    Wireless Protocols

    Wireless Application Protocol (WAP)

    The WAP Gap

    WAP (Wireless Application Protocol) has an issue commonly referred to as the “WAP gap.”


    Wireless device


    (WTLS)

    WAP Gateway

    (TLS/SSL)

    Internet Server

    If an attacker were to compromise the wireless gateway, she would be able to access all of the secure communications traversing the network juncture. The wireless carrier usually controls the gateway.  The user will not be able to gain any knowledge regarding the security in place at the gateway.  This setup requires that the users implicitly trust that the gateway is secure and monitored.

     WTLS is replaced by TLS in WAP 2.0.  The gateway above is no longer needed to translate (decrypt from one standard and re-encrypt to another) since the Internet servers are able to interpret the TLS transmission directly.  All data remains encrypted as it passes through the gateway.  Since there is such a large difference in WAP technologies, the implementation of WAP 2.0 may take a long time.

    Protecting WTLS WAP Gateways

    Bluetooth

    Each Bluetooth device stores the following:

    Each connection has a link key associated with it, this is used to generate the encryption key. The link key value is chosen during connection setup for two devices that have not previously communicated.  After this is done, it is used for authentication.

    Bluetooth Security Issues

    Securing Bluetooth

     The Bluetooth specification defines 3 security modes:

    Non-secure - Non-secure mode does not initiate any kind of security.

    Service-level security - In Service-level security, security policies are defined by the access requirements of the application the user is using.

    Link level Security - Security standards are established before the link setup is complete. 

    Most of the problems associated with Bluetooth are inherent in the Bluetooth protocol and implementation. Best practices to date suggest:

    For specific implementations and security concerning those implementations, please see the white-paper on Bluetooth security at: http://www.bluetooth.com/upload/24Security_Paper.PDF

    802.11 Current

    802.11 supports 3 physical layers

    Access Control

    Wired Equivalent Privacy (WEP)

    802.11b Security

    Problems

    Solutions

    802.11 Future

    802.11c – support for 802.11 frames

    802.11d – support for 802.11 frames, new regulations

    802.11e – QoS enhancements in the MAC

    802.11f – Inter Access Point Protocol

    802.11g – High Rate or Turbo Mode – 2.4GHz bandwidth extension to 22Mbps

    802.11h – Dynamic Channel Selection and Transmit Power Control

    802.11i – Security Enhancement in the MAC

    802.11j – 5 GHz Globalization among IEEE, ETSI Hiperlan2, ARIB, HiSWANa

    Top 5 Security Issues

    Most information below was gathered from SANS, Information Security Magazine and other top information security resources.

    Eavesdropping

    Theft or Loss of wireless devices

    Denial of Service

    Viruses

    Masquerading

    Wireless Cheat Sheet

    Protocols

    Operates at

    Range

    Max Bandwidth

    Bluetooth

    2.4 GHZ

    30 Feet

    1 MB/s

    802.11a

    5 GHz

    60 Feet

    6-54 Mbps

    802.11b

    2.4 GHz

    300 Feet

    5.5-11 MB/s

    802.11g

    2.4 GHZ

    300 Feet

    54 Mbps

    (Table 1:Comparison)

    (Figure 1: http://www.btdesigner.com/pdfs/KenNoblittComparison.pdf)

    Bluetooth vs. 802.11

    802.11

    Bluetooth

    fast

    Cheap

    Ethernet Compatible

    Small transceiver

    Has been around longer, more mature

    Still emerging technology

    Requires more handheld-sized devices or phone power than they can supply

    Low Power

    300 plus feet range

    30 feet

    Uses IP connection

     

    6-54 Mbps throughput

    Less than 2 Mbps throughput

    (Table 2: http://www.kerton.com/papers/BT-WF.pdf)

    Hope this helped. See you next time.


    Tales from the Void
    By Arun Darlie Koshy

    This section would be totally non-linear and would graph out into diverse areas, but a common theme would be there .. on the way we may build up system utilities, viruses, firewalls or anything which you and i can think about.

    It's to see possible ways someone can exploit a feature or concept in today's infostructure (hardware, software nething..).

    [29.09.02]

    If something can become a race conditon, it will..

    For a student interested in OS design, understanding process management is essential. Here are my notes.. if nothing else, it will give some reassurance to another soul who maybe caught up in the same problem.

    Before starting out, the book we're discussing :

    Objectives :

    1. Processes need to communicate with each other effectively, without errors and in proper order

    2. The IPC (inter-process communication) model should be abstract (high-level)

    Race Conditions :
    means exactly what it says. It is a sitiuation brought about by two processes or more processes running in the
    same time slice (actually, same is a bit inaccurate, as only one process is having the CPU at a given instant).

    Let's look at the example of the print spooler (pg.57, section 2.2.1, Ref #1)

    We have a standard printer daemon (program handling print requests across the OS) which has a "spooler directory" containing filenames. Lets make two variables "out" and "free".

    ("out" : next file to print, "free" : the next free slot)

    Slot 1: |nuke.txt| (out)
    Slot 2: |terror.txt|
    Slot 3: |biowar.pdf|
    Slot 4: |tempest.xls|
    Slot 5: |prnlog.lst|
    Slot 6: |drive.txt|
    Slot 7: (free)
    ..
    Slot n:

    Let's now imagine two processes named, Tom n Jerry, (i.e Process T n Process J) want to print and it happens at the same instant.

    T reads "free" and sees that the next free slot is 7, and stores it locally (say in T_Slot). Just then, say the scheduler interrupts and switches to process J. It also sees the 7, stores the name of its file, updates free to be slot 8.

    Now T comes back to life, and starts from where it left, it looks at T_Slot, sees the 7 and writes the its file (overwriting J's fn) and updates free to slot 8.

    We witnessed a race condition... right now, above. J will never get its printout for apparent reasons. Please read this again and again, if u did'nt get it at once. You have to visualize.

    So the next question is how to avoid race conditions ? The answer is mutual exclusion which basically means that if one process is using a shared resource (variable,file,printer .. nething), then the other processes CANNOT use the same resource.

    Four conditions for a good solution (to avoid race conditions) are :

    We will now consider some solutions discussed in the book :

    [26.09.02]

    Ease of Use > Security

    It is absolutely true. People are lazy. They don't like to read manuals, use complicated software or observe safe practises.


    Logfile

    [September - October]

    Contribute! Learn! Discuss!

    Contact:
    You're invited to send in your entries, comments et.al for publication to hwcol@arunkoshy.cjb.net <defunct>

    Hot Topics (but definitely not restricted to):
    algorithms, stuff related to systems programming and applied network security.

    Style:
    ISW advocates a "hands-on" approach .. Get to the code or point. Provide references and links if necessary (especially if you're presenting a fresh perspective on something already known).

    Home | About Us | Contact Us | Privacy Policy | Site Map

    All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.