Results 1 - 10
of
270
Tinysec: A link layer security architecture for wireless sensor networks
- in Proc of the 2nd Int’l Conf on Embedded Networked Sensor Systems
"... We introduce TinySec, the first fully-implemented link layer security architecture for wireless sensor networks. In our design, we leverage recent lessons learned from design vulnerabilities in security protocols for other wireless networks such as 802.11b and GSM. Conventional security protocols te ..."
Abstract
-
Cited by 521 (0 self)
- Add to MetaCart
(Show Context)
We introduce TinySec, the first fully-implemented link layer security architecture for wireless sensor networks. In our design, we leverage recent lessons learned from design vulnerabilities in security protocols for other wireless networks such as 802.11b and GSM. Conventional security protocols tend to be conservative in their security guarantees, typically adding 16–32 bytes of overhead. With small memories, weak processors, limited energy, and 30 byte packets, sensor networks cannot afford this luxury. TinySec addresses these extreme resource constraints with careful design; we explore the tradeoffs among different cryptographic primitives and use the inherent sensor network limitations to our advantage when choosing parameters to find a sweet spot for security, packet overhead, and resource requirements. TinySec is portable to a variety of hardware and radio platforms. Our experimental results on a 36 node distributed sensor network application clearly demonstrate that software based link layer protocols are feasible and efficient, adding less than 10 % energy, latency, and bandwidth overhead.
Talking To Strangers: Authentication in Ad-Hoc Wireless Networks
, 2002
"... In this paper we address the problem of secure communication and authentication in ad-hoc wireless networks. This is a difficult problem, as it involves bootstrapping trust between strangers. We present a user-friendly solution, which provides secure authentication using almost any established publi ..."
Abstract
-
Cited by 292 (7 self)
- Add to MetaCart
(Show Context)
In this paper we address the problem of secure communication and authentication in ad-hoc wireless networks. This is a difficult problem, as it involves bootstrapping trust between strangers. We present a user-friendly solution, which provides secure authentication using almost any established public-key-based key exchange protocol, as well as inexpensive hash-based alternatives. In our approach, devices exchange a limited amount of public information over a privileged side channel, which will then allow them to complete an authenticated key exchange protocol over the wireless link. Our solution does not require a public key infrastructure, is secure against passive attacks on the privileged side channel and all attacks on the wireless link, and directly captures users' intuitions that they want to talk to a particular previously unknown device in their physical proximity. We have implemented our system in Java for a variety of different devices, communication media, and key exchange protocols.
SWATT: SoftWare-based ATTestation for Embedded Devices
"... ... We present an implementation of SWATT in off-the-shelf sensor network devices, which enables us to verify the contents of the program memory even while the sensor node is running. ..."
Abstract
-
Cited by 187 (14 self)
- Add to MetaCart
(Show Context)
... We present an implementation of SWATT in off-the-shelf sensor network devices, which enables us to verify the contents of the program memory even while the sensor node is running.
Using the Fluhrer, Mantin, and Shamir Attack to Break WEP
, 2001
"... We implemented an attack against WEP, the link-layer security protocol for 802.11 networks. The attack was described in a recent paper by Fluhrer, Mantin, and Shamir. With our implementation, and permission of the network administrator, we were able to recover the 128 bit secret key used in a produc ..."
Abstract
-
Cited by 123 (0 self)
- Add to MetaCart
(Show Context)
We implemented an attack against WEP, the link-layer security protocol for 802.11 networks. The attack was described in a recent paper by Fluhrer, Mantin, and Shamir. With our implementation, and permission of the network administrator, we were able to recover the 128 bit secret key used in a production network, with a passive attack. The WEP standard uses RC4 IVs improperly, and the attack exploits this design failure. This paper describes the attack, how we implemented it, and some optimizations to make the attack more efficient. We conclude that 802.11 WEP is totally insecure, and we provide some recommendations.
A Framework for Wireless LAN Monitoring and Its Applications
, 2004
"... Many studies on measurement and characterization of wireless LANs (WLANs) have been performed recently. Most of these measurements have been conducted from the wired portion of the network based on wired monitoring (e.g. sniffer at some wired point) or SNMP statistics. More recently, wireless monito ..."
Abstract
-
Cited by 77 (2 self)
- Add to MetaCart
Many studies on measurement and characterization of wireless LANs (WLANs) have been performed recently. Most of these measurements have been conducted from the wired portion of the network based on wired monitoring (e.g. sniffer at some wired point) or SNMP statistics. More recently, wireless monitoring, the traffic measurement from a wireless vantage point, is also widely adopted in both wireless research and commercial WLAN management product development. Wireless monitoring technique can provide detailed PHY/MAC information on wireless medium. For the network diagnosis purpose (e.g. anomaly detection and security monitoring) such detailed wireless information is more useful than the information provided by SNMP or wired monitoring. In this paper we have explored various issues in implementing the wireless monitoring system for an IEEE 802.11 based wireless network. We identify the pitfalls that such system needs to be aware of,
Security Flaws in 802.11 Data Link Protocols
, 2003
"... this article. Problems With WEP WEP has several serious inherent problems. It does not meet its fundamental goals of wired-equivalent confidentiality. It also fails to meet the expected goals for integrity and authentication ..."
Abstract
-
Cited by 48 (1 self)
- Add to MetaCart
this article. Problems With WEP WEP has several serious inherent problems. It does not meet its fundamental goals of wired-equivalent confidentiality. It also fails to meet the expected goals for integrity and authentication
Network-in-a-Box: How to Set Up a Secure Wireless Network in under a Minute
, 2004
"... Combining effective security and usability is often considered impossible. For example, deploying effective security for wireless networks is a difficult task, even for skilled systems administrators -- a fact that is impeding the deployment of many mobile systems. ..."
Abstract
-
Cited by 44 (2 self)
- Add to MetaCart
(Show Context)
Combining effective security and usability is often considered impossible. For example, deploying effective security for wireless networks is a difficult task, even for skilled systems administrators -- a fact that is impeding the deployment of many mobile systems.
Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds
"... Abstract. AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). In the case of AES-128, there is no known attack which is fa ..."
Abstract
-
Cited by 40 (4 self)
- Add to MetaCart
(Show Context)
Abstract. AES is the best known and most widely used block cipher. Its three versions (AES-128, AES-192, and AES-256) differ in their key sizes (128 bits, 192 bits and 256 bits) and in their number of rounds (10, 12, and 14, respectively). In the case of AES-128, there is no known attack which is faster than the 2 128 complexity of exhaustive search. However, AES-192 and AES-256 were recently shown to be breakable by attacks which require 2 176 and 2 119 time, respectively. While these complexities are much faster than exhaustive search, they are completely non-practical, and do not seem to pose any real threat to the security of AES-based systems. In this paper we describe several attacks which can break with practical complexity variants of AES-256 whose number of rounds are comparable to that of AES-128. One of our attacks uses only two related keys and 2 39 time to recover the complete 256-bit key of a 9-round version of AES-256 (the best previous attack on this variant required 4 related keys and 2 120 time). Another attack can break a 10 round version of AES-256 in 2 45 time, but it uses a stronger type of related subkey attack (the best previous attack on this variant required 64 related keys and 2 172 time). While neither AES-128 nor AES-256 can be directly broken by these attacks, the fact that their hybrid (which combines the smaller number of rounds from AES-128 along with the larger key size from AES-256) can be broken with such a low complexity raises serious concern about the remaining safety margin offered by the AES family of cryptosystems. 1
Security analysis and improvements for IEEE 802.11i
- In Proceedings of the 12th Annual Network and Distributed System Security Symposium
, 2005
"... This paper analyzes the IEEE 802.11i wireless networking standard with respect to data confidentiality, integrity, mutual authentication, and availability. Under our threat model, 802.11i appears to provide effective data confidentiality and integrity when CCMP is used. Furthermore, 802.11i may prov ..."
Abstract
-
Cited by 36 (1 self)
- Add to MetaCart
(Show Context)
This paper analyzes the IEEE 802.11i wireless networking standard with respect to data confidentiality, integrity, mutual authentication, and availability. Under our threat model, 802.11i appears to provide effective data confidentiality and integrity when CCMP is used. Furthermore, 802.11i may provide satisfactory mutual authentication and key management, although there are some potential implementation oversights that may cause severe problems. Since the 802.11i design does not emphasize availability, several DoS attacks are possible. We review the known DoS attacks on unprotected management frames and EAP frames, and discuss ways of mitigating them in 802.11i. The practicality of a DoS attack against Michael MIC Failure countermeasure is discussed and improvements are proposed. Two new DoS attacks and possible repairs are identified: RSN IE Poisoning and 4-Way Handshake Blocking. Finally some tradeoffs in failure-recovery strategies are discussed and an improved variant of 802.11i is proposed to address all the discussed vulnerabilities. 1
An Initial Security Analysis of the IEEE 802.1X Standard
, 2002
"... The current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Ro- bust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for ac- cess control, authenticati ..."
Abstract
-
Cited by 32 (0 self)
- Add to MetaCart
(Show Context)
The current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Ro- bust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for ac- cess control, authentication, and key management. In this paper, we present two security problems (session hijacking, and the establishment of a man-in-the-middle) we have identified and tested operationally. The existence of these flaws highlight several basic design flaws within 802.1X and its combination with 802.11. As a result, we conclude that the current combina- tion of the IEEE 802.1X and 802.11 standards does not provide a sufficient level of security, nor will it ever without significant changes.
