Wireless Security and Privacy: Best Practices and Design Techniques

Description

• Copyright 2003
• Edition: 1st

• Book
• ISBN-10: 0-201-76034-7
• ISBN-13: 978-0-201-76034-7

"The trick to sound security is to begin early, know your threats,... design for security, and subject your design to thorough objective risk analyses and testing. This book will help."

—From the Foreword by Gary McGraw, CTO of Cigital, and coauthor of Building Secure Software

As wireless technology emerges into the mainstream of the networking and communications markets, the wireless development community has a unique opportunity to be proactive, rather than reactive, in its approach to security. At this early point in the wireless industry, developers can anticipate future security needs and integrate security considerations into every stage of the development process. Wireless Security and Privacy shows developers how to take advantage of this exceptional opportunity.

Written for wireless development professionals new to security, and for security professionals moving into the wireless arena, this book presents the foundation upon which to design and develop secure wireless systems. It looks in depth at the key issues faced by those who develop wireless devices and applications, describes the technology and tools that are now available, and offers a proven methodology for designing a comprehensive wireless risk management solution.

In particular, Wireless Security and Privacy documents the I-ADD process, which offers a standardized, systematic approach for identifying targets, analyzing vulnerabilities, defining strategies, and designing security into the entire development lifecycle of a wireless system.

The book also examines such important topics as:

• Fundamental wireless and security principles
• Specific wireless technologies, including 802.11b, Bluetooth, and WAP
• The security implications of the architecture of PDAs, cell phones, and wireless network cards for laptops
• The security shortcomings of wireless development languages
• Development of a risk model for a wireless system
• Cryptography essentials
• Privacy policy and legal issues
• The role of COTS products in a comprehensive security solution
• Analysis of known and theoretical attacks
• Security, financial, and functionality tradeoffs

Several case studies run throughout the book, illustrating the application of important concepts, techniques, strategies, and models.

In all, this practical guide book builds a framework for understanding the present and future of wireless security and offers the specific security strategies and methodologies that are critical for success in this fast-moving market.

0201760347B08072002



Sample Content

Online Sample Chapter

Wireless Security and Privacy: Identify Targets and Roles

Downloadable Sample Chapter

Click below for Sample Chapter(s) related to this title:
Sample Chapter 9

Table of Contents

Foreword.


Preface.


About the Authors.


Acknowledgments.

I. ESTABLISH A FOUNDATION.

1. Wireless Technologies.

An Introduction to Wireless Architecture.

Usage Models.

Internet Bridge.

Conference.

Multipurpose Phone.

Synchronizer.

Devices.

Cell Phones and Personal Digital Assistants (PDAs).

Wireless Laptops.

Consumer Issues.

Technical Issues.

Network Arrangements and Technologies.

802.11b.

The Wireless Application Protocol (WAP).

Wireless Wide Area Networks.

Local Area Networks.

Personal Area Networks and Bluetooth.

Wireless LAN Appeal.

Case Studies.

The Hospital.

The Office Complex.

The University Campus.

The Home.

2. Security Principles.

Security Principles.

Authentication.

Access Control and Authorization.

Nonrepudiation.

Privacy and Confidentiality.

Integrity.

Auditing.

Development and Operation Principles.

Functionality.

Utility.

Usability.

Efficiency.

Maintainability.

Scalability.

Testability.

Management Principles.

Schedule.

Cost.

Marketability.

Margin.

The Security Analysis Process-I-ADD.

Identify.

Analyze.

Define.

Design.

Repeat.

The Foundation.

II. KNOW YOUR SYSTEM.

3. Technologies.

802.11 and 802.11b.

802.11 System Components.

802.11 Architecture Modes.

802.11b Physical Layer.

802.11 Media Access Control Layer.

802.11b Security and Wired Equivalent Privacy (WEP).

Bluetooth.

Bluetooth Physical Layer.

Bluetooth Protocol Architecture.

Bluetooth Profiles.

Bluetooth Security.

WAP.

WAP Overview.

Wireless Application Environment (WAE).

WAP Security.

4. Devices.

Personal Digital Assistants.

Palm OS Devices.

Palm Security.

Palm OS 4.0.

Pocket PC Devices.

BlackBerry (RIM 950 and 957).

BlackBerry APIs.

BlackBerry Security.

5 Languages.

Wireless Application Protocol (WAP).

WAP Browsers.

Wireless Markup Language (WML).

WMLScript.

J2ME.

The Future of J2ME.

III. PROTECT YOUR SYSTEM.

6. Cryptography.

Applied Cryptography Overview.

The Office Complex Case Study.

Primitives and Protocols.

Symmetric and Asymmetric Algorithms.

Cryptographic Attacks.

Symmetric Cryptography.

Symmetric Primitives.

Symmetric Protocols.

Asymmetric Cryptography.

Asymmetric Primitives.

Asymmetric Protocols.

Common Problems.

Cryptography by Itself.

Proprietary Cryptographic Protocols.

Common Misuses.

Choices.

Performance.

Effectiveness.

Decision Trade-Offs.

Key Points.

7. COTS.

COTS versus Custom Software.

Custom Software.

Virtual Private Network (VPN).

Hardware-Based VPNs.

Firewall-Based VPNs.

Software-Based VPNs.

Tunneling.

The Seven-Layer OSI Model.

PPTP.

L2TP.

IPSec.

SmartCards.

Biometric Authentication.

8. Privacy.

The Online Privacy Debate in the Wired World.

Privacy in the Wireless World.

The Players.

Related Privacy Legislation and Policy.

The Communications Assistance for Law Enforcement Act (CALEA).

E-911.

The Wireless Communications and Public Safety Act of 1999.

The U.S.A. Patriot Act of 2001.

Location-Based Marketing and Services and GPS.

The Middle Ground Answer.

Progress in the Wired World.

IV. I-ADD.

9. Identify Targets and Roles.

Identify Targets.

The Wireless Device.

The Service Provider.

Identify Roles.

Malicious Users.

Mapping Roles to Targets.

10. Analyze Attacks and Vulnerabilities.

Known Attacks.

Device Theft.

The Man in the Middle.

War Driving.

Denial of Service.

The DoCoMo E-Mail Virus.

Vulnerabilities and Theoretical Attacks.

Vulnerabilities of the Wireless Device.

Vulnerabilities of the Service Provider.

Vulnerabilities of the Gateway.

Vulnerabilities of the Web Server and the Backend Server.

11. Analyze Mitigations and Protections.

Protecting the Wireless Device.

Limiting the Vulnerability to Loss.

Limiting the Vulnerability to Theft.

Protecting the Physical Interface.

Protecting Access to the User Interface.

Protecting Personal Data on the PDA.

Protecting Corporate or Third-Party Information.

Protecting Access to Network and Online Services.

Protecting the Transceiver.

Protecting Vulnerabilities of the Service Provider.

Protecting the Transceiver Services.

Protecting Access to Its Subscribers.

Protecting the Transceiver.

Protecting the Administrative Server.

Protecting User-Specific Data.

Protecting the Network Server.

Protecting Corporate Proprietary Data and Resources.

Protecting Vulnerabilities of the Gateway.

Prioritizing.

Building Trust-Application Security.

12. Define and Design.

The Case Studies Revisited.

The Hospital.

The Office Complex.

The University Campus.

The Home.

Case Studies Conclusion.

Just the Beginning.

Afterword: The Future of Wireless Security.
Bibliography.
Index. 0201760347T08232002

Preface

"It's not the destination that makes the man, it's the journey."

This book provides wireless and security professionals a foundation upon which to design secure wireless systems. Most security problems are handled reactively rather than proactively; this does not have to be the case for wireless security. Over the past decade, advances in software development have outpaced advances in software security. Wireless technology—still in its infancy—affords the opportunity for proactive security that keeps pace with development.

This book is intended for three types of readers:

1. Security experts interested in learning about wireless issues;
2. Wireless experts interested in security issues; and
3. Business professionals and consumers generally interested in wireless security.

It will focus on the practices and methodology required to establish comprehensive wireless security. Wireless application developers, wireless device users, service providers and security professionals are among those who will benefit from the information and analysis presented.

The message presented in this book differs greatly from those offered by most other security texts, which are typically dedicated to dissecting attacks and retroactively presenting lessons learned. Their message is: "Security should have been a priority from the beginning." In this book, the message is: "It's not too late."

In the wired Internet world, applications are released at breakneck speed while security measures lag far behind. Security is considered an isolated step, taken only when time permits. Wireless or wired, applications are pieces of software. Wireless developers can apply certain lessons the wired development community has learned about software security. Secure software practices are an important first step toward building secure systems. When security is taken into consideration before wireless applications become widely available, the myriad problems that occurred with wired applications may be avoided. Provisions for security must be developed throughout the lifecycles of wireless applications and systems.

Since development teams and businesses have not focused sufficiently on security, software applications, e-business opportunities, revenues and reputations have suffered. It is no accident that phrases such as, "Internet time," have taken hold. The pace with which new technologies are developed is increasing at an exponential rate. Hardware and software capabilities, communications speeds, and pervasiveness within society have changed the face of IT. Developers, architects and industry analysts could not have predicted with any degree of certainty the extent to which the wired industry would develop.

If wireless trends mirror current software trends, it is likely wireless applications and services will become as commonplace as desktop Internet applications. While the world waits for wireless devices and infrastructure to develop and deliver the capabilities of desktop hardware and wired networks, security professionals and wireless architects have a unique opportunity to coordinate their efforts and direct trends in the wireless world. Developers have the responsibility to design secure wireless applications. This can be accomplished only if efforts commence immediately. Software security best practices can help guide the development of effective wireless applications.

It is almost impossible to overestimate the amount of time and money that will be saved if wireless security is set forth as a guiding tenet of wireless architecture. Security will become a best practice that cannot be ignored and a critical element of all application development, with or without wires. Confining security to a single module and considering it only after market (or not considering it at all) should be unthinkable. Security is a process. As such, it must begin in the first stages of design and continue throughout the development cycle. Security must also be constantly re-evaluated, even after an application's release.

When the wired Internet first emerged, its primary uses were research and development. Once applications began appearing on the market, they were intensely popular and mushroomed in scope and number. Application security, unfortunately, did not have an opportunity to keep pace. Wireless Internet on PDAs will not begin in the same fashion. Rather, it will be used in its early stages for delivering service-oriented, timesaving applications. Most existing wireless applications fall into that very category. The most popular versions of applications accessed through desktop browsers will be available in lightweight versions. Research will not be the primary focus, as consumers demand robust, convenient applications on wireless devices.

The message of this book bears repeating: "it's not too late." However, it seems appropriate to conclude the message with its second half: "the time to start is now."

The wireless industry has been afforded a luxury that was unavailable to the wired industry: precedence turned into foresight. The catch? Consumers now share this same foresight. Consumers are increasingly aware of the risks they assume in using wired and wireless applications. They have been burned in the wired world and will not be cavalier in their use of wireless applications. Wireless developers must be able to convincingly sell their products based upon the merits of usability, security, privacy and reliability. Having verifiable security measures built into a product will give it a competitive differentiator. Applications that cannot sufficiently prove their security will quickly become obsolete. Today's wireless application developers must understand that security will soon become a consumer mandate.

Investigation into security practices cannot stop at applications, however. Wireless devices, networks and applications warrant close examination so that problems can be predicted and prevented.

This book is divided into four sections: Introductory Topics, Know your system, Protect your system, Develop a security model. The last three represent the three phases involved in architecting a robust security solution.

Part I: Introductory Topics

Chapter 1 Wireless Essentials

This chapter introduces the general principles governing wireless issues today. Wireless experts may find they do not need this review. If you choose to skim or skip this chapter, however, you should read the case studies at the very end as they are carried throughout the entire text. The chapter presents a high-level overview of wireless issues and technologies with the intent of familiarizing the reader with topics essential in understanding the rest of the book.

Chapter 2 Security Principles

This chapter introduces general security practices. Security experts can skim this if they feel comfortable with its content. The chapter introduces common industry concepts to the extent a reader must grasp in order to follow the rest of the book. These key principles are important for understanding more complex processes introduced later in the text. In this chapter we introduce a method for developing a security analysis process called I-ADD. This process is based on industry practices but standardizes and organizes the approach. I-ADD is fleshed out in Chapter 9.

Part II: Know Your System

After the two introductory chapters, the book will complete its goal of providing the necessary components for developing appropriate security thinking. It is important to be mindful of security throughout an entire development process. There are several standard—but often ignored—security principles that apply to the wired Internet world that hold important implications for the wireless world. The book presents general security principles and their direct applications for wireless concepts.

Know your system presents the first essential step in developing appropriate wireless security practices. This section puts its message into action by introducing the concepts that must be investigated when developing a secure system. Technologies, devices and languages will be discussed so that they may then be woven into a security framework.

Chapter 3Technologies

Chapter 3 takes the reader through the first phase of our process by presenting detailed information on wireless technologies such as 802.11b, Bluetooth and WAP. Each technology falls in a different place on the wireless technology spectrum and has its own security implications. It is important in the initial phases of developing a comprehensive security solution to know the ins and outs of all components. This chapter shows the reader what type of information is important to know about wireless technology by presenting the information necessary to know about certain technologies.

Chapter 4 Devices

Much in the same fashion as Chapter 3, this chapter delves into physical and logical aspects of wireless devices. PDAs, cell phones and laptops with wireless network cards are investigated to a certain extent. As part of the Know Your System section, it teaches the reader what intricacies of devices have impacts on security solutions. Specific devices are investigated and general recommendations are made. Security implementations must investigate the specific devices and client software on the devices that could affect security in any way. This chapter introduces some but pursuant to its goal of teaching a process not just a static solution, it educates the reader on the types of device issues that have to be considered in developing a comprehensive security package.

Chapter 5Languages

Chapter 5 is more technical than its two predecessors. Project managers using this book to guide a security implementation may want to hand this chapter off to a developer or development team lead. The chapter will not make the reader an expert wireless developer but shows the reader those components of wireless development languages that have effects on security implementations. It is essential in any wireless project to have a team member designated the language expert. The language expert should know the security implications of the language backwards and forwards. This chapter helps get the language expert on her way. The languages discussed are presented in light of their potential security downfalls. Mitigations are suggested and implementations are not complete without consulting this chapter.

Part III: Protect Your System

Protect your system presents the intermediary step in the security process: developing a risk model. This allows a person with knowledge of a system to decide how best to protect it. By outlining the roles associated with a system, its threats, vulnerabilities and attacks, a robust plan can be developed. The threat model developed will help integrate security throughout a system's development lifecycle.

Protect your system discusses technologies or procedures that impact wireless systems. While these technologies or procedures may not be directly applicable to any particular architecture or system, the information is provided as an indication of the type of issues and add-ons which may be considered in mitigating security risks.

Chapter 6 Cryptography

In many cases, cryptography is erroneously confused with total security. If cryptography is not understood properly, it can be assumed to accomplish far too much or far too little. This chapter serves as an introduction to applied cryptography. Its purpose is to inform the reader of basic cryptographic principles that should be understood in developing a wireless security solution. This chapter is more technical than others but provides an introductory view for the layperson. It is important to be able to use cryptography as a component of a security solution without making the mistake of thinking that simply encrypting wireless network traffic will solve all security problems.

Chapter 7COTS

Commercial Off The Shelf products are another trap into which we sometimes fall when looking for security. COTS products offer a false sense of security in some cases. They should be used when necessary and can offer a partial security solution but they should be understood first and used with a great deal of care. This chapter investigates some popular wireless industry COTS products and examines how they can fit into protecting a wireless application or system.

Chapter 8Privacy

No discussion of security is complete without consideration of privacy. Although distinct entities, the two are intertwined in many ways. This chapter will teach the wireless and security professional about the privacy policy and legal issues surrounding wireless technology security at the present time. It is essential to understand the policies under which you are developing a security solution. Furthermore it is good solid business practice to understand the privacy concerns of consumers and be able to accommodate changing needs of a wireless user population.

Part IV: I-ADD

Chapter 9Identify

The concepts governing wireless security issues are neither new nor distinct from those governing wired issues. In both cases several steps are involved. First, threats must be assessed, second, risk must be determined, third vulnerabilities should be analyzed and finally a plan for designing accordingly based on the first three steps should be developed. The I-ADD process introduced in Chapter 2 is flushed out in this chapter and proceeds as follows:

• Identify (Roles and Targets)
• Analyze (Known Attacks, Vulnerabilities, and Theoretical Attacks generating Mitigations and Protections)
• Define (Strategy for Security mindful of Security/Functionality/Management tradeoffs), and
• Design (Security in from the start)

Chapter 10 Analyze (Attacks and Vulnerabilities)

Once Roles and Targets have been identified, known attacks, vulnerabilities, and theoretical attacks are analyzed. This analysis examines how these threats affect the resources we want to protect. From this analysis potential mitigation techniques and protections mechanisms are determined.

Chapter 11Analyze (Mitigations and Protections)

This is where the security plan develops and it's also the culmination of our investigation. Mitigations are implemented against risks and a robust system ensues. Although the most daunting part of the overall picture, developing the security model falls into place once you understand the framework, the threats against it and how to protect it. We systematically proceed through the threat model already developed and discuss how to build security into places where we have found holes.

Chapter 12Define & Design

Inevitably there are decisions you will have to make; trade-offs that will be difficult. This chapter revisits our case studies, applies a security model to each and discusses what components of a security system are necessary based on what needs to be protected in each case study. We apply all of the concepts taught in the book and come up with solutions for our cases.

After reading this book, readers should have a solid understanding of the technical basics of security and wireless issues. In addition, readers should know the process for developing reliable security models in wireless systems based on a process that includes learning a system, assessing its risks and developing an appropriate security model. Situations will arise in which security and functionality tradeoffs are necessary. Those decision makers armed with a full understanding of the risks involved will have a distinct advantage. Should business requirements dictate that certain vulnerabilities remain unmitigated, appropriate contingency plans may be developed. In the event of a system compromise, business can continue as usual since security was an integral part of the system's development. Uninformed counterparts, however, will likely be busy fighting fires and attempting to force security measures into their existing infrastructures.

0201760347P04242002

Foreword

WIRELESS SECURITY IS BECOMING INCREASINGLY IMPORTANT as wireless applications and systems are widely adopted. Numerous organizations have already installed or are busy installing Wireless Local Area Networks (WLANs). These networks, based on the IEEE 802.11b standard, are very easy to deploy and inexpensive. Other important trends in wireless adoption include the introduction of wireless e-mail with devices such as the BlackBerry and the Palm VII, rampant digital cell phone use (including the use of Short Message Service [SMS]), and the advent of Bluetooth devices. Wireless is clearly here to stay.

But all is not well in the wireless universe. The risks associated with the adoption of wireless networking are only now coming to light. A number of impressive attacks are possible and have been heavily publicized, especially in the IEEE 802.11b arena. Since October 2000, at least ten major wireless security stories have played out (see Table F.1). These stories were covered by the New York Times, the Wall Street Journal, CNN, and NBC Nightly News, among others. Apparently, the world finds wireless security both interesting and important.

A Chronology of Wireless Security Topics, Issues, and Stories (Incomplete)

When: October 2000
Who: Jesse Walker of the University of Maryland
What: Several problems in WEP
Web: http://www.cs.umd.edu/~waa/wireless.html

When: January 2001
Who: U.C. Berkeley researchers Nikita Borisov, Ian Goldberg, and David Wagner
What: Seminal work on WEP insecurity
Web: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

When: March 2001
Who: University of Maryland researchers Bill Arbaugh, Narendar Shankar, and Justin Wan
What: Several access control and Authentication problems in 802.11b
Web: http://www.cs.umd.edu/~waa/wireless.pdf

When: June 2001
Who: Tim Newsham from @stake
What: A key generation algorithm problem leading to dictionary attacks
Web: http://www.lava.net/~newsham/wlan/

When: August 2001
Who: Scott Fluhrer, Itsik Mantin, and Adi Shamir
What: A cryptographic flaw in the RC4 key setup algorithm usedby WEP
Web: N/A

When: August 2001
Who: Avi Rubin of AT&T Research and Adam Stubblefield of Rice University
What: Implementation of the WEP crack
Web: http://www.nytimes.com/2001/08/19/technology/19WIRE.html

When: October 2001
Who: Bob Fleck from Cigital's Software Security Group
What: ARP cache poisoning attacks that work against 802.11 networks
Web: http://www.cigital.com/news/wireless-sec.html

When: February 2002
Who: Arunesh Mishra and Bill Arbaugh from the University of Maryland
What: Several flaws in 802.1X (still in committee)
Web: http://www.cs.umd.edu/~waa/lx.pdf

When: May 2002
Who: Avi Rubin from AT&T Research
What: X10 Wireless camera vulnerabilities
Web: http://www.nytimes.com/2002/04/14/technology/14SPY.html

The most interesting thing about wireless security is the opportunity presented by the very recent adoption of wireless technology. New users of wireless technology have a chance to build things properly and securely as they adopt wireless networks and create applications to run on them. That's not to imply that this will be easy, because it will not be. This book presents an important, and a necessary, introduction to critical issues in wireless security, something that will be extremely useful to those adapting wireless technology. Armed with a solid understanding of reality, readers of this book are unlikely to fall prey to hype.

As far as base technology is concerned, wireless security appears to be following the usual "penetrate and patch" route. This is unfortunate, but perhaps unavoidable. Early wireless security is focused almost exclusively on cryptography and secure transmission—with unfortunate results thus far. WEP security, the cryptography built in to 802.11b, for example, is completely broken and offers very little real security. In fact, one might argue that using WEP is worse than using no cryptography at all, because it can lull users into a completely unfounded sense of security. Given that our wired networks are in such bad shape, perhaps the notion of attaining "wired equivalent privacy" is ironically accurate after all!

An over reliance on cryptography springs from a misunderstanding of the fact that cryptography is a tool with which to approach security (and not security itself). This misunderstanding is deeply entrenched in many other subfields of security, especially software security, where "magic crypto fairy dust" is sprinkled liberally over designs in hope of attaining an easy security solution. Alas, software security is not that easily accomplished. Neither is wireless security.

The Gates memo of January 2002 highlights the importance of building secure software to the future of Microsoft. But software security reaches far beyond shrinkwrapped software of the sort that Microsoft produces. Software has worked its way into the very heart of business and government and has become essential in the new millennium. Software applications will clearly play a crucial role in the successful evolution of wireless systems. This is a critical fact that, to their credit, the authors understand and highlight in this book.

Mature software security practices and sound systems security engineering should be used when designing and building wireless systems. Security measures must be implemented throughout the wireless software development lifecycle, or wireless applications risk running afoul of the same security pitfalls that currently afflict wired applications. The difficulty in constructing a secure wireless system lies in the medium's limitations: Devices are smaller, communications speeds are slower, and consumers are more demanding. These limitations force a trade-off between security and functionality. The trick to sound security is to begin early, know your threats (including language-based flaws and pitfalls), design for security, and subject your design to thorough objective risk analyses and testing.

This book will help.

Gary McGraw, Ph.D.
Trento, Italy
May 2002

Index

Click below to download the Index file related to this title:
Index



Updates

Submit Errata

