 |
Seminar on Network Security
Introduction of the topics and some material for the session ofAd hoc networks
Security in ad hoc networks
Tutor: Catharina Candolin-
An ad hoc network is a collection of nodes that do not need to rely on a
predefined infrastructure to keep the network connected. Such networks are
especially vulnerable to attacks, and while the ad hoc networks must meet
at least the same needs as traditional networks, they cannot rely on the same
assumptions. Ad hoc networks also introduce new security problems, which are
heavily dependent on the area of application.
- Haas, Z. and Tabrizi, S., On Some Challenges and Design Choices in Ad--Hoc
Communications
- Zhou, L. and Haas, Z.J., Securing Ad Hoc Networks,
http://www.ee.cornell.edu/$\sim$haas/Publications/network99.ps
- The IETF MANET working group
The topic is aimed at students who already have an understanding of both security and ad hoc networking gained from, for example, (own) research done in the area. The student is expected to write an overview of the topic, and to determine which concepts are of most importance for the seminar work. An understanding of how the requirements differ depending on the environment (usage) is required. Basically, the student should understand which are the problems introduced depending on the area of application, which solutions have been proposed (if any), which solutions are good solutions and why (analysis), possibly own solutions (with analysis). The level of detail must be determined by the student himself, but it should be stressed that this topic still is an overview. However, the topic *must not* be too general; basic security concepts such as confidentiality, integrity etc. should not be explained but are assumed to be known.
LITERATURE:
Ad hoc routing security
Tutor: Catharina Candolin-
An ad hoc network is a collection of nodes that do not need to rely on a
predefined infrastructure to keep the network connected. Routing in ad hoc
networks is not performed by a centralized entity, but by the nodes themselves.
Traditional routing protocols are designed for networks that are more or less
static, and do therefore not suit ad hoc networks, where nodes move around,
and appear and disappear on frequent basis. Ad hoc networks are also especially
vulnerable to attacks, and the area of application affects the security
requirements dramatically.
- Haas, Z. and Tabrizi, S., On Some Challenges and Design Choices in Ad--Hoc
Communications
- Zhou, L. and Haas, Z.J., Securing Ad Hoc Networks,
http://www.ee.cornell.edu/$\sim$haas/Publications/network99.ps
- The IETF MANET working group
The topic requires a discussion of routing security, why it is important, which are the threats, how the area of application affects the concept of routing security etc. The existing routing protocols should also be discussed.
LITERATURE:
Security management in ad hoc networks
Tutor: Catharina Candolin-
An ad hoc network is a collection of nodes that do not need to rely on a
predefined infrastructure to keep the network connected. Little work has
actually been done around the concept of network management in ad hoc networks.
Also, one of the assumptions made in ad hoc networking is that such networks
are not managed (or the meaning of network management is vague). This topic
requires a discussion of security management (as part of network management)
in traditional networks, how ad hoc networks differ from traditional networks,
how these differences affect security management, as well as a discussion of
existing solutions. A discussion of the security of the ANMP protocol would
also be nice. This topic is not recommended to students who have no prior
knowledge of ad hoc networking and network management.
- Haas, Z. and Tabrizi, S., On Some Challenges and Design Choices in Ad--Hoc
Communications
- Zhou, L. and Haas, Z.J., Securing Ad Hoc Networks,
http://www.ee.cornell.edu/$\sim$haas/Publications/network99.ps
- The IETF MANET working group
- Wenli Chen, Nitin Jain, Suresh Singh, ANMP: Ad hoc network management protocol, IEEE Journal on selected areas in communications, vol 17, no 8, August 1999
LITERATURE:
Bluetooth baseband security and bluetooth profiles
Tutor: Kaisa Nyberg-
The purpose is first to review the security functions of Bluetooth as
defined in the BT Baseband specification. Then the sufficiency of Baseband
security shall be studied from the point of view of selected Bluetooth usage
profiles.
Bruce Schneier, Cryptogram Aug 15, 2000:
Bluetooth
Sometime in the 1950s, various governments realized that you could eavesdrop on data-processing information from over a hundred feet away, through walls, with a radio receiver. In the U.S., this was called TEMPEST, and preventing TEMPEST emissions in radios, encryption gear, computers, etc., was a massive military program. Civilian computers are not TEMPEST shielded, and every once in a while you see a demonstration where someone eavesdrops on a CRT from 50 feet away.
Soon it will get easier.
Bluetooth is a short-range radio communcations protocol that lets pieces of computer hardware communicate with each other. It's an eavesdropper's dream. Eavesdrop from up to 300 feet away with normal equipment, and probably a lot further if you try. Eavesdrop on the CRT and a lot more. Listen as a computer communicates with a scanner, printer, or wireless LAN. Listen as a keyboard communicates with a computer. (Whose password do you want to capture today?) Is anyone developing a Bluetooth-enabled smart card reader?
What amazes me is the dearth of information about the security of this protocol. I'm sure someone has thought about it, a team designed some security into Bluetooth, and that those designers believe it to be secure. But has anyone reputable examined the protocol? Is the implementation known to be correct? Are there any programming errors? If Bluetooth is secure, it will be the first time ever that a major protocol has been released without any security flaws. I'm not optimistic.
And what about privacy? Bluetooth devices regularly broadcast a unique ID. Can that be used to track someone's movements?
The stampede towards Bluetooth continues unawares. Expect all sorts of vulnerabilities, patches, workarounds, spin control, and the like. And treat Bluetooth as a broadcast protocol, because that's what it is.
Bluetooth:
http://www.bluetooth.com
A list of Bluetooth articles, none of them about security:
http://www.zdnet.co.uk/news/specials/1999/04/bluetooth/
One mention of security:
http://www.zdnet.co.uk/news/2000/24/ns-16164.html
An essay about the Bluetooth hype: http://www.idg.net/ic_199451_797_9-10000.html
Recent article on TEMPEST:
http://www.zdnet.com/zdnn/stories/news/0,4586,2612547,00.html
This page is maintained by Network Security teaching staff,
E-mail: netsec@tml.hut.fi.
The page has been last updated on August 28, 2000
URL: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/intro/adhoc.html