O.2 Wireless Security
Wireless systems are essential to enabling mobile users. However, a significant impact in security can result from the use of wireless or the improper configuration of wireless security due to the erratic nature of the wireless environment. The dynamic and inconsistent connectivity of wireless requires unique approaches to networking in everything from user identification and authentication to message integrity and cipher synchronization.
Specific topics to be covered in this knowledge unit include, but are not limited to:
- A comparison of security implementations in different wireless technologies (e.g., 2G/3G/4G/Wi-Fi/Bluetooth/RFID)
- Confidentiality, integrity and availability policy enforcement considerations in wireless networks
- Enumeration issues and methods to limit exposing and identifying cellular, enterprise, device and personal wireless identifiers (e.g. WLAN and cellular beacons, System Information Reports, TMSI)
- Security protocols used in wireless communications and how each addresses issues of authentication, integrity, and confidentiality (e.g. COMP128, UIA, TKIP, CCMP, SSP, E1)
- Availability issues in wireless and nuances in different denial-of-service attacks (e.g. energy jamming, carrier sense exploitation, RACH flooding, access management protocol exploitation)
- Security issues in hardware and software architectures of wireless devices
- Common ciphers, their implementations, advantages and disadvantages for use in securing wireless networks
- Stream ciphers (e.g. E0, RC4, A5, SNOW, ZUC)
- Block ciphers (e.g. Kasumi, SAFER, AES)
Outcome: Students will be able to describe the unique security and operational attributes in the wireless environment and their effects on network communications. They will be able to identify the unique security implications of these effects and how to mitigate security issues associated with them.
Outcome: Students will be able to describe and demonstrate the vulnerabilities with ineffective mechanisms for securing or hiding 802.11 traffic.
Outcome: Students will be able to understand, describe, and implement a secure wireless network that uses modern encryption and enforces the proper authentication of users.
Outcome: Students will be able to compare and contrast mechanisms for association and authentication with a GSM BSC and a UMTS RNC.