Security Issues in Wireless Networks: M-Commerce, Health Monitoring, and Emergencies, Slides of Wireless Networking

Download Security Issues in Wireless Networks: M-Commerce, Health Monitoring, and Emergencies and more Slides Wireless Networking in PDF only on Docsity! 1. Introduction 2. Case Study 3. Security Issues 4. Conclusion Outline Docsity.com  Science and technology comes into almost every aspect of our lives, helping us to solve problems and create opportunities.  Despite the achievements, we face very real economic and environmental challenges that require a new level of effort and success.  While today, much security research is about defending against the attacks on security and privacy, there has been theoretical work in computer security, along with the beginnings of a science base for security. Introduction Docsity.com Case #1 M-Commerce Docsity.com M-Commerce The emergence of mobile devices and wireless networks has created a new path in the field of E-commerce: “M-commerce”. Significant research is needed in the field of service discovery to support M-commerce applications. Docsity.com  Wireless Application Protocol (WAP)  Created by WAP Forum – Founded June 1997 by Ericsson, Motorola, Nokia, Phone.com – 500+ member companies – Goal: Bring Internet content to wireless devices  Wireless Transport Layer Security (WTLS)  Control: WAP Gap – Data in the clear at gateway while re-encryption takes place  Link Layer: LAN: 802.11, Bluetooth, WAN: Analog / AMPS  Devices: Cell phone, Palm, WinCE, Blackberry M-Commerce - (WAP) Docsity.com  The intermediate entity can potentially attack communications between two parties. Typically attacks involve altering the content or the order of messages and replaying messages sent earlier.  In applications based on cell phones, by definition, the cell phone will know the physical location of client device. This creates privacy risks Privacy and Authenticity Docsity.com  Link Layer Security – GSM: A3/A5/A8 (auth, key agree, encrypt) – CDMA: spread spectrum + code seq – CDPD: RSA + symmetric encryption  Application Layer Security – WAP: WTLS, WML, WMLScript, & SSL – iMode: N/A – SMS: N/A Wireless Security Approaches WTLS: Wireless Transport Layer Security SSL: Secure Socket Layer WML: Wireless Markup Language GSM: Global System for Mobile CDMA: Code Division Multiple Access CDPD - Cellular Digital Packet Data Docsity.com Case #2 Health Monitoring System Docsity.com Example: Smart Health Home This architecture is multi-tiered, with heterogeneous devices ranging from lightweight sensors, to mobile components, and more powerful stationary devices. “MicaZ with MTS310 sensor board” Portability and unobtrusiveness Ease of deployment and scalability Real-time and always-on Reconfiguration and self-organization Docsity.com Experimental Smart Health Home  These system is single hop, as the radio range covers all of the facility. A multi-hop protocol will be necessary for access of multiple floors, or if transmission power is reduced.  Data communication is bi-directional between the motes and the Star gate. Time- stamping is done by the PC when motion events are received. Docsity.com  When the data association mechanisms are not sufficient, or integrity is considered critically important, some functionalities of the system can be disabled.  This preserves only the data which can claim a high degree of confidence.  In an environment where false alarms cannot be tolerated, there is a tradeoff between accuracy and availability. Data Integrity - HMA Docsity.com  The use of wireless sensor networks (WSN) in healthcare applications is growing at a fast pace. Numerous applications such as: – Heart rate monitor, – Blood pressure monitor and – Endoscopic capsule are already in use.  To address the growing use of sensor technology in this area, a new field known as Wireless Body Area Networks (WBAN or simply BAN) has emerged. Health Care Application (HCA) Docsity.com Architecture in Healthcare Application Architecture of Wireless Sensor Networks in Healthcare Applications Docsity.com Security Issues - HCA  Many sensor networks applications used in healthcare are heavily relied on technologies that can pose security threats like eavesdropping and denial of services.  There are concerns of health hazards for the implanted sensor devices. The concerns have far reaching social implications.  The social implications and issues that are directly related to the above mentioned application scenarios can be categorized into three major areas security, privacy and legal issues. Besides these, there can be more issues such as economic and political issues. Docsity.com Architecture Emergency Medical Response A local command site for field coordination A central command site for global resource management A web services architecture to process, interpret, aggregate and present information Cellular/Satellite wireless links for real time communication between local and remote sites A wireless infrastructure for real-time data transport between motes and local PDAs and tablet PCs Patient sensors (a pulse oximetry sensor integrated with a GPS receiver, micro- processor, data storage & transmitter) for patient vital sign and location monitoring Docsity.com  While web services provide powerful and flexible service oriented architectures, they also introduce overheads such as the extraction of the SOAP envelope and parsing of the contained XML information.  These are the issues known over a wired internet. It is possible that these problems increase exponentially over a wireless internet, where there are bandwidth and connectivity issues.  There are in the process of conducting quantitative empirical studies to test web services over a wireless internet.  The latency and through-put will be tested while the vehicle is standing still and at varying speeds.  The data types and lengths will also be varied. Security Issues - HCA Docsity.com  It must be possible to erase data stored on a device that is stolen or lost?... If not, that data may fall into the wrong hands.  Look for centralized management features that allow administrators to purge data remotely from a missing device. Security Issues - Lost or Stolen Device Docsity.com  Wireless Users have many more opportunity in front of them, but those opportunities open up the user to greater risk.  The risk model of network security has been firmly entrenched, in the concept that the physical layer is at least somewhat secure.  There is no physical security. The radio waves that make wireless networking possible are also what make wireless networking so dangerous.  An attacker can be anywhere nearby listening to all the traffic from your network in your yard, in the parking lot across the street, or on the hill outside of town. By properly engineering and using your wireless network, you can keep attackers at bay. Security Issues Docsity.com  One of the biggеѕt threats to security, may be technological progress itself, as organizations embrace new technologies without taking the associated risk into account.  To maintain and improve security, you need more than just the right blend of technology, policy and procedure.  Distinctions between – Speech and action, – Traditional concept of property, – Definitions of jurisdictional authority, and – Enforcement powers are poorly understood in the new-networked world.  To the extent that laws are the embodiment of ethical beliefs, the lack of agreement on what is ethical makes developing legal codes extremely difficult. Privacy and Integrity Issues Docsity.com Conclusion  Industry best practices and regulatory mandates place a high premium on securing electronic data and protecting it against theft or unauthorized viewing.  To be effective, data security needs to be integrated into the solution, becoming an integral part of each communication channel, data storage medium and network link.  To meet privacy and data integrity concerns, security should provide an umbrella of protection that extends end-to-end, from the handheld computing device across the Internet to the back-end data servers. Docsity.com