Security Basics mailing list archives
RE: Wireless Device Security
From: "Peter Clark" <clarkp () mtmary edu>
Date: Wed, 19 Mar 2003 11:47:59 -0600
Depending on your comfort level of implementing a VPN/HEAP/LEAP/WEP layered approach to things, there is a commercial product available. http://www.reefedge.com/ . I was able to get a sit-down with 2 of their engineers and the product is worth taking a second look at (if you want some kind of turn-key solution). Pete -----Original Message----- From: Akash Malhotra [mailto:akash () me umn edu] Sent: Wednesday, March 19, 2003 10:29 AM To: Joe Shaw Cc: security-basics () securityfocus com Subject: Re: Wireless Device Security Hi All, Thanks a lot for your replies. Let me reframe my question. I am sorry for not making my question clear.. Here is the scenerio Wireless Link Wireless Link 1 2 ---| |--|--\ |-----------| ---| |--|--\ |-----------| Data Data Device to Store Data Source collector There is data source which is very low power device. Data colletor is needs to collect data from *source* through wireless channel. Again *data collector* is also a low power device. Data collector sends data to the data storage unit again thru wireless channel. Now I would like you all to comment being very low power device(data source and data collector) what kind of security features you would like to put in these devices.Its a point to point collection and only one data source and one data collector will be there. The dsitance between these tow devices can be maximum of 1 ft. I need data accuracy and its critical data. Second what kind of security feature should be implemented in data collector and data storage unit. Distance can be 10-15 ft. 2> what kind of communication should be there between data collector and data source( i.e. Normal wireless, 802.11b or any other protocol) Same with data collector and data storage. Thanks a lot again, Looking forward to hear from you all soon, -AKash On Tue, 18 Mar 2003, Joe Shaw wrote:
On Tue, 18 Mar 2003, Akash Malhotra wrote:Hi All, I have a question about security in wireless system. 1> Is it possible for me to have AES encryption in physical layer. I dont want to have any kind of security feature at the MAC layer.What form of wireless are you talking about? I'm assuming 802.11. You're not going to be adding AES to the physical layer of 802.11 without re-writing some firmware, as the physical layer controls are hardcoded. The operating systems have no control over the physical layer of 802.11. Furthermore, what effect do you hope to achieve by doing so? Deny sync to rogue devices? By putting encryption at layer 1, you're going to have to know a shared secret in order to even talk to any other device. You're going to be encrypting Sync, Start Frame Delimeter, Signal Rate, Service, Length, Frame Check Sequence, and PSDU along with everything else from the upper layers, which to me seems to be a waste. Putting encryption and authenticaion at the MAC layer of the Datalink is much more advisable, as that is where all of 802.11's security flaws lie.2> Will this reduce power consumption( battery will last longer)Why would it? You've just increased the amount of data that is going to be encrypted, which should increase load and power consumption in theory. In contrast, WEP only encrypts the payload, not the framing information. While WEP has it's drawbacks, mostly in algorithm and implementation, what data it does encrypt is satisfactory. Replace the static WEP key with dynamic keys, improve the WEP algorithm, provide an authentication mechanism for the 802.11 control/management frames and you've effectively secured wireless. -- Joseph I survived Enron, but I still need a job. Hire me.
Current thread:
- Wireless Device Security Akash Malhotra (Mar 18)
- Patch Amounts Craig Searle (Mar 19)
- Re: Wireless Device Security Joe Shaw (Mar 19)
- Re: Wireless Device Security Akash Malhotra (Mar 19)
- RE: Wireless Device Security Peter Clark (Mar 20)
- Re: Wireless Device Security Akash Malhotra (Mar 19)
- <Possible follow-ups>
- RE: Wireless Device Security Royans Tharakan (Mar 19)
- RE: Wireless Device Security Tim Donahue (Mar 25)
- RE: Wireless Device Security Michael Osten (Mar 26)