RE: Wireless Device Security

["Peter Clark" <clarkp () mtmary edu>]

Depending on your comfort level of implementing a VPN/HEAP/LEAP/WEP layered
approach to things, there is a commercial product available.
http://www.reefedge.com/ . I was able to get a sit-down with 2 of their
engineers and the product is worth taking a second look at (if you want some
kind of turn-key solution).

        Pete

-----Original Message-----
From: Akash Malhotra [mailto:akash () me umn edu]
Sent: Wednesday, March 19, 2003 10:29 AM
To: Joe Shaw
Cc: security-basics () securityfocus com
Subject: Re: Wireless Device Security


Hi All,

Thanks a lot for your replies. Let me reframe my question. I am sorry for
not making my question clear..

Here is the scenerio


    Wireless Link       Wireless Link

              1   2
 ---|        |--|--\                   |-----------|
 ---|        |--|--\                   |-----------|

 Data        Data                       Device to Store Data
 Source      collector



There is data source which is very low power device. Data colletor is
needs to collect data from *source* through wireless channel. Again *data
collector* is also a low power device. Data collector sends data to the
data storage unit again thru wireless channel.


Now I would like you all to comment being very low power device(data
source and data collector) what kind of security features you would like
to put in these devices.Its a point to point collection and only one data
source and one data collector will be there. The dsitance between these
tow devices can be maximum of 1 ft. I need data accuracy and its critical
data.


Second what kind of security feature should be implemented in data
collector and data storage unit. Distance can be 10-15 ft.


2> what kind of communication should be there between data collector and
data source( i.e. Normal wireless, 802.11b or any other protocol)

 Same with data collector and data storage.


Thanks a lot again,

Looking forward to hear from you all soon,

-AKash



On Tue, 18 Mar 2003, Joe Shaw wrote:

> On Tue, 18 Mar 2003, Akash Malhotra wrote:
>
> > Hi All,
> >
> > I have a question about security in wireless system.
> >
> > 1> Is it possible for me to have AES encryption in physical layer.
> >
> > I dont want to have any kind of security feature at the MAC layer.
>
> What form of wireless are you talking about?  I'm assuming 802.11.
> You're not going to be adding AES to the physical layer of 802.11 without
> re-writing some firmware, as the physical layer controls are hardcoded.
> The operating systems have no control over the physical layer of 802.11.
>
> Furthermore, what effect do you hope to achieve by doing so?  Deny sync to
> rogue devices?  By putting encryption at layer 1, you're going to have to
> know a shared secret in order to even talk to any other device.  You're
> going to be encrypting Sync, Start Frame Delimeter, Signal Rate, Service,
> Length, Frame Check Sequence, and PSDU along with everything else from the
> upper layers, which to me seems to be a waste.  Putting encryption and
> authenticaion at the MAC layer of the Datalink is much more advisable, as
> that is where all of 802.11's security flaws lie.
>
> > 2> Will this reduce power consumption( battery will last longer)
>
> Why would it?  You've just increased the amount of data that is going to
> be encrypted, which should increase load and power consumption in theory.
> In contrast, WEP only encrypts the payload, not the framing information.
> While WEP has it's drawbacks, mostly in algorithm and implementation, what
> data it does encrypt is satisfactory.  Replace the static WEP key with
> dynamic keys, improve the WEP algorithm, provide an authentication
> mechanism for the 802.11 control/management frames and you've effectively
> secured wireless.
>
> --
> Joseph
> I survived Enron, but I still need a job.  Hire me.