Anda di halaman 1dari 7

Art Survey of Secure Mobile Computing

P. Mounika
MTech 2nd Year, Dept. of CSE, ANURAG Group of Institutions, Hyderabad, Telangana, India
S. Deepika
Assistant Professor, Dept. of CSE, ANURAG Group of Institutions , Hyderabad, Telangana, India
Dr G. Vishnu Murthy
Professor and HOD, Dept. of CSE, ANURAG Group of Institutions Hyderabad, Telangana, India

ABSTRACT: As more and more people person. A WPAN can be easily formed by
enjoy the various services brought by mobile replacing cables between computers and their
computing, it is becoming a global trend in peripherals, helping people do their everyday
today’s world. At the same time, securing chores or establish location aware services.
mobile computing has been paid increasing One noteworthy technique of WPANs is a
attention. In this article, we discuss the Bluetooth based network. However, WPANs
security issues in mobile computing are constrained by short communication
environment. We analyze the security risks range and cannot scale very well for a longer
confronted by mobile computing and present distance. Wireless local area networks
the existing security mechanisms. (WLANs) have gained enhanced usefulness
1. INTRODUCTION and acceptability by providing a wider
The last few years have seen a true coverage range and an increased transfer
revolution in the telecommunications world. rates. The most well-known representatives
Besides the three generations of wireless of WLANs are based on the standards IEEE
cellular systems, ubiquitous computing has 802.11 [1], HiperLAN and their variants.
been possible due to the advances in wireless IEEE 802.11 has been the predominant
communication technology and availability standard for WLANs, which support two
of many light-weight, compact, portable types of WLAN architectures by offering two
computing devices, like laptops, PDAs, modes of operation, ad-hoc mode and client-
cellular phones, and electronic organizers. server mode. In ad-hoc (also known as peer-
The term of mobile computing is often used to-peer) mode (Figure 1(a)), connections
to describe this type of technology, between two or more devices are established
combining wireless networking and in an instantaneous manner without the
computing. Various mobile computing support of a central controller. The client-
paradigms are developed, and some of them server mode (Figure 1(b)) is chosen in
are already in daily use for business work as architectures where individual network
well as for personal applications. Wireless devices connect to the wired network via a
personal area networks (WPANs), covering dedicated infrastructure (known as access
smaller areas (from a couple of centimeters point), which serves as a bridge between the
to few meters) with low power transmission, mobile devices and the wired network. This
can be used to exchange information type of connection is comparable to a
between devices within the reach of a
centralized LAN architecture with servers device. As shown in Figure 1 an access point
offering services and clients accessing them. communicates with devices equipped with
A larger area can be covered by installing wireless network adaptors and connects to a
several access points, as with cellular fixed network infrastructure. Since there is
structure having overlapped access areas. no physical link between the nodes of the
wireless network and the access point, the
users transmit information through the “air”
and hence anyone within the radio range
(approximately 300 feet for 802.11b) can
easily intercept or eavesdrop on the
communication channels. Further, an attacker
can deploy unauthorized devices or create
new wireless networks by plugging in
unauthorized clients or setting up renegade
access points.
Constrained Network Bandwidth: The use of
Fig.1: WLAN Architectures
wireless communication typically implies a
2. WHY IS SECURITY AN ISSUE?
lower bandwidth than that of traditional
Security is a prerequisite for every network,
wired networks. This may limit the number
but mobile computing presents more security
and size of the message transmitted during
issues than traditional networks due to the
protocol execution. An attacker with the
additional constraints imposed by the
proper equipment and tools can easily flood
characteristics of wireless transmission and
the 2.4 GHz frequency, corrupting the signal
the demand for mobility and portability. We
until the network ceases to function. Since
address the security problems for both
the aim of this type of attack is to disable
infrastructure-based WLANs and
accessing network service from the
infrastructure-less ad hoc networks.
legitimate network users, they are often
Security Risks of Infrastructure-Based
named denial of service (DoS) attack. Denial
WLANs Because a wireless LAN signal is
of service can originate from outside the
not limited to the physical boundary of a
work area serviced by the access point, or
building, potential exists for unauthorized
can inadvertently arrive from other 802.11b
access to the network from personnel outside
devices installed in other work areas that
the intended coverage area. Most security
degrade the overall signal.
concerns arise from this aspect of a WLANs
Energy Constrained Mobile Hosts: To
and fall into the following basic categories:
support mobility and portability, mobile
devices generally obtain their energy through
Limited Physical Security: Unlike traditional
batteries or other exhaustive means, hence
LANs, which require a wire to connect a
they are considered as energy constrained
user’s computer to the network, a WLAN
mobile hosts. Moreover, they are also
connects computers and other components to
resource-constraint relative to static
the network using an access point (AP)
elements in terms of storage memory, SECURITY SCHEMES FOR AD HOC
computational capability, weight and size. In NETWORKS
WLANs, two wireless clients can talk
directly to each other, bypassing the access
point. A wireless device can create a new
type of denial of service attack by flooding
other wireless clients with bogus packets to
consume its limited energy and resources.
SECURITY COUNTERMEASURES Secure
mobile computing is critical in the
development of any application of wireless
networks.
Security Requirements
Fig.2: IEEE 802.11 Authentication Modes
Similar to traditional networks, the goals of
The IEEE 802.11b standard identifies several
securing mobile computing can be defined
security services such as encryption and
by the following attributes: availability,
authentication to provide a secure operating
confidentiality, integrity, authenticity and
environment and to make the wireless traffic
non-repudiation.
as secure as wired traffic. In the IEEE
Availability ensures that the intended
802.11b standard, these services are provided
network services are available to the
largely by the WEP (Wired Equivalent
intended parties when needed.
Privacy) protocol to protect link-level data
Confidentiality ensures that the transmitted
during wireless transmission between clients
information can only be accessed by the
and APs. That is, WEP does not provide any
intended receivers and is never disclosed to
end-to-end security but only for the wireless
unauthorized entities.
portion of the connection. Apart from WEP,
Authenticity allows a user to ensure the
other well-known methods that are built into
identity of the entity it is communicating
802.11b networks are: Service Set Identifier
with. Without authentication, an adversary
(SSID), Media Access Control (MAC)
can masquerade a legitimate user, thus
address filtering, and open system or shared-
gaining unauthorized access to resource and
key authentication. SSID: Network access
sensitive information and interfering with the
control can be implemented using an SSID
operation of users.
associated with an AP or group of APs. Each
Integrity guarantees that information is never
AP is programmed with an SSID
corrupted during transmission. Only the
corresponding to a specific wireless LAN. To
authorized parties are able to modify it.
access this network, client computers must be
Non-repudiation ensures that an entity can
configured with the correct SSID. Typically,
prove the transmission or reception of
a client computer can be configured with
information by another entity, i.e., a
multiple SSIDs for users who require access
sender/receiver cannot falsely deny having
to the network from a variety of different
received or sent certain data.
locations. Because a client computer must authentication mode, and the problem of
present the correct SSID to access the AP, rogue AP is not solved.
the SSID acts as a simple password and, Virtual Private Networking (VPN): To
thus, provides a measure of security. further address the concerns with WEP
However, this minimal security is security, many organizations adopt the virtual
compromised if the AP is configured to private network (VPN) technology. The VPN
“broadcast” its SSID. When this broadcast approach has a number of advantages.
feature is enabled, any client computer that is Firstly, it is scalable to a large number of
not configured with a specific SSID is 802.11 clients and has low administration
allowed to receive the SSID and access the requirements for the IEEE 802.11 APs and
AP. MAC Address Filtering: While an AP clients. Secondly, the VPN servers can be
can be identified by an SSID, a client centrally administered and the traffic to the
computer can be identified by a unique MAC internal network is isolated until VPN
address of its 802.11b network card. To authentication is performed. Thirdly, if this
increase the security of an 802.11b network, approach is deployed then a WEP key and
each AP can be programmed with a list of MAC address list management is not needed
MAC addresses associated with the client because of security measures created by the
computers allowed to access the AP. If a VPN channel itself. This is a good solution
client's MAC address is not included in this for networks, particularly with existing VPN
list, the client is not allowed to associate with infrastructure for remote access. However,
the AP. MAC address filtering (along with though the VPN approach enhances the air-
SSIDs) provides improved security, but is interface security significantly, this approach
best suited to small networks where the does not completely address security on the
MAC address list can be efficiently enterprise network. For example,
managed. Each AP must be manually authentication and authorization to enterprise
programmed with a list of MAC addresses, applications are not always addressed with
and the list must be kept up-to-date. this security solution. Some VPN devices can
WEP2: As an interim improved solution to use user-specific policies to require
the many flaws of WEP, the TGI Working authentication before accessing enterprise
Group of the IEEE proposed WEP2. applications. Another drawback in the VPN
Unfortunately, similar to major problems solution is the lack of support for
with WEP, WEP2 is not an ideal solution. multicasting, which is a technique used to
The main improvement of WEP2 is to deliver data efficiently in real time from one
increase the IV key space to 128 bits, but it source to many users over a network.
fails to prevent IV replay and still permits IV Multicasting is useful for streaming audio
key reuse. The weakness of plaintext exploits and video applications such as press
and same IV replay are the same with that in conferences and training classes. Also, a
WEP. In WEP2, the authentication is still a minor issue of VPNs is that roaming between
one-way wireless networks is not completely
transparent. Users receive a logon dialog propose ARAN, in which every node
when roaming between VPN servers on a forwarding a route request and route reply
network or when the client system resumes message must sign it. Although their
from standby mode. Some VPN solutions approach could provide strong security,
address this issue by providing the ability to performing a digital signature on every
“autore-connect” to the VPN. routing packet could lead to performance
IEEE 802.11i Robust Security Network bottleneck on both bandwidth and
(RSN) standard: To help overcome this computation. In [6], Zapata proposed a
security gap in wireless networks, the IEEE secure extension of the Ad Hoc On-demand
802.11 working group instituted Task Group Distance Vector routing protocol, named
i (802.11i) has proposed significant SAODV. The basic idea of SAODV is to use
modifications to the existing IEEE 802.11 RSA signature and one-way hash chain (i.e.,
standard as a long-term solution for security, the result of n consecutive hash calculations
called Robust Security Network (RSN). An on a random number) to secure the AODV
interim draft of IEEE 802.11i is now routing messages. The effectiveness of this
available, known as Wi-Fi Protected Access approach is sensitive to the tunneling attacks.
(WPA). The draft of IEEE 802.11i standard IP spoofing is still possible in SAODV
consists of three major parts: Temporal Key routing protocol.
Integrity Protocol (TKIP), counter mode Trust and Key Management Most of the
cipher block chaining with message protocols discussed above make an
authentication codes (counter mode CBC- assumption that efficient key distribution and
MAC) and IEEE 802.11x access control. management has been implemented by some
Secure Routing Establishing correct route kind of key distribution center, or by a
between communicating nodes in ad hoc certificate authority, which has super power
network is a pre-requisite for guaranteeing to keep connecting to the network and can
the messages to be delivered in a timely not be compromised, but how to maintain the
manner. If routing is misdirected, the entire server safely and keep it available when
network can be paralyzed. The function of needed presents another major issue and can
route discovery is performed by routing not be easily solved. To mitigate this
protocols, and hence securing routing problem, the concept of threshold secret
protocols has been paid more attention. The sharing is introduced and there are two
routing protocols designed for ad hoc proposed approaches. Zhou and Hass [15]
networks assume that all the nodes within the use a partially distributed certificate authority
network behave properly according to the scheme, in which a group of special nodes is
routing protocols and no malicious nodes capable of generating partial certificates
exist in the network. Obviously this using their shares of the certificate signing
assumption is too strong to be practical. The key. This work is the first to introduce the
use of asymmetric key cryptography have threshold scheme into security protocols in
been proposed [5][6] to secure ad hoc ad hoc networks and provides an excellent
network routing protocols. Dahill et al. [5] guide to the following
work. The problem of this solution is that it Each network entity keeps track of other
still requires an administrative infrastructure entities’ collaboration using a technique
available to distribute the shares to the called reputation. The reputation is calculated
special nodes and issue the public/private key based on various types of information. Since
pairs to all the nodes. How to keep the n there is no incentive for a node to maliciously
special nodes available when needed and spread negative information about other
how the normal nodes know how to locate nodes, simple denial of service attacks using
the server nodes make the system collaborative technique itself are prevented.
maintenance difficult. In [16], Kong et al.
proposed another threshold cryptography 3. CONCLUSION
scheme by distributing the RSA certificate Mobile computing technology provides
signing key to all the nodes in the network. anytime and anywhere service to mobile
This scheme can be considered as having a users by combining wireless networking and
fully distributed certificate authority, in mobility, which would engender various new
which the capabilities of certificate authority applications and services. However, the
are distributed to all nodes and any inherent characteristics of wireless
operations requiring the certificate communication and the demand for mobility
authority’s private key can only be performed and portability make mobile computing more
by a coalition of k or more nodes. This vulnerable to various threats than traditional
solution is better in the sense that it is easier networks. Securing mobile computing is
for a node to locate k neighbor nodes and critical to develop viable applications.
request the certificate authority service since
all nodes are part of the certificate authority 4. REFERENCE:
service, but it requires a set of complex [1] “LAN Standards of the IEEE Computer
maintenance protocols. Society. Wireless LAN medium access
Service Availability Protection To protect the control (MAC) and physical layer (PHY)
network from the problem of service specification. IEEE Standard 802.11, 1999
unavailability due to the existence of selfish Edition,” 1999.
nodes, Buttyan and Hubaux proposed so- [2] D. P. Agrawal and Q-A. Zeng,
called Nuglets [17] that serve as a per-hop Introduction to Wireless and Mobile
payment in every packet or counters to Systems, Brooks/Cole publisher, 2002.
encourage forwarding. Both nuglets and [3] J. Walker, “Overview of IEEE 802.11b
counters reside in a secure module in each Security”,
node, are incremented when nodes forward http://www.intel.com/technology/itj/q22000/
for others and decremented when they send pdf/art_5.pdf.
packets as an originator. Another approach, [4] N. Borisov, I. Goldberg, and D. Wagner,
the Collaborative Reputation Mechanism “Intercepting Mobile Communications: the
(CORE) [18] is proposed, in which node Insecurity of 802.11”,
cooperation is stimulated by a collaborative http://www.isaac.cs.berkeley.edu/isaac/mobi
monitoring and a reputation mechanism. com.pdf.
[5] B. Dahill, B. N. Levine, E. Royer, and C.
Shields, “A Secure Routing Protocol for Ad
Hoc Networks,” Technical Report UM-CS-
2001-037, Electrical Engineering and
Computer Science, University of Michigan,
August 2001.
[6] M. G. Zapata, “Secure Ad hoc On-
Demand Distance Vector Routing,” ACM
SIGMOBILE Mobile Computing and
Communications Review, Vol. 6 , No. 3, pp.
106-107, 2002.
[7] Y. C. Hu and D. B. Johnson and A.
Perrig, “SEAD: Secure Efficient Distance
Vector Routing in Mobile Wireless Ad-Hoc
Networks,” Proceedings of the 4th IEEE
Workshop on Mobile Computing Systems
and Applications (WMCSA '02), pp. 3-13,
2002.
[8] Y. C. Hu, A. Perrig, and D. B. Johnson,
“Ariadne: A Secure On-Demand Routing
Protocol for Ad Hoc Networks,” Proceedings
of the 8th ACM International Conference on
Mobile Computing and Networking,
September, 2002.