Chapter 10 Mobile Communication Systems

Transcription

1 Chapter 10 Mobile Communication Systems Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 1

2 Outline Cellular System Infrastructure Registration Handoff Parameters and Underlying Support Roaming Support Multicasting Security and Privacy Firewalls and System Security Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 2

3 Cellular System Infrastructure MS Base Station System BTS BTS BSC VLR HLR AUC BTS: base transceiver system BSC: BS control AUC: authentication center HLR: home location register VLR: visitor location register EIR: equipment identity register MSC: mobile switch center BTS EIR MSC BTS MS BTS BTS BSC MSC Gateway MSC PSTN/ISDN Base Station System Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 3

4 VLR/HLR/AUC/EIR VLR contains information about all visiting MSs in that particular area of MSC VLR has pointers to the HLR s of visiting MS VLR helps in billing and access permission to the visiting MS AUC provides authentication and encryption parameters EIR contains identity of equipments that prevents service to unauthorized MSs Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 4

5 Classical Mail Forwarding Technique? Mail from the world Post Office Cincinnati Post Office Washington, DC Cincinnati Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. Washington, DC

6 Automatic Location Update MS HLR 1 2 Home network Home Mobile Switching Center VLR Update location Info. sent to HLR Visiting Mobile Switching Center PSTN Caller MS Visiting area Location update request Using Becon Signals Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 6

7 Automatic Call Forwarding using HLR-VLR Home MSC checks HLR; gets current location of MS in visiting area MS HLR 2 4 Home Network home Mobile Switching Center VLR Mobile Switching Center Visiting Area Caller 1 Call sent to home location PSTN Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 7 3 Home MSC forwards call to visiting MSC MSC in visiting area sends call to BS and connects MS

8 Redirection of Call to MS at a Visiting Location Home MSC Another MSC Call routed as per called number to MS Home MSC HLR Visiting MSC VLR Cell where MS is currently located BS MS Through backbone Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 8

9 Registration Wireless system needs to know whether MS is currently located in its home area or some other area (routing of incoming calls) This is done by periodically exchanging signals between BS and MS known as Beacons BS periodically broadcasts beacon signal (1 signal per second) to determine and test the MSs around Each MS listens to the beacon, if it has not heard it previously then it adds it to the active beacon kernel table This information is used by the MS to locate the nearest BS Information carried by beacon signal: cellular network identifier, timestamp, gateway address ID of the paging area, etc. Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 9

10 Steps for Registration MS listens to a new beacon, if it s a new one, MS adds it to the active beacon kernel table If MS decides that it has to communicate through a new BS, kernel modulation initiates handoff process. MS locates the nearest BS via user level processing The visiting BS performs user level processing and decides: Who the user (MS) is? What are its access permissions? Keeping track of billing Home site sends appropriate authentication response to the current serving BS The BS approves/disapproves the user access Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 10

11 Using a Mobile Phone Outside the Subscription Area Through backbone 3 Authentication request 4 Authentication response MS Visiting BS (Visiting MSC) Home BS (Home MSC) Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 11

12 Applications and Characteristics of Beacon Signals Application Frequency band Information carried Cellular networks Wireless LANs (discussed in Chapter 15) Ad hoc networks (discussed in Chapter 14) GPS (discussed in Chapter 12) MHz (AMPS/CDPD), 1,850-1,910 MHz (GSM) MHz (industrial, scientific, and medical band for analog and mixed signals) GHz (ISM band for digital signals) MHz (ISM band for analog and mixed signals) GHz (ISM band for digital signals) Cellular IP network identifier, Gateway IP address, Paging area ID, Timestamp Traffic indication map Network node identify MHz Timestamped orbital map and astronomical information Search and rescue 406 and MHz Registration country and ID of vessel or aircraft in distress Mobile robotics 100 KHz - 1 MHz Position of pallet or payload Location tracking 300 GHz THz (infrared) Digitally encoded signal to identify user's location Aid to the impaired 176 MHz Digitally coded signal uniquely identifying physical locations Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 12

13 Handoff Parameters and Underlying Support Change of radio resources from one cell to an adjacent one Handoff depends on cell size, boundary length, signal strength, fading, reflection, etc. Handoff can be initiated by MS or BS and could be due to Radio link Network management Service issues Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 13

14 Handoff Parameters (Cont d) Radio link handoff is due to mobility of MS It depends on: Number of MSs in the cell Number of MSs that have left the cell Number of calls generated in the cell Number of calls transferred from the neighboring cells Number and duration of calls terminated in the cell Number of calls that were handoff to neighboring cells Cell dwell time Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 14

15 Handoff Parameters (Cont d) Network management may cause handoff if there is drastic imbalance of traffic in adjacent cells and optimal balance of resources is required Service related handoff is due to the degradation of QoS (quality of service) Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 15

16 Time for Handoff Factors deciding right time for handoff: Signal strength Signal phase Combination of above two Bit error rate (BER) Distance Need for Handoff is determined by: Signal strength CIR (carrier to interference ratio) Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 16

17 Handoff Region Signal strength due to BS i Signal strength due to BS j P i (x) P j (x) E P min BS i MS BS X 1 X 3 X 5 X j th X 4 X 2 By looking at the variation of signal strength from either base station it is possible to decide on the optimum area where handoff can take place Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 17

18 Handoff initiation (Cont d) Region X 3 -X 4 indicates the handoff area, where depending on other factors, the handoff needs to be performed One option is to do handoff at X 5 where the two signal strengths are equal If MS moves back and forth around X 5, it will result in too frequent handoffs (ping-pong effect) Therefore MS is allowed to continue with the existing BS till the signal strength decreases by a threshold value E Different cellular systems follow different handoff procedure Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 18

19 Types of Handoff Hard Handoff (break before make) Releasing current resources from the prior BS before acquiring resources from the next BS FDMA,TDMA follow this type of handoff Soft Handoff (make before break) In CDMA, since the same channel is used, we can use the same if orthogonal to the codes in the next BS Therefore, it is possible for the MS to communicate simultaneously with the prior BS as well as the new BS Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 19

20 Hard Handoff BS 1 MS BS 2 BS 1 MS BS 2 (a). Before handoff (c). After handoff BS 1 MS BS 2 (b). During handoff (No connection) Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 20

21 Soft Handoff (CDMA only) BS 1 MS BS 2 (a). Before handoff BS 1 MS BS 2 (c). After handoff BS 1 MS BS 2 (b). During handoff Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 21

22 Roaming Support To move from a cell controlled by one MSC area to a cell connected to another MSC Beacon signals and the use of HLR-VLR allow the MS to roam anywhere provided the same service provider using that particular frequency band, is there in that region Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 22

23 Roaming Support Home MSC Visiting MSC Home MSC Visiting MSC BS 1 MS BS 2 MS moves BS 1 MS BS 2 Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 23

24 Handoff Scenarios with Different Degree of Mobility PSTN MSC 1 MSC 2 MSC 3 MSC 4 MS a b c d e Paging Area 1 Paging Area 2 Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 24

25 Possible Handoff Situations Assume MSC 1 to be the home of the MS for registration, billing, authentication, etc. When handoff is from position a to b, the routing can be done by MSC 1 itself When handoff is from position b to c, then bi-directional pointers are set up to link the HLR of MSC 1 to VLR of MSC 2 When handoff occurs at d or e, routing of information using HLR-VLR may not be adequate ( d is in a different paging area) Concept of Backbone network Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 25

26 Information Transmission Path when MS Hands Off from b to c Information to MS being sent Initial path of information transfer MSC 1 HLR MSC 2 VLR Connection Path after handoff MS a b c Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 26

27 Illustration of MSC Connections to Backbone Network and Routing/Rerouting R: Routers From rest of the backbone Router R1 (a,b,c,d,e) R12 MSC R3 R2 (a,b,c,d) (d) R4 R6 (a,b) (c) (e) R7 R10 R5 R8 R11 R13 R9 MSC 1 (a,b) MSC 2 (c) Paging area 1 (PA1) MSC 3 (d) MSC 4 (e) Paging area 2 (PA2) Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 27

28 Backbone Network Routing done according to the topology and connectivity of the backbone network The dotted lines show the possible paths for a call headed for different MS locations One option is to find a router along the original path, from where a new path needs to start to reach the MSC along the shortest path Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 28

29 Home Agents (HA), Foreign Agents (FA) and Mobile IP Two important software modules are associated with routers, home agent (HA) and foreign agent (FA) MS is registered with a router, mostly a router closest to the home MSC can be used to maintain its HA A router other than closest one could also serve as an HA Once a MS moves from the home network, a software module in the new network FA assists MS by forwarding packets for the MS This functionality is somewhat similar to HLR-VLR Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 29

30 Home MSC and Home Agent (HA) for the Previous Network Home MSC MSC 1 MSC 2 MSC 3 MSC 4 Selected router for maintaining its home agent R 3 R 4 R 6 R 9 Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 30

31 Call Establishment using HA-FA Whenever a MS moves to a new network, it still retains its initial HA The MS detects the FA of the new network, by sensing the periodic beacon signals which FA transmits MS can also itself send agent solicitation messages to which FA responds When FA detects a new MS, it allocates a CoA (care of address) to the MS, using dynamic host configuration protocol (DHCP) Once MS receives CoA, it registers its CoA with its HA and the time limit binding for its validity Such registration is initiated either directly by MS to the HA of the home router or indirectly through FA Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 31

32 Call Establishment (Cont d) HA confirms its binding through a reply to the MS A message sent from an arbitrary source to the MS at the home address is received by the HA Binding is checked, the CoA of the MS is encapsulated in the packet and forwarded to the network If CoA of the FA is used, then packet reaches FA, it decapsulates packet and passes to MS at the link layer In an internet environment, it is called Mobile IP After binding time, if MS still wants to have packets forwarded through HA, it needs to renew its registration When MS returns to its home network, it intimates its HA Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 32

33 Registration Process Between FA, MS, and HA When the MS Moves to a Paging area HA 4 MS Here is my HA and binding information FA 3 Here is CoA or co-located CoA (C-CoA) for this MS 4 Same as step Beacon Signal (Any one new) I am new here OK, send information 4 Same as step 4 CoA or C-CoA created Acknowledge Registration + binding Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 33

34 Message Forwarding using HA-FA Pair Incoming message for MS Source To MS Payload Data HA Encapsulation HA CoA/C-CoA Source To MS Payload Data FA Forwarding through intermediate router if CoA used Source To MS Payload Data Forwarding through intermediate router if C-CoA used MS Decapsulation done at MS Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 34

35 Routing in Backbone Routers How FA finds HA of the MS? One approach is to have a global table at each router of each MSC so that the route from FA to HA for that MS can be determined Disadvantages: Information too large, one network might not like to give out information about all its routers to any external network (only gateways information is provided) Use of Distributed Routing Scheme Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 35

36 Illustration of Paging Areas (PAs) and Backbone Router Interconnect Network 1 Router W PA 1 PA 2 Router X Router Y MS moves PA 3 PA 4 Router Z PA 5 Network 2 Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 36

37 Distributed Routing Table and Location PAs Table at router W Route to PA Next hop Table at router X Route to PA Next hop Table at router Table at router Y Z Route to PA Next hop Route to PA Next hop 1 X 1-1 X 1 Y 2 X 2-2 X 2 Y 3 X 3 Y 3 Z 3-4 X 4 Y 4 Z 4-5 X 5 Y 5 Z 5 - Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 37

38 Multicasting Process of transmitting messages from a source to multiple recipients by using a group address for all hosts that wish to be the members of the group Reduces number of messages to be transmitted as compared to multiple unicasting Useful in video/audio conferencing, multi party games Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 38

39 Multicasting Multicasting can be performed either by building a source based tree or core based tree In source based tree, for each source of the group a shortest path is maintained, encompassing all the members of the group, with the source being the root of the tree In core based tree, a particular router is chosen as a core and a tree is maintained with the core being the root -- Every source forwards the packet to a core router, which then forwards it on the tree to reach all members of the multicast group Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 39

40 Multicasting Bi-directional Tunneling (BT) and Remote Subscription approaches have been proposed by IETF for providing multicast over Mobile IP In BT approach, whenever a MS moves to a foreign network, HA is responsible for forwarding the multicast packets to the MS via FA In Remote Subscription protocol, whenever a MS moves to a foreign network, the FA (if not already a member of multicast group) sends a tree join request Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 40

41 Multicasting Remote Subscription based approach is simple and prevents packet duplication and non optimal path delivery It can cause data interruption till the FA is connected to the tree It results in a number of tree join and tree leave requests when MS are in continuous motion In contrast, in the BT approach, the HA creates a bi-directional tunnel to FA and encapsulates the packets for MS FA then forwards the packets to the MS Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 41

42 Multicasting BT approach prevents data disruption due to the movement of MS But causes packet duplication if several MSs of the same HA, that have subscribed to the same multicast group move to same FA Also causes Tunnel Convergence Problem, where one FA may have several MSs subscribed to the same group, belonging to different HAs and each HA may forward a packet for its MSs to the same FA Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 42

43 Packet Duplication in BT Tunnel Approach Multicast packets from the multicast tree MS1 MS 1 HA MS2 FA MS 2 MS3 MS 3 Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 43

44 Tunnel Convergence Problem Multicast packets from the multicast tree HA 1 CoA (MS1) MS 1 FA HA 2 CoA (MS2) MS 2 HA 3 CoA (MS3) CoA (MS4) MS 3 MS 4 Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 44

45 Multicasting To overcome Tunnel Convergence Problem, MoM protocol is proposed wherein the FA selects one of the HAs, called the Designated Multicast Service Provider (DMSP), from the HA List for a particular group The remaining HAs do not forward packets to FA Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 45

46 Illustration of MoM Protocol Multicast packets from the multicast tree HA 1 Stop CoA (MS1) MS 1 Forward MS 2 HA 2 CoA (MS2) FA DMSP Selection MS 3 HA 3 Stop CoA (MS3) CoA (MS4) MS 4 Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 46

47 Security and Privacy Transfer through an open air medium makes messages vulnerable to various attacks One such problem is Jamming by a very powerful transmitting antenna Can be overcome by using frequency hopping. Many encryption techniques used so that unauthorized users cannot interpret the signals Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 47

48 Encryption Techniques Permuting the bits in a pre specified manner before transmitting them Such permuted information can be reconstructed by using reverse operation This is called Data Encryption Standard (DES) on input bits Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 48

49 Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 49 Input Output Simple Permutation Function W I R E L E S S W L I E R S E S

50 Initial Bit Patterns and effect of before Transmission and after Reception using DES (a) Information sequence to be transmitted (b) Permutation of information sequence before transmission (c) Permutation to be performed on received information sequence Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 50

51 Encryption Techniques A complex encryption scheme involves transforming input blocks to some coded form Encoded information is uniquely mapped back to useful information Simplest transformation involves logical or arithmetic or both operations Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 51

52 A Generic Process of Encoding and Decoding Information block Encoding at transmitter Encoded signal Transmitted signal Received signal Encoded signal Decoding at receiver Information block (Original) Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 52

53 A Generic Process of Encoding and Decoding Encoding Information at block transmitter Encoded signal Received signal Transmitted signal Encoded signal Decoding at receiver Information block (Original) Initial pattern EX-OR bits Bits after EX-OR Transmitted Shuffle bits Received Inverse bits Shuffle Bits after shuffle EX-OR bits Air Operations done at the transmitting MS Operations done at the receiving MS Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. Bits after EX-OR

54 Permutation and Coding of Information Input (64 bits) Initial Permutation (IP) 32 bits 32 bits Left half: L1 + f Right half: R1 Key K1 Left half: L1 = R1 R1 = L1 f(r1, K1) + + f R16 = L16 f(r15, K16) + Left half: L16 = R15 Inverse initial permutation (IP 1) Coded Output Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 54

55 Authentication Making sure user is genuine Using a Hash Function from an associated unique identification of the user (not full proof) Another approach is to use two different interrelated keys One known only to system generating the key (private key), other used for sending to outside world (public key) RSA algorithm (best known public key system) Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 55

56 Public/Private Key Authentication Steps System (1) Compute Public Key for User i from its private key (2) Send Public Key User i Save Public Key usually done off line System (4) Verify using private key of User i (3) ID, Signature User i Use public key to generate signature. on-line test System (5) Authentication Result User i Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 56

57 Authentication (RSA Algorithm) Let us take p=3 and q=11, giving n=pq=33 Assume e=7, gives (n,e) as public key of (33,7) For message m=4, c= m e mod n = 4 7 mod 33 = 16 d is computed such that ed mod (p-1)(q-1) = ed mod 20 = 1, thus, d=3, giving private key of (33,3) After receiving c=16, compute c d mod 30 = 16 3 mod 33 =4 Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 57

58 Authentication (RSA Algorithm) In RSA method 2 large prime numbers (p,q) are selected. n = p*q, A number e is selected to use (n,e) as the public key and is transmitted to the user, User stores this, whenever a message m< n needs to be transmitted, user computes c = m e mod n and sends to the system. After receiving c, the system computes c d mod n where d is computed using the private key (n,e) c d mod n = (m e mod n ) d mod n = (m e ) d mod n = m ed mod n To make this equal to m, ed should be equal to 1. This means e and d need to be multiplicative inverse using mod n (or mod p*q) This can be satisfied if e is prime with respect to (p-1)*(q-1) Using this restriction original message is reconstructed. Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 58

59 Message Authentication using Public/Private Keys Base Station Select p and q as two prime numbers n = p*q 1 < e < n Public Key (n,e) Mobile Station Save public key (n, e) Base Station Compute d from e (n,d) private key Receive c c Mobile Station Message m < n Sent as c = m e mod n Base Station Compute c d mod n = m de mod n = m If de = 1 Authentication Mobile station OK Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 59

60 Authentication of a MS by the BS (ID) e mod n Base Station Authentication Mobile Station Base Station (a) Authentication based on ID (ID) e mod n R: Random Number as a Challenge Send R e mod n Authentication (b) Authentication using a challenge Mobile Station Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 60

61 Wireless System Security Basic services of security: Confidentiality Non-repudiation: sender and receiver cannot deny the transmission Authentication: sender of the information is correctly identified Integrity: content of the message can only be modified by authorized user Availability: resources available only to authorized users Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 61

62 Wireless System Security Security Mechanisms: Security Prevention: Enforces security during the operation of the system Security Detection: Detects attempts to violate security Recovery: Restore the system to presecurity violation state Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 62

63 Cost Function of a Secured Wireless System Cost Expected total cost Expected total cost with violations Optimal Level Cost for Security enhancing mechanisms 100% Security Level Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 63

64 Security Threat Categories S Source I Intruder D Destination Message S I D Interruption S Message Message I Interception D S Message I D Message S I Message Modification Fabrication Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 64 D

65 Wireless Security Active Attacks: When data modification or false data transmission takes place Masquerade: one entity pretends to be a different entity Replay: information captured and retransmitted to produce unauthorized effect Modification of message Denial of service (DoS) Passive Attacks: Goal of intruder is to obtain information (monitoring, eavesdropping on transmission) Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 65

66 Firewalls and System Security Firewall carries out traffic filtering, web authentication, and other security mechanisms Filtering can be configured by fixing: Source IP Destination IP Source TCP/UDP port Destination TCP/UDP port Arrival interface Destination interface IP protocol Firewall resides at wireless access point to carry out authentication Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 66