Methods to connect mobile devices by wireless means to the Internet have become prevalent around the world. The most popular of these methods is called Wireless Fidelity (WIFI), a wireless local area network (WLAN) technology typically conforming to IEEE 802.11a/b/g, BlueTooth and various other standards. The availability of wireless connection methods has stimulated many new products to be developed, such as “smart” wireless phones, wireless personal digital assistants (PDA), and plug-and-play wireless modules which add wireless Internet connectivity to laptop computers, PDA's and other mobile devices. These popular wireless devices are used to browse the Internet, send email and/or data, and may be used to conduct electronic commerce (eCommerce) including banking, stock trading and credit card transactions.
In an attempt to protect confidential information associated with eCommerce, such as credit card numbers, personal identification numbers, and passwords, wireless engineers have invented, and then standardized, techniques for encrypting information on a wireless link. Examples of such encryption include the so-called Wired Equivalent Protection (WEP) used by IEEE 802.11b, and WIFI Protected Access (WPA) used by IEEE 802.11g.
Unfortunately, wireless connections to the Internet, including WIFI, remain vulnerable to intrusion, exploitation and other forms of electronic attack by “hackers” using blended methods which combine attacks on the radio interface with attacks on the computer to which the wireless modem is connected. The following table generally summarizes some of the various hacker-based threats which combine attacks on the radio interface and the computer to which a wireless modem is connected.
Attacks on RadioAttacks on RestThreat CategoryInterfaceof the SystemUnauthorized accessEavesdropping signalingEavesdropping signaling orto dataor control data: Intruderscontrol data: Intruder maymay eavesdrop data oreavesdrop signaling data orcontrol on the radiocontrol data on any systeminterface. This may beinterface, whether wired orused to access securitywireless. This may be used tomanagement data or otheraccess security which may beinformation which may beuseful in conducting otheruseful in conducting activeattacks on the system.attacks on the system.Threats to IntegrityManipulation of signalingManipulation of signaling oror control data: Intruderscontrol data: Intruders maymay modify, insert, replaymodify, insert, replay or deleteor delete signaling data orsignaling data or control datacontrol data on the radioon any system interface,interface. This includeswhether wired or wireless.accidental and deliberateThis includes accidental andmanipulation.deliberate manipulation.Denial of ServicePhysical Intervention:Physical Intervention:Intruders may prevent userIntruders may prevent user ortraffic, signaling data andsignaling traffic from beingcontrol data from beingtransmitted on any systemtransmitted on the radiointerface, whether wired orinterface by physicalwireless, by physical means.means. An example ofAn example of physicalthis is jamming.intervention on a wiredinterface is wire cutting. Anexample of physicalintervention on a wirelessinterface is jamming. Physicalintervention involvinginterrupting power supplies totransmission equipment may beconducted on both wired andwireless interfaces. Physicalintervention may also beconducted by delayingtransmissions on a wired orwireless interface.Unauthorized Access toMasquerading as anotherMasquerading as user:Serviceuser: An intruder mayIntruders may impersonate amasquerade as anotheruser to utilize servicesuser towards the network.authorized for that user. TheThe intruder firstintruder may have receivedmasquerades as a baseassistance from other entitiesstation towards the user,such as the serving network, thethen hijacks hishome environment or even theconnection afteruser.authentication has beenperformed.RepudiationRepudiation of user trafficorigin: A user could deny thathe sent user traffic.
Some of these blended attacks are graphically shown in FIG. 1, which is derived from: “Security Threats and Requirements; 3GPP TS 21.133 V4.1.0 (2001-12); 3rd Generation Partnership Project, Technical Specification Group Services and Systems Aspects”.
Ideally, a mobile wireless terminal and device utilizing wireless communications will possess as high a level of assurance and security as is available to a home or office personal computer, using a “wired” connection to the Internet as shown in FIG. 1. Here, a cable or digital subscriber line (DSL) modem 2 is used by the system to connect to the external Internet 1 and obtain packets of data. A firewall 3 is used to protect the network 6 and computers 4, 7, 8 behind the firewall, and performs several other functions.
One function performed by the firewall 3 is to electrically and functionally isolate the modem 2 from the computers 4, 7, and 8. Firewall 3 functionality can be performed either in software or in hardware. Software firewalls can effectively perform functional isolation, but electrical isolation can generally only be achieved by using a hardware firewall. Another function performed by the firewall 3 is network address translation (NAT), which alters the digital address of computers 4, 7, and 8 on the network behind the firewall 3. This makes it more difficult for a hacker 9 to attack the network server 4 and computers 7 and 8 on the protected LAN 6 with computer viruses and other malicious software (malware).
One of the functions performed by the firewall 3 is packet filtering, wherein packets entering the firewall 3 using open ports are screened for the presence of hostile data. Another function of the firewall 3 is to detect port scans by other computers on the Internet. Another function of the firewall 3 is to “stealth” unused ports, thereby reducing access for data packets from a hacker 9 to penetrate through the firewall 3 to the protected computers 7 and 8. In addition to the firewall 3 protection, note that the computers 7 and 8 may include optional biometric scanners, such as fingerprint scanners or other forms of biometric security device to provide local security.
A comparable system using a WLAN such as IEEE 802.11a/b/g or other wireless network is shown in FIG. 2. As in FIG. 1, the system connects to the Internet 1 via a wideband modem 2 (e.g., cable or DSL modem), a protective firewall 3, and a server 12. However, the local area network 6 is replaced a WLAN 14 by means of a WLAN access point 13 and a WLAN modem on the laptop computer 15. Also present on the network is a hacker computer 16 equipped with its own WLAN modem attached to the hacker computer 16 and, optionally, its own WLAN access point 17. The hacker computer 16 is also equipped with one or more hacker software tools, enabling the hacker to exploit security “holes” in the operating system or wireless applications of the victim computer 15.
In one example of a blended electronic attack by a hacker 16, consider the scenario where the WLAN 14 is an unencrypted WIFI network, which is a common occurrence. Here, a hacker 16 may employ the following attack: the hacker computer 16 employs its WLAN modem to first conduct an “Unauthorized Access to Data” attack on the WLAN 14 radio layer and determines the SSID code and channel for the WIFI wireless access point 13. Hacker computer 16 then attacks the victim's radio layer by setting the SSID code and channel for the desired WLAN 14, and entering the same radio network used by the victim computer 15.
Having successfully penetrated the radio layer, the hacker computer 16 may conduct several different types of attack on the victim computer 15 or server 12. For example, the hacker 16 may first conduct a “Threats to Integrity” attack on the victim computer 15, server 12, or both, and upload malware such as viruses, Trojan horses, or spyware to the victim computer 15, server 12, or both. Following the successful attack, the hacker 16 may subsequently employ an Unauthorized Access to Data attack since certain types of spyware/malware, such as keystroke repeaters, can compromise private personal information typed on, or stored in, the victim computer 15, such as personal account numbers and passwords. For simplicity, the term malware is used herein to mean any type of malicious software or code that is intended to inflict harm on a host computer (e.g., exercising unauthorized control over the host or negatively impacting host functionality), or to harm the user of the host, such as identity theft or stealing of financial information, passwords, and other personal information.
In another example of a hacker electronic attack, the hacker 16 may first attempt to employ an Unauthorized Access to Data attack on WLAN 14, only to discover the network is encrypted. Subsequently, hacker 16 may choose to employ a “Denial of Service” attack using its wireless modem, attempting to jam wireless service from the victim's wireless access point 13. If the Denial of Service attack is successful, the hacker then conducts an “Unauthorized Access to Services” attack by first masquerading as a base station by using its own wireless access point 17, then hijacking the connection after authentication has been performed. This can be done either by using the established wireless access point connection 17, or by connecting via its WIFI modem 16. Once having successfully penetrated the radio layer, as in the previous example the hacker computer 16 may conduct several different types of attack on the victim computer 15 or server 12.
A further scenario includes a virus, malicious user or a hacker that is able to compromise a host within a network. Once that host is compromised, a virus can leverage the trusted capacity of the host and gain access and exploit machines within the network. The virus or hacker could then reconfigure the radio on the system to perform outside the operational parameters authorized for the host system. In the case of a software defined military radio, the virus or hack could attack, penetrate, and reconfigure the radio to gain access to a higher security network/communication level. In this situation, the network and radio must be protected from a compromised host system.
The traditional military radios enforced a Red Black isolation scheme separated by an encryption/decryption unit referred to as an INFOSEC chip. This provides a boundary in the radio system between the encrypted network and the decrypted and sometimes classified data. Traditionally, these radios connected to a trusted network and thus did not have to worry about harmful data coming off of the channels. Thus, these radios had no other protection system besides security of the encryption. A newer class of radios has evolved, referred to as software defined radios. These radios and their systems run robust operating systems, typically communicating over IP networks and are now more vulnerable to attacks and malware. They can operate a multitude of different waveforms and some of these waveforms can also contribute in opening the system to attack.
Other systems offer certain protection mechanism, but their implementation are easily bypassed or otherwise defeated. For example, one product offering provides a protection system on a single chip but the design is a USB module that acts in parallel to the network flow of the data. The USB dongle exist on a shared bus that requires the network traffic to be routed into the device, thus this presents a system that is vulnerable to being bypassed since it is not inline/sequenced to the network data flow. A mis-configuration of the drivers or a malicious piece of software can cripple or disable the routing drivers, thus allowing the protection system to be bypassed.
What is needed, therefore, are robust techniques to protect computing platforms from wireless hacker attacks, even when using unencrypted wireless networks that is inline or serially coupled to the network flow.