Xiao Kan Wireless Network Security (2)
Author: [I .T. S] LeiG
As mentioned in the previous post, the key mechanism in wireless networks, especially ad hoc networks. today, we focus on security at the physical layer and link layer. first, let's give an overview of application layer security. We focus on viruses, worms, malicious code (such as script attacks), and so on. the Transport Layer implements Information Authentication (through encryption, keys, and so on) between both parties ). the network layer is routing security, and the connection scheme is mainly to protect the MAC protocol. The physical layer is mainly to prevent blocking attacks (jamming) from DoS attacks, next, let's talk about the security of the physical layer and the connected hosts @_@.....
3.2 common attacks and prevention measures on the physical layer of Wireless Networks.
1) spread spectrum)
Traditional wireless network signals have a frequency, which is usually expressed in MHz or GHz. This frequency generally does not change over time (of course due to modulation) the signal caused a very small and fast frequency fluctuation is not included ). for example, when you use a radio to listen to the FM (frequency modulation) program, it is generally a fixed frequency, such as FM101.1MHz, which will not fluctuate in a wide range. For example, it will not reach 103.1 MHz, it won't reach 99.1MHz. it's just that the digital frequency of the 101.1Mhz. Radio remains at this value, 101.1 MHz. wireless Network signals used to be maintained at a fixed frequency as much as possible. therefore, bandwidth is limited, and wireless signals are easy to receive. As long as the receiver has sufficient conditions, the signal transmitting location can be found. the radio example is probably easier to understand. however, if the traditional wireless network signal transmission method is used in common civil or military applications, there are two fatal problems:
First, signals with Fixed frequencies are prone to interference. for example, A is A normal wireless signal, working at 100 MHz, and B is an "attacker" who can make his wireless signal work in A small range near MHz, for example, 99.5-100.5MHz. the attacker quotes the quotation because such interference may occur by accident (for example, in civil use, the signals sent by radio enthusiasts interfere with other wireless communications ), it can also be intentional. For example, in the military, it deliberately sends signals at the nearby frequency of the attack to interfere. therefore, this method cannot be used when wireless communication security is required. therefore, the so-called spread spectrum Method emerged.
The so-called spread spectrum (spread spectrum), simply put, is to manually make the frequency of the wireless signal sent by yourself to produce certain fluctuations, the result is to get a larger bandwidth than the fixed frequency signal. this fluctuation can be achieved through a specific but very complex mathematical equation. If attackers want to hijack this signal, they must be able to accurately modulated to the frequency range calculated by this equation. attackers must also know the frequency-time Equation (frequency versus time function) used by the sender ). therefore, if an attacker wants to interfere with the spread spectrum signal, such as using brute force injection (jamming) if your signal is sent to the signal to be disturbed (DoS attacks are denied), attackers must know this equation accurately, and the start time of using this equation (because the transmitter can change this equation at any time, so that it can be easily transferred to other frequencies ). therefore, the confidentiality of these equations in an application must be guaranteed.
Most spread spectrum Signals are implemented using a digital mechanism called frequency hopping ). the transmitter can change the frequency multiple times in one second. however, after each frequency jump, the signal frequency is relatively stable for a certain period of time.
2) tamper (tampering attack)
This seems to be more practical. Hey, it's because the wireless transmitter is directly hijacked (physical capturing... people bring things together ). traditional protection is to embed devices that prevent tampering into wireless devices. for example, you can add encrypted information to a smart card. for example, the simplest example is sim card. you can store important information on the card for encryption. however, the disadvantage of this plug-in is that there is no input or output function, and there is no power or clock to perform self-work. Therefore, as long as the attacker places the card in the hijacked device, it is possible to read the information. the improved smart card can be integrated with a microprocessor, power supply, and circuits that detect/prevent tampering. It can be controlled using the designed software. however, because the software may require regular upgrades, it is also important to check whether the upgraded software is legal.
Another method is system fingerprint ". during system initialization, the system must be informed of the user's related information, such as who is the user and how to use the permission. Once the device is hijacked or tampered, the system can make effective methods, such as destroying data or forging false data ...... and so on ....... and so on .......
The security of the next write-back link layer is mainly for the 802.11 protocol, and then the routing security is pulled ........