Wireless Communications Cyber Security - PSCE ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Wireless Communications Cyber Security This paper is a postprint of a paper accepted by IET Engineering Reference and is subject to Institution of Engineering and Technology Copyright. The copy of record will be available at Dr David Lund IET Digital Library Head of Research and Development, HW Communications, Lancaster, UK Board Member, Public Safety Communication Europe (PSCE) Forum, Brussels, Belgium In our marketplace we have many new wireless communication options to choose from. They are built into modern ‘attractive’ devices, that the authors choose as they become new and popular, with the capability to communicate more than ever before. This study presents some of the basics of how wireless communication technology works and how it is used. The eagerness to embrace modern wireless technology has yielded us vulnerable. How do we understand that? What can we do to protect ourselves, and what is coming in the next generation of wireless technology which will be used to support some of the more critical and sensitive aspects of the daily work and life? Introduction using wireless LANs or long haul point to In our increasingly connected world, we rely point microwave links, etc. upon many different flavours of wireless Such benefits of wireless technology, albeit technology. Wireless communication has with the limited involvement of cats, have led numerous advantages. As consumers and to the increased transmission of valuable workers, wireless technologies allow us the information over the air. Valuable information freedom to move around and yet remain assets become attractive to attackers, and online. Wireless connections allow us to vulnerable when carried over poorly distribute devices around our person, implemented or configured wireless systems. allowing for different types of inter- action Coupled with the availability of low-cost with our information; a laptop, a tablet, a devices for interception, there is a distinct watch, a personal health monitoring device, need for our community to understand how even our vehicles. Wireless technology to protect over-the-air trans- missions. How allows our everyday transactions; such as we use our wireless devices is also wireless ticketing, credit card transactions, considered to be valuable in some contexts. ePassports, etc., to be convenient and speedy. Wireless technology provides All wireless technologies rely upon a commercial benefits in terms of reducing common physical resource – radio frequency infrastructure and installation costs; (RF) Spectrum. In all cases, a wireless minimising cable installation in buildings and device has a physical interface with the air, or free space, to transmit and receive A famous quotation from Albert Einstein is often information using a specific frequency band. used to illustrate the benefit of wireless: RF spectrum is accessible by everyone. Regulations are in place both nationally ‘The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very (Ofcom in the UK) and globally (ITU) to allow long cat. You pull the tail in New York, and it for regulated and controlled use of spec- trum meows in Los Angeles. The wireless is exactly the as a shared physical resource. same, only without the cat.’ In simple translation, Analogue wireless technologies (frequency the telegraph wire is not needed for ‘wireless’. modulation, amplitude modulation, etc.), have been used for radio and TV broadcast, March 2017 David Lund Page 1
and push-to-talk voice calls for many years. transmissions can be easy. They can be Only a small amount of low-cost equipment easily received and, in some cases, is required to intercept and listen to content modified. Therefore, a number of carried within RF signals. Hobbyists have considerations are made to secure and been using analogue radio scanners for protect our wireless transmission. This can many years, to listen to police, fire and be considered in three primary vectors with ambulance operators discuss operations as relation to classical consideration of they walk by, or as their vehicles pass. Most confidentiality, integrity and availability: of these listeners are simply curious and Information throughput ‘availability’ – have no malicious intent whatsoever. wireless communication resilience: Wireless However, users such as emergency service network operators are keen to ensure that first responders will discuss and relay their networks remain ‘Available’. Physical information which is much more sensitive properties of RF transmission make it easy to than our everyday personal phone calls and go ‘out of range’, or many users sharing RF social media interactions. This information resource may have to wait until the spectrum may be attractive, for example, to those is either clear for use, or our time-slot is wishing to subvert emergency service available for use. The presence of operations in order to facilitate malicious and interference needs to be mitigated to allow criminal activity. for reliable transmission and available Our personal information may be attractive to information throughput capacity. Many, such others wanting to know our business as commercial cellular networks, rely upon interests, personal life patterns, our availability of service to generate revenues purchasing interests or our general status of from calling, texting and data services, or health. simply to maintain their reputation and This paper provides an introduction of the customers. basic properties of wireless communication Information ‘confidentiality’: Information and how different systems protect both the carried over the air should be significantly resilience and confidentiality of information difficult or impossible to decode, should it be carried over the air. intercepted. Cryptography and secure The primary case study given in this paper protocols play a key role here. covers the advent of the public safety Information ‘integrity’: We should remain community demanding mobile broadband confident that the communication we receive capabilities to aid their operations. This is integral and has not been modified during reflects some challenges that are faced as transit over the air, or any associated wired we start to integrate wireless communication network connection or equipment. into more of our critical and sensitive infrastructures and operations. Properties of wireless communication At the end of this document, seven smaller systems case studies give examples of how wireless Whilst RF Spectrum is accessible by anyone, systems have been compromised in recent its access is somewhat limited by the years. physical properties of the transmitters, Spectrum as a common resource receivers, the protocols that they use and the With RF spectrum as a common resource for environment. Parameters include: wireless communication, access to March 2017 David Lund Page 2
Transmission frequency: Where in the RF between propagation properties, reception spectrum is the system operating? Different reliability and data throughput. Error control frequencies have different physical coding is a mathematical technique to properties. Lower frequencies typically provide extra redundancy to a propagate over longer distance than higher communication, to allow for detection and frequencies. Some frequencies are more correction of errors at the receiver. Link susceptible to the physical environment than protocols attempt to keep both transmitter others. For example, 60 GHz communication and receiver talking with the same systems (e.g. WiGig [1]) may be blocked by modulation and coding, and to handle any oxygen molecules in our air. Visible light lost packets, requesting retransmissions communication [2] is simply blocked by where necessary. Higher layers of protocols, physical objects, such as walls. All RF such as in 2/3/4/5G maintain registration of signals may be reflected and distorted when the user and mobility of a wireless device. transceivers are moving with respect to each These protocols allow for carefully controlled other and other objects in the sur- rounding access to allocated spectrum and handoffs environment, therefore making reception between different base stations and different more challenging. radio access tech- nologies as a mobile Transmitted power: Higher transmitted device physically moves. Protocols also power yields longer transmission range. In ensure that the mobile device and user are simple terms range is typically controlled by authenticated and that wireless access is the inverse square law, where transmitted authorised. Usage is monitored and billed by power exponentially diverges as it commercial cellular operators as the user propagates. Higher transmission powers uses the service. typically demand more expensive transmission components (antennas, Vulnerable information amplifiers, etc.) increasing cost, weight, size As already described, we exchange and battery life. Increased transmission significant volumes of valuable information range yields an increase in the possible over wireless technologies and networks. range within which signals can be The following gives a brief flavour of what we intercepted by an interested party. exchange and the potential consequences of our compromised information: Receiver sensitivity: Communication receiver technology is both susceptible to receiving interference, but also has a physical bound Commercially sensitive information on how little power is needed for successful The mobile workplace, coupled with the reception of a wireless transmission. ‘cloud’ continually increases the exchange of Advanced silicon techniques and commercially sensitive information. Shared amplification may be used in receivers to cloud and radio infrastructure makes a improve receiver sensitivity. Increased significant economic saving for large and sensitivity further increases the range small organisations alike, increasing this between transmitter and receiver for both desire to transact wirelessly, online. intended and unintended reception. Commercial information transferred includes financial data, intellectual property, location Coding, modulation and link protocols: and mobility of staff, etc. Compromise of Modulation determines the ‘shape’ of the commercial information may disadvantage a energy transmitted. Different modulation commercial operation. For example, methods provide different trade- offs competitors may yield an advantage by March 2017 David Lund Page 3
knowing the details of competing products in Monitoring and control information – critical development, staff, or of the financial infrastructure capacity or internal movements and politics On a more serious note, our critical infra- of a competing company. Personal data – structures require continual monitoring and ours and others: Information describing our control. This class of information has very everyday lives is carried over the airwaves. different levels of importance. Electricity and We commonly transact our personal gas distribution networks, railways and information using online shopping services, highways, all require careful management to banking and social networks. Wearable ensure that our services remain available. devices measure our heart rate and activity, Disruption to any of these services can have and are wirelessly connected to our a catastrophic effect. Loss of electricity smartphones. We become our own data supply has a significant cascade on other controller [3], controlling disclosure of our services, such as railways and the pumping own information and that of our friends and of water, for example. Wireless colleagues. Some organisations may gain communication networks underpinning benefit from knowing our interests, our critical services, should be considered as patterns of life or our physical circumstances. critical infrastructures them- selves as they Marketing activities often try to understand also present as a cascade vulnerability our patterns of life, in order to target where other societal services rely upon them advertisements to our interests and therefore [3]. The new European Networked increase their probability of a product sale. Information System direct- ive came into force in 2016 [5]. This aims towards a more Monitoring and control information – stringent consideration of critical information consumer infrastructure protection. However, wireless The Internet-of–Things (IoT) is upon us [4]. technologies are not explicitly referenced, Technologies today allow us to monitor our where the accountability and responsibility central heating and tele- vision recordings. for the cyber security of both wireless and Even cookers and washing machines are infrastructure aspects are left in the hands of available which can be monitored and the operator of the information infrastructure. controlled from our mobile phones. Easy attacks yield an element of comedy by Wireless threat and vulnerability allowing the possibility of flushing next door’s The following describes aspects that toilet via your mobile phone [4]. We find that threaten our wireless communication. These the specific information and control related to included both regulatory, environmental, interacting with our own appliances may not inadvertent and potentially malicious threats. be so interesting to those listening. However, we may feel uncomfortable about our privacy Regulation and electromagnetic being compromised. Such monitoring and interference (EMI) control can demonstrate our patterns of life; Spectrum is considered as a scarce resource which TV programmes we watch, when we and regulation somewhat limits its use. Since are away or at home, what time do we turn the first transatlantic radio communication in our lights off at night and how often we use 1901 [5], access to spectrum has been the toilet. regulated. Spectrum is segmented into bands and limits are imposed on transmission power. The new European Radio Equipment Directive (RED directive) March 2017 David Lund Page 4
[6] superseded the R&TTE [7] directive in Wireless LANs, Bluetooth, Zigbee, etc. are all 2016. The RED directive places even more developed to use ISM bands. The stringent emphasis on testing the receiver’s prevalence of low-cost devices on the susceptibility to interference, together with market, and our need to work wirelessly has compliance to transmission specifications led to crowding in these bands. The 2.4 GHz which will be linked to its transmission band ISM band is es- pecially crowded in many and power. A primary goal is to allow radio urban locations. The major- ity of equipment to coexist and to ensure one unit technologies that operate in ISM bands use does not inadvertently interfere with another. carrier sense multiple access (CSMA) This is considered in terms of both trans- techniques. CSMA simply listens for mitting only within which spectrum and power presence of another transmit- ter and levels permitted, and to be resilient in the controls transmission to occur only when the face of other interference (e.g. due to legacy spectrum is unused. As such, this can only or faulty devices). provide a best-effort access to spectrum, Electromagnetic interference is a primary commonly leading to reduced availability and threat to the availability and performance of delays in service where the system is used in wireless communication systems. crowded spectrum. Many arguments are Interference may be generated naturally made that ISM bands have led to more around our environment [8], by poor quality efficient use of spectrum, but at the expense devices, malicious interferers or jammers. of uncertainty of access [9]. New research Poor quality devices may generate non- and methods for sharing access to spectrum linear responses; harmonics or are needed to understand how to address intermodulation products which derive from this balance. the original signal, inadvertently interfering with intended transmissions in other bands. Advanced protocol analysis and R&TTE and RED directives both seek to manipulation minimise out-of-band transmissions, and the Easy access to spectrum allows for the RED directive extends to ensure that possibility to analyse flows of traffic to receivers are resilient to unintended ascertain typical operations and interference. However, even with more configuration. Simply listening to RF traffic, stringent controls for product developments monitoring for modulation and coding type, and approvals, not all devices are tested prior packet sizes and regularity can identify both to sale and devices may degrade their the protocol being transceived and key performance over time, leading to out-of- statistical signatures which can as- certain band and inadvertent interference to other which devices are being used. Gathering systems. See the case study on Television information in this way can then lead to Interference Involving TETRA for an example knowledge of alternative vulnerabilities and of this. vectors for attack. See case : case study on international mobile subscriber identity Crowded spectrum (IMSI) collection for an example. Spectrum regulation leads to crowding in some bands. The Instrumentation Scientific Presence detection and characterisation and Medical (ISM) and Short Range Device Many mobile phone devices now contain bands allow for a reasonably flex- ible use of multiple RF devices; WiFi, Bluetooth, 2/3/4G spectrum by unlicensed users within set cellular, near field communication (NFC), etc. bands and transmission power limits. Silicon devices are highly integrated, March 2017 David Lund Page 5
allowing for multiple RF tranceivers to coexist transfer. Network engineers optimise within the same integrated circuit. With interconnectivity and transfer of information technology tightly integrated for the original between different systems. purpose of providing advance wireless Hardware Engineering Experts: to implement connectivity, these devices are also used to the hardware required to transceive RF intercept and characterise our wireless energy, to develop low power processing communications. capabilities, user displays and tactical/haptic interaction. Hence our current technologies are Software Engineering Experts: to implement vulnerable, what about the future? efficient software to support the requirements There is an increasing appetite to implement of the RF, information theory, network and faster and more capable wireless needs of the user application and information communication systems (5th Generation management systems. Mobile – 5G [10]). On the other hand, we see activity to implement simpler and higher Social Science Experts: to guide on how volume wireless devices (IoT [4]). Most devices and applications will be used. If a importantly, communication technology for device or application is not socially public safety, public protection and disaster acceptable or useable, then there will be a relief (PPDR) and communications needed limited acceptance and use. Ethical and by critical infrastructures are key to psychological considerations play an safeguarding our society. These are often important role here to ensure that the over- looked due to their low commercial technology is pervasively integrated into volume. daily operations, aiming to assist those operations, and not to burden them. In all cases, there are a number of common challenges to face both in terms of the Legal and Regulatory Experts: to guide on disciplines required in consideration for the the legal and regulatory barriers to the development of new secure wireless deployment of wireless systems. As technologies, and the perceived needs for described above, there are regulatory future generations of wireless technologies. restrictions on how we may access spectrum. In terms of operational information, critical information infrastructure protection Multi-discipline development of future regulations aim to our critical services, and wireless data protection regulations. Safeguard data Engineering of wireless communication protection and our privacy are prominent systems cannot yield secure solutions here. This expertise provides interpretation without the involvement of a collection of key of the regulations and the means for the actors. Primary actors include (with only a provision of standards and guidelines on how basic, underrated description): wireless devices should legally handle RF and Information Theory Experts: To information. design the most efficient next generation Security Experts: This class of expert has the methods of digital communication. RF most difficult problem to cross all disciplines; experts cross the barrier between physics to guide on the implementation of regulatory and the engineering of RF energy coupling boundaries, the balance between protection and propagation. Information theory experts and value added capability, working within optimise cryptography and coding for more social acceptance, and giving oversight to efficient, confidential and integral information March 2017 David Lund Page 6
users and operators on the known methods protocols and the information carried over of compromise to our wireless systems and wireless communication is going to protect the information that they carry. and fulfil the sensitive needs of the critical Security spans the entire communication application. This is typically arranged through device, and the interrelation between contractual obligations for suppliers to physical operations and the different provide continual support through a wireless information systems that underpin our daily product’s lifetime; keeping systems operating lives. reliably, tightly configured, software up to date and to support the hardware. Securing The security engineer has the most difficult the supply chain is key here; hardware and and unenviable job, for which there is a software components may be vulnerable or limited skills capacity in many countries. even compromised even prior to integration Skills capacity is surely building on the and delivery of the wireless product. malicious side. Furthermore, security skills are typically either broad and shallow to The choice of how to implement a wireless cover the basics of each aspect across these system to maintain a secure existence complex systems, or often lost in deep silos considers a number of factors: of specific capability, e.g. cryptography, or Physical Security: How to transmit? How specific secure wireless protocols. easy is it to intercept the transmission? How to keep the processing equipment itself Can we protect ourselves and our secure? systems? Protocol Security: How to control Everyday, as consumers, probably not! Not transmission? How easy is it to interpret and with our low-cost devices and poorly decode the transmission? perceived trust of the brands of the Organisational Support for Security: How to technology that we buy. In the consumer manage users of the wireless capacity? sense, we either need to be more vigilant on Does the organisational structure operating the default configuration of our devices, or the wireless network have appropriate simply trust the product that we buy. motivation to assure service access Sensibly, we cannot hope for much better requirements to different classes of its users? than we have. The most difficult issue is keeping a wireless device’s software up to Societal and Operational Interaction: Do the date. If support to consumers can be users of wireless communication services improved, then consumers can be helped to honour their own obligations to keep protect themselves. This is evident through information and applications secure and the regular updates and encouragement to follow operational procedures? Interaction install virus protection software on modern with devices must be carefully designed to PCs. However, an equivalent level of ensure that they remain reliable enough for protection is desirable for our consumer the purpose of use. Users must be supported wireless devices to counter any new by their technology to be able to: vulnerabilities which may be encountered • Easily and securely operate their after the wireless device leaves the factory. applications and devices With regard to critical communication • improve their operations and to not to systems, there is a more stringent process to hinder them follow to assure that software, wireless March 2017 David Lund Page 7
• too prevent a frustrated user from deciding limited argument supporting the competition to use an alternative and less secure method for spectrum with low usage and a very of communication to carry out their day job. different and more limited revenue model. However, the benefits are of a socio- Consumers using social media are slowly economic nature, where technology is used learning what they can and should not share to help saves lives, and recover from online with regard to their own personal disastrous situations which may threaten our situation and that of their friends and livelihoods and the economy. The London colleagues. School of Economics argues the case for spectrum used as dedicated for public safety Case Study: wireless broadband for operations compared to being commercially public safety first responders allocated [11]. This study estimates that This case study comprises of a number of socioeconomic gain will be much greater if factors surrounding wireless communication. spectrum is dedicated for use by the public We first cover aspects of economy of scale safety community than if spectrum is and spectrum allocation. We then consider auctioned for use by a commercial cellular challenges to the design aspects of the user operator. A recent report made for UK interaction with those devices where wireless Department of Culture Media and Sport [12] allows for communication during emergency looks at the incorporation of social value into and time critical situations. the consideration of spectrum allocation. Whether spectrum is appropriately allocated Economics of spectrum for public safety, or where network sharing The public safety community has argued for arrangements are made, significant many years to dedicate spectrum for use of socioeconomic benefits are expected to be broadband services by PPDR organisations made by improving the safety and security of and first responders. Their communication is our community; by better use and mission critical and vital for saving lives. deployment of broadband wireless Sharing of spectral and network resources is technology. This poses a bigger challenge highly controversial; a tension between for system development. Public safety first economic and societal benefits. It is strongly responders using secure broadband wireless argued that public safety communication technology will be able to use richer media, should have an exclusive access to spectrum but will be making decisions under time to be able to communicate immediately when pressure. If their devices and applications do necessary. On the other hand, the utilisation not support their role in a timely manner with of spectrum will be relatively low compared a high degree of accuracy, and therefore to revenue generating commercial services trust, they either would not use them at all, or that benefit mobile operators and make use of an alternative, more limited, governments alike. Traditionally, spectrum possibly less secure, yet more reliable mode has been auctioned to the highest bidder to of communication. generate high revenues for governments. This is especially the case in the provision of Trustworthy commercial operation: commercial mobile networks, with a high vulnerability induced by mobile network consumer volume and, therefore, high operation models Significant debate has revenues. For PPDR, the scale of use of been made in recent years with regard to the communication technology is much lower possible operational models for future than for consumers. There is therefore a broadband for PPDR. Commercial mobile March 2017 David Lund Page 8
networks commonly share resources to communicate. In many countries between different opera- tors, such as base emergency service first responders will carry station antenna installations. Future both TETRA (or other push to talk voice considerations of network ‘slicing’ allow for system) and a typical mobile phone, using sharing of other physical resources such as the typical mobile phone as a secondary processing hardware and backhaul communication medium to the secure and networking connectivity. Fundamental cost resilient TETRA system. Operational savings are made when sharing resources. procedures will say that TETRA ‘must only’ This moves away from every mobile operator be used for operational voice owning their own physical infrastructure. communications. However, one could The prospect of sharing these resources is anticipate what may happen when the controversial. Commercial mobile services TETRA device may develop a fault or is out can agree service level terms for sharing of of range, and where the mobile phone carries resources on the basis that their individual a long battery life and is in range. Would the service offerings to the consumer mobile first responder simply call back to base to user are similar. Sharing between high value report the problem, or continue to use the consumer revenue generating services, and mobile phone to assist in the particular minimal revenue generating services for emergency? Similarly, the TETRA terminal PPDR is a more difficult consideration, will securely transmit GPS location of the extending further the debate on dedicated responder, whereas the location of the spectrum as described earlier. Availability of mobile phone will most likely be easy to PPDR services may be compromised in obtain. This example poses no problem favour of fee paying consumer access. during everyday regular activities, where the However, this may not necessarily be a consequence of location exposure is simply conscious business decision. not interesting to anybody other than an inquisitive scanning hobbyist. However, a This also requires functionality in the wireless group of adverse rouges with an intent to and network technology to allow for critical insight terror and disruption will surely find services such as PPDR communication to be the location of public safety responders to be prioritised or to pre-empt consumer access. valuable. They may use this information to Whilst the mobile standards community have understand regular operations and protection developed global technical standards for strategies, and then divert their adverse priority and pre-emption of services, no activity away from responders for the most mobile operator has yet implemented and disruptive effect. proven that wireless and network resources can effectively be shared between critical Disrupting the TETRA service by jamming or and consumer services. The UK Emergency other means, may force users to choose their Services Network [13] will be one of the first alternative technology, hence disclosing their to test this sharing model. operational picture, location of responders and the information services used. Technology mistrust and subversion ‘Apps’ on the regular mobile phone may be The following gives and example of how a found additionally useful to the first user of communication technology may responder. Use of public information services inadvertently expose themselves. It is a is useful in many circumstances. However, common occurrence where users, frustrated there remains a risk of similar disclosure of with limited technology, will find other ways responder situation and patterns of daily March 2017 David Lund Page 9
routine where mobile connectivity and accommodate the true purpose of use, and information services are more widely both human use and misuse of the accessible than those dedicated technology. Most importantly, misuse and communication services which are malfunction is most commonly non- specifically provisioned for the first malicious; much more common than responder, and their commanding malicious subversion. Measures should be colleagues. taken during technology development and installation, and be supported by operational Ad-hoc use of cheap COTs communication procedures to maximise operational On many occasions, cheap off-the-shelf efficiency and to minimise misuse and communication systems have offered the malfunction. best solution where installed mobile networks have been damaged or failed to Conclusions deliver during a crisis. Backpacks can This paper presents some of the basics of combine low-cost ISM band radios for voice how wireless communication technology and satcoms with wifi for data coverage. works and how it is used. Allowing a small number of responders to Throughout the paper we consider the communicate in adverse conditions is highly threats and vulnerable properties of wireless, valuable for their collaborative effort. Whilst the types of information carried over wireless we consider this to be a less capable and technologies, and examples of how wireless often less secure mode of operation, having technologies have been hacked in recent some communication rather than none at all years through small case studies (see case is preferable. Where fixed mobile networks studies at the end of this paper). are installed, it is highly desirable to be able to integrate technologies such as this to allow We look at current activities to develop next access where some wireless capability fails, generation wireless technologies and and other technology can take its place. conclude with a need to build security into the However, these systems must deliver the next generation of wire-less communication same level of security. They must extend the systems from the outset, rather than to add approved mobile networks with the ability to secure features later. work in isolation, but should not replace them Achieving wireless communication cyber with lower levels of security. security is a broad, multi-faceted and multi- disciplinary problem space. Challenges are Secure wireless architecture design, posed for both the wireless and network implementation and operation technology aspects, but also the Developing wireless networks is a complex socioeconomic eco-system surrounding the undertaking with all of the actors explained need and use of the technology. Balancing earlier playing key roles. Development of these socio-technical aspects is key to wireless networks to provide critical and protecting our personal and critical secure communications to operate under information that flows through the airwaves. critical and sensitive information assurance As with all considerations of cyber security, conditions is a challenge for all involved we live in a world of changing threat. Typical disciplines. Design and operation of the software technologies are now updated overall information system is key to yield and regularly. Wireless technologies are primarily secure the benefits of future critically enabled comprised of software nowadays. Similar wireless broadband. Such design must March 2017 David Lund Page 10
concerns should be considered with regard shortage which must be filled and to the quality and longevity of the software subsequently maintained. that is implemented for our wireless Manufacturers and application developers components that are responsible for must ensure that their products are fit for transmitting and receiving valuable purpose. They should balance the usability information over the RF airwaves. Should we and acceptance of the enabled information update or adapt RF transceiver software to services with the mechanisms needed to cope with a changing RF threat environment, keep information protected, as appropriate to or do we simply rely on the disposable nature its criticality and context. of consumer technologies to keep our wireless software up to date? Critical Economic scaling will likely lead to shared communication technologies typically have a spectrum and infrastructure models. Most lifespan of 20–30 years. Is it viable to importantly, operators of wireless networks maintain a long lifetime model like this? Or must assure that wireless information should these new technologies be made to services retain confidentiality, integrity, and be updatable or replaceable? Cost factors availability. This must be achieved again come into play here. individually, differently and applicably for each of the many different classes of A key concern could be with regard to the application and user. This then must provide advent of the quantum threat [14, 15]. It is a sustainable balance of priority and expected that modern strong cryptographic preemption for both critical communication techniques will become vulnerable in the services at lower volume and consumer use advent of the quantum computer within the at high volume with larger economies of next 10 years. Therefore, when considering scale. long term deployment of new critical information infrastructure technologies, a Wireless services enabling our critical strong consideration should be placed on the infrastructures and consumer mobile and IoT choice of cryptographic techniques which are applications must each be able to share known to be immune to the quantum threat. resources without compromise of each other. International policy for cyber security is new. We, as consumers, simply need to be aware It is known that policy is much slower to that others are using our wireless resources update than the evolution of the information and be cautious and aware of the information technologies that we use. Government that we share about ourselves, our family, actors must maintain close attention on the friends and colleagues. emerging cyber threat in order to assess the appropriateness and coverage of policy. In a Acknowledgments similar manner technical standards may This work could not be compiled without the provide provisions to support the way in continued support of our team at HW which wireless communication technologies Communications (www. hwcomms.com), may counter cyber wireless threat. In the and the constant discussion and liaison with changing threat landscape, standardisation our many collaborators in Horizon2020, bodies should assess that their security InnovateUK, and other research projects with mechanisms protect against known threats which we are involved. Special thanks to the but are sufficiently adaptable as threats members and partners of Public Safety change. Most importantly there is a skills Communication Europe (PSCE) Forum for the continued debate and hard work driving March 2017 David Lund Page 11
towards solving the challenge towards and information systems across the resilient EU interoperable broadband Union communication (www.psc-europe.eu, [6] ‘Overview of ITU’s History’. Available at www.broadmap.eu). http://www.itu.int/ en/history/Pages/ITUsHistory-page- References 2.aspx, accessed 23rd November, 2015 [1] 802.11ad-2012 – IEEE Standard for [7] ‘Key definitions of the Data Protection Information technology-- Act’, UK Information Commissioners Telecommunications and information Office (ICO). Available at exchange between systems--Local and https://ico.org.uk/ for- metropolitan area networks– Specific organisations/guide-to-data- requirements-Part 11: Wireless LAN protection/key-definitions/, accessed Medium Access Control (MAC) and 23rd November 2015 Physical Layer (PHY) Specifications [8] The Radio and Telecommunication Amendment 3: Enhancements for Very Terminal Equipment Directive 1999/5/EC. High Throughput in the 60 GHz Band Available at http://ec.europa.eu/ [2] ‘White Paper – Visible Light growth/sectors/electrical- Communication Technology for Near- engineering/rtte-directive/ Ubiquitous Networking’. Available at [9] RECOMMENDATION ITU-R P.372-12, http://visilink.com/ wp- Radio noise. Available at content/uploads/2012/03/Visilink- https://www.itu.int/dms_pubrec/itu- Technology-White-Paper-January- r/rec/p/R-REC-P.372- 12-201507-I!!PDF- 2012.pdf, accessed 23rd November 2015 E.pdf [3] ‘Methodologies for the identification of [10] Home Office Slips out and Android Critical Information Infrastructure assets passport Reader. Available at and services’, ENISA, February 2015. http://forums.theregister.co.uk/forum/1/2 Available at 013/ https://www.enisa.europa.eu/activities/ 06/20/home_office_slips_out_android_p Resilience-and-CIIP/critical- assport_reader/, accessed 23rd infrastructure-and-services/ November 2015 Methodologies-for-identification-of- [11] ‘Before you use a WiFi Pineapple in ciis/methodologies-for- the-identification- Vegas during a hackers’ security of-ciis, accessed 23rd November 2015 conference, you better know what you are [4] Three ‘Computer hackers can now hijack doing.’ TOILETS: ‘Smart Toilet’ users in Japan http://www.networkworld.com/article/246 could become victim to Bluetooth bidet 2478/microsoft- subnet/hacker-hunts- attacks and stealthy seat closing’. and-pwns-wifi-pineapples-with-0-day- at- Available at http://www. def-con.html, accessed 23rd November dailymail.co.uk/sciencetech/article- 2015 2384826/Satis-smart-toilets-Japan- [12] ‘5G Innovation Opportunities’, TechUK, hacked-hijacked-remotely.html, August 2015. Available at accessed November 2015 https://www.techuk.org/insights/reports/it [5] Directive (EU) 2016/1148 of the em/ 6008-5g-innovation-opportunities-a- European Parliament and of the Council discussion-paper, accessed 23rd of 6 July 2016 concerning measures for a November 2015 high common level of security of network March 2017 David Lund Page 12
[13] ‘Breaking radio silence: The value of 2919762/Hacking-Wi-Fi-s-child-s- play- communication in public services’. Seven-year-old-shows-easy-break- Available at http://www.lse.ac.uk/ public-network-11- minutes.html, businessAndConsultancy/LSEEnterprise accessed 23rd November 2015 /news/2014/Tetra.aspx [22] https://cve.mitre.org/cve/cve.html, [14] The quantum clock is ticking on accessed 23rd November 2015 encryption – and your data is under [23] ‘Research behind a hack of the Oyster threat. Available at card will be released which has serious http://www.wired.co.uk/article/ quantum- implications for cards using the same computers-quantum-security-encryption, MIFARE chip around the world’. Available accessed 6th February 2017 at http://www. itpro.co.uk/604770/oyster- [15] SafeCrypto project. Available at card-free-travel-hack-to-be- released, www.safecrypto.eu, accessed 6th accessed 23rd November 2015 February 2017 [24] ‘Gartner Says 4.9 Billion Connected [16] Radio Equipment Directive (RED) ‘Things’ Will Be in Use in 2015’. Available 2014/53/EU. Available at at http://www.gartner.com/newsroom/id/ http://eur-lex.europa.eu/legal- 2905717, November 2014, accessed content/EN/TXT/?uri=celex: 23rd November 2015 32014L0053 [17] Ofcom RA419. [25] UK DCMS, Incorporating social value Available at into spectrum alloca- tions’. Independent http://www.ofcom.org.uk/static/ Report, UK Department for Culture, archive/ra/publication/ra_info/ra419.doc Media and Sport, November 2015 [18] ‘Technologies and approaches for [26] UK Emergency Services Network. meeting the demand for wireless data Available at https://www. using licence exempt spectrum to 2022’. gov.uk/government/publications/the- Final Report, Ofcom, January 2013, emergency-services- mobile- Quotient Associates. Available at communications- http://stakeholders.ofcom.org.uk/binaries programme/emergency-services- / research/technology- network, accessed 18th September 2016 research/2013/demand-wireless.pdf, accessed 23rd November, 2015 [19] Dillinger, M., Madani, K., Alonistioti, N.: ‘Software defined radio: architectures, systems and functions’ (Wiley & Sons, 2003), ISBN 0-470-85164-3 [20] Mobile Network Security: a tale of tracking, spoofing and owning mobile phones. Defcon Moscow. OpenBTS & IMSI-catcher. – http://www.slideshare.net/iazza/dcm- final- 23052013fullycensored, accessed 23rd November 2015 [21] Hacking Wi-Fi is Child’s Play – 7 year old shows how easy it is to break a public network in 11 min. – http://www.dailymail. co.uk/sciencetech/article- March 2017 David Lund Page 13
Case study mobile devices. Power limitations typically reduce the range of Bluetooth devices to 10– 15 Additional examples of wireless compromise m. Directional antennas, similarly low cost, Case study: television interference involving significantly increase that range. Searching TETRA radio communication systems: In keyword ‘Bluetooth’ in the CVE database [20] 2003 the UK Radio Agency (now OFCOM) yields 109 CVE entries. published a document [16] in response to complaints about the use of new TETRA technology by the emergency services. This Case study: NFC reading – Oyster card: NFC document clarifies that wideband TV amplifiers allows for close proximity exchange of used on residential TV antennas are the most information with a passive device which is likely source of interference due to their own non- powered by the RF field generated by the reader linear responses to the TETRA signals. device. In 2008, a judge rules [21] that a hack found by Case study: IMSI collection of 3G using 2G: Radbound University to reverse the algorithms in Low-cost software defined radio [17] equipment the Oyster Card (used on London Underground) can be used together with openly sourced code should be made public. Free travel is therefore that can mimic a GSM base station. The ‘man-in- made available to all whom have the motivation the-middle’ base station operates at a reasonably to implement the hack until Oyster readers are low power to avoid detection by the authorities updated. and only for the time needed to carry out its operation. A 3G mobile device comes into range Case study: NFC reading – ePassports: UK of the rouge base station. The rouge intercepts passports issued since 2006 include a NFC and notices the 3G operation of the mobile device now widely used for passage through device. A jamming signal is transmitted which will auto- mated border control barriers. In 2013, the naturally force the mobile device to fall back to UK Home Office released an Android app [22] 2G/GSM mode, registering itself with the rouge which can be used to decode your own, or base-station and coming under its control. anyone else’s passport details using an Android Further activity can be carried out to ascertain device, most of which have built-in NFC details of the phone, route calls, disable transceivers. encryption or simply identify the presence of the user by identifying the IMSI which represents the Case study: Hackers on Hackers – Wifi SIM card and, hence, end user [18]. hacking WiFi: There is a continuous challenge, to challenge and test each other. In famous Case study: WiFi hacking: It is easy to obtain conference Defcon22 in 2014, a well-known WiFi simple WiFi equipment with the capability to act device, cheaply available and made easy to as a man-in-the-middle access point to intercept, intercept WiFi transmissions was, itself, attacked fool and even run routines to remove or crack [23]. Many hackers where known to have utilised encryption routines. A laptop offers a mere this device in preparation to demonstrate their starting point. A seven year old recently own interception and hacking prowess during the demonstrated the ease of cracking a public Wi-Fi conference. To their dismay, all users find that system in 11 min [19]. At the time of writing, their device itself had been hacked and rendered searching for keyword ‘WiFi’ in the CVE database useless after connecting to the conference wifi [20] yields 68 entries, the majority of which reside network. in the software within certain wireless devices. Case study: Bluetooth hacking: With Bluetooth widely used for making phone calls, syncing contacts, ‘Bluebugging’ is the well-known method used to exploit vulnerabilities and take control of March 2017 David Lund Page 14
You can also read