Wireless Communications Cyber Security - PSCE ...

Page created by Victoria Mccormick
 
CONTINUE READING
Wireless Communications Cyber Security                                  This paper is a postprint of a paper accepted by IET Engineering
                                                                        Reference and is subject to Institution of Engineering and
                                                                        Technology Copyright. The copy of record will be available at
Dr David Lund                                                           IET Digital Library
Head of Research and Development, HW Communications, Lancaster, UK
Board Member, Public Safety Communication Europe (PSCE) Forum, Brussels, Belgium

In our marketplace we have many new wireless communication options to choose from. They are
built into modern ‘attractive’ devices, that the authors choose as they become new and popular,
with the capability to communicate more than ever before. This study presents some of the basics
of how wireless communication technology works and how it is used. The eagerness to embrace
modern wireless technology has yielded us vulnerable. How do we understand that? What can
we do to protect ourselves, and what is coming in the next generation of wireless technology
which will be used to support some of the more critical and sensitive aspects of the daily work
and life?

Introduction                                                     using wireless LANs or long haul point to
In our increasingly connected world, we rely                     point microwave links, etc.
upon many different flavours of wireless                         Such benefits of wireless technology, albeit
technology. Wireless communication has                           with the limited involvement of cats, have led
numerous advantages. As consumers and                            to the increased transmission of valuable
workers, wireless technologies allow us the                      information over the air. Valuable information
freedom to move around and yet remain                            assets become attractive to attackers, and
online. Wireless connections allow us to                         vulnerable when carried over poorly
distribute devices around our person,                            implemented or configured wireless systems.
allowing for different types of inter- action                    Coupled with the availability of low-cost
with our information; a laptop, a tablet, a                      devices for interception, there is a distinct
watch, a personal health monitoring device,                      need for our community to understand how
even our vehicles. Wireless technology                           to protect over-the-air trans- missions. How
allows our everyday transactions; such as                        we use our wireless devices is also
wireless ticketing, credit card transactions,                    considered to be valuable in some contexts.
ePassports, etc., to be convenient and
speedy. Wireless technology provides                             All wireless technologies rely upon a
commercial benefits in terms of reducing                         common physical resource – radio frequency
infrastructure    and    installation    costs;                  (RF) Spectrum. In all cases, a wireless
minimising cable installation in buildings and                   device has a physical interface with the air,
                                                                 or free space, to transmit and receive
A famous quotation from Albert Einstein is often                 information using a specific frequency band.
used to illustrate the benefit of wireless:
                                                                 RF spectrum is accessible by everyone.
                                                                 Regulations are in place both nationally
‘The wireless telegraph is not difficult to
understand. The ordinary telegraph is like a very                (Ofcom in the UK) and globally (ITU) to allow
long cat. You pull the tail in New York, and it                  for regulated and controlled use of spec- trum
meows in Los Angeles. The wireless is exactly the                as a shared physical resource.
same, only without the cat.’ In simple translation,
                                                                 Analogue wireless technologies (frequency
the telegraph wire is not needed for ‘wireless’.
                                                                 modulation, amplitude modulation, etc.),
                                                                 have been used for radio and TV broadcast,

March 2017                                           David Lund                                                             Page 1
and push-to-talk voice calls for many years.        transmissions can be easy. They can be
Only a small amount of low-cost equipment           easily received and, in some cases,
is required to intercept and listen to content      modified.     Therefore,      a   number     of
carried within RF signals. Hobbyists have           considerations are made to secure and
been using analogue radio scanners for              protect our wireless transmission. This can
many years, to listen to police, fire and           be considered in three primary vectors with
ambulance operators discuss operations as           relation to classical consideration of
they walk by, or as their vehicles pass. Most       confidentiality, integrity and availability:
of these listeners are simply curious and           Information throughput ‘availability’ –
have no malicious intent whatsoever.                wireless communication resilience: Wireless
However, users such as emergency service            network operators are keen to ensure that
first responders will discuss and relay             their networks remain ‘Available’. Physical
information which is much more sensitive            properties of RF transmission make it easy to
than our everyday personal phone calls and          go ‘out of range’, or many users sharing RF
social media interactions. This information         resource may have to wait until the spectrum
may be attractive, for example, to those            is either clear for use, or our time-slot is
wishing to subvert emergency service                available for use. The presence of
operations in order to facilitate malicious and     interference needs to be mitigated to allow
criminal activity.                                  for reliable transmission and available
Our personal information may be attractive to       information throughput capacity. Many, such
others wanting to know our business                 as commercial cellular networks, rely upon
interests, personal life patterns, our              availability of service to generate revenues
purchasing interests or our general status of       from calling, texting and data services, or
health.                                             simply to maintain their reputation and
This paper provides an introduction of the          customers.
basic properties of wireless communication          Information ‘confidentiality’: Information
and how different systems protect both the          carried over the air should be significantly
resilience and confidentiality of information       difficult or impossible to decode, should it be
carried over the air.                               intercepted. Cryptography and secure
The primary case study given in this paper          protocols play a key role here.
covers the advent of the public safety              Information ‘integrity’: We should remain
community demanding mobile broadband                confident that the communication we receive
capabilities to aid their operations. This          is integral and has not been modified during
reflects some challenges that are faced as          transit over the air, or any associated wired
we start to integrate wireless communication        network connection or equipment.
into more of our critical and sensitive
infrastructures and operations.                     Properties of wireless communication
At the end of this document, seven smaller          systems
case studies give examples of how wireless          Whilst RF Spectrum is accessible by anyone,
systems have been compromised in recent             its access is somewhat limited by the
years.                                              physical properties of the transmitters,
Spectrum as a common resource                       receivers, the protocols that they use and the
With RF spectrum as a common resource for           environment. Parameters include:
wireless   communication,   access     to

March 2017                                   David Lund                                   Page 2
Transmission frequency: Where in the RF             between propagation properties, reception
spectrum is the system operating? Different         reliability and data throughput. Error control
frequencies     have     different   physical       coding is a mathematical technique to
properties. Lower frequencies typically             provide       extra    redundancy     to     a
propagate over longer distance than higher          communication, to allow for detection and
frequencies. Some frequencies are more              correction of errors at the receiver. Link
susceptible to the physical environment than        protocols attempt to keep both transmitter
others. For example, 60 GHz communication           and receiver talking with the same
systems (e.g. WiGig [1]) may be blocked by          modulation and coding, and to handle any
oxygen molecules in our air. Visible light          lost packets, requesting retransmissions
communication [2] is simply blocked by              where necessary. Higher layers of protocols,
physical objects, such as walls. All RF             such as in 2/3/4/5G maintain registration of
signals may be reflected and distorted when         the user and mobility of a wireless device.
transceivers are moving with respect to each        These protocols allow for carefully controlled
other and other objects in the sur- rounding        access to allocated spectrum and handoffs
environment, therefore making reception             between different base stations and different
more challenging.                                   radio access tech- nologies as a mobile
Transmitted power: Higher transmitted               device physically moves. Protocols also
power yields longer transmission range. In          ensure that the mobile device and user are
simple terms range is typically controlled by       authenticated and that wireless access is
the inverse square law, where transmitted           authorised. Usage is monitored and billed by
power exponentially diverges as it                  commercial cellular operators as the user
propagates. Higher transmission powers              uses the service.
typically    demand        more      expensive
transmission       components       (antennas,      Vulnerable information
amplifiers, etc.) increasing cost, weight, size     As already described, we exchange
and battery life. Increased transmission            significant volumes of valuable information
range yields an increase in the possible            over wireless technologies and networks.
range within which signals can be                   The following gives a brief flavour of what we
intercepted by an interested party.                 exchange and the potential consequences of
                                                    our compromised information:
Receiver sensitivity: Communication receiver
technology is both susceptible to receiving
interference, but also has a physical bound         Commercially sensitive information
on how little power is needed for successful        The mobile workplace, coupled with the
reception of a wireless transmission.               ‘cloud’ continually increases the exchange of
Advanced       silicon   techniques     and         commercially sensitive information. Shared
amplification may be used in receivers to           cloud and radio infrastructure makes a
improve receiver sensitivity. Increased             significant economic saving for large and
sensitivity further increases the range             small organisations alike, increasing this
between transmitter and receiver for both           desire to transact wirelessly, online.
intended and unintended reception.                  Commercial information transferred includes
                                                    financial data, intellectual property, location
Coding, modulation and link protocols:              and mobility of staff, etc. Compromise of
Modulation determines the ‘shape’ of the            commercial information may disadvantage a
energy transmitted. Different modulation            commercial      operation.     For   example,
methods provide different trade- offs               competitors may yield an advantage by

March 2017                                   David Lund                                   Page 3
knowing the details of competing products in         Monitoring and control information – critical
development, staff, or of the financial              infrastructure
capacity or internal movements and politics          On a more serious note, our critical infra-
of a competing company. Personal data –              structures require continual monitoring and
ours and others: Information describing our          control. This class of information has very
everyday lives is carried over the airwaves.         different levels of importance. Electricity and
We commonly transact our personal                    gas distribution networks, railways and
information using online shopping services,          highways, all require careful management to
banking and social networks. Wearable                ensure that our services remain available.
devices measure our heart rate and activity,         Disruption to any of these services can have
and are wirelessly connected to our                  a catastrophic effect. Loss of electricity
smartphones. We become our own data                  supply has a significant cascade on other
controller [3], controlling disclosure of our        services, such as railways and the pumping
own information and that of our friends and          of     water,     for    example.      Wireless
colleagues. Some organisations may gain              communication         networks    underpinning
benefit from knowing our interests, our              critical services, should be considered as
patterns of life or our physical circumstances.      critical infrastructures them- selves as they
Marketing activities often try to understand         also present as a cascade vulnerability
our patterns of life, in order to target             where other societal services rely upon them
advertisements to our interests and therefore        [3]. The new European Networked
increase their probability of a product sale.        Information System direct- ive came into
                                                     force in 2016 [5]. This aims towards a more
Monitoring and control information –                 stringent consideration of critical information
consumer                                             infrastructure protection. However, wireless
The Internet-of–Things (IoT) is upon us [4].         technologies are not explicitly referenced,
Technologies today allow us to monitor our           where the accountability and responsibility
central heating and tele- vision recordings.         for the cyber security of both wireless and
Even cookers and washing machines are                infrastructure aspects are left in the hands of
available which can be monitored and                 the operator of the information infrastructure.
controlled from our mobile phones. Easy
attacks yield an element of comedy by                Wireless threat and vulnerability
allowing the possibility of flushing next door’s     The following describes aspects that
toilet via your mobile phone [4]. We find that       threaten our wireless communication. These
the specific information and control related to      included both regulatory, environmental,
interacting with our own appliances may not          inadvertent and potentially malicious threats.
be so interesting to those listening. However,
we may feel uncomfortable about our privacy          Regulation         and         electromagnetic
being compromised. Such monitoring and               interference (EMI)
control can demonstrate our patterns of life;        Spectrum is considered as a scarce resource
which TV programmes we watch, when we                and regulation somewhat limits its use. Since
are away or at home, what time do we turn            the first transatlantic radio communication in
our lights off at night and how often we use         1901 [5], access to spectrum has been
the toilet.                                          regulated. Spectrum is segmented into
                                                     bands and limits are imposed on
                                                     transmission power. The new European
                                                     Radio Equipment Directive (RED directive)

March 2017                                    David Lund                                   Page 4
[6] superseded the R&TTE [7] directive in           Wireless LANs, Bluetooth, Zigbee, etc. are all
2016. The RED directive places even more            developed to use ISM bands. The
stringent emphasis on testing the receiver’s        prevalence of low-cost devices on the
susceptibility to interference, together with       market, and our need to work wirelessly has
compliance to transmission specifications           led to crowding in these bands. The 2.4 GHz
which will be linked to its transmission band       ISM band is es- pecially crowded in many
and power. A primary goal is to allow radio         urban locations. The major- ity of
equipment to coexist and to ensure one unit         technologies that operate in ISM bands use
does not inadvertently interfere with another.      carrier sense multiple access (CSMA)
This is considered in terms of both trans-          techniques. CSMA simply listens for
mitting only within which spectrum and power        presence of another transmit- ter and
levels permitted, and to be resilient in the        controls transmission to occur only when the
face of other interference (e.g. due to legacy      spectrum is unused. As such, this can only
or faulty devices).                                 provide a best-effort access to spectrum,
Electromagnetic interference is a primary           commonly leading to reduced availability and
threat to the availability and performance of       delays in service where the system is used in
wireless       communication         systems.       crowded spectrum. Many arguments are
Interference may be generated naturally             made that ISM bands have led to more
around our environment [8], by poor quality         efficient use of spectrum, but at the expense
devices, malicious interferers or jammers.          of uncertainty of access [9]. New research
Poor quality devices may generate non-              and methods for sharing access to spectrum
linear      responses;       harmonics       or     are needed to understand how to address
intermodulation products which derive from          this balance.
the original signal, inadvertently interfering
with intended transmissions in other bands.         Advanced         protocol    analysis    and
R&TTE and RED directives both seek to               manipulation
minimise out-of-band transmissions, and the         Easy access to spectrum allows for the
RED directive extends to ensure that                possibility to analyse flows of traffic to
receivers are resilient to unintended               ascertain       typical    operations    and
interference. However, even with more               configuration. Simply listening to RF traffic,
stringent controls for product developments         monitoring for modulation and coding type,
and approvals, not all devices are tested prior     packet sizes and regularity can identify both
to sale and devices may degrade their               the protocol being transceived and key
performance over time, leading to out-of-           statistical signatures which can as- certain
band and inadvertent interference to other          which devices are being used. Gathering
systems. See the case study on Television           information in this way can then lead to
Interference Involving TETRA for an example         knowledge of alternative vulnerabilities and
of this.                                            vectors for attack. See case : case study on
                                                    international mobile subscriber identity
Crowded spectrum                                    (IMSI) collection for an example.
Spectrum regulation leads to crowding in
some bands. The Instrumentation Scientific          Presence detection and characterisation
and Medical (ISM) and Short Range Device            Many mobile phone devices now contain
bands allow for a reasonably flex- ible use of      multiple RF devices; WiFi, Bluetooth, 2/3/4G
spectrum by unlicensed users within set             cellular, near field communication (NFC), etc.
bands and transmission power limits.                Silicon devices are highly integrated,

March 2017                                   David Lund                                  Page 5
allowing for multiple RF tranceivers to coexist      transfer. Network engineers optimise
within the same integrated circuit. With             interconnectivity and transfer of information
technology tightly integrated for the original       between different systems.
purpose of providing advance wireless                Hardware Engineering Experts: to implement
connectivity, these devices are also used to         the hardware required to transceive RF
intercept and characterise our wireless              energy, to develop low power processing
communications.                                      capabilities, user displays and tactical/haptic
                                                     interaction.
Hence our current technologies are
                                                     Software Engineering Experts: to implement
vulnerable, what about the future?                   efficient software to support the requirements
There is an increasing appetite to implement         of the RF, information theory, network and
faster    and    more     capable    wireless        needs of the user application and information
communication systems (5th Generation                management systems.
Mobile – 5G [10]). On the other hand, we see
activity to implement simpler and higher             Social Science Experts: to guide on how
volume wireless devices (IoT [4]). Most              devices and applications will be used. If a
importantly, communication technology for            device or application is not socially
public safety, public protection and disaster        acceptable or useable, then there will be a
relief (PPDR) and communications needed              limited acceptance and use. Ethical and
by critical infrastructures are key to               psychological considerations play an
safeguarding our society. These are often            important role here to ensure that the
over- looked due to their low commercial             technology is pervasively integrated into
volume.                                              daily operations, aiming to assist those
                                                     operations, and not to burden them.
In all cases, there are a number of common
challenges to face both in terms of the              Legal and Regulatory Experts: to guide on
disciplines required in consideration for the        the legal and regulatory barriers to the
development of new secure wireless                   deployment of wireless systems. As
technologies, and the perceived needs for            described above, there are regulatory
future generations of wireless technologies.         restrictions on how we may access spectrum.
                                                     In terms of operational information, critical
                                                     information       infrastructure   protection
Multi-discipline development of future
                                                     regulations aim to our critical services, and
wireless
                                                     data protection regulations. Safeguard data
Engineering of wireless communication
                                                     protection and our privacy are prominent
systems cannot yield secure solutions
                                                     here. This expertise provides interpretation
without the involvement of a collection of key
                                                     of the regulations and the means for the
actors. Primary actors include (with only a
                                                     provision of standards and guidelines on how
basic, underrated description):
                                                     wireless devices should legally handle
RF and Information Theory Experts: To                information.
design the most efficient next generation
                                                     Security Experts: This class of expert has the
methods of digital communication. RF
                                                     most difficult problem to cross all disciplines;
experts cross the barrier between physics
                                                     to guide on the implementation of regulatory
and the engineering of RF energy coupling
                                                     boundaries, the balance between protection
and propagation. Information theory experts
                                                     and value added capability, working within
optimise cryptography and coding for more
                                                     social acceptance, and giving oversight to
efficient, confidential and integral information

March 2017                                    David Lund                                    Page 6
users and operators on the known methods          protocols and the information carried over
of compromise to our wireless systems and         wireless communication is going to protect
the information that they carry.                  and fulfil the sensitive needs of the critical
Security spans the entire communication           application. This is typically arranged through
device, and the interrelation between             contractual obligations for suppliers to
physical operations and the different             provide continual support through a wireless
information systems that underpin our daily       product’s lifetime; keeping systems operating
lives.                                            reliably, tightly configured, software up to
                                                  date and to support the hardware. Securing
The security engineer has the most difficult      the supply chain is key here; hardware and
and unenviable job, for which there is a          software components may be vulnerable or
limited skills capacity in many countries.        even compromised even prior to integration
Skills capacity is surely building on the         and delivery of the wireless product.
malicious side. Furthermore, security skills
are typically either broad and shallow to         The choice of how to implement a wireless
cover the basics of each aspect across these      system to maintain a secure existence
complex systems, or often lost in deep silos      considers a number of factors:
of specific capability, e.g. cryptography, or     Physical Security: How to transmit? How
specific secure wireless protocols.               easy is it to intercept the transmission? How
                                                  to keep the processing equipment itself
Can we protect ourselves and our                  secure?
systems?                                          Protocol   Security:   How       to   control
Everyday, as consumers, probably not! Not         transmission? How easy is it to interpret and
with our low-cost devices and poorly              decode the transmission?
perceived trust of the brands of the
                                                  Organisational Support for Security: How to
technology that we buy. In the consumer
                                                  manage users of the wireless capacity?
sense, we either need to be more vigilant on
                                                  Does the organisational structure operating
the default configuration of our devices, or
                                                  the wireless network have appropriate
simply trust the product that we buy.
                                                  motivation to assure service access
Sensibly, we cannot hope for much better
                                                  requirements to different classes of its users?
than we have. The most difficult issue is
keeping a wireless device’s software up to        Societal and Operational Interaction: Do the
date. If support to consumers can be              users of wireless communication services
improved, then consumers can be helped to         honour their own obligations to keep
protect themselves. This is evident through       information and applications secure and
the regular updates and encouragement to          follow operational procedures? Interaction
install virus protection software on modern       with devices must be carefully designed to
PCs. However, an equivalent level of              ensure that they remain reliable enough for
protection is desirable for our consumer          the purpose of use. Users must be supported
wireless devices to counter any new               by their technology to be able to:
vulnerabilities which may be encountered                •   Easily and securely operate their
after the wireless device leaves the factory.               applications and devices
With regard to critical communication                   •   improve their operations and to not to
systems, there is a more stringent process to               hinder them
follow to assure that software, wireless

March 2017                                 David Lund                                         Page 7
•   too prevent a frustrated user from deciding      limited argument supporting the competition
       to use an alternative and less secure method     for spectrum with low usage and a very
       of communication to carry out their day job.     different and more limited revenue model.
                                                        However, the benefits are of a socio-
Consumers using social media are slowly
                                                        economic nature, where technology is used
learning what they can and should not share
                                                        to help saves lives, and recover from
online with regard to their own personal
                                                        disastrous situations which may threaten our
situation and that of their friends and
                                                        livelihoods and the economy. The London
colleagues.
                                                        School of Economics argues the case for
                                                        spectrum used as dedicated for public safety
Case Study: wireless broadband for                      operations compared to being commercially
public safety first responders                          allocated [11]. This study estimates that
This case study comprises of a number of                socioeconomic gain will be much greater if
factors surrounding wireless communication.             spectrum is dedicated for use by the public
We first cover aspects of economy of scale              safety community than if spectrum is
and spectrum allocation. We then consider               auctioned for use by a commercial cellular
challenges to the design aspects of the user            operator. A recent report made for UK
interaction with those devices where wireless           Department of Culture Media and Sport [12]
allows for communication during emergency               looks at the incorporation of social value into
and time critical situations.                           the consideration of spectrum allocation.
                                                        Whether spectrum is appropriately allocated
Economics of spectrum                                   for public safety, or where network sharing
The public safety community has argued for              arrangements        are    made,    significant
many years to dedicate spectrum for use of              socioeconomic benefits are expected to be
broadband services by PPDR organisations                made by improving the safety and security of
and first responders. Their communication is            our community; by better use and
mission critical and vital for saving lives.            deployment       of     broadband     wireless
Sharing of spectral and network resources is            technology. This poses a bigger challenge
highly controversial; a tension between                 for system development. Public safety first
economic and societal benefits. It is strongly          responders using secure broadband wireless
argued that public safety communication                 technology will be able to use richer media,
should have an exclusive access to spectrum             but will be making decisions under time
to be able to communicate immediately when              pressure. If their devices and applications do
necessary. On the other hand, the utilisation           not support their role in a timely manner with
of spectrum will be relatively low compared             a high degree of accuracy, and therefore
to revenue generating commercial services               trust, they either would not use them at all, or
that    benefit    mobile    operators     and          make use of an alternative, more limited,
governments alike. Traditionally, spectrum              possibly less secure, yet more reliable mode
has been auctioned to the highest bidder to             of communication.
generate high revenues for governments.
This is especially the case in the provision of         Trustworthy commercial operation:
commercial mobile networks, with a high                 vulnerability induced by mobile network
consumer volume and, therefore, high                    operation models Significant debate has
revenues. For PPDR, the scale of use of                 been made in recent years with regard to the
communication technology is much lower                  possible operational models for future
than for consumers. There is therefore a                broadband for PPDR. Commercial mobile

March 2017                                       David Lund                                    Page 8
networks commonly share resources                    to communicate. In many countries
between different opera- tors, such as base          emergency service first responders will carry
station   antenna     installations.   Future        both TETRA (or other push to talk voice
considerations of network ‘slicing’ allow for        system) and a typical mobile phone, using
sharing of other physical resources such as          the typical mobile phone as a secondary
processing     hardware      and     backhaul        communication medium to the secure and
networking connectivity. Fundamental cost            resilient TETRA system. Operational
savings are made when sharing resources.             procedures will say that TETRA ‘must only’
This moves away from every mobile operator           be      used      for     operational    voice
owning their own physical infrastructure.            communications. However, one could
The prospect of sharing these resources is           anticipate what may happen when the
controversial. Commercial mobile services            TETRA device may develop a fault or is out
can agree service level terms for sharing of         of range, and where the mobile phone carries
resources on the basis that their individual         a long battery life and is in range. Would the
service offerings to the consumer mobile             first responder simply call back to base to
user are similar. Sharing between high value         report the problem, or continue to use the
consumer revenue generating services, and            mobile phone to assist in the particular
minimal revenue generating services for              emergency? Similarly, the TETRA terminal
PPDR is a more difficult consideration,              will securely transmit GPS location of the
extending further the debate on dedicated            responder, whereas the location of the
spectrum as described earlier. Availability of       mobile phone will most likely be easy to
PPDR services may be compromised in                  obtain. This example poses no problem
favour of fee paying consumer access.                during everyday regular activities, where the
However, this may not necessarily be a               consequence of location exposure is simply
conscious business decision.                         not interesting to anybody other than an
                                                     inquisitive scanning hobbyist. However, a
This also requires functionality in the wireless     group of adverse rouges with an intent to
and network technology to allow for critical         insight terror and disruption will surely find
services such as PPDR communication to be            the location of public safety responders to be
prioritised or to pre-empt consumer access.          valuable. They may use this information to
Whilst the mobile standards community have           understand regular operations and protection
developed global technical standards for             strategies, and then divert their adverse
priority and pre-emption of services, no             activity away from responders for the most
mobile operator has yet implemented and              disruptive effect.
proven that wireless and network resources
can effectively be shared between critical           Disrupting the TETRA service by jamming or
and consumer services. The UK Emergency              other means, may force users to choose their
Services Network [13] will be one of the first       alternative technology, hence disclosing their
to test this sharing model.                          operational picture, location of responders
                                                     and the information services used.
Technology mistrust and subversion                   ‘Apps’ on the regular mobile phone may be
The following gives and example of how a             found additionally useful to the first
user of communication technology may                 responder. Use of public information services
inadvertently expose themselves. It is a             is useful in many circumstances. However,
common occurrence where users, frustrated            there remains a risk of similar disclosure of
with limited technology, will find other ways        responder situation and patterns of daily

March 2017                                    David Lund                                  Page 9
routine where mobile connectivity and                accommodate the true purpose of use, and
information services are more widely                 both human use and misuse of the
accessible    than      those    dedicated           technology. Most importantly, misuse and
communication     services    which    are           malfunction is most commonly non-
specifically provisioned for the first               malicious; much more common than
responder,    and     their   commanding             malicious subversion. Measures should be
colleagues.                                          taken during technology development and
                                                     installation, and be supported by operational
Ad-hoc use of cheap COTs communication               procedures      to    maximise    operational
On many occasions, cheap off-the-shelf               efficiency and to minimise misuse and
communication systems have offered the               malfunction.
best solution where installed mobile
networks have been damaged or failed to              Conclusions
deliver during a crisis. Backpacks can               This paper presents some of the basics of
combine low-cost ISM band radios for voice           how wireless communication technology
and satcoms with wifi for data coverage.             works and how it is used.
Allowing a small number of responders to
                                                     Throughout the paper we consider the
communicate in adverse conditions is highly
                                                     threats and vulnerable properties of wireless,
valuable for their collaborative effort. Whilst
                                                     the types of information carried over wireless
we consider this to be a less capable and
                                                     technologies, and examples of how wireless
often less secure mode of operation, having
                                                     technologies have been hacked in recent
some communication rather than none at all
                                                     years through small case studies (see case
is preferable. Where fixed mobile networks
                                                     studies at the end of this paper).
are installed, it is highly desirable to be able
to integrate technologies such as this to allow      We look at current activities to develop next
access where some wireless capability fails,         generation wireless technologies and
and other technology can take its place.             conclude with a need to build security into the
However, these systems must deliver the              next generation of wire-less communication
same level of security. They must extend the         systems from the outset, rather than to add
approved mobile networks with the ability to         secure features later.
work in isolation, but should not replace them       Achieving wireless communication cyber
with lower levels of security.                       security is a broad, multi-faceted and multi-
                                                     disciplinary problem space. Challenges are
Secure wireless architecture design,                 posed for both the wireless and network
implementation and operation                         technology     aspects,     but   also    the
Developing wireless networks is a complex            socioeconomic eco-system surrounding the
undertaking with all of the actors explained         need and use of the technology. Balancing
earlier playing key roles. Development of            these socio-technical aspects is key to
wireless networks to provide critical and            protecting our personal and critical
secure communications to operate under               information that flows through the airwaves.
critical and sensitive information assurance         As with all considerations of cyber security,
conditions is a challenge for all involved           we live in a world of changing threat. Typical
disciplines. Design and operation of the             software technologies are now updated
overall information system is key to yield and       regularly. Wireless technologies are primarily
secure the benefits of future critically enabled     comprised of software nowadays. Similar
wireless broadband. Such design must

March 2017                                    David Lund                                  Page 10
concerns should be considered with regard           shortage which must          be    filled   and
to the quality and longevity of the software        subsequently maintained.
that is implemented for our wireless                Manufacturers and application developers
components that are responsible for                 must ensure that their products are fit for
transmitting    and     receiving    valuable       purpose. They should balance the usability
information over the RF airwaves. Should we         and acceptance of the enabled information
update or adapt RF transceiver software to          services with the mechanisms needed to
cope with a changing RF threat environment,         keep information protected, as appropriate to
or do we simply rely on the disposable nature       its criticality and context.
of consumer technologies to keep our
wireless software up to date? Critical              Economic scaling will likely lead to shared
communication technologies typically have a         spectrum and infrastructure models. Most
lifespan of 20–30 years. Is it viable to            importantly, operators of wireless networks
maintain a long lifetime model like this? Or        must assure that wireless information
should these new technologies be made to            services retain confidentiality, integrity, and
be updatable or replaceable? Cost factors           availability. This must be achieved
again come into play here.                          individually, differently and applicably for
                                                    each of the many different classes of
A key concern could be with regard to the           application and user. This then must provide
advent of the quantum threat [14, 15]. It is        a sustainable balance of priority and
expected that modern strong cryptographic           preemption for both critical communication
techniques will become vulnerable in the            services at lower volume and consumer use
advent of the quantum computer within the           at high volume with larger economies of
next 10 years. Therefore, when considering          scale.
long term deployment of new critical
information infrastructure technologies, a          Wireless services enabling our critical
strong consideration should be placed on the        infrastructures and consumer mobile and IoT
choice of cryptographic techniques which are        applications must each be able to share
known to be immune to the quantum threat.           resources without compromise of each other.

International policy for cyber security is new.     We, as consumers, simply need to be aware
It is known that policy is much slower to           that others are using our wireless resources
update than the evolution of the information        and be cautious and aware of the information
technologies that we use. Government                that we share about ourselves, our family,
actors must maintain close attention on the         friends and colleagues.
emerging cyber threat in order to assess the
appropriateness and coverage of policy. In a        Acknowledgments
similar manner technical standards may              This work could not be compiled without the
provide provisions to support the way in            continued support of our team at HW
which wireless communication technologies           Communications (www. hwcomms.com),
may counter cyber wireless threat. In the           and the constant discussion and liaison with
changing threat landscape, standardisation          our many collaborators in Horizon2020,
bodies should assess that their security            InnovateUK, and other research projects with
mechanisms protect against known threats            which we are involved. Special thanks to the
but are sufficiently adaptable as threats           members and partners of Public Safety
change. Most importantly there is a skills          Communication Europe (PSCE) Forum for
                                                    the continued debate and hard work driving

March 2017                                   David Lund                                  Page 11
towards solving the challenge towards                     and information systems across the
resilient EU interoperable broadband                      Union
communication      (www.psc-europe.eu,                [6] ‘Overview of ITU’s History’. Available at
www.broadmap.eu).                                         http://www.itu.int/
                                                          en/history/Pages/ITUsHistory-page-
References                                                2.aspx, accessed 23rd November, 2015
[1]      802.11ad-2012 – IEEE Standard for            [7] ‘Key definitions of the Data Protection
      Information                   technology--          Act’, UK Information Commissioners
      Telecommunications and information                  Office       (ICO).       Available       at
      exchange between systems--Local and                 https://ico.org.uk/                     for-
      metropolitan area networks– Specific                organisations/guide-to-data-
      requirements-Part 11: Wireless LAN                  protection/key-definitions/,      accessed
      Medium Access Control (MAC) and                     23rd November 2015
      Physical Layer (PHY) Specifications             [8]    The Radio and Telecommunication
      Amendment 3: Enhancements for Very                  Terminal Equipment Directive 1999/5/EC.
      High Throughput in the 60 GHz Band                  Available       at     http://ec.europa.eu/
[2]         ‘White Paper – Visible Light                  growth/sectors/electrical-
      Communication Technology for Near-                  engineering/rtte-directive/
      Ubiquitous Networking’. Available at            [9] RECOMMENDATION ITU-R P.372-12,
      http://visilink.com/                    wp-         Radio         noise.      Available       at
      content/uploads/2012/03/Visilink-                   https://www.itu.int/dms_pubrec/itu-
      Technology-White-Paper-January-                     r/rec/p/R-REC-P.372- 12-201507-I!!PDF-
      2012.pdf, accessed 23rd November 2015               E.pdf
[3]     ‘Methodologies for the identification of      [10] Home Office Slips out and Android
      Critical Information Infrastructure assets          passport       Reader.      Available     at
      and services’, ENISA, February 2015.                http://forums.theregister.co.uk/forum/1/2
      Available                                at         013/
      https://www.enisa.europa.eu/activities/             06/20/home_office_slips_out_android_p
      Resilience-and-CIIP/critical-                       assport_reader/,       accessed       23rd
      infrastructure-and-services/                        November 2015
      Methodologies-for-identification-of-            [11] ‘Before you use a WiFi Pineapple in
      ciis/methodologies-for- the-identification-         Vegas during a hackers’ security
      of-ciis, accessed 23rd November 2015                conference, you better know what you are
[4]    Three ‘Computer hackers can now hijack             doing.’
      TOILETS: ‘Smart Toilet’ users in Japan              http://www.networkworld.com/article/246
      could become victim to Bluetooth bidet              2478/microsoft-      subnet/hacker-hunts-
      attacks and stealthy seat closing’.                 and-pwns-wifi-pineapples-with-0-day- at-
      Available            at         http://www.         def-con.html, accessed 23rd November
      dailymail.co.uk/sciencetech/article-                2015
      2384826/Satis-smart-toilets-Japan-              [12] ‘5G Innovation Opportunities’, TechUK,
      hacked-hijacked-remotely.html,                      August         2015.      Available       at
      accessed November 2015                              https://www.techuk.org/insights/reports/it
[5]       Directive (EU) 2016/1148 of the                 em/ 6008-5g-innovation-opportunities-a-
      European Parliament and of the Council              discussion-paper,       accessed      23rd
      of 6 July 2016 concerning measures for a            November 2015
      high common level of security of network
March 2017                                     David Lund                                  Page 12
[13] ‘Breaking radio silence: The value of              2919762/Hacking-Wi-Fi-s-child-s- play-
   communication in public services’.                   Seven-year-old-shows-easy-break-
   Available       at    http://www.lse.ac.uk/          public-network-11-            minutes.html,
   businessAndConsultancy/LSEEnterprise                 accessed 23rd November 2015
   /news/2014/Tetra.aspx                             [22]       https://cve.mitre.org/cve/cve.html,
[14] The quantum clock is ticking on                    accessed 23rd November 2015
   encryption – and your data is under               [23] ‘Research behind a hack of the Oyster
   threat.            Available               at        card will be released which has serious
   http://www.wired.co.uk/article/ quantum-             implications for cards using the same
   computers-quantum-security-encryption,               MIFARE chip around the world’. Available
   accessed 6th February 2017                           at http://www. itpro.co.uk/604770/oyster-
[15] SafeCrypto project. Available at                   card-free-travel-hack-to-be-      released,
   www.safecrypto.eu,        accessed        6th        accessed 23rd November 2015
   February 2017                                     [24] ‘Gartner Says 4.9 Billion Connected
[16] Radio Equipment Directive (RED)                    ‘Things’ Will Be in Use in 2015’. Available
   2014/53/EU. Available at                             at http://www.gartner.com/newsroom/id/
   http://eur-lex.europa.eu/legal-                      2905717, November 2014, accessed
   content/EN/TXT/?uri=celex:                           23rd November 2015
   32014L0053 [17]         Ofcom       RA419.        [25] UK DCMS, Incorporating social value
   Available                                  at        into spectrum alloca- tions’. Independent
   http://www.ofcom.org.uk/static/                      Report, UK Department for Culture,
   archive/ra/publication/ra_info/ra419.doc             Media and Sport, November 2015
[18] ‘Technologies and approaches for                [26] UK Emergency Services Network.
   meeting the demand for wireless data                 Available           at         https://www.
   using licence exempt spectrum to 2022’.              gov.uk/government/publications/the-
   Final Report, Ofcom, January 2013,                   emergency-services-                 mobile-
   Quotient Associates. Available at                    communications-
   http://stakeholders.ofcom.org.uk/binaries            programme/emergency-services-
   /                    research/technology-            network, accessed 18th September 2016
   research/2013/demand-wireless.pdf,
   accessed 23rd November, 2015
[19] Dillinger, M., Madani, K., Alonistioti, N.:
   ‘Software defined radio: architectures,
   systems and functions’ (Wiley & Sons,
   2003), ISBN 0-470-85164-3
[20] Mobile Network Security: a tale of
   tracking, spoofing and owning mobile
   phones. Defcon Moscow. OpenBTS &
   IMSI-catcher.                               –
   http://www.slideshare.net/iazza/dcm-
   final- 23052013fullycensored, accessed
   23rd November 2015
[21] Hacking Wi-Fi is Child’s Play – 7 year old
   shows how easy it is to break a public
   network in 11 min. – http://www.dailymail.
   co.uk/sciencetech/article-

March 2017                                    David Lund                                 Page 13
Case study                                              mobile devices. Power limitations typically
                                                        reduce the range of Bluetooth devices to 10– 15
Additional examples of wireless compromise
                                                        m. Directional antennas, similarly low cost,
Case study: television interference involving
                                                        significantly increase that range. Searching
TETRA radio communication systems: In
                                                        keyword ‘Bluetooth’ in the CVE database [20]
2003 the UK Radio Agency (now OFCOM)
                                                        yields 109 CVE entries.
published a document [16] in response to
complaints about the use of new TETRA
technology by the emergency services. This              Case study: NFC reading – Oyster card: NFC
document clarifies that wideband TV amplifiers          allows for close proximity exchange of
used on residential TV antennas are the most            information with a passive device which is
likely source of interference due to their own non-     powered by the RF field generated by the reader
linear responses to the TETRA signals.                  device.
                                                        In 2008, a judge rules [21] that a hack found by
Case study: IMSI collection of 3G using 2G:             Radbound University to reverse the algorithms in
Low-cost software defined radio [17] equipment          the Oyster Card (used on London Underground)
can be used together with openly sourced code           should be made public. Free travel is therefore
that can mimic a GSM base station. The ‘man-in-         made available to all whom have the motivation
the-middle’ base station operates at a reasonably       to implement the hack until Oyster readers are
low power to avoid detection by the authorities         updated.
and only for the time needed to carry out its
operation. A 3G mobile device comes into range          Case study: NFC reading – ePassports: UK
of the rouge base station. The rouge intercepts         passports issued since 2006 include a NFC
and notices the 3G operation of the mobile              device now widely used for passage through
device. A jamming signal is transmitted which will      auto- mated border control barriers. In 2013, the
naturally force the mobile device to fall back to       UK Home Office released an Android app [22]
2G/GSM mode, registering itself with the rouge          which can be used to decode your own, or
base-station and coming under its control.              anyone else’s passport details using an Android
Further activity can be carried out to ascertain        device, most of which have built-in NFC
details of the phone, route calls, disable              transceivers.
encryption or simply identify the presence of the
user by identifying the IMSI which represents the
                                                        Case study: Hackers on Hackers – Wifi
SIM card and, hence, end user [18].
                                                        hacking WiFi: There is a continuous challenge,
                                                        to challenge and test each other. In famous
Case study: WiFi hacking: It is easy to obtain          conference Defcon22 in 2014, a well-known WiFi
simple WiFi equipment with the capability to act        device, cheaply available and made easy to
as a man-in-the-middle access point to intercept,       intercept WiFi transmissions was, itself, attacked
fool and even run routines to remove or crack           [23]. Many hackers where known to have utilised
encryption routines. A laptop offers a mere             this device in preparation to demonstrate their
starting point. A seven year old recently               own interception and hacking prowess during the
demonstrated the ease of cracking a public Wi-Fi        conference. To their dismay, all users find that
system in 11 min [19]. At the time of writing,          their device itself had been hacked and rendered
searching for keyword ‘WiFi’ in the CVE database        useless after connecting to the conference wifi
[20] yields 68 entries, the majority of which reside    network.
in the software within certain wireless devices.

Case study: Bluetooth hacking: With Bluetooth
widely used for making phone calls, syncing
contacts, ‘Bluebugging’ is the well-known method
used to exploit vulnerabilities and take control of

March 2017                                       David Lund                                    Page 14
You can also read