CrossCross--NetworkNetwork SecuritySecurity forfor InteractiveInteractive MultimediaMultimedia ApplicationsApplications ---- aa stepstep forwardforward lookinglooking
For IEEE CIT’2010
Weijia Jia (賈維嘉) Dept. of Computer Science Director, Future Networking Centre City University of Hong Kong [email protected] www.cs.cityu.edu.hk/~wjia Agenda
• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions
Weijia JIA CIT2010, CityU (賈維嘉) 2 Why Cross-Networking?
Laptop with 3G Data Card
3G, 4G WiFi /HSPA WLAN Networks WMAN
Internet
Multimedia/Service Databases/Webs
Weijia JIA CIT2010, CityU (賈維嘉) 3 Cross-Networking
Weijia JIA CIT2010, CityU (賈維嘉) 4 4 Background: Related work & publications
Security: – ICDCS 08 (WLAN Security) – CCS09: Cell Counter Attack Against Tor – WiSec09: Stealthy Video Capturer – INFOCOM09: Flow Watermarks – NAS10: Localization – TPDS 10 –1: Null Data Frame in 802.11 – TPDS 10 –2: DDOS attacks System & Mobility: – INFOCOM 09: Handoff in AP-dense 802.11 – TWC09; TVT09 – MobiHoc 10: HSPA Mobility – US Patent No. 12/101,048, 2008 (Several patents filed in China) Optimal 2D/3D BS/AP/Sensor Deployment – INFOCOM 08, 09, 10 – MobiHoc 08, 09 – TMC 10 – JSAC 10 – ToN 10
Weijia JIA CIT2010, CityU (賈維嘉) 5 5 Background–Triggers of this talk
System R&D Application Development Demos … Micro Gateways
1st & 2nd R&D R&D+Apps: Generations IoT-Gateways – on going 3rd Generation: Cross-Networking & R&D+Apps: Security Mobile Cloud Computing 4th Generation: OS--Android Solution R&D+Apps: Smartphone Security U-Box/ WebLab WiSec09
Tor Network-CCS09 R&D+Apps: Mesh- DragonNet Localization-NAS10
HSPA-MobiHoc10 Weijia JIA CIT2010, CityU (賈維嘉) 6 Agenda
• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions
Weijia JIA CIT2010, CityU (賈維嘉) 7 Cross Network System & Services (CNS)
• CNS is not a simple combination of separate network protocols. • Transmission of data and control messages and protocol in each of CNS components, involving transcoding & trans-protocols between signaling and media/data in various devices. • What have we developed CNS…
Weijia JIA CIT2010, CityU (賈維嘉) 8 8 CNS-Vulnerability
• Security gaps are largely unexplored. • Protocol translation and media trans-coding may introduce serious loopholes. • Traditional attacks will bring more serious damage and complexity. • Existing countermeasures may not work.
Weijia JIA CIT2010, CityU (賈維嘉) 9 9 Malicious Codec Change (MCC) Attack
• SDP vs. 3G-324M control protocol H.245 – A malicious SDP with frequent RE-INVITE to change the codec slow down or DoS on H.245
Multimedia communication
Re‐invite Change message codec
Re‐invite ChangeChange message codec SDP 3G‐324M H.245
Attacker Weijia JIA CIT2010, CityU (賈維嘉) 10 Malicious-Formatted Flooding (MFF) Attack
Lacking of support of media trans-coding from Internet to 3G network, e.g. , H. 264 not supported Malicious-formatted packets pass to 3G codec and be dropped out codec failed functioning.
Flood malicious formatted packets
Malicious …… 3G × 3G Codec
Attacker H.264 not supported
Weijia JIA CIT2010, CityU (賈維嘉) 11 Denial of Service Attack
• Cross-Net DoS differs from traditional DoS • Many calls to attack to 3G signaling port (SP) from Internet -- Escape from Internet IDS and prevail 3G networks.
DoS Attack Internet
Operator Gateway Attacker
Weijia JIA CIT2010, CityU (賈維嘉) 12 Malicious Code Injection and Traverse (MCIT) attack
• Attacker injects malicious code into wireless devices – Such malicious code can propagate to wired networks – Depends on mobility of the victim, the attack will result in large scale security compromises.
AP Malicious Internet Code jamming
Malicious code propagate !
Weijia JIA CIT2010, CityU (賈維嘉) 13 Identified Threatens
• What do “CNS Threatens” indicate?
– Newly identified Attacks (NA), unique in the cross-networking & platform; – Cross Net Attacks (CNA), which are conducted in the cross platform mode; – Traditional Attacks (TA) occur in cross platform/network applications, happen to traditional platforms.
Weijia JIA CIT2010, CityU (賈維嘉) 14 14 Agenda
• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions
Weijia JIA CIT2010, CityU (賈維嘉) 15 Vulnerability analysis
Eavesdropping
Weak node – wireless air interface
Hijacking/Man-in-the-middle
Fake registration …
Denial of Service (DoS)
TCP SYN flooding
SIP INVITE flooding
Passive/Active traffic analysis
Transcoding/protocol attacks
Weijia JIA CIT2010, CityU (賈維嘉) 16 16 Typical Cases
• SIP IM – Junk SIP Instant messages • Video – Video injection • Web services – TCP SYN flooding (port 80) • Stream services – TCP SYN flooding (port 443) • VoIP services – SIP INVITE flooding (port 5060) – Teardown (Fake Bye)
Weijia JIA CIT2010, CityU (賈維嘉) 17 17 Sniff & Insert Attacks
Video/Packet/VoIP sniffing and insert: – broadcast media (shared Ethernet, wireless etc) – Malicious read/record/insert all video/VoIP packets (e.g., including passwords!) passing by (focusing on wireless attack)
A C
src:B dest:A payload B
Weijia JIA CIT2010, CityU (賈維嘉) 18 App Scenarios: Video Surveillance
The Hacker: 1. cheats video-cam by telling that he is the surveillance server. 2. Video-cam sends the video to it. 3. records static scenario 4. cheats the server by telling the server that he is the video- cam. 5. Hacker sends recorded video to
Weijia JIA CIT2010, CityU (賈維嘉) 19 server. 19 Web
Alice is using BaiDu to search some information on 11
Hacker observed nothingthat withAlice hisis using hack BaiDutool. to search some information on 11 with his hack tool.
Weijia JIA CIT2010, CityU (賈維嘉) 20 IM --Junk SIP Instant Messages
1.Alice is chatting with Bob who 2. Hacker injects junk messages
Weijia JIA CIT2010, CityU (賈維嘉) 21 21 Agenda
• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions
Weijia JIA CIT2010, CityU (賈維嘉) 22 Solutions: Reinforcement Software Packages/cells Cross-networking security (Internt-3G-WiFi- WiMAX)-- hardware/software co-design
• Video Surveillance • VoIP services • Instant Messaging (IM) and • (1) SIP/SDP-H.245. • (2) RTP/UDP-H.223. • (3) Transcoding H.711 to ARM and video of H.263 and H.264 and SIP servers.
Weijia JIA CIT2010, CityU (賈維嘉) 23 Reinforcement -- SIP
• SIP Server – OpenSER • PC version – H.263/AMR • Smartphone version – H.263/G.711 • SIP-based 3G Gateway – H.263/AMR/G.711
Weijia JIA CIT2010, CityU (賈維嘉) 24 Reinforcement -- OS
• IPSec Server (Linux) • IPSec Client (Windows/BREW/Android) • V2oIP Sniffer (Windows) • Mobile Security Measurement (Android) • Integrated Secure Micro Gateway/BS for Video Surveillance/VoIP.
Weijia JIA CIT2010, CityU (賈維嘉) 25 Agenda
• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions
Weijia JIA CIT2010, CityU (賈維嘉) 26 Next Generation Ubiquitous Embedded Systems (ES)
• ES = Computer system designed to perform one or a few dedicated functions (real-time constraints) • Embedded as part of a complete device, including hardware and mechanical parts.
Weijia JIA CIT2010, CityU (賈維嘉) 27 ES Characteristics
• Designed to do specific task.
• Not standalone devices. • Programs written for are firmware, stored in read-only/flash memory chips. • Limited hardware resources: little memory, small/non-existent keyboard or screen.
Weijia JIA CIT2010, CityU (賈維嘉) 28 How to make the ES work? Technology Advancement on R&D of • DSP • Microprocessor • Electronic/remote/Au • Microcontroller
to Control Unit Programming • Embedded Hypervisor languages • Network communications • Real-time operating • Embedded operating system systems • Software engineering • Embedded software • System on a chip • Firmware • • Information appliance System on module
Weijia JIA CIT2010, CityU (賈維嘉) 29 Technology convergence
• Secure-Networked ES: – Communication gateway/node/servers • Open, standards-based computing systems, carrier-grade common platform, • Wide range /heterogeneous of communication interfaces, • Multimedia communications – Electronic/Remote/Auto Control Unit: Wired/Wireless control on • E-healthy: Man Machine Interface, On-Board Diagnostics … • Body Security; Body Control controls door locks, e-windows, courtesy- lights, etc. • Key Issues: Way of ES link to heterogeneous wired/wireless cross-networks • Network Convergence with Security
Weijia JIA CIT2010, CityU (賈維嘉) 30 Technology convergence
• Embedded and mobile OS • Embedded Linux: • Access Linux Platform • Android • Bada, Openmoko Linux, OPhone, Maemo • Mobilinux, MotoMagx, Qt Extended • LiMo Platform, webOS and … (many others) • Key Issues: – Kernel Reuse: Compatibility & integration of diverse OS vs. ES and security. – Difficulties: How to provide Functions that an ES OS (say Android SDKs) do not support OS Convergence & Security
Weijia JIA CIT2010, CityU (賈維嘉) 31 Technology convergence • Interconnected ES: – Communications gateway/node/servers • C/S; Ad-hoc; Mesh; Grid; Group; P2P … ; Add-value at many levels of the system architecture. – Cyber-physical system (CPS) • tight combination/coordination of system & physical elements apps: aerospace, automotive, chemical, civil, energy, healthcare, manufacturing, transportation, entertainment, and consumer appliances. • Key Issues: – Scalability; Self-configuration & security (we have discussed extensively) – Energy saving/harvesting
– Weijia JIA CIT2010, CityU (賈維嘉) Device/Object Convergence 32 Technology convergence
• Internet of Things (aka Internet of Objects) (IoT) – Networked interconnection of everyday objects – Self-configuring of ES with purpose to interconnect all things • Web of Things (WoT) – everyday objects- contain an ES, connected to the Web, s.t. smart devices/objects of WSN, Ambient & mobile devices, household appliances, etc. – reuse the Web standards to connect everyday smart objects/ES. • Key Issues: – Fast deployment of dedicated IoT/WoT backbones: integrated of diverse smart dedicated ES/Objects into supporting platform for IoT/WoT apps. Platforms for Things/Objects Convergence
Weijia JIA CIT2010, CityU (賈維嘉) 33 Conclusions? Not-yet!
• We have tried to implemented techniques & security details on – Cross-Network Convergence – OS Convergence – Heterogeneous devices/objects interconnection convergence – IoT/WoT convergence – eventually User Friendly/Secure Global Human/Things/Environment convergence. • Apart to science, security is also an ENGINEERING & MANAGEMENT problem; • Detail is the key – Reinforce the cell, i.e., robust R&D of system components; component granularity?
Weijia JIA CIT2010, CityU (賈維嘉) 34