CrossCross--NetworkNetwork SecuritySecurity forfor InteractiveInteractive MultimediaMultimedia ApplicationsApplications ---- aa stepstep forwardforward lookinglooking

For IEEE CIT’2010

Weijia Jia (賈維嘉) Dept. of Computer Science Director, Future Networking Centre City University of Hong Kong [email protected] www.cs.cityu.edu.hk/~wjia Agenda

• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions

Weijia JIA CIT2010, CityU (賈維嘉) 2 Why Cross-Networking?

Laptop with 3G Data Card

3G, 4G WiFi /HSPA WLAN Networks WMAN

Internet

Multimedia/Service Databases/Webs

Weijia JIA CIT2010, CityU (賈維嘉) 3 Cross-Networking

Weijia JIA CIT2010, CityU (賈維嘉) 4 4 Background: Related work & publications

Security: – ICDCS 08 (WLAN Security) – CCS09: Cell Counter Attack Against Tor – WiSec09: Stealthy Video Capturer – INFOCOM09: Flow Watermarks – NAS10: Localization – TPDS 10 –1: Null Data Frame in 802.11 – TPDS 10 –2: DDOS attacks System & Mobility: – INFOCOM 09: Handoff in AP-dense 802.11 – TWC09; TVT09 – MobiHoc 10: HSPA Mobility – US Patent No. 12/101,048, 2008 (Several patents filed in China) Optimal 2D/3D BS/AP/Sensor Deployment – INFOCOM 08, 09, 10 – MobiHoc 08, 09 – TMC 10 – JSAC 10 – ToN 10

Weijia JIA CIT2010, CityU (賈維嘉) 5 5 Background–Triggers of this talk

System R&D Application Development Demos … Micro Gateways

1st & 2nd R&D R&D+Apps: Generations IoT-Gateways – on going 3rd Generation: Cross-Networking & R&D+Apps: Security Mobile Cloud Computing 4th Generation: OS--Android Solution R&D+Apps: Security U-Box/ WebLab WiSec09

Tor Network-CCS09 R&D+Apps: Mesh- DragonNet Localization-NAS10

HSPA-MobiHoc10 Weijia JIA CIT2010, CityU (賈維嘉) 6 Agenda

• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions

Weijia JIA CIT2010, CityU (賈維嘉) 7 Cross Network System & Services (CNS)

• CNS is not a simple combination of separate network protocols. • Transmission of data and control messages and protocol in each of CNS components, involving transcoding & trans-protocols between signaling and media/data in various devices. • What have we developed CNS…

Weijia JIA CIT2010, CityU (賈維嘉) 8 8 CNS-Vulnerability

• Security gaps are largely unexplored. • Protocol translation and media trans-coding may introduce serious loopholes. • Traditional attacks will bring more serious damage and complexity. • Existing countermeasures may not work.

Weijia JIA CIT2010, CityU (賈維嘉) 9 9 Malicious Codec Change (MCC) Attack

• SDP vs. 3G-324M control protocol H.245 – A malicious SDP with frequent RE-INVITE to change the codec  slow down or DoS on H.245

Multimedia communication

Re‐invite Change message codec

Re‐invite ChangeChange message codec SDP 3G‐324M H.245

Attacker Weijia JIA CIT2010, CityU (賈維嘉) 10 Malicious-Formatted Flooding (MFF) Attack

 Lacking of support of media trans-coding from Internet to 3G network, e.g. , H. 264 not supported  Malicious-formatted packets pass to 3G codec and be dropped out codec failed functioning.

Flood malicious formatted packets

Malicious …… 3G × 3G Codec

Attacker H.264 not supported

Weijia JIA CIT2010, CityU (賈維嘉) 11 Denial of Service Attack

• Cross-Net DoS differs from traditional DoS • Many calls to attack to 3G signaling port (SP) from Internet -- Escape from Internet IDS and prevail 3G networks.

DoS Attack Internet

Operator Gateway Attacker

Weijia JIA CIT2010, CityU (賈維嘉) 12 Malicious Code Injection and Traverse (MCIT) attack

• Attacker injects malicious code into wireless devices – Such malicious code can propagate to wired networks – Depends on mobility of the victim, the attack will result in large scale security compromises.

AP Malicious Internet Code jamming

Malicious code propagate !

Weijia JIA CIT2010, CityU (賈維嘉) 13 Identified Threatens

• What do “CNS Threatens” indicate?

– Newly identified Attacks (NA), unique in the cross-networking & platform; – Cross Net Attacks (CNA), which are conducted in the cross platform mode; – Traditional Attacks (TA) occur in cross platform/network applications, happen to traditional platforms.

Weijia JIA CIT2010, CityU (賈維嘉) 14 14 Agenda

• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions

Weijia JIA CIT2010, CityU (賈維嘉) 15 Vulnerability analysis

 Eavesdropping

 Weak node – wireless air interface

 Hijacking/Man-in-the-middle

 Fake registration …

 Denial of Service (DoS)

 TCP SYN flooding

 SIP INVITE flooding

 Passive/Active traffic analysis

 Transcoding/protocol attacks

Weijia JIA CIT2010, CityU (賈維嘉) 16 16 Typical Cases

• SIP IM – Junk SIP Instant messages • Video – Video injection • Web services – TCP SYN flooding (port 80) • Stream services – TCP SYN flooding (port 443) • VoIP services – SIP INVITE flooding (port 5060) – Teardown (Fake Bye)

Weijia JIA CIT2010, CityU (賈維嘉) 17 17 Sniff & Insert Attacks

Video/Packet/VoIP sniffing and insert: – broadcast media (shared Ethernet, wireless etc) – Malicious read/record/insert all video/VoIP packets (e.g., including passwords!) passing by (focusing on wireless attack)

A C

src:B dest:A payload B

Weijia JIA CIT2010, CityU (賈維嘉) 18 App Scenarios: Video Surveillance

The Hacker: 1. cheats video-cam by telling that he is the surveillance server. 2. Video-cam sends the video to it. 3. records static scenario 4. cheats the server by telling the server that he is the video- cam. 5. Hacker sends recorded video to

Weijia JIA CIT2010, CityU (賈維嘉) 19 server. 19 Web

Alice is using BaiDu to search some information on 11

Hacker observed nothingthat withAlice hisis using hack BaiDutool. to search some information on 11 with his hack tool.

Weijia JIA CIT2010, CityU (賈維嘉) 20 IM --Junk SIP Instant Messages

1.Alice is chatting with Bob who 2. Hacker injects junk messages

Weijia JIA CIT2010, CityU (賈維嘉) 21 21 Agenda

• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions

Weijia JIA CIT2010, CityU (賈維嘉) 22 Solutions: Reinforcement Software Packages/cells Cross-networking security (Internt-3G-WiFi- WiMAX)-- hardware/software co-design

• Video Surveillance • VoIP services • Instant Messaging (IM) and • (1) SIP/SDP-H.245. • (2) RTP/UDP-H.223. • (3) Transcoding H.711 to ARM and video of H.263 and H.264 and SIP servers.

Weijia JIA CIT2010, CityU (賈維嘉) 23 Reinforcement -- SIP

• SIP Server – OpenSER • PC version – H.263/AMR • Smartphone version – H.263/G.711 • SIP-based 3G Gateway – H.263/AMR/G.711

Weijia JIA CIT2010, CityU (賈維嘉) 24 Reinforcement -- OS

• IPSec Server () • IPSec Client (Windows/BREW/Android) • V2oIP Sniffer (Windows) • Mobile Security Measurement (Android) • Integrated Secure Micro Gateway/BS for Video Surveillance/VoIP.

Weijia JIA CIT2010, CityU (賈維嘉) 25 Agenda

• Background • Cross-Network Systems (CNS) – Security problems & case studies – Counter measures • A step forward looking • Conclusions

Weijia JIA CIT2010, CityU (賈維嘉) 26 Next Generation Ubiquitous Embedded Systems (ES)

• ES = Computer system designed to perform one or a few dedicated functions (real-time constraints) • Embedded as part of a complete device, including hardware and mechanical parts.

Weijia JIA CIT2010, CityU (賈維嘉) 27 ES Characteristics

• Designed to do specific task.

• Not standalone devices. • Programs written for are firmware, stored in read-only/flash memory chips. • Limited hardware resources: little memory, small/non-existent keyboard or screen.

Weijia JIA CIT2010, CityU (賈維嘉) 28 How to make the ES work? Technology Advancement on R&D of • DSP • Microprocessor • Electronic/remote/Au • Microcontroller

to Control Unit Programming • Embedded Hypervisor languages • Network communications • Real-time operating • Embedded systems • Software engineering • Embedded software • System on a chip • Firmware • • Information appliance System on module

Weijia JIA CIT2010, CityU (賈維嘉) 29 Technology convergence

• Secure-Networked ES: – Communication gateway/node/servers • Open, standards-based computing systems, carrier-grade common platform, • Wide range /heterogeneous of communication interfaces, • Multimedia communications – Electronic/Remote/Auto Control Unit: Wired/Wireless control on • E-healthy: Man Machine Interface, On-Board Diagnostics … • Body Security; Body Control controls door locks, e-windows, courtesy- lights, etc. • Key Issues: Way of ES link to heterogeneous wired/wireless cross-networks •  Network Convergence with Security

Weijia JIA CIT2010, CityU (賈維嘉) 30 Technology convergence

• Embedded and mobile OS • Embedded Linux: • • Android • , OPhone, • Mobilinux, MotoMagx, • LiMo Platform, webOS and … (many others) • Key Issues: – Kernel Reuse: Compatibility & integration of diverse OS vs. ES and security. – Difficulties: How to provide Functions that an ES OS (say Android SDKs) do not support  OS Convergence & Security

Weijia JIA CIT2010, CityU (賈維嘉) 31 Technology convergence • Interconnected ES: – Communications gateway/node/servers • C/S; Ad-hoc; Mesh; Grid; Group; P2P … ; Add-value at many levels of the system architecture. – Cyber-physical system (CPS) • tight combination/coordination of system & physical elements apps: aerospace, automotive, chemical, civil, energy, healthcare, manufacturing, transportation, entertainment, and consumer appliances. • Key Issues: – Scalability; Self-configuration & security (we have discussed extensively) – Energy saving/harvesting

– Weijia JIA CIT2010, CityU (賈維嘉) Device/Object Convergence 32 Technology convergence

• Internet of Things (aka Internet of Objects) (IoT) – Networked interconnection of everyday objects – Self-configuring of ES with purpose to interconnect all things • Web of Things (WoT) – everyday objects- contain an ES, connected to the Web, s.t. smart devices/objects of WSN, Ambient & mobile devices, household appliances, etc. – reuse the Web standards to connect everyday smart objects/ES. • Key Issues: – Fast deployment of dedicated IoT/WoT backbones: integrated of diverse smart dedicated ES/Objects into supporting platform for IoT/WoT apps.  Platforms for Things/Objects Convergence

Weijia JIA CIT2010, CityU (賈維嘉) 33 Conclusions? Not-yet!

• We have tried to implemented techniques & security details on – Cross-Network Convergence – OS Convergence – Heterogeneous devices/objects interconnection convergence – IoT/WoT convergence – eventually User Friendly/Secure Global Human/Things/Environment convergence. • Apart to science, security is also an ENGINEERING & MANAGEMENT problem; • Detail is the key – Reinforce the cell, i.e., robust R&D of system components; component granularity?

Weijia JIA CIT2010, CityU (賈維嘉) 34