We boost airborne wireless: innovative, reliable, and secure. Role of IPv6 to Secure Wireless Sensor-Update IPv6 Workshop in Taiwan, 2006 Date: 10/26/06 [email protected] Agenda y Year 2004 – IPv6 Seminar y Our Direction y Security – Wired and Wireless y WiFi Citywide y IPv6 and RFID yQ&A We boost airborne wireless: innovative, reliable, and secure. Year 2004 IPv6 IPSec Routers (Yr 2004) • 6WIND • FreeBSD/KAME (www.kame.net) Hiroshi Esaki, Fujitsu, Hitachi, NEC, Yamaha, Toshiba • • • • OpenBSD/ISAKMPD – WiBorne’s Wireless AWG-60 IOS – Cisco IPv6 Router JUNOS – Juniper Networks Linux – FreeS/WAN (www.freeswan.org), USAGI/Japan (www.linux-ipv6.org) • etc. WiBorne OS for Appliance Products: OpenBSD- the Ultra Secure OS Only one remote hole in the default install, in more than 10 years! • OpenBSD = Security • Stateful Packet Filter (pf) • IPSec/AES • OpenSSH • HostAP • IPv6 since 2.6 to 3.9 • FreeBSD = Stability • More drivers • Linux = Embedded • SoHo Applications • Commercial • • • • • • • • Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography IPv6 from release 2.6 to latest 3.9 Complete IPv6 since 2.7 /sbin/route add -inet6 default 3ffe:b00:c18:1fff:0:0:0:2d9 comfortable and constant operation over all WiBorne products extensive and identic feature set over all WiBorne products Webconfig – configuration via browser, SSH, console, terminal free, regular software updates firmsafe – backup for remote software updates WiBorne Wireless Management Tools • • • • • • • extensive, user friendly set for the administration of WiBone products and solutions simple configuration and controlling of the products usability in look-and-feel design simultaneous manangement of several hardware security relevant data on demand Accounting information (cost control) on demand free, regular software updates Wireless IPv6 IPSec Router (AWG-60, 2004) Wireless IPv6 IPSec Router (AWG-60, 2004) The AWG-60 facilitates IPSec-based VPN-over-broadband with next generation Internet Protocol version 6 (IPv6) infrastructure solutions. It is capable of fulfilling future demands on address space, encryption, authentication, and mobility. This allows full, unconstrained IP connectivity for today's IP-based machines as well as upcoming mobile devices like PDAs and wireless phones – all will benefit from full IP access through GPRS and UMTS. Key features include: • • • • • • • • • • • AES, DES, 3DES encryption Dual Stack for both IPv4 and IPv6 IPSec tunnels, IKE/ISAKMP protocols. Configurable site-to-site or site-to-clients VPN. VLAN Technology Dynamic routing performance Security policies can be set on a per-host or per-network basis, not per application/service. BGP4, RIP, RIP2, RIPng, OSPF (v4/v6) Single Sign-On with external authentication servers (Kerberos, LDAP, and RADIUS) OS fingerprinting with packet frame captured to small footprint database Comprehensive firewall for wired and wireless subnets QoS (packet shaping functions) SSH remote configuration, console mode. The only potential client: Tinker AFB, OK (www.tinker.af.mil) Wireless Sensors - Security Threads Year 2004 Seminar • • • • • • • • • • • • • • Digital signatures for authentication are impractical for sensor networks: improved by SPINS and µTESLA (the micro version of the Timed, Efficient, Streaming, Loss-tolerant Authentication protocol) Assume individual sensors are untrusted, compromising the base station can render the entire sensor network to be useless. Insertion of malicious code – spread to all nodes Interception of the messages containing the physical locations of sensor nodes allows an attacker to locate the nodes and destroy them. an adversary can observe the application specific content of messages including message IDs, time stamps and other fields. inject false messages that give incorrect information about the environment to the user. Inter-router authentication prior to the exchange of network control information Spoofed, altered, or replayed routing information Selective forwarding Sinkhole attacks Sybil attacks Wormholes Denial of Service (DoS), such as HELLO flood attacks Acknowledgement spoofing www.tinyos.net Wireless Sensors - Secure It! Year 2004 Seminar • • • • • • • Security mechanisms: depends on network applications and environmental conditions. Resources of sensor nodes (CPU, memory, battery) make it impractical to use secure algorithms designed for powerful workstations. Standard security: availability, confidentiality, integrity, authentication, and non-repudiation Wireless sensors: message freshness, intrusion detection, intrusion tolerance, or containment exists. Security policies defined by admin of sensor nodes. Define the system architecture and the trust requirements. SPINS: Security protocols for sensor networks. 802.15.4/ZigBee with 128-bit AES encryption. Vuln. In RFID – Year 2006 • Vulnerabilities in First-Generation RFID Enabled Credit Cards: New York Times / ABC News 10/23/2006 • Names in the clear • Payment fraud (skimming) • Johnny Carson attacks • Fixes: stronger data protections and cryptography (IPv6?) http://www.rfid-cusp.org/blog/blog-23-10-2006.html Vuln. In RFID – Year 2006 • Texas Instruments (TI) DST passive tag ExxonMobil SpeedPass system • More than 700M cryptographically enabled keychain tags accepted at 10,000 locations worldwide. • 40-bit key encryption in the early 1990's by TI • when given the same challenge and key as an actual tag, would compute the same response. The 16-way parallel cracker, field programmable gate array (FPGA), was able to recover all 5 keys in well under 2 hours • Fixes: AES, or better HMAC-SHA1 (IPv6?) http://www.rfid-analysis.org We boost airborne wireless: innovative, reliable, and secure. Our Direction Solutions and Products POSITIONING y y y y y y y y y y innovative & secure communication solutions for the special business requirements consideration of customer requirements SOLUTIONS AND PRODUCTS Wireless Access Controllers: for enterprise or hot zone: security, network, and billing technological authority by our own R & D comfortable & uniform operation of all products simple configuration & maintenance Long Range Wireless Solutions WISPers, Tenders / Projects Deployment Short Range Wireless Solutions Wireless RFID, Real Time Location System Applications protection of investment performance reliability service & support Enterprises SMB WISP W-RFID Solutions Wireless Internet from WiBorne IPv6 Low throughput, Long range WWAN (3G, 3.5G) WMAN (WiMAX) High throughput, short range WLAN (WiFi) Low throughput, short range WPAN RFID (802.11, ZigBee) We boost airborne wireless: innovative, reliable, and secure. Security – wired & wireless WiBorne Products – Wireless Access Controllers Hotspot Gateway Model No: HSG-200/HSG-1000 • Authentication (Kerberos, LDAP, MAC authentication with anti-spoofing of MAC) • Authorization with Firewall • Accounting/Billing for instant Hotspot • Seamless IP roaming • Remote configuration with associated Access Points (APs) • Multiple platforms • Large number of APs • Up to 250 simultaneous users • Clientless (Bypass VPN) option • Guest/Role accounts Wireless Switch IPv6 Router Model No: AWG-1000 Model No: AWG-60 • Secures 802.11 WLANs (a, b, g), VoIP • Intrusion Detection / Prevention Systems (IDS/IPS) • Clients supported: 1000 clients • IPSec and SSL/TLS for strong clientto-gateway VPN and VLAN Security. • Centralized management f or any brands of associated Access Points, secure admin remotely. • Quality of Service (QoS) functions. • Secure single sign-on integrated with local and domain authentications (Kerberos, RADIUS, and LDAP). • 802.1x port-based authentication includes EAP, PEAP, TLS, TTLS, and MD5 • comprehensive stateful packet filter • WLAN DHCP, NAT, DNS • AES, DES, 3DES encryption. •Both IPv4 and IPv6 IPSec tunnels, IKE/ISAKMP protocols. Configurable site-to-site or site-to-clients VPN. •VLAN Technology. •Dynamic routing performance •Security policies can be set on a perhost or per-network basis, not per application/service. •BGP4 •RIP, RIP2, RIPng •OSPF (v4/v6) •OS fingerprinting with packet frame captured to small footprint database •Comprehensive firewall for wired and wireless subnets •QoS (packet shaping functions) •SSH remote configuration, console mode. U.S. Homeland Security – The “Old Net” vs. The “New Net” The “Old Net” (1980+) Homeland Security Advisory System The “New Net” (10 GHz) – Internet 2 IPv6 P2P Cyberspace and physical space are becoming one Critical Infrastructure Challenges – Reason for IPv6 •Agriculture and Food •Transportation • 1.9 million farms • 120,000 miles of railroad • 87,000 food processing plants • 590,000 highway bridges •Water • 2 million miles of pipeline • 1,800 federal reservoirs • 300 ports • 1,600 treatment plants •Banking and Finance •Public Safety & Health • 26,600 FDIC institutions • 5,800 registered hospitals • 6,500 Emergency Operation Centers (911) •Postal and Shipping • 137M delivery sites •Chemical Industry •Key Assets • 66,000 chemical plants • 5,800 historic buildings •Telecomm • 2 billion miles of cable • 104 nuclear power plants •Energy • 80K dams • 2,800 power plants • 3,000 government facilities • 300,000 production sites • 460 skyscrapers What the Watchdogs Tell Us • CERT – Computer Emergency Response Team http://www.cert.org, http://www.cert.org.tw • US-CERT – The U.S. Government’s version of CERT http://www. us-cert.gov • CIS – Center for Internet Security http://www.cisecurity.org • SANS – Internet Storm Center http://isc.incidents.org • TrendMicro – World Map of Virus Attacks http://www.trendmicro.com/map • OSVDB – Open Source Vulnerability Database http://www.osvdb.org/ Cyber Electronic Warfare The most wanted Hacker Kevin Mitnick www.attrition.org Attack Plan: • use a system vulnerability detected • gain the authorization level required • achieve the objectives • remove all the clues Defense: Physical security Logical security • Encryption • Network / System / Application security • Security monitoring / auditing Organizational security Firewalls - Layered Defense DB Server Office Server Back Office Simple IPv6 firewall rules (OpenBSD packet filter) FTP Server Web Server extif = "xl0" intif = "xl1" extip6 = "fec0:2029:f001:128::20" intip6 = "fec0:2029:f001:192::1" intnet6 = "fec0:2029:f001:192::/64" ispdns6 = "{ fec0:2029:f001:1::1, fec0:2029:f001:128::3 }" admin_machines6 = .{ fec0:2029:f001:192::10, fec0:2029:f001:192::11 }. antispoof for lo0 antispoof for xl0 inet antispoof for xl1 inet block in log all block return-rst in log on $extif inet6 proto tcp from any to any port = 113 pass out on $extif inet6 proto udp from { $extip6, ::1, $intnet6 } to $ispdns6 port = 53 keep state pass out on $extif inet6 proto tcp from { $extip6, ::1, $intnet6 } to any port = 25 keep state pass out on $extif inet6 proto ipv6-icmp all ipv6-icmp-type { 128, 136 } keep state pass in on $extif inet6 proto ipv6-icmp all ipv6-icmp-type { 134, 135, 136 } pass in log on $intif inet6 proto tcp from $intnet6 to $intip6 port = 22 keep state pass in on $intif inet6 proto tcp from $intnet6 to any port { 80, 443, 110, 143, 993, 25 } pass out on $extif inet6 proto tcp from $intnet6 to any port { 80, 443, 110, 143, 993, 25 } keep state pass in on $intif inet6 proto ipv6-icmp all ipv6-icmp-type { 128, 129, 135, 136 } pass in on $intif inet6 proto udp from $intnet6 to $ispdns6 port = 53 pass in on $intif inet6 proto tcp from $admin_machines6 to $intip6 port = 22 E-Mail Server DMZ Internet IDS Sensor Placement DB Server Office Server Back Office Sniffer Server monitoring/ analysis FTP Server Web Server E-Mail Server DMZ Sniffer Server monitoring/ analysis • IPv6 IDS systems in their infancy • No official support in free Snort (yet) • Available from NFR, ISS • Some new attack types in IPv6 • Due to new header format and protocols • In dual-stack/transitioning networks too • IPv6 and IPv4 Threat Comparison and Best-Practice Evaluation Sniffer Server monitoring/ analysis Internet WLAN – Features for IDS • • • • • • • • Intelligent Analytical Engine Performance & Infrastructure Monitoring Security Monitoring Wireless LAN Administration Site Survey Troubleshooting Connections Packet Capture & Decodes Windows XP SP2 and Windows 2003 SP1: limited (in very few features) IPv6 support for Windows Firewall. • Bypassing ISA Server 2004 with IPv6: http://www.securityfocus.com/archive/1/431593/30/ 0/threaded WLAN IDS Signatures Detects 16 Threats • Spoofed MAC Address Detected • Device Probing With NULL SSID • Dictionary Attack in EAP Methods • Abnormal Authentication Failures • Denial of Service Attacks • Association Flood • Authentication Flood • EAPOL logoff • EAPOL start • Life of IPv6 worms is harder for address-space scanners – Code Red / Slammer. • EAPOL ID Flood • EAPOL Spoofed Success • worm can determine the address of other existing • Deauthentication Broadcast nodes in the same LAN via v6’s Neighbor Discovery • Deauthentication Flood http://www.cs.columbia.edu/~smb/papers/v6worms. • Dis-association Broadcast pdf • RF Jamming We boost airborne wireless: innovative, reliable, and secure. WiFi Citywide WiBorne Products – Long Range Wireless Solutions Ahmedabad WiFi Project (AWP) Potential IPv6 Town Scope of Works: 2-D Navigation • Suggesting and Providing Cost Effective Wireless Solution for Ahmedabad for an area of almost 500 sq. kms. Covering about 1 lac probable customers including the existing Network of AMC. • Networking Solution using latest WiFi technology and Hardware Requirement • Implementation proposal and Maintenance of this wireless Network for minimum three year. • The company should have installed similar project elsewhere using the latest technology and expertise. • The company will be responsible for setting up the infrastructure and O&M of the same for three years. Day to day operations and trouble shooting will be responsibility of the company. 3-D Navigation Proposal Solution for AWP Alpha Bee – a Micro Cell Design Benefit: • Logical design – depends on users density, simply increase or decrease the size of individual cell for optimal coverage • Data Rate for backhaul is 24 to 54 Mbps, depends on terrain •Each color presents not only area, but also specific channel which can be repeated at optimal channel separation •Center of each area is the point of origination, and others depict spreading of coverage in logical methodology • Dense micro cell coverage which eliminate the need and costs for site surveys and ongoing RF management. • Met the technical and budgetary requirements and fit the needs of cost-effective approach. Automated Meter Reading (AMR) IPv6 Applications Electronic sensors paired with AWP wireless networks can collect meter data and send it instantly to the utility data center: • 130 Million wireless tags for 20KM squared of range • Reduce costs associated with manual meter reading • Reduce human error in data entry and collection • Perform quicker analysis on utility consumption • Set threshold limits that cannot be exceeded, avoid revenue loss • A single IPv6 subnet maps the entire RFID space whole community • Each RFID tag becomes addressable in the IPv6 network (sample photos) We boost airborne wireless: innovative, reliable, and secure. IPv6 & RFID RFID Technology • An RFID tag is a transponder • It is a microchip that can receive and respond to RF queries from an RFID transceiver • A smart bar code • Components includes tags, readers, processing software (RTLS, Logistics, Middleware), and servers. • Tags can be active, semi-passive, or passive • Passive: very small since there is no battery • Semi-passive: power for environment, RF from reader • Active: larger due to the internal battery • Operate on multiple frequencies and provide different reading ranges WiBorne Products – LOC-1000 802.11 Active RFID The solution combines Wireless LAN technology with location information to enable location-based applications for both outdoor and indoor facilities LOC-100 could directly communicate with tagged devices from anywhere within the IPv6 network WLAN / RFID Access Ports Secure Internet / Intranet WLAN Wireless Switch WLAN (802.11), RFID frequencies Communication Wi-Fi, UHF Tracking Tags High Power W-RFID Tag for Outdoor Tracking Middleware for Error Reduction Asset Tracking & Location Software WiBorne Products – LOC-1000 802.11 Active RFID (cont) RF-Locate Intelligent Software • continuous persecutions in both outdoor and indoor areas • real long range of tracking area for Wi-Fi Citywide • limitation of damage tough control of objects and high grade goods • integrated with Google Earth to present users at their exact position • workload optimization • improvement of resource availabilities • visualization and establishment of animation profiles • high investment-security through cross-platform open interface to videomonitoring CAP-2409R Long-Range Wi-Fi CPE and Reader Combines an 802.11 b / g RFID reader with a long-range CPE – Occurring disruptions can be compensated by the new model and the high accuracy is assured. RF-T24 Asset Tags • continuously the measured WLAN-signal values to RF-locate • different energy modes • panic button • range of RF-T series tags, hundreds meters ~ 2 – 3 kilometers. • extensibilities: external antenna, belt, additional sensors, customized PC board… Each RFID tag becomes addressable in the IPv6 network - The reachable scope is defined by the IPv6 prefix used W-RFID Location Tracking Requirements of positioning for indoor navigation (RTLS): • Accuracy • Integrity- issue alarm in case of large estimation errors • Availability (Coverage) • Continuity of service (Location Estimation response time) Tracking Wireless Tags and WLAN Enabled Devices Tracking Software (RTLS) TRACK PDAs TRACK Laptops TRACK Voip Phones TRACK Barcode/RFID scanners TRACK hospital wireless equipment TRACK WiFi TAGs RFID + Access Control From RFID, Physical, Logical, Identity, Financial Access to Network ACC • RFID and Bluetooth • Fingerprint sensing without centralized biometric database for privacy • devices support physical (biometric) and logical (network) access • Replacement of driver license, password, government or military IDs and other credentials BPID™ Security Device RFID RTLS and Tags Wireless Radio Frequency ID (W-RFID) Information on Medical Assets and Location For Collection in Combined ACCs/WiFi Asset Manager Access Point/Internet Servers (AP/ISs) WiBorne W-RFID: Other Applications Entertainment Mining Law Enforcement Old Ages, Health Care Construction Transportation Horse Tracking Hi Rise Buildings City Wide Communication Harbor Airport Military RFID Code Structure Header: identifies the EPC version number – allows for different lengths or types of EPC: Type I, Type II, Type III, Type IV. EPC Manager: the manufacturer of the product the EPC is attached to: e.g. Coca Cola Object Class: exact type of product, most often the SKU (Stock Keeping Unit): e.g. Diet Coke US Version Serial Number: unique id to the item tells exactly which Diet Coke Element Bits Header EPC Manager Object Class Serial Number 8 28 24 36 Integration for IPV6 and RFID Long-Term Solutions • IPv6 • IPv6 addresses are 128 bits in length • The first 64 bits are the subnet portion • This is how routers determine location • The last 64 bits are the interface ID portion • This uniquely identifies a device on a subnet • 64-bits = ~18 quintillion unique devices • RFID • Tags are 96 bits in length (Type 1) • Company-specific data (unique identity) is 60 bits • a 28 bit object class and a 32 bit serial number • only ~1.1 quintillion unique identities available • Migration: powerline communication, WiFi, WiMAX, ZigBee, Unlicensed Mobile Access(UMA) The Integrated Address • The RFID Object Class and Serial Number become the IPv6 Interface ID • The local router assigns one or (likely) more IPv6 prefixes for local, site, global, and multicast reachable • The address formats fit nicely together without conflicts or loss of functionality • IP addresses can be a bad choice as an ID: like URLs they are not stable, whereas, using a code (like an EPC) persistently identifies a given object. • in complex RFID applications, different instances or states of an object would require multiple IP addresses. IPv6 Address Network/Subnet Host/Device RFID Tag (EPC) H Serial Unique IDNumber EPC Manager Object Class Integration Mapping • A single IPv6 subnet maps the entire RFID space for a company. That subnet would be a wireless subnet that stretches wherever • Each RFID tag becomes addressable in the IPv6 network. The reachable scope is defined by the IPv6 prefix used • Location computation software could directly communicate with tagged devices from anywhere within the IPv6 network • Disclaimer: Although active and passive RIFD tags will coexist in the future, many of the currently passive RFID tags will subsequently evolve towards active tags, which have networking capabilities. This will mean that a large number of tags will need network addresses for communications. IPv6 will play an important role here. But tags themselves do not necessarily have be equipped with IPv6 addresses until needed Pros & Cons from IPv6 with RFID Pros • More suitable for higher density, More efficient air interfaces and spectrum use, much higher bit rates, ubiquitous coverage • No NAT necessary (adds extra cost to the cost prohibitive WSN) • Possibility of adding innovative techniques such as location aware addressing • Increases scalability - Connect a trillion of devices including machine-to-machine (M2M) and sensor networks • All-IP coverage and beyond, can accept a range of IP addresses • Wireless devices that Eliminate the need for SSIDs (own unique IPs, No NAT) • Minimizes hackers/crackers ability to penetrate networks Cons • Larger address width (Having efficient address compression schemes may alleviate this con) • Complying to IPv6 node requirements (IPSec is mandated) • Cost of Change Over - Current infrastructure cannot be used unless it is already IPv6 compliant, New hardware required • Network Changes - Re-addressing of current IPv4 hardware/clients. Compatibility with existing wireless infrastructure • www.6lowpan.org battery power. limited packet size – compress IPv6 headers Conclusion • An IP address on a RFID device makes it reachable - require implementation of an entire network stack • Sensor networks and RFID may be the final impetus to push adoption of IPv6 • Roadmap for RFID/IPv6: Mid-2008 / 2009 Resource: IT Roadmap Toward 2010, Noruma Research Institute, Japan. We boost airborne wireless: innovative, reliable, and secure. Thank you [email protected]
© Copyright 2026 Paperzz