Wireless Communications Cyber Security - PSCE ...
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Wireless Communications Cyber Security This paper is a postprint of a paper accepted by IET Engineering
Reference and is subject to Institution of Engineering and
Technology Copyright. The copy of record will be available at
Dr David Lund IET Digital Library
Head of Research and Development, HW Communications, Lancaster, UK
Board Member, Public Safety Communication Europe (PSCE) Forum, Brussels, Belgium
In our marketplace we have many new wireless communication options to choose from. They are
built into modern ‘attractive’ devices, that the authors choose as they become new and popular,
with the capability to communicate more than ever before. This study presents some of the basics
of how wireless communication technology works and how it is used. The eagerness to embrace
modern wireless technology has yielded us vulnerable. How do we understand that? What can
we do to protect ourselves, and what is coming in the next generation of wireless technology
which will be used to support some of the more critical and sensitive aspects of the daily work
and life?
Introduction using wireless LANs or long haul point to
In our increasingly connected world, we rely point microwave links, etc.
upon many different flavours of wireless Such benefits of wireless technology, albeit
technology. Wireless communication has with the limited involvement of cats, have led
numerous advantages. As consumers and to the increased transmission of valuable
workers, wireless technologies allow us the information over the air. Valuable information
freedom to move around and yet remain assets become attractive to attackers, and
online. Wireless connections allow us to vulnerable when carried over poorly
distribute devices around our person, implemented or configured wireless systems.
allowing for different types of inter- action Coupled with the availability of low-cost
with our information; a laptop, a tablet, a devices for interception, there is a distinct
watch, a personal health monitoring device, need for our community to understand how
even our vehicles. Wireless technology to protect over-the-air trans- missions. How
allows our everyday transactions; such as we use our wireless devices is also
wireless ticketing, credit card transactions, considered to be valuable in some contexts.
ePassports, etc., to be convenient and
speedy. Wireless technology provides All wireless technologies rely upon a
commercial benefits in terms of reducing common physical resource – radio frequency
infrastructure and installation costs; (RF) Spectrum. In all cases, a wireless
minimising cable installation in buildings and device has a physical interface with the air,
or free space, to transmit and receive
A famous quotation from Albert Einstein is often information using a specific frequency band.
used to illustrate the benefit of wireless:
RF spectrum is accessible by everyone.
Regulations are in place both nationally
‘The wireless telegraph is not difficult to
understand. The ordinary telegraph is like a very (Ofcom in the UK) and globally (ITU) to allow
long cat. You pull the tail in New York, and it for regulated and controlled use of spec- trum
meows in Los Angeles. The wireless is exactly the as a shared physical resource.
same, only without the cat.’ In simple translation,
Analogue wireless technologies (frequency
the telegraph wire is not needed for ‘wireless’.
modulation, amplitude modulation, etc.),
have been used for radio and TV broadcast,
March 2017 David Lund Page 1and push-to-talk voice calls for many years. transmissions can be easy. They can be Only a small amount of low-cost equipment easily received and, in some cases, is required to intercept and listen to content modified. Therefore, a number of carried within RF signals. Hobbyists have considerations are made to secure and been using analogue radio scanners for protect our wireless transmission. This can many years, to listen to police, fire and be considered in three primary vectors with ambulance operators discuss operations as relation to classical consideration of they walk by, or as their vehicles pass. Most confidentiality, integrity and availability: of these listeners are simply curious and Information throughput ‘availability’ – have no malicious intent whatsoever. wireless communication resilience: Wireless However, users such as emergency service network operators are keen to ensure that first responders will discuss and relay their networks remain ‘Available’. Physical information which is much more sensitive properties of RF transmission make it easy to than our everyday personal phone calls and go ‘out of range’, or many users sharing RF social media interactions. This information resource may have to wait until the spectrum may be attractive, for example, to those is either clear for use, or our time-slot is wishing to subvert emergency service available for use. The presence of operations in order to facilitate malicious and interference needs to be mitigated to allow criminal activity. for reliable transmission and available Our personal information may be attractive to information throughput capacity. Many, such others wanting to know our business as commercial cellular networks, rely upon interests, personal life patterns, our availability of service to generate revenues purchasing interests or our general status of from calling, texting and data services, or health. simply to maintain their reputation and This paper provides an introduction of the customers. basic properties of wireless communication Information ‘confidentiality’: Information and how different systems protect both the carried over the air should be significantly resilience and confidentiality of information difficult or impossible to decode, should it be carried over the air. intercepted. Cryptography and secure The primary case study given in this paper protocols play a key role here. covers the advent of the public safety Information ‘integrity’: We should remain community demanding mobile broadband confident that the communication we receive capabilities to aid their operations. This is integral and has not been modified during reflects some challenges that are faced as transit over the air, or any associated wired we start to integrate wireless communication network connection or equipment. into more of our critical and sensitive infrastructures and operations. Properties of wireless communication At the end of this document, seven smaller systems case studies give examples of how wireless Whilst RF Spectrum is accessible by anyone, systems have been compromised in recent its access is somewhat limited by the years. physical properties of the transmitters, Spectrum as a common resource receivers, the protocols that they use and the With RF spectrum as a common resource for environment. Parameters include: wireless communication, access to March 2017 David Lund Page 2
Transmission frequency: Where in the RF between propagation properties, reception
spectrum is the system operating? Different reliability and data throughput. Error control
frequencies have different physical coding is a mathematical technique to
properties. Lower frequencies typically provide extra redundancy to a
propagate over longer distance than higher communication, to allow for detection and
frequencies. Some frequencies are more correction of errors at the receiver. Link
susceptible to the physical environment than protocols attempt to keep both transmitter
others. For example, 60 GHz communication and receiver talking with the same
systems (e.g. WiGig [1]) may be blocked by modulation and coding, and to handle any
oxygen molecules in our air. Visible light lost packets, requesting retransmissions
communication [2] is simply blocked by where necessary. Higher layers of protocols,
physical objects, such as walls. All RF such as in 2/3/4/5G maintain registration of
signals may be reflected and distorted when the user and mobility of a wireless device.
transceivers are moving with respect to each These protocols allow for carefully controlled
other and other objects in the sur- rounding access to allocated spectrum and handoffs
environment, therefore making reception between different base stations and different
more challenging. radio access tech- nologies as a mobile
Transmitted power: Higher transmitted device physically moves. Protocols also
power yields longer transmission range. In ensure that the mobile device and user are
simple terms range is typically controlled by authenticated and that wireless access is
the inverse square law, where transmitted authorised. Usage is monitored and billed by
power exponentially diverges as it commercial cellular operators as the user
propagates. Higher transmission powers uses the service.
typically demand more expensive
transmission components (antennas, Vulnerable information
amplifiers, etc.) increasing cost, weight, size As already described, we exchange
and battery life. Increased transmission significant volumes of valuable information
range yields an increase in the possible over wireless technologies and networks.
range within which signals can be The following gives a brief flavour of what we
intercepted by an interested party. exchange and the potential consequences of
our compromised information:
Receiver sensitivity: Communication receiver
technology is both susceptible to receiving
interference, but also has a physical bound Commercially sensitive information
on how little power is needed for successful The mobile workplace, coupled with the
reception of a wireless transmission. ‘cloud’ continually increases the exchange of
Advanced silicon techniques and commercially sensitive information. Shared
amplification may be used in receivers to cloud and radio infrastructure makes a
improve receiver sensitivity. Increased significant economic saving for large and
sensitivity further increases the range small organisations alike, increasing this
between transmitter and receiver for both desire to transact wirelessly, online.
intended and unintended reception. Commercial information transferred includes
financial data, intellectual property, location
Coding, modulation and link protocols: and mobility of staff, etc. Compromise of
Modulation determines the ‘shape’ of the commercial information may disadvantage a
energy transmitted. Different modulation commercial operation. For example,
methods provide different trade- offs competitors may yield an advantage by
March 2017 David Lund Page 3knowing the details of competing products in Monitoring and control information – critical
development, staff, or of the financial infrastructure
capacity or internal movements and politics On a more serious note, our critical infra-
of a competing company. Personal data – structures require continual monitoring and
ours and others: Information describing our control. This class of information has very
everyday lives is carried over the airwaves. different levels of importance. Electricity and
We commonly transact our personal gas distribution networks, railways and
information using online shopping services, highways, all require careful management to
banking and social networks. Wearable ensure that our services remain available.
devices measure our heart rate and activity, Disruption to any of these services can have
and are wirelessly connected to our a catastrophic effect. Loss of electricity
smartphones. We become our own data supply has a significant cascade on other
controller [3], controlling disclosure of our services, such as railways and the pumping
own information and that of our friends and of water, for example. Wireless
colleagues. Some organisations may gain communication networks underpinning
benefit from knowing our interests, our critical services, should be considered as
patterns of life or our physical circumstances. critical infrastructures them- selves as they
Marketing activities often try to understand also present as a cascade vulnerability
our patterns of life, in order to target where other societal services rely upon them
advertisements to our interests and therefore [3]. The new European Networked
increase their probability of a product sale. Information System direct- ive came into
force in 2016 [5]. This aims towards a more
Monitoring and control information – stringent consideration of critical information
consumer infrastructure protection. However, wireless
The Internet-of–Things (IoT) is upon us [4]. technologies are not explicitly referenced,
Technologies today allow us to monitor our where the accountability and responsibility
central heating and tele- vision recordings. for the cyber security of both wireless and
Even cookers and washing machines are infrastructure aspects are left in the hands of
available which can be monitored and the operator of the information infrastructure.
controlled from our mobile phones. Easy
attacks yield an element of comedy by Wireless threat and vulnerability
allowing the possibility of flushing next door’s The following describes aspects that
toilet via your mobile phone [4]. We find that threaten our wireless communication. These
the specific information and control related to included both regulatory, environmental,
interacting with our own appliances may not inadvertent and potentially malicious threats.
be so interesting to those listening. However,
we may feel uncomfortable about our privacy Regulation and electromagnetic
being compromised. Such monitoring and interference (EMI)
control can demonstrate our patterns of life; Spectrum is considered as a scarce resource
which TV programmes we watch, when we and regulation somewhat limits its use. Since
are away or at home, what time do we turn the first transatlantic radio communication in
our lights off at night and how often we use 1901 [5], access to spectrum has been
the toilet. regulated. Spectrum is segmented into
bands and limits are imposed on
transmission power. The new European
Radio Equipment Directive (RED directive)
March 2017 David Lund Page 4[6] superseded the R&TTE [7] directive in Wireless LANs, Bluetooth, Zigbee, etc. are all
2016. The RED directive places even more developed to use ISM bands. The
stringent emphasis on testing the receiver’s prevalence of low-cost devices on the
susceptibility to interference, together with market, and our need to work wirelessly has
compliance to transmission specifications led to crowding in these bands. The 2.4 GHz
which will be linked to its transmission band ISM band is es- pecially crowded in many
and power. A primary goal is to allow radio urban locations. The major- ity of
equipment to coexist and to ensure one unit technologies that operate in ISM bands use
does not inadvertently interfere with another. carrier sense multiple access (CSMA)
This is considered in terms of both trans- techniques. CSMA simply listens for
mitting only within which spectrum and power presence of another transmit- ter and
levels permitted, and to be resilient in the controls transmission to occur only when the
face of other interference (e.g. due to legacy spectrum is unused. As such, this can only
or faulty devices). provide a best-effort access to spectrum,
Electromagnetic interference is a primary commonly leading to reduced availability and
threat to the availability and performance of delays in service where the system is used in
wireless communication systems. crowded spectrum. Many arguments are
Interference may be generated naturally made that ISM bands have led to more
around our environment [8], by poor quality efficient use of spectrum, but at the expense
devices, malicious interferers or jammers. of uncertainty of access [9]. New research
Poor quality devices may generate non- and methods for sharing access to spectrum
linear responses; harmonics or are needed to understand how to address
intermodulation products which derive from this balance.
the original signal, inadvertently interfering
with intended transmissions in other bands. Advanced protocol analysis and
R&TTE and RED directives both seek to manipulation
minimise out-of-band transmissions, and the Easy access to spectrum allows for the
RED directive extends to ensure that possibility to analyse flows of traffic to
receivers are resilient to unintended ascertain typical operations and
interference. However, even with more configuration. Simply listening to RF traffic,
stringent controls for product developments monitoring for modulation and coding type,
and approvals, not all devices are tested prior packet sizes and regularity can identify both
to sale and devices may degrade their the protocol being transceived and key
performance over time, leading to out-of- statistical signatures which can as- certain
band and inadvertent interference to other which devices are being used. Gathering
systems. See the case study on Television information in this way can then lead to
Interference Involving TETRA for an example knowledge of alternative vulnerabilities and
of this. vectors for attack. See case : case study on
international mobile subscriber identity
Crowded spectrum (IMSI) collection for an example.
Spectrum regulation leads to crowding in
some bands. The Instrumentation Scientific Presence detection and characterisation
and Medical (ISM) and Short Range Device Many mobile phone devices now contain
bands allow for a reasonably flex- ible use of multiple RF devices; WiFi, Bluetooth, 2/3/4G
spectrum by unlicensed users within set cellular, near field communication (NFC), etc.
bands and transmission power limits. Silicon devices are highly integrated,
March 2017 David Lund Page 5allowing for multiple RF tranceivers to coexist transfer. Network engineers optimise
within the same integrated circuit. With interconnectivity and transfer of information
technology tightly integrated for the original between different systems.
purpose of providing advance wireless Hardware Engineering Experts: to implement
connectivity, these devices are also used to the hardware required to transceive RF
intercept and characterise our wireless energy, to develop low power processing
communications. capabilities, user displays and tactical/haptic
interaction.
Hence our current technologies are
Software Engineering Experts: to implement
vulnerable, what about the future? efficient software to support the requirements
There is an increasing appetite to implement of the RF, information theory, network and
faster and more capable wireless needs of the user application and information
communication systems (5th Generation management systems.
Mobile – 5G [10]). On the other hand, we see
activity to implement simpler and higher Social Science Experts: to guide on how
volume wireless devices (IoT [4]). Most devices and applications will be used. If a
importantly, communication technology for device or application is not socially
public safety, public protection and disaster acceptable or useable, then there will be a
relief (PPDR) and communications needed limited acceptance and use. Ethical and
by critical infrastructures are key to psychological considerations play an
safeguarding our society. These are often important role here to ensure that the
over- looked due to their low commercial technology is pervasively integrated into
volume. daily operations, aiming to assist those
operations, and not to burden them.
In all cases, there are a number of common
challenges to face both in terms of the Legal and Regulatory Experts: to guide on
disciplines required in consideration for the the legal and regulatory barriers to the
development of new secure wireless deployment of wireless systems. As
technologies, and the perceived needs for described above, there are regulatory
future generations of wireless technologies. restrictions on how we may access spectrum.
In terms of operational information, critical
information infrastructure protection
Multi-discipline development of future
regulations aim to our critical services, and
wireless
data protection regulations. Safeguard data
Engineering of wireless communication
protection and our privacy are prominent
systems cannot yield secure solutions
here. This expertise provides interpretation
without the involvement of a collection of key
of the regulations and the means for the
actors. Primary actors include (with only a
provision of standards and guidelines on how
basic, underrated description):
wireless devices should legally handle
RF and Information Theory Experts: To information.
design the most efficient next generation
Security Experts: This class of expert has the
methods of digital communication. RF
most difficult problem to cross all disciplines;
experts cross the barrier between physics
to guide on the implementation of regulatory
and the engineering of RF energy coupling
boundaries, the balance between protection
and propagation. Information theory experts
and value added capability, working within
optimise cryptography and coding for more
social acceptance, and giving oversight to
efficient, confidential and integral information
March 2017 David Lund Page 6users and operators on the known methods protocols and the information carried over
of compromise to our wireless systems and wireless communication is going to protect
the information that they carry. and fulfil the sensitive needs of the critical
Security spans the entire communication application. This is typically arranged through
device, and the interrelation between contractual obligations for suppliers to
physical operations and the different provide continual support through a wireless
information systems that underpin our daily product’s lifetime; keeping systems operating
lives. reliably, tightly configured, software up to
date and to support the hardware. Securing
The security engineer has the most difficult the supply chain is key here; hardware and
and unenviable job, for which there is a software components may be vulnerable or
limited skills capacity in many countries. even compromised even prior to integration
Skills capacity is surely building on the and delivery of the wireless product.
malicious side. Furthermore, security skills
are typically either broad and shallow to The choice of how to implement a wireless
cover the basics of each aspect across these system to maintain a secure existence
complex systems, or often lost in deep silos considers a number of factors:
of specific capability, e.g. cryptography, or Physical Security: How to transmit? How
specific secure wireless protocols. easy is it to intercept the transmission? How
to keep the processing equipment itself
Can we protect ourselves and our secure?
systems? Protocol Security: How to control
Everyday, as consumers, probably not! Not transmission? How easy is it to interpret and
with our low-cost devices and poorly decode the transmission?
perceived trust of the brands of the
Organisational Support for Security: How to
technology that we buy. In the consumer
manage users of the wireless capacity?
sense, we either need to be more vigilant on
Does the organisational structure operating
the default configuration of our devices, or
the wireless network have appropriate
simply trust the product that we buy.
motivation to assure service access
Sensibly, we cannot hope for much better
requirements to different classes of its users?
than we have. The most difficult issue is
keeping a wireless device’s software up to Societal and Operational Interaction: Do the
date. If support to consumers can be users of wireless communication services
improved, then consumers can be helped to honour their own obligations to keep
protect themselves. This is evident through information and applications secure and
the regular updates and encouragement to follow operational procedures? Interaction
install virus protection software on modern with devices must be carefully designed to
PCs. However, an equivalent level of ensure that they remain reliable enough for
protection is desirable for our consumer the purpose of use. Users must be supported
wireless devices to counter any new by their technology to be able to:
vulnerabilities which may be encountered • Easily and securely operate their
after the wireless device leaves the factory. applications and devices
With regard to critical communication • improve their operations and to not to
systems, there is a more stringent process to hinder them
follow to assure that software, wireless
March 2017 David Lund Page 7• too prevent a frustrated user from deciding limited argument supporting the competition
to use an alternative and less secure method for spectrum with low usage and a very
of communication to carry out their day job. different and more limited revenue model.
However, the benefits are of a socio-
Consumers using social media are slowly
economic nature, where technology is used
learning what they can and should not share
to help saves lives, and recover from
online with regard to their own personal
disastrous situations which may threaten our
situation and that of their friends and
livelihoods and the economy. The London
colleagues.
School of Economics argues the case for
spectrum used as dedicated for public safety
Case Study: wireless broadband for operations compared to being commercially
public safety first responders allocated [11]. This study estimates that
This case study comprises of a number of socioeconomic gain will be much greater if
factors surrounding wireless communication. spectrum is dedicated for use by the public
We first cover aspects of economy of scale safety community than if spectrum is
and spectrum allocation. We then consider auctioned for use by a commercial cellular
challenges to the design aspects of the user operator. A recent report made for UK
interaction with those devices where wireless Department of Culture Media and Sport [12]
allows for communication during emergency looks at the incorporation of social value into
and time critical situations. the consideration of spectrum allocation.
Whether spectrum is appropriately allocated
Economics of spectrum for public safety, or where network sharing
The public safety community has argued for arrangements are made, significant
many years to dedicate spectrum for use of socioeconomic benefits are expected to be
broadband services by PPDR organisations made by improving the safety and security of
and first responders. Their communication is our community; by better use and
mission critical and vital for saving lives. deployment of broadband wireless
Sharing of spectral and network resources is technology. This poses a bigger challenge
highly controversial; a tension between for system development. Public safety first
economic and societal benefits. It is strongly responders using secure broadband wireless
argued that public safety communication technology will be able to use richer media,
should have an exclusive access to spectrum but will be making decisions under time
to be able to communicate immediately when pressure. If their devices and applications do
necessary. On the other hand, the utilisation not support their role in a timely manner with
of spectrum will be relatively low compared a high degree of accuracy, and therefore
to revenue generating commercial services trust, they either would not use them at all, or
that benefit mobile operators and make use of an alternative, more limited,
governments alike. Traditionally, spectrum possibly less secure, yet more reliable mode
has been auctioned to the highest bidder to of communication.
generate high revenues for governments.
This is especially the case in the provision of Trustworthy commercial operation:
commercial mobile networks, with a high vulnerability induced by mobile network
consumer volume and, therefore, high operation models Significant debate has
revenues. For PPDR, the scale of use of been made in recent years with regard to the
communication technology is much lower possible operational models for future
than for consumers. There is therefore a broadband for PPDR. Commercial mobile
March 2017 David Lund Page 8networks commonly share resources to communicate. In many countries
between different opera- tors, such as base emergency service first responders will carry
station antenna installations. Future both TETRA (or other push to talk voice
considerations of network ‘slicing’ allow for system) and a typical mobile phone, using
sharing of other physical resources such as the typical mobile phone as a secondary
processing hardware and backhaul communication medium to the secure and
networking connectivity. Fundamental cost resilient TETRA system. Operational
savings are made when sharing resources. procedures will say that TETRA ‘must only’
This moves away from every mobile operator be used for operational voice
owning their own physical infrastructure. communications. However, one could
The prospect of sharing these resources is anticipate what may happen when the
controversial. Commercial mobile services TETRA device may develop a fault or is out
can agree service level terms for sharing of of range, and where the mobile phone carries
resources on the basis that their individual a long battery life and is in range. Would the
service offerings to the consumer mobile first responder simply call back to base to
user are similar. Sharing between high value report the problem, or continue to use the
consumer revenue generating services, and mobile phone to assist in the particular
minimal revenue generating services for emergency? Similarly, the TETRA terminal
PPDR is a more difficult consideration, will securely transmit GPS location of the
extending further the debate on dedicated responder, whereas the location of the
spectrum as described earlier. Availability of mobile phone will most likely be easy to
PPDR services may be compromised in obtain. This example poses no problem
favour of fee paying consumer access. during everyday regular activities, where the
However, this may not necessarily be a consequence of location exposure is simply
conscious business decision. not interesting to anybody other than an
inquisitive scanning hobbyist. However, a
This also requires functionality in the wireless group of adverse rouges with an intent to
and network technology to allow for critical insight terror and disruption will surely find
services such as PPDR communication to be the location of public safety responders to be
prioritised or to pre-empt consumer access. valuable. They may use this information to
Whilst the mobile standards community have understand regular operations and protection
developed global technical standards for strategies, and then divert their adverse
priority and pre-emption of services, no activity away from responders for the most
mobile operator has yet implemented and disruptive effect.
proven that wireless and network resources
can effectively be shared between critical Disrupting the TETRA service by jamming or
and consumer services. The UK Emergency other means, may force users to choose their
Services Network [13] will be one of the first alternative technology, hence disclosing their
to test this sharing model. operational picture, location of responders
and the information services used.
Technology mistrust and subversion ‘Apps’ on the regular mobile phone may be
The following gives and example of how a found additionally useful to the first
user of communication technology may responder. Use of public information services
inadvertently expose themselves. It is a is useful in many circumstances. However,
common occurrence where users, frustrated there remains a risk of similar disclosure of
with limited technology, will find other ways responder situation and patterns of daily
March 2017 David Lund Page 9routine where mobile connectivity and accommodate the true purpose of use, and
information services are more widely both human use and misuse of the
accessible than those dedicated technology. Most importantly, misuse and
communication services which are malfunction is most commonly non-
specifically provisioned for the first malicious; much more common than
responder, and their commanding malicious subversion. Measures should be
colleagues. taken during technology development and
installation, and be supported by operational
Ad-hoc use of cheap COTs communication procedures to maximise operational
On many occasions, cheap off-the-shelf efficiency and to minimise misuse and
communication systems have offered the malfunction.
best solution where installed mobile
networks have been damaged or failed to Conclusions
deliver during a crisis. Backpacks can This paper presents some of the basics of
combine low-cost ISM band radios for voice how wireless communication technology
and satcoms with wifi for data coverage. works and how it is used.
Allowing a small number of responders to
Throughout the paper we consider the
communicate in adverse conditions is highly
threats and vulnerable properties of wireless,
valuable for their collaborative effort. Whilst
the types of information carried over wireless
we consider this to be a less capable and
technologies, and examples of how wireless
often less secure mode of operation, having
technologies have been hacked in recent
some communication rather than none at all
years through small case studies (see case
is preferable. Where fixed mobile networks
studies at the end of this paper).
are installed, it is highly desirable to be able
to integrate technologies such as this to allow We look at current activities to develop next
access where some wireless capability fails, generation wireless technologies and
and other technology can take its place. conclude with a need to build security into the
However, these systems must deliver the next generation of wire-less communication
same level of security. They must extend the systems from the outset, rather than to add
approved mobile networks with the ability to secure features later.
work in isolation, but should not replace them Achieving wireless communication cyber
with lower levels of security. security is a broad, multi-faceted and multi-
disciplinary problem space. Challenges are
Secure wireless architecture design, posed for both the wireless and network
implementation and operation technology aspects, but also the
Developing wireless networks is a complex socioeconomic eco-system surrounding the
undertaking with all of the actors explained need and use of the technology. Balancing
earlier playing key roles. Development of these socio-technical aspects is key to
wireless networks to provide critical and protecting our personal and critical
secure communications to operate under information that flows through the airwaves.
critical and sensitive information assurance As with all considerations of cyber security,
conditions is a challenge for all involved we live in a world of changing threat. Typical
disciplines. Design and operation of the software technologies are now updated
overall information system is key to yield and regularly. Wireless technologies are primarily
secure the benefits of future critically enabled comprised of software nowadays. Similar
wireless broadband. Such design must
March 2017 David Lund Page 10concerns should be considered with regard shortage which must be filled and
to the quality and longevity of the software subsequently maintained.
that is implemented for our wireless Manufacturers and application developers
components that are responsible for must ensure that their products are fit for
transmitting and receiving valuable purpose. They should balance the usability
information over the RF airwaves. Should we and acceptance of the enabled information
update or adapt RF transceiver software to services with the mechanisms needed to
cope with a changing RF threat environment, keep information protected, as appropriate to
or do we simply rely on the disposable nature its criticality and context.
of consumer technologies to keep our
wireless software up to date? Critical Economic scaling will likely lead to shared
communication technologies typically have a spectrum and infrastructure models. Most
lifespan of 20–30 years. Is it viable to importantly, operators of wireless networks
maintain a long lifetime model like this? Or must assure that wireless information
should these new technologies be made to services retain confidentiality, integrity, and
be updatable or replaceable? Cost factors availability. This must be achieved
again come into play here. individually, differently and applicably for
each of the many different classes of
A key concern could be with regard to the application and user. This then must provide
advent of the quantum threat [14, 15]. It is a sustainable balance of priority and
expected that modern strong cryptographic preemption for both critical communication
techniques will become vulnerable in the services at lower volume and consumer use
advent of the quantum computer within the at high volume with larger economies of
next 10 years. Therefore, when considering scale.
long term deployment of new critical
information infrastructure technologies, a Wireless services enabling our critical
strong consideration should be placed on the infrastructures and consumer mobile and IoT
choice of cryptographic techniques which are applications must each be able to share
known to be immune to the quantum threat. resources without compromise of each other.
International policy for cyber security is new. We, as consumers, simply need to be aware
It is known that policy is much slower to that others are using our wireless resources
update than the evolution of the information and be cautious and aware of the information
technologies that we use. Government that we share about ourselves, our family,
actors must maintain close attention on the friends and colleagues.
emerging cyber threat in order to assess the
appropriateness and coverage of policy. In a Acknowledgments
similar manner technical standards may This work could not be compiled without the
provide provisions to support the way in continued support of our team at HW
which wireless communication technologies Communications (www. hwcomms.com),
may counter cyber wireless threat. In the and the constant discussion and liaison with
changing threat landscape, standardisation our many collaborators in Horizon2020,
bodies should assess that their security InnovateUK, and other research projects with
mechanisms protect against known threats which we are involved. Special thanks to the
but are sufficiently adaptable as threats members and partners of Public Safety
change. Most importantly there is a skills Communication Europe (PSCE) Forum for
the continued debate and hard work driving
March 2017 David Lund Page 11towards solving the challenge towards and information systems across the
resilient EU interoperable broadband Union
communication (www.psc-europe.eu, [6] ‘Overview of ITU’s History’. Available at
www.broadmap.eu). http://www.itu.int/
en/history/Pages/ITUsHistory-page-
References 2.aspx, accessed 23rd November, 2015
[1] 802.11ad-2012 – IEEE Standard for [7] ‘Key definitions of the Data Protection
Information technology-- Act’, UK Information Commissioners
Telecommunications and information Office (ICO). Available at
exchange between systems--Local and https://ico.org.uk/ for-
metropolitan area networks– Specific organisations/guide-to-data-
requirements-Part 11: Wireless LAN protection/key-definitions/, accessed
Medium Access Control (MAC) and 23rd November 2015
Physical Layer (PHY) Specifications [8] The Radio and Telecommunication
Amendment 3: Enhancements for Very Terminal Equipment Directive 1999/5/EC.
High Throughput in the 60 GHz Band Available at http://ec.europa.eu/
[2] ‘White Paper – Visible Light growth/sectors/electrical-
Communication Technology for Near- engineering/rtte-directive/
Ubiquitous Networking’. Available at [9] RECOMMENDATION ITU-R P.372-12,
http://visilink.com/ wp- Radio noise. Available at
content/uploads/2012/03/Visilink- https://www.itu.int/dms_pubrec/itu-
Technology-White-Paper-January- r/rec/p/R-REC-P.372- 12-201507-I!!PDF-
2012.pdf, accessed 23rd November 2015 E.pdf
[3] ‘Methodologies for the identification of [10] Home Office Slips out and Android
Critical Information Infrastructure assets passport Reader. Available at
and services’, ENISA, February 2015. http://forums.theregister.co.uk/forum/1/2
Available at 013/
https://www.enisa.europa.eu/activities/ 06/20/home_office_slips_out_android_p
Resilience-and-CIIP/critical- assport_reader/, accessed 23rd
infrastructure-and-services/ November 2015
Methodologies-for-identification-of- [11] ‘Before you use a WiFi Pineapple in
ciis/methodologies-for- the-identification- Vegas during a hackers’ security
of-ciis, accessed 23rd November 2015 conference, you better know what you are
[4] Three ‘Computer hackers can now hijack doing.’
TOILETS: ‘Smart Toilet’ users in Japan http://www.networkworld.com/article/246
could become victim to Bluetooth bidet 2478/microsoft- subnet/hacker-hunts-
attacks and stealthy seat closing’. and-pwns-wifi-pineapples-with-0-day- at-
Available at http://www. def-con.html, accessed 23rd November
dailymail.co.uk/sciencetech/article- 2015
2384826/Satis-smart-toilets-Japan- [12] ‘5G Innovation Opportunities’, TechUK,
hacked-hijacked-remotely.html, August 2015. Available at
accessed November 2015 https://www.techuk.org/insights/reports/it
[5] Directive (EU) 2016/1148 of the em/ 6008-5g-innovation-opportunities-a-
European Parliament and of the Council discussion-paper, accessed 23rd
of 6 July 2016 concerning measures for a November 2015
high common level of security of network
March 2017 David Lund Page 12[13] ‘Breaking radio silence: The value of 2919762/Hacking-Wi-Fi-s-child-s- play- communication in public services’. Seven-year-old-shows-easy-break- Available at http://www.lse.ac.uk/ public-network-11- minutes.html, businessAndConsultancy/LSEEnterprise accessed 23rd November 2015 /news/2014/Tetra.aspx [22] https://cve.mitre.org/cve/cve.html, [14] The quantum clock is ticking on accessed 23rd November 2015 encryption – and your data is under [23] ‘Research behind a hack of the Oyster threat. Available at card will be released which has serious http://www.wired.co.uk/article/ quantum- implications for cards using the same computers-quantum-security-encryption, MIFARE chip around the world’. Available accessed 6th February 2017 at http://www. itpro.co.uk/604770/oyster- [15] SafeCrypto project. Available at card-free-travel-hack-to-be- released, www.safecrypto.eu, accessed 6th accessed 23rd November 2015 February 2017 [24] ‘Gartner Says 4.9 Billion Connected [16] Radio Equipment Directive (RED) ‘Things’ Will Be in Use in 2015’. Available 2014/53/EU. Available at at http://www.gartner.com/newsroom/id/ http://eur-lex.europa.eu/legal- 2905717, November 2014, accessed content/EN/TXT/?uri=celex: 23rd November 2015 32014L0053 [17] Ofcom RA419. [25] UK DCMS, Incorporating social value Available at into spectrum alloca- tions’. Independent http://www.ofcom.org.uk/static/ Report, UK Department for Culture, archive/ra/publication/ra_info/ra419.doc Media and Sport, November 2015 [18] ‘Technologies and approaches for [26] UK Emergency Services Network. meeting the demand for wireless data Available at https://www. using licence exempt spectrum to 2022’. gov.uk/government/publications/the- Final Report, Ofcom, January 2013, emergency-services- mobile- Quotient Associates. Available at communications- http://stakeholders.ofcom.org.uk/binaries programme/emergency-services- / research/technology- network, accessed 18th September 2016 research/2013/demand-wireless.pdf, accessed 23rd November, 2015 [19] Dillinger, M., Madani, K., Alonistioti, N.: ‘Software defined radio: architectures, systems and functions’ (Wiley & Sons, 2003), ISBN 0-470-85164-3 [20] Mobile Network Security: a tale of tracking, spoofing and owning mobile phones. Defcon Moscow. OpenBTS & IMSI-catcher. – http://www.slideshare.net/iazza/dcm- final- 23052013fullycensored, accessed 23rd November 2015 [21] Hacking Wi-Fi is Child’s Play – 7 year old shows how easy it is to break a public network in 11 min. – http://www.dailymail. co.uk/sciencetech/article- March 2017 David Lund Page 13
Case study mobile devices. Power limitations typically
reduce the range of Bluetooth devices to 10– 15
Additional examples of wireless compromise
m. Directional antennas, similarly low cost,
Case study: television interference involving
significantly increase that range. Searching
TETRA radio communication systems: In
keyword ‘Bluetooth’ in the CVE database [20]
2003 the UK Radio Agency (now OFCOM)
yields 109 CVE entries.
published a document [16] in response to
complaints about the use of new TETRA
technology by the emergency services. This Case study: NFC reading – Oyster card: NFC
document clarifies that wideband TV amplifiers allows for close proximity exchange of
used on residential TV antennas are the most information with a passive device which is
likely source of interference due to their own non- powered by the RF field generated by the reader
linear responses to the TETRA signals. device.
In 2008, a judge rules [21] that a hack found by
Case study: IMSI collection of 3G using 2G: Radbound University to reverse the algorithms in
Low-cost software defined radio [17] equipment the Oyster Card (used on London Underground)
can be used together with openly sourced code should be made public. Free travel is therefore
that can mimic a GSM base station. The ‘man-in- made available to all whom have the motivation
the-middle’ base station operates at a reasonably to implement the hack until Oyster readers are
low power to avoid detection by the authorities updated.
and only for the time needed to carry out its
operation. A 3G mobile device comes into range Case study: NFC reading – ePassports: UK
of the rouge base station. The rouge intercepts passports issued since 2006 include a NFC
and notices the 3G operation of the mobile device now widely used for passage through
device. A jamming signal is transmitted which will auto- mated border control barriers. In 2013, the
naturally force the mobile device to fall back to UK Home Office released an Android app [22]
2G/GSM mode, registering itself with the rouge which can be used to decode your own, or
base-station and coming under its control. anyone else’s passport details using an Android
Further activity can be carried out to ascertain device, most of which have built-in NFC
details of the phone, route calls, disable transceivers.
encryption or simply identify the presence of the
user by identifying the IMSI which represents the
Case study: Hackers on Hackers – Wifi
SIM card and, hence, end user [18].
hacking WiFi: There is a continuous challenge,
to challenge and test each other. In famous
Case study: WiFi hacking: It is easy to obtain conference Defcon22 in 2014, a well-known WiFi
simple WiFi equipment with the capability to act device, cheaply available and made easy to
as a man-in-the-middle access point to intercept, intercept WiFi transmissions was, itself, attacked
fool and even run routines to remove or crack [23]. Many hackers where known to have utilised
encryption routines. A laptop offers a mere this device in preparation to demonstrate their
starting point. A seven year old recently own interception and hacking prowess during the
demonstrated the ease of cracking a public Wi-Fi conference. To their dismay, all users find that
system in 11 min [19]. At the time of writing, their device itself had been hacked and rendered
searching for keyword ‘WiFi’ in the CVE database useless after connecting to the conference wifi
[20] yields 68 entries, the majority of which reside network.
in the software within certain wireless devices.
Case study: Bluetooth hacking: With Bluetooth
widely used for making phone calls, syncing
contacts, ‘Bluebugging’ is the well-known method
used to exploit vulnerabilities and take control of
March 2017 David Lund Page 14You can also read
