Introduction and Brief Background of the Topic
Network security is a broad term. It encompasses a wide range of protective measures that include incorporating protection, detection, and reaction capabilities which are aimed at protecting and defending information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation (CNSS Instruction No. 4009, 2010). With digital means of communication gradually taking over the corporate and private sector, the issue of data security and integrity becomes more important than ever.
The main concerns of security are maintaining the functionality of the network environment, securing privacy, and providing the integrity of confidential information. The malfunction or a deliberate disruptive effort may compromise the functioning of the network. The latter is the most common cause and primary concern of security specialists. The attacks differ widely but are most often grouped into two distinct categories – active and passive. Active is defined as a direct attempt to obtain or disrupt information by altering it or adding malicious code. They include such methods as distributed denial of service, phishing, and DNS spoofing. Passive attacks are activities that obtain the data without tampering with it, like port scanning.
As network technologies evolve, so do security systems, to provide up-to-date measures of protection. They are implemented on hardware and software level to address the existing flaws and catch up with improvements in the attack techniques.
Recently, several major reasons have contributed to reorganizing the basic principles of network security. Firstly, mobile devices capable of network connection became massively popular and widespread among the public, which presumes the emergence of a large group of users with no specialized IT knowledge. Mobile devices, such as smartphones and tablet PCs, comprise the majority of such devices, providing for another serious issue. Mobile devices connectivity is entirely wireless, with open public LANs becoming more popular each year. The wireless nature of the signal and lowered protection of such networks pose additional threats. Finally, cloud-based services have become ubiquitous in both the corporate and private sectors.
All the mentioned networks differ from the traditional client-server structure, which is gradually abandoned in favor of more up-to-date machine-to-machine data communication. While introducing additional performance benefits, such innovation also gives way to new vulnerabilities and exploits. New security measures are constantly being implemented, such as the introduction of software-defined networking and wireless equipment capable of implementing wireless security features. But the process is far from complete, with new breaches surfacing on a regular basis. Nearly every month the news reports new major leaks of corporate and personal data as a result of a hole in a network.
Research Question
The main purpose of this research is to highlight the possibilities and means of protection for personal mobile devices capable of Internet connectivity. Accessible networks are permeating the modern world. Besides, a lot of software products offer the best functionality when connected to the Internet. Nevertheless, public and personal networks pose additional risks to users. Two main concerns are privacy breaches and the leakage of sensitive information. The amount of personal information circulating through the Web with the help of mobile phones and tablet PCs is already impressive and tends to grow. Therefore, outlining the viable strategies for ensuring the security and integrity of the information is the primary focus of the paper.
Research Methodology
The research will be conducted by reviewing and analyzing secondary sources. The reason for that is the relatively large base of already available means of protection and the high level of knowledge required to process the primary sources. As the research will focus on the implementation of readily available information relevant for the population with no special training, it will be limited to qualitative analysis of credible books and journal articles which deal with the topic. Besides, the web sources with first-hand information relevant to the research will also be reviewed.
Literature Review
Types of Networks
Mobile devices, like smartphones, laptops, and tablet PCs, utilize several types of networks for Internet connectivity. Technically, the two main types are wireless networks, and personal area networks, which are basically machine-to-machine connections made by end-users. Wireless networks can be of two main types: mobile networks, used by phones for communication and Internet access, and wireless local area networks, which use a local access point. These, in turn, can be divided into two broad categories: the private networks, used primarily in homes, and public networks, made available in various public places, like libraries, shopping malls, hotels, and coffee shops. This last distinction is arbitrary, as both private and public networks share the same hardware and software aspects, and differ solely by the availability: the private networks are password-protected by the owner, and thus allow him or her to control the access, while public networks either lack the password protection altogether or disclose it when the conditions are met, which, in theory, lowers the control over access significantly to perceive them as unprotected. All of the network connections have their own security issues.
Personal Area Networks
Personal area networks (PAN) are the network connections established between several mobile devices. The connection can be vertical, implying the presence of the master device taking the role of the access point. However, it is more commonly used for a direct connection between two or more devices horizontally. The PAN hardware usually implies short-range communication (up to a few meters) and is used primarily for establishing a link during a personal meeting to exchange files or other information. Basically, PAN is a wireless alternative to a short connectivity cable. Several technologies are used in mobile devices, with two most popular being IrDA, using the infrared signal for communication, and Bluetooth. The former standard is obsolete and virtually absent from modern devices while the latter is aging but still relatively popular nowadays.
Bluetooth is wireless technology to exchange data over a short distance. In mobile devices, primarily cellular phones, it was used for sharing content and Internet connectivity when the mobile Internet was of limited accessibility. The protocols and policies of Bluetooth are compiled into profiles. According to Becker (2007), the profiles most often used to gain unauthorized access are OBEX Object Push Profile (OPP) and Synchronisation Profile (SYNCH). The former is used to exchange data files, mainly vCards, while the latter is responsible for the horizontal pairing of the devices and the authorized access.
Bluetooth vulnerabilities
Bluetooth profiles use encryption methods to transfer data between the devices. However, the technology of older revision (prior to version 2.1) allowed this function to be turned off. This possibility was not implemented on the user level, so the end-users could not accidentally turn it off, but the breach could be made by altering the firmware or the operating system of the device. Thus, the individuals using the unofficial sources for software updates could get their encryption settings off, making the data vulnerable to both active and passive threats. This issue has been effectively addressed since version 2.1, eliminating the problem. Nevertheless, some devices were not influenced by it, as not all users update their devices on a regular basis, and some of them do not allow the update altogether. This leaves a tiny fraction of users vulnerable.
Of much higher concern are two techniques exploiting the OPP and SYNCH profiles. The OPP profile is intended to transfer vCards, which is a form of a business card in a digital format. The information contained in such a card is meant for sharing, so the profile does not require authentication or authorization. However, in several models of mobile devices, the profile was implemented incorrectly, leading to the SYNCH profile getting access to the same object exchange protocol stack as OPP. This allows the correctly set attack to gain access to otherwise restricted data.
The attack called BlueSnarf makes use of this vulnerability. The attacker may get the OBEX push protocol information by successfully scanning the Service Discovery Protocol (SDP). He then makes the direct request for certain destinations known to him (most likely – the standard locations of files containing valuable private info). If the SYNCH and OPP profiles are implemented incorrectly, he is able to download the data bypassing the required authorization and authentication. The whole process is undetectable by the victim, as the pairing prompt or any other notification is obviously missing.
Essentially, the only requirements for a successful attack are the incorrect implementation of the profiles, i.e. the certain phone model, and the distance sufficient for the connection. However, the initial distance of several meters, on which the Bluetooth devices are intended to function, is also susceptible to enhancement. The device capable of receiving a Bluetooth signal within the range of several hundred meters can be assembled at home, and the instructions for such devices are freely available on the Internet. The record distance of conducting a successful BlueSnarf attack is 1.87 km., The attack was done in 2007 as an experiment by the radio hobbyist and hacker group Trifinite (Becker, 2007), and is thoroughly documented.
Another attack based on a similar principle but posing different threats is known as BlueBug. This type of attack again takes advantage of the vulnerability in the existing protocols, namely Radio Frequency Communication (RFCOMM). The protocol is a part of the Logical Link Control and Adaption Protocol (L2CAP). Intended for the device connection and data exchange, the RFCOMM was designed to emulate the RS-232 interfaces without the cable connectivity. In essence, it emulates a serial port and supports up to 60 simultaneous connections between the devices.
However, if the attacker gets hold of the Bluetooth Device Address, he may then connect to the RFCOMM channel 17, which on some models of phones requires no authentication when accessed by the AT-parser. Once the connection is established, the perpetrator may take control over the device and, through the command line, perform essentially any activity that is available to the phone owner, including calls, reading and sending messages, and obtaining unencrypted private data (Becker, 2007). Again, this may be done only to a certain range of devices, and have since been largely addressed by firmware updates which have closed the gap, but as it is virtually impossible to enforce such updates, a certain number of devices have retained this vulnerability.
Another breach in the security of PAN connection is grounded in the human factor. It can range from simple and virtually harmless pranks, like the BlueJacking, to the loss of data or monetary losses based on techniques similar to fishing. BlueJacking is the technique that uses the same vulnerability as the BlueSnarf, sending cards via the unprotected profile. Unlike the former, no harm or data loss is done, but the message text may be of a threatening or abusive character, which may stress the gullible user unfamiliar with the option.
The fishing techniques aim at bypassing the authentication procedure, namely the entry of the PIN code required to pair the devices. The easiest way to do it is to include the PIN in the name of the access point. When the unaware user enters the PIN, he becomes exposed to the same privacy breaches as in the previous examples, but without any effort on the part of the attacker. Such vulnerability is obviously addressed by understanding the basics of network security and the purpose of authentication processes. Despite being rather evident, such methods remain in use because, as stated above, the majority of mobile device users neglect the security concerns altogether.
Finally, the PIN code can be computed by using the algebraic algorithms. This final type of attack can be rather effective as the process can take very little time when conducted using a sufficiently powerful CPU – 63 milliseconds on 3GHz Pentium (Becker, 2007). This gap is not possible to close as it is grounded in the Bluetooth architecture rather than the software error. Fortunately, it is detectable by the end-user, as the process requires him or her to reenter the PIN more than once. The usage of longer code also lessens the risk.
Personal network security solutions
Basically, all of the vulnerabilities already discovered have been since addressed by device manufacturers, so the current generation of Bluetooth-capable devices is far less likely to be exposed. Nevertheless, the safest way of using such device is still turning Bluetooth on only when required, ignoring the prompts to enter the PIN or other information unless the purpose of such prompt is clear and excludes foul play, limiting the discovery function usage, and updating the firmware timely (Panse & Panse, 2013). In other words, the security of the PAN is already as high as possible by means of the technology, and it is up to the individual to make the best use of it.
Public Wireless Networks
Wireless Local Area Networks, or WLANs, are widely used today for personal, commercial, and public purposes. The absence of cables made them especially attractive for use in public places, like libraries or cafes, as they are easily set up and offer additional services to visitors. However, using such a network is arguably even more dangerous than the PAN like Bluetooth. The more stationary nature of the public WLAN, as opposed to PAN’s short-time sessions, the multitude of options, some of which are considered unsafe or potentially vulnerable, and the popularization of means of breaching the protection, like the freely available software and manuals, allow for a multitude of ways to gain access to end user’s private data, software, or even hardware.
Common vulnerabilities of WLANs
Speaking of public networks, the methods used most often are passive data interception, like eavesdropping, port scanning, and several other passive techniques, as well as active data tampering, with both the inbound and outbound traffic. They include cache poisoning, the man in the middle, DNS spoofing, and several types of active phishing. Besides, several techniques exist to create a fake access point, also known as evil twin AP, which makes both processes much easier for the perpetrator.
Passive eavesdropping
Once the mobile device is connected to the access point (a WiFi router), the device is listed as a part of a local network. Within the network, all the devices gain limited access to each other. Partially this is implemented on the user level, like the shared files and printers. But the skilled person can gain access to information not intended for public view. Such a technique is called eavesdropping and is achieved by intercepting data traveling between the device and the access point. Once both the outgoing and ingoing traffic is intercepted, the perpetrator can find out all the information the victim receives and sends on the Web. This is not limited to the text and media but includes logins, passwords, credit card information, and other valuable data. The eavesdropping is among the easiest by means of conducting within the wireless network, as the radio signal can be received fairly easily, and is virtually undetectable, as the data does not get altered in any way (Papadimitriou, Pomportsis, Nicopolitidis, & Obaidat, 2003).
However, privacy, and in some cases financial integrity, will be breached. This is a problem that predates the wireless networks by the time WLANs became popular, several means of dealing with it have been introduced, most common being data encryption. The encrypted data can be intercepted in the same way, but cannot be made use of. The encryption methods have developed over time, with the Wired Equivalent Privacy (WEP) being subsequently succeeded with Wi-Fi Protected Access (WPA), which added the means for user authentication and made the encryption process more secure by applying the Temporal Key Integrity Protocol (TKIP). The strongest and most reliable encryption to date is WPA2, which utilizes Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES).
By today’s standards, WPA that utilizes TKIP does not offer a sufficient level of security, as it is vulnerable to message integrity check (MIC) attacks, which give way to eavesdropping as well as some active interception methods, like spoofing (Wong, 2003). Unfortunately, the wireless network equipment in public WLANs is not updated on a regular basis, and the practice of updating the firmware of access points is virtually non-existent. Besides, while the encryption method used by the AP can easily be defined by the mobile device, this is rarely taken into consideration. As a result, many public wireless access points still rely on outdated protection methods, lacking AES-CCMP, or even using WEP.
Security inside the wireless LAN
While the advanced encryption techniques like WPA2 can make the process much safer, they do not eliminate the threat of privacy breach entirely. As long as the device has access to the WLAN by entering the password, it can bypass the encryption intended for the interception of the data. In other words, the WPA2-protected public network eliminates the threat of interception from outside the network, but once the potential attacker gains access, he or she gains much better possibilities for malicious activities. Fortunately, the means of encrypting data and securing its integrity exist even within the network.
Evil twin access points
The easiest way of intercepting the data within the public WLAN is to create a fake access point (AP). In this case, the device of the perpetrator is disguised as a legitimate router, by copying the Service Set Identifier (SSID) of the real router. When the connection manager of the device searches for the access point, he automatically selects the twin AP in case its signal is better. The fake AP is connected to the Web and starts rerouting the traffic of the device through, capturing the information. In case the traffic is not encrypted, the twin AP can obtain all the information that is channeled through it, including the bank account passwords and other sensitive info.
What is more important, such interception gives way to active attack methods as the data goes through the fake Web, mail, and file servers (Jacobson & Idziorek, 2012). The technique where additional data is injected or altered completely is collectively known as “man in the middle” (MITM). The situation is further aggravated with the rising availability of software products which allow the relatively easy setup of the MITM-capable twin AP even by the person with no special knowledge on the topic, which means the higher odds of being intercepted.
Means of protection against fake APs
The evil twin technique has a long history and has been addressed in multiple ways, with the most ubiquitous and relevant for the general public use being the implementation of the Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS). Both are utilized by the majority of web resources which require secure communication and data transfer. The HTTP protocol augmented with TLS is known as HTTPS and is becoming gradually more popular each year. The TLS uses symmetric cryptography to ensure the privacy of connection while the integrated message integrity check serves as a means to guarantee the integrity of transmitted data (Dierks & Rescorla, 2008).
Both measures make the MITM attacks harder to perform, easier to detect, and the process of data extraction more complicated. This discourages the majority of the perpetrators, as they usually seek easy targets. While HTTPS does not eliminate the MITM threat entirely, it limits them mostly to dedicated targets, like corporate networks, whereas the public WLANs become less desirable prey. According to Das and Samdaria (2014), the HTTPS is still prone to breaches but offers a formidable level of traffic integrity and security. It is thus recommended to prefer the HTTPS connection whenever possible while using public WLAN, and check the protocol and authenticity of the web source whenever sensitive or private information is involved. As with the previous examples, sufficient preventive measures are already available but can be ignored by the end-users.
Cache poisoning
In the case when the direct extraction of the sensitive data is not possible, the type of phishing called cache poisoning comes into play. By injecting additional data into traffic after successfully becoming a man in the middle, the attacker can reroute the user to a fake resource. Such rerouting may serve as an additional data source for the perpetrator as the user may be prompted to fill in some sensitive information, like a password or a PIN code. Additionally, such a technique helps the attacker to bypass the two-factor authentication process, automatically synchronizing the service that demands additional confirmation code from the user with the fake resource where he or she enters such information. Another major concern is the long-term effect of cache poisoning.
As it is possible for the process to meddle directly with the files on the user’s machine, its impact can have long-term consequences as the browser can enter fake sites from other networks after leaving the public WLAN where the poisoning took place. Cache poisoning is an effective procedure that renders HTTPS protocol relatively useless, as was extensively demonstrated by the network security specialists. According to Scott Helme (2013), the use of two freely available tools, Wireshark and Cain, allows for a relatively effortless hijacking of data within a short period of time and using only the general guidelines without in-depth knowledge on the matter. The results of his experiment were achieved while using the HTTPS protocol, the fact which points to the need for additional security measures in case of operating sensitive data.
Protection against Active Attacks
Virtual Private Networks (VPNs) serve as a safe corridor between two points over the public network. By using virtual tunneling protocols, VPNs ensure the secure direct connection between two points as if they are a part of a real private network. Such data management allows additional functionality, but, more importantly, it allows data encryption (Jacobson & Idziorek, 2012). Using the point-to-point VPN guarantees the data flow encryption within the WLAN, so if it gets hijacked, the hacker still needs to decrypt the received data to make use of it. This is not impossible, but is a lengthy and laborious process compared to the initial effort of the interception, and, in most cases, will not be performed, as the perpetrator will instead seek for a less protected target. The visible drawback of the VPN is the relatively high level of knowledge required to manage the VPN software. While several services exist which make the process more accessible to the general public, the required effort is still much higher than is usually displayed in ensuring one’s privacy and security on the web.
Denial of Service attacks
The denial of service, or DoS attacks, is a type of practice that restricts users from accessing the network or a resource. A wide variety of actions falls into this category, from deliberate actions by a hacker which results in a shutdown, to the accidental action, or frequency interference. The 802.11 standard resides in the frequency spectrum extensively used by other devices and network standards. The abundance of excessively strong signals can eventually lead to malfunction, distortion or loss of signal, disrupting the connection to a local wireless or a global network. The deliberate activity by a perpetrator may include the use of a jamming device, which is a risky endeavor and is not likely to happen with a private or public WLAN. More likely is the attack of WLAN by “brute force” – sending the data packets in quantities the network cannot handle or abusing the faulty protective measures incorporated into WPA protocol – sending the authentication packets in couples, which is recognized as an attack and causes a temporary shutdown. If done systematically, this results in prolonged network decline. DoS attacks are hard to avoid but pose no threat outside the inability to connect to the Web or use other WLAN functions.
Differences in Private WLAN Security
A private WLAN used at home is technically the same construct as a public one, but poses far fewer threats, for two primary reasons. First, the private WLAN is presumably password-protected, which gives the owner the upper hand in controlling who can use it and, unless the perpetrator knows the password, is very hard to penetrate without the owner’s permission. Second, the owner is in full control of both the hardware and the software of the equipment. This gives him or her the opportunity to set up the desired level of protection instead of relying on the assumed security of the public networks. Thus, the home WLAN should utilize the same precautions listed for public WLANs in this research.
Discussion
The reviewed literature shows that the variety of means of personal protection is currently available for the public as well as for the companies. Both the personal and the local area networks are equipped with the mandatory basic protection means, like the authentication techniques, and can be further enhanced with additional software solutions, like the virtual private networks. The weak points are timely addressed whenever possible by the firmware updates and hardware augmentations. The wireless communications are almost ubiquitously protected with encryption technologies. While none of the mentioned means of protection is impenetrable, the process of bypassing them is complex and in most cases is unlikely if all of the precautions are taken.
Conclusion
The security of networks is an issue that should not be ignored. The properly configured LAN and a device that utilizes it guarantee the integrity of data, privacy, the security of important data, and convenience of use. The most common security breach techniques, like eavesdropping, rerouting traffic through fake access points, ARP and browser cache poisoning, the man in the middle techniques altering data, phishing, and exploiting various software and protocol vulnerabilities, either have been addressed by the responsible parties or are in the process of improving.
Recommendations
The most common solutions include data encryption on various stages of communicating with the network and multi-level authentication and authorization procedures. While not perfect, all of the mentioned techniques lower the vulnerability of end-user dramatically. Thus, the security when in using personal and public networks is essentially limited to responsible implementation and utilization of security measures already widely available but still used by the minority of the general public. In other words, awareness and education are crucial for personal network security.
References
Becker, A. (2007). Bluetooth security & hacks. Web.
CNSS Instruction No. 4009. (2010). Web.
Das, M. L. & Samdaria, N. (2014). On the security of SSL/TLS-enabled applications. Applied Computing and Informatics, 10(1), 68–81.
Dierks, T & Rescorla, E. (2008).The Transport Layer Security (TLS) Protocol, Version 1.2. Web.
Helme, S. (2013). Advanced Session Hijacking – Is coffee shop WiFi such a good idea? Web.
Jacobson, D. & Idziorek, J. (2012). Computer Security Literacy: Staying Safe in a Digital World. New York: CRC Press.
Panse, T., & Panse, P. (2013). A Survey on Security Threats and Vulnerability attacks on Bluetooth Communication. International Journal of Computer Science and Information Technologies, 4(5), 741-746.
Papadimitriou, G. I., Pomportsis, A. S., Nicopolitidis, P., & Obaidat, M. S. (2003). Wireless Networks. West Sussex, England: John Wiley & Sons.
Wong, S. (2003). The evolution of wireless security in 802.11 networks: WEP, WPA and 802.11 standards. Web.