Security of Wireless Networks AS09

Autumn semester 2009, course no. 251-1411-00L, (5 ECTS)
Lectures: Tuesday, 13-15h, in IFW A36
First lecture: 22.09.2009, Last lecture: 15.12.2009
Exercises: every second Friday, 13-15h, in IFW A26.2
First exercise: 02.10.2009

Course responsible: Prof. Srdjan Capkun (capkuns@inf.ethz.ch)
Assistants on the course: Ghassan Karame (karameg@inf.ethz.ch) and Davide Zanetti (zanettid@inf.ethz.ch)

Course Announcements

- 04.12.2009: The schedule of the oral exams is on-line
- 24.11.2009: Information on the SOWN exams are now on-line
- 24.11.2009: Information on the Cantenna presentations are now on-line
- 12.11.2009: Lab manual is updated
- 12.10.2009: Lab manual is updated
- 01.10.2009: Lab instructions and manual are on-line.
- 29.09.2009: Information on the Cantenna exercise as well as lab assignment and scheduling are now on-line.
- 18.08.2009: The website is online.

Course description:

Core elements: Wireless communication channel, Wireless network architectures and protocols, Attacks on wireless networks, Protection techniques.

Course content: Wireless channel basics. Wireless electronic warfare: jamming and target tracking. Basic security protocols in cellular, WLAN and multi-hop networks. Recent advances in security of multi-hop networks; RFID privacy challenges and solutions.

Learning objectives: After this course, the students should be able to: describe and classify security goals and attacks in wireless networks; describe security architectures of the following wireless systems and networks: 802.11, GSM/UMTS, RFID, ad hoc/sensor networks; reason about security protocols for wireless network; implement mechanisms to secure 802.11 networks.

Evaluation:
Oral exam = 80% of the grade
20% exercises and related reports

Detailed content:

1. Wireless Electronic Warfare
   basics (wireless channel equations)
   jamming and antijamming
   low-probability of intercept signals (LPI)
   source localization techniques
   Related exercise: cantenna
2. Security of WiFi networks
   802.11 architecture and protocols
   (un)authorized access: MAC filtering, WEP, WPA, 802.1X, 802.11i
   Selfish behavior in WiFi networks
   Related exercises: WiFi security issues
3. Security of Cellular networks
   GSM and UMTS security architectures
   Attacks on GSM networks
4. Security in wireless multi-hop networks
   architectures and protocols
   naming and addressing
   key establishment/management
   secure distributed computing
   thwarting selfish behavior
5. Secure RFID systems
   readers and tags
   security issues: privacy, forgery, sabotage
   RFID security protocols
6. Special (research) topics
   wireless device pairing
   broadcast authentication
   secure localization and time synchronization
   ....

Course Material

Lecture slides will be available before each lecture.

Additional reading

• D. Adamy, "Ew 101: A First Course in Electronic Warfare", Artech House Publishers, ISBN 9781580531696, 2001.
• D. Adamy, "Ew 102: A Second Course in Electronic Warfare", Artech House Publishers, ISBN 9781580536868, 2004.
• L. Buttyán and J.-P. Hubaux, "Security and Cooperation in Wireless Networks", Cambridge University Press, ISBN 9780521873710, Release 1.5.1, July 2007.

Lecture 1 (22.09.09)

• [Slides]
• [Reference 1:] Y. Desmedt, R. Safavi-Naini, W. Huaxiong, C. Charnes, and J. Pieprzyk, "Broadcast anti-jamming systems," IEEE International Conference on Networks, 1999.
• [Reference 2:] J.T. Chiang and Y.-C. Hu, "Dynamic Jamming Mitigation for Wireless Broadcast Networks", IEEE INFOCOM, 2008.
• [Reference 3:] M. Strasser, C. Pöpper, S. Capkun, and M. Cagalj, "Jamming-resistant Key Establishment using Uncoordinated Frequency Hopping", IEEE Symposium on Security and Privacy, 2008.
• [Reference 4:] C. Pöpper, M. Strasser, and S. Capkun, "Jamming-resistant Broadcast Communication without Shared Keys", USENIX Security Symposium, 2009.

Lecture 2 (29.09.09)

• [Slides]

Lecture 3 (06.10.09)

• [Slides]
• [Here] an updated version of the slides for Lecture 3.

Lecture 4 (13.10.09)

• Continue with the slides from the last lecture.

Lecture 5 (20.10.09)

• [Slides]
• Paper presentation by students:
  L. Malisa and P. Sachs on T. Ohigashi and M. Morii, "A Practical Message Falsification Attack on WPA", Joint Workshop on Information Security, 2009.

Lecture 6 (27.10.09)

• [Slides]
• ZISC colloquium (27.10.09), Prof. Jean-Pierre Hubaux (EPFL) on "Security Mechanisms with Selfish Players in Wireless Networks". 17.15h-18.15h, room: HG (main building) F5 (attendance recommended).
  http://www.zisc.ethz.ch/events/ZISC_colloquium_HS09

Lecture 7 (03.11.09)

• Tutorial on Game Theory (http://secowinet.epfl.ch/slides/AppB-GameTheory.ppt)
• Continue with the slides from the last lecture.

Lecture 8 (10.11.09)

• [Slides]
• Selected topics in identification of wireless devices

Lecture 9 (17.11.09)

• [Slides]
• [Reference 1:] "TESLA Broadcast Authentication Protocol", Adrian Perrig. Ran Canetti. J. D. Tygar. Dawn Song, RSA Cryptobytes, 2002.
• [Reference 2:] "Integrity Codes: Message Integrity Protection and Authentication Over Insecure Channels", Srdjan Capkun, Mario Cagalj, Ramkumar Rengaswamy, Ilias Tsigkogiannis, Jean-Pierre Hubaux, Mani Srivastava, IEEE Transactions on Dependable and Secure Computing, 2008.
• [Reference 3:] "Proximity-based Access Control for Implantable Medical Devices", Kasper Bonne Rasmussen, Claude Castelluccia, Thomas S. Heydt-Benjamin, Srdjan Capkun, Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2009.

Lecture 10 (24.11.09)

• [Slides]
• [Reference 1:] "Distance Bounding Protocols", Stefan Brands, David Chaum, Prooceedings of Eurocrypt, 1993.
• [Reference 2:] "Secure Positioning in Wireless Networks", Srdjan Capkun, Jean-Pierre Hubaux, in IEEE Journal on Selected Areas in Communications, 2006.

Lecture 11 (01.12.2009)

• [Slides]
• [Reference 1:] "Secure Time Synchronization in Sensor Networks", Saurabh Ganeriwal, Christina Pöpper, Srdjan Capkun, Mani B. Srivastava, in ACM Transactions on Information and System Security, July 2008

Lecture 12 (08.12.2009)

• [Slides]
• [Reference 1:] "Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks.", Hu, Yih-Chun, Adrian Perrig, and Dave Johnson, In Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (ACM Mobicom), Atlanta, Georgia, September 23 - 28, 2002.

Lab Exercises

The lab manual is available here.

Lab instructions can be found here.

Here you can find the student assignment to the lab sessions as well as the sessions scheduling. In case your name doesn't appear on that list, please make sure to attend the first lab session on the 2nd of October or send us an email asap.

Information on the Cantenna exercise can be found on these slides and here.

Oral Exams

The oral exams will take place on Wednesday 16th, Thursday 17th, and Friday 18th December 2009 in Prof. Capkun's office (IFW C 41.2).

The length of a single exam will be between 15 and 20 minutes.

The exams scheduling can be found here.