Wireless technology has been growing fast for the last decade and will continue to because of the potential of mobile communications. In fact, in the private sector many telecommunication companies are turning their business model to mobile/wireless networks and connectivity, relegating wired networks to a secondary role.
Fast deployment, fast integration, and cost-effective solutions based on COTS (thanks to standardization) are the main reasons for wireless success. The most accepted standards are 802.11 (or WI-FI, the standard for carrying out wireless local area network computer communications) and 802.16 (or WIMAX, a telecommunication protocol that provides fixed and fully mobile Internet access aimed at providing 4G mobile connectivity allowing a high speed data transfer rate, mobility, and reduction of cost in the “last mile” internet access).
Wireless networks can provide a huge advantage in achieving NEC fast deployment, fast integration, and cost-effective solutions for communication and information systems implementations based on COTS products, which are widely used in private domains. Although the advantages of this technology -- facilitating the mobility and integration of NEC are undeniable, security is so far an unsolved problem for massive employment in military capabilities.
72 “Principle of least privilege” states that all users or processes that access or act in a system must do so with a minimum level of privileges and permissions that let the user or the process realize its functions.
[128]
Some important risks related to security in wireless networks include:
Loss of confidentiality is a high risk because of the broadcast and the radio nature. Wireless radio propagates into space; an attacker does not have to be in the facility to passively capture data, and the use of high-gain antennas can capture data from wireless networks beyond a network’s normal operating range. Exploitation in Wi-Fi of the WLAN security mechanism weaknesses is common and easily accomplished. The attacker needs only to passively catch enough data to be able to access the network and exploit vulnerability in the secure transmission protocol.
In WIMAX, man-in-the-middle attack can be performed by exploiting unprotected management messages during the initial network entry process. Also, eavesdropping can be done even if the data are strongly ciphered by AES, allowing the attacker to identify the footprint of a network or conduct a traffic analysis, helping the attacker identify targets in the network.
Loss of integrity is a risk to take into account although the threats are similar to those in wired networks. Only by using cryptographic protection can data integrity be achieved. Wi-Fi standards do not provide strong message integrity, so other kinds of active attacks that compromise system integrity are possible.
Loss of availability is another significant risk in wireless networks. A denial of WLAN availability often involves some form of DoS attack, such as jamming73 or flooding.74 Another attack is the use of 802.11n network with backward compatibility disabled (Greenfield mode), which unintentionally creates a DoS attack to wireless networks. In WIMAX, the injection of RF interference during the transmission of specific management messages can degrade overall system performance (this attack is known as scrambling).
The use of VPN with a validated encryption algorithm by means of a certified cipher is a method to achieve confidentiality and integrity. The use of Wireless Intrusion Detection and Prevention Systems can detect attacks and misconfigured WLAN clients, rogue Access Points, ad hoc networks, and other violations of security policies.
73
Jamming occurs when an RF signal emitted from a wireless device overwhelms other wireless devices and signals, causing a loss of communications. Jamming may be caused deliberately by a malicious user or inadvertently by emissions from other legitimate devices operating within an unlicensed spectrum, such as a cordless telephone or microwave oven.
74
Flooding attacks are initiated using software designed to transmit a large number of packets to an Access Point or other wireless device, causing the device to be overwhelmed by packets and cease normal operation. Flooding can cause a WLAN to degrade to an unacceptable performance level or even fail completely. Jamming and flooding threats are difficult to counter in any radio-based communications, and the legacy IEEE 802.11 standard does not provide any defence against them. Management frames in 802.11 technologies are not protected and are a cause of availability attacks:
Forged frames can force a disassociating client and Access Point.
Attacker can flood the Access Point associating table with false request until the Access Point no longer allows legitimate associations.
[129]
The use of “thin”75 Access Points wherever possible is recommendable to improve the security of wireless networks.
As seen in the definition of the standards, 802.11 and 802.16 networks can coexist as part of CIS capacities. 802.11 networks can provide connectivity in a small area, which can be as versatile as a building or around a vehicle in a tactical environment. Meanwhile, 802.16 equipment can provide connectivity between 802.11 “islands,” allowing connectivity among them and the HQ.
Wireless connectivity is widely used as well to enable fast deployment of security sensors perimeter and make the information available when and where it is needed. In this case, two possible alternatives can be taken into account: create small networks of sensors and interconnect them, or connect the sensors directly to the WiMax system. In both cases, the speed of creating the infrastructure is higher and the cost of the deployment is much lower, reducing the need for material and time to implant CIS systems.
It is expected that wireless communication security problems will be solved in the short term for NEC purposes with this technology. This includes the application in military CIS to reach the necessary information assurance level.
Hence, some security challenges related to the use of wireless networks for NEC are: a. Improve the confidentiality by adopting certified cryptographic suites and key
management solutions. Use of IP crypto equipment (for example NINE crypto equipment) to assure confidentiality and integrity or the use of end-to-end confidentiality equipment (as SCIP).
b. Improve communication integrity by using strong integrity algorithms and cryptographic security to management signalling.
c. Improve availability by using anti-jamming techniques as frequency hopping and improvement of the radio spectrum techniques.
Furthermore, wireless technology can evolve in other aspects not explicitly considered as part of security field, but are closely related, and they have a beneficial influence on NEC and NECCS. Examples of these aspects are: the expansion to military RF bands dedicated to military systems to avoid spectrum saturation and improve radio spectrum use in all the military bands; the modification of standards to increase transmission
75 Access Point (AP) can be categorized as “thick” or “thin.” A thick, or intelligent, AP handles encryption and the overall management of the client devices connected to it. For a thin AP, the processing of encryption and policy settings generally occurs in the central switch or controller. Thin APs are generally more secure than thick APs because thin APs do not have a key that could be extracted. In addition, they do not require the same level of physical security and other countermeasures than thick APs.
[130]
TEMPEST protection policy should be revised
to adapt it to the NEC context, where distributed information
prevails rather than information concentration. speed and coverage; and the use of automated fast connection and routing techniques to enable connectivity in rapid changing environments.
9.6.
TEMPEST
Since the early 1960s, it has been well known in the military sphere that electronic devices, such as computers, communication lines, etc., generate electromagnetic radiation that can interfere with other electronic equipment. Known as compromising emanation or TEMPEST radiation, the unintentional electromagnetic broadcast of data has been a significant concern in military electronic applications since then.
The TEMPEST threat has been widely study, and the appropriate countermeasures have been described in NATO and NATO nations’ security regulations. In NATO many guides, regulations, and standards (AMSG, SDIP, etc.) have been developed to cope with this type of threat.
Technological advances in the manufacturing of electronic equipment have increased their protection against the TEMPEST threat, reducing the associated risks, although they still remain.
The tools and techniques needed to make technical TEMPEST
interceptions are available not only for state-sponsored entities, but for anyone with an Internet access. Therefore, the TEMPEST threat is still alive and will have to be considered in NEC implementation. Furthermore, appropriate countermeasures will remain necessary in classified systems.
The approach for TEMPEST mitigation may be based on risk assessment and can be managed case by case rather than by establishing general rules covering all potential situations.
However, TEMPEST is a phenomenon that emerged in the context of the Cold War, when information exchange requirements, communication networks structure, IT technology, and information confidentiality policies were radically different than they are now.
The success of TEMPEST activity lies in identifying concentration points where important and sensitive information is transmitted. (TEMPEST is not designed to capture information when stored.) During the Cold War period, communications centers and embassies were the main objectives. This choice was due to the need to
[131]
Cold War
- Concentrated Information - Information ConfidentialityHigh TEMPEST Threat