By Alan Boyle Science editor
updated 2/22/2005 12:50:36 PM ET 2005-02-22T17:50:36

Wireless networks like the ones at your local coffee shop or airport are the next frontier for hacking attacks that could disrupt online transactions or steal your personal data, computer security experts say.

Researchers at the annual meeting of the American Association for the Advancement of Science outlined new breeds of “stealth attacks” and proposed new crypto protocols to defeat them.

"Some of these attacks that we're talking about, by their very nature, could not be detected," Indiana University's Markus Jakobsson told reporters here Saturday. "That is what makes them stealth attacks. They could very well exist, and we could never prove that they do."

The attacks take advantage of the "ad hoc" nature of wireless networks you might casually log into at an Internet cafe or airport, or computer networks that are set up by emergency teams for communication purposes. In such networks, there is no hard-wired infrastructure for connecting computers with each other. Instead, the computers have to organize themselves into networks.

"It gets worse in a wireless network than a wired network, purely because you don't know who you're talking to," Jakobsson said.

Outsiders could insert themselves into ad-hoc wireless networks by manipulating Internet protocols to make their link in the communication chain seem particularly attractive. Jakobsson calls this a "man-in-the-middle" scenario, because the attacker could eavesdrop on network traffic, then pass the data along to the rightful recipients without leaving a trace.

A sophisticated attacker could, for instance, spoof an online banking site to collect passwords and other personalization, introducing an untraceable twist to the growing problems of "phishing" and identity theft.

Another type of threat would involve overwhelming wireless data traffic with "denial-of-service" attacks, already well-known in the wired environment as e-mail cluster bombs or zombie attacks. Such strategies could disrupt the emergency response to, say, a terrorist attack.

Carnegie Mellon University's Adrian Perrig said an attacker could create:

  • A "black hole," which sucks in all the data from a wireless network.
  • A "gray hole," which would pass along only enough data to keep the network running.
  • A "wormhole," which passes along all the data but leads to the man-in-the-middle eavesdropping scenario.

A wireless network is particularly vulnerable to denial-of-service attacks because some of the nodes in the network could be low-capacity devices such as personal digital assistants, said Susanne Wetzel, a computer scientist at the Stevens Institute of Technology. During Saturday's briefing, she demonstrated how an attack could drain a PDA's batteries, disrupting a video stream that was being sent from one laptop to another through the PDA.

Even as they're identifying the threats posed by stealth attacks, researchers are devising methods to head them off.

Perrig and his colleagues have been working on a routing protocol called Ariadne (PDF file), while Jakobsson and his colleague at Indiana University, Steve Myers, are close to releasing the beta code for a sign-in protocol called "Delayed Password Disclosure."

If computers could talk, here's how a transaction using Delayed Password Disclosure might unfold:

Customer: Hello bank. I know my banking password. If you really are my bank, then you already know my password. I don't trust you and you don't trust me. I'm not going to tell you my password. We're going to use this authentication protocol called "Delayed Password Disclosure." It allows us to both be sure the other one is not lying about our identity, but without giving out any sensitive information in the process.

Bank: Proceed.

Customer: Bank, I will send you some information that is encrypted. You can only decrypt it if you know my password. If you don't know the password, you could of course try all possible passwords (although that is a lot of work!), but you would never know from my message if you picked the right one. Once you have decrypted the message, I want you to send it to me. If it is correctly decrypted, I will know that you know my password already. Once I know that you know my password, I will send it to you so that you can verify that I also know it. Of course, if I am lying about my identity and don't know the password in the first place, then I will not learn anything about the password from your message, so it is safe in both directions.

Jakobsson said the protocol could fight identity theft on wired as well as wireless networks. "It applies to any situation where you've got two people who have a secret that they wish to compare, without revealing it to the other," he said.

Wetzel said that new remedies for wireless vulnerabilities should start appearing within a year or two. But she and the other experts agreed that final victory in the computer security war was not yet in sight.

"There is always a cat-and-mouse game, in which somebody thinks of a worse attack that applies to a slightly different scenario," Jakobsson said. "So you can secure one particular setup, for example, but to say that this is a totally secure network — I wouldn't dare to say that's a year or two away. It's a very difficult technical problem."

© 2013 Reprints


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments