View Printable Version
Tutorial 5F - Cyber Warfare in the Wireless World: What You Don't Know CAN Hurt You
Christopher R. Anderson, Dane Brown, Owens Walker, United States Naval Academy
Regency F => Thu, Dec 01, 2011 (09:50 AM - 11:50 AM)
Author (A - C):
Author (D - I):
Author (J - N):
Author (O - S):
Author (T - Z) :
What is Cyber Security, why is it suddenly garnering so much attention, and when someone brings up Cyber Security, what exactly do they mean?
The Department of Defense groups Cyber Security, Cyber Crime, and Cyber Attack into a broader concept known as Cyber Warfare; it defines Cyber Warfare as the integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security-in concert with specified supporting and related capabilities-to influence, disrupt, corrupt, or usurp adversarial human and automated decision making while protecting our own.
In order to effectively educate the next generation of technical professionals on this topic, it is imperative to have a firm understanding of what Cyber Security encompasses and why there is a compelling need for multidisciplinary research in this field. A common misconception about Cyber Security is that it is solely a Computer Science problem. Hackers, botnets, and buffer overflows dominate the headlines, however, much more is involved behind the scenes. Often neglected are the improvements that can be made at the levels of the underlying hardware, communication media, and end user knowledge.
At the hardware level, devices are still designed to communicate on a set of protocols that have been used for several decades. At the level of communication media, data can be transmitted via a hard-wired link or wireless means. These media and protocols are robust, effective, and efficient at communication, but were not designed to be secure. Finally, user knowledge is a major key to ensuring secure communications. In many scenarios, methods have been developed to send and receive data privately. However, despite aggressive public service announcements, the typical user remains uneducated about these methods or even why it is important to put them into practice. It is expected that as technology progresses, electronic communications will become increasingly integrated into end-user products, with ease-of-use as a major design criteria.
As a result, cutting edge technology often maximizes speed by foregoing cumbersome encryption and defaults to settings which make it easier for end users to function, rather than providing a reasonable level of information assurance.
This tutorial begins by delineating the current Cyber Security landscape while highlighting many of the key players and terms pertaining to Cyber Security with which users and researchers must become familiar. It then describes the current state of vulnerabilities and attacks against common wireless communication protocols to include Bluetooth, RFID, 802.11, and 3G/4G cellular as well as defensive countermeasures that users can take.
This tutorial explores several case studies of exploits targeting some of these well-known vulnerabilities. The objective is to examine what is understood to date with respect to Cyber Security and what open research questions still need to be answered. There is much still to be done to develop a framework for ensuring secure communications. Presenters include civilian and military faculty from the U.S. Naval Academy.