SECURITY IN WIRELESS
WAN
MADHURI RAMBHATLA
OBJECTIVE
 Thoroughly study the various aspects of
Wireless Technology and analyse the
vulnerabilities in Wireless WAN and its
affects on the society.
 To delve into some of the problems
currently faced by WAN and present a few
probable solutions to it.
 To bring in security awareness amongst
students and other population.
SECURITY IN NETWORKING
 The various types of Networking systems
available are LAN, WAN,MAN,PAN & WPAN.
 The main purpose of a WAN is to provide
reliable, fast and safe communication
between two or more places (nodes) with low
delays and at low prices. WANs enable an
organization to have one integral network
between all its departments and offices, even
if they are not all in the same building or city,
providing communication between the
organization and the rest of the world.
Hacker Tools






LophtCrack
NT Recover/Locksmith
Password Hacker
Password Cracking Archive
Snadboy’s Revelation
Legion
The other hacker tools are available at
this following URL:
http://netsecurity.about.com/cs/hackert
ools/
Possible Security Measures….
 Fire Walls – Stops Ankle Biters
 Virtual Private Networks
 Secure Web Servers
 Keep your system patched
“It’s always best to build security in from the
beginning rather than to add it later”
WIRELESS TECHNOLOGY
 Evolving of Wireless….
Wireless technology has been around since the turn
of the last century, but only as we take a step into the
21st century are we beginning to see such
technology take hold in so many aspects of our lives.
Students entering higher education in the next few
years may take for granted the idea of a wireless
campus—a place they may never have to worry
about finding a phone jack or a data line to connect to
the school's network. They will have the ability to use
their laptops and handheld devices—to e-mail a
paper, do library research, participate in a class
online discussion—anywhere on campus, without
having to worry about physically plugging in their
hardware.
 Wireless is a major factor in changing the way that
students, faculty and staff at Universities
communicate and gather information.
 While the world of wireless is confusing, a defacto
campus standard has emerged- 802.11b.
 This is available everywhere from coffee shops to
airports.
 802.11a is being developed which has a higher
bandwidth and useful for multimedia purposes.
Why security in WAN is better
than in LAN….
 LAN products have poor encryption options and
their emission signals (about 100 yards in all
directions) were too easy to intercept.
 Point to point signaling in WAN is more difficult
to intercept. An eavesdropper would have to
stand directly in the signal's path to collect
data or hijack the signal.
 Tsunami, a product from Western Multiplex
Inc. in Sunnyvale, Calif. Tsunami speeds data
along at 430M bit/sec. in each direction,
encodes those transmissions and supports
third-party encryption products.
WHY SECURITY ??
 Security is the key word for any kind of public, multi
usage networking or interface. Security involves
protection of data against malicious eyes and hands
and transmitting confidential matters to the correct
authorities.
 Wireless networking has many security breaches and
here a few vulnerabilities…
 With a wireless WAN, transmitted data is broadcast
over the air using radio waves, so it can be received by
any wireless WAN client in the area served by the data
transmitter. Because radio waves travel through
ceilings, floors, and walls, transmitted data may reach
unintended recipients on different floors and even
outside the building of the transmitter.
 Installing a wireless WAN may seem like
putting Ethernet ports everywhere,
including in your parking lot. Similarly, data
privacy is a genuine concern with wireless
WANs because there is no way to direct a
wireless WAN transmission to only one
recipient.
SECURITY IN WIRELESS
WAN
SECURITY BREACHES
 Hard Ware Threats:
(a)It is common to statically assign a WEP key to
a client, either on the client's disk storage or in the
memory of the client's wireless LAN adapter.
When this is done, the possessor of a client has
possession of the client's MAC address and WEP
key and can use those components to gain access
to the wireless LAN. If multiple users share a
client, then those users effectively share the MAC
address and WEP key.
 (b) When a client is lost or stolen, the intended user or
users of the client no longer have access to the MAC
address or WEP key, and an unintended user does. It is
next to impossible for an administrator to detect the
security breach; a proper owner must inform the
administrator. When informed, an administrator must
change the security scheme to render the MAC address and
WEP key useless for wireless LAN access and decryption
of transmitted data. The administrator must recode static
encryption keys on all clients that use the same keys as the
lost or stolen client. The greater the number of clients, the
larger the task of reprogramming WEP keys.
 What is needed is a security scheme that:
- Base wireless WAN authentication on deviceindependent items such as usernames and
passwords, which users possess and use
regardless of the clients on which they operate.
- Use WEP keys that are generated dynamically
upon user authentication, not static keys that
are physically associated with a client.
 Rogue Access Points:
- The 802.11b shared-key authentication scheme employs
one-way, not mutual, authentication. An access point
authenticates a user, but a user does not and cannot
authenticate an access point. If a rogue access point is
placed on a wireless WAN, it can be a launch pad for
denial-of-service attacks through the "hijacking" of
the clients of legitimate users.
- What is needed is mutual authentication between the
client and an authentication server whereby, both sides
prove their legitimacy within a reasonable time. Because a
client and an authentication server communicate through
an access point, the access point must support the mutual
authentication scheme. Mutual authentication makes it
possible to detect and isolate rogue access points.
 Other Threats:
Standard WEP supports per-packet encryption but not per-packet
authentication. A hacker can reconstruct a data stream from
responses to a known data packet. The hacker then can spoof
packets. One way to mitigate this security weakness is to ensure
that WEP keys are changed frequently.
By monitoring the 802.11 control and data channels, a hacker
can obtain information such as:
-Client and access point MAC addresses
-MAC addresses of internal hosts
-Time of association/disassociation
The hacker can use such information to do long-term traffic
profiling and analysis that may provide user or device details.
To mitigate such hacker activities, a site should use per-session
WEP keys.
A Complete Security Solution
 What is needed is a wireless WAN security solution that
uses a standards-based and open architecture to take full
advantage of 802.11b security elements, provide the
strongest level of security available, and ensure effective
security management from a central point of control. A
promising security solution implements key elements of a
proposal jointly submitted to the IEEE by Cisco Systems,
Microsoft and other organizations.
 Central to this proposal are the following elements:
- Extensible Authentication Protocol (EAP), an extension
to Remote Access Dial-In User Service (RADIUS) that can
enable wireless client adapters to communicate with
RADIUS servers.
- IEEE 802.1X, a proposed standard for controlled
Cont….
 When the security solution is in place, a wireless client that
associates with an access point cannot gain access to the
network until the user performs a network logon.
 The following sequence of events flow..
- A wireless client associates with an access point.
- The access point blocks all attempts by the client
to gain access to network resources until the
client logs on to the network.
- The user on the client supplies a username and
password in a network logon dialog box or its
equivalent.
- Using 802.1X and EAP, the wireless client and a
RADIUS server on the wired LAN perform a
mutual authentication through the access point.
Cont…
-
When mutual authentication is successfully completed, the
RADIUS server and the client determine a WEP key that is
distinct to the client and provides the client with the appropriate
level of network access, thereby approximating the level of
security inherent in a wired switched segment to the individual
desktop. The client loads this key and prepares to use if for the
logon session.
- The RADIUS server sends the WEP key, called a session key,
over the wired LAN to the access point.
- The access point encrypts its broadcast key with the session key
and sends the encrypted key to the client, which uses the session
key to decrypt it.
- The client and access point activate WEP and use the session
and broadcast WEP keys for all communications during the
remainder of the session.
Real Life Examples
 A 15-year-old Connecticut youth faces charges of
hacking into a government computer system that
tracks the positions of U.S. Air Force planes
worldwide, according to government officials.
03/31/01
 Hacker accesses AT&T computers, stealing $1
million worth of software. 09/18/87
 Hackers break into Stanford Unix computers.
09/16/86
 Hacker cracks USAF satellite-positioning satellite.
06/21/89
 Citibank hacked by Vladimir Levin; $10 million in
BLUETOOTH TECHNOLOGY
WIRED vs WIRELESS
Is wired network obsolete?? Of course Not!!
The whole network infrastructure contains a place for
wired and wireless connections. Every wireless
access point using the 802.11 standards needs a
wired connection. Wiring for wireless access points
requires a different topology than for traditional wired
jacks, so a network mixing both wireless and wired
connections may need as much or more wire than
before—even with fewer jacks. If the 3G or 4G digital
standards (see below for the explanations of
standards and terminology) come into place, which at
the moment looks less than certain, and no wired
access points are needed on campus.
Bluetooth Technology is aiming at exactly that… a
What is bluetooth?
 Bluetooth is a global de facto standard
for wireless connectivity. Based on a
low-cost, short-range radio link,
bluetooth cuts the cords that used to tie
up digital devices.
Bluetooth in Action
 Bluetooth can give you a new kind of
freedom. You might share information,
synchronize data, access the Internet,
integrate with LANs or even unlock your
car - all by simply using your Bluetooth
equipped mobile phone – absolutely
wireless!!!!
Security in Bluetooth
 In the encryption scheme of Bluetooth there seems to be
some weaknesses. The E0 stream cipher with 128-bit key
length can be broken in O(2^64) in some circumstances.
The proof is rather mathematical in nature and therefore
out of the scope of this paper, so it will be omitted.
However, the detailed version can be read in [6]. In a
nutshell, there is a divide-and-conquer type of attack that is
possible to perform, if the length of the given keystream is
longer than the period of the shortest LFSR user in the key
stream generation in E0.
 There is a problem in the usability of the Bluetooth
devices, too. The use of the PIN code in the initialization
process of two Bluetooth devices is tacky.
RESOURCES
 http://netsecurity.about.com/cs/hackertools/
 http://www.dpo.uab.edu/sura/Security/sld008.htm
 http://www.computerworld.com/itresources/rcstory/0,,KEY








73_STO63837,00.html
http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prod
lit/a350w_ov.htm
http://www.almaden.ibm.com/cs/user/pan/pan.html
http://techupdate.zdnet.com/techupdate/filters/mrc/0,1417
5,6020424,00.html
http://www.nwfusion.com/news/2001/0424hack.html
http://www.networkcomputing.com/1202/1202f1d1.html
http://www.nokia.com/bluetooth/whatis.html
http://www.nokia.com/bluetooth/inaction.html
http://www.niksula.cs.hut.fi/~jiitv/bluesec.html
CONCLUSION
 In the light of this study, it is quite apparent
that the security measures for wireless
networking are inadequate. As the basic
problems have been corrected, more
sophistication in the use of mobile devices
would lead to more security breaches and
hence more protection towards it. As we have
seen, the WSA’s and other hacking protection
tools do provide sufficient help, but this
should not put us at ease and we should be
on the look out for more vulnerabilities and
ways to seal them. I hope this presentation
has brought awareness among us students