3) Accounting: Accounting refers to the tracking of network resource
advertisement
Security and Privacy in Wireless LAN T.R.Mudgal Deptt. of Physics C.D L State institute , of Engineering & Technology Panniwala Mota, Sirsa (India) Susheel Kumar Indian Institute of Geomagnetism New Panvel, Navi Mumbai (India) susheel@iigs.iigm.res.in Latika Chaudhary Nanotechnology Department B.V.D.U. College of Engineering Katraj,Pune latikac92@gmail.com mudgal_t_r@rediffmail.com ___________________________________________________________________________________________ Abstract—Networks have come a long way since their inception, and wireless networks are the new trend in the IT market. However, every new technology comes with several advantages and disadvantages. This paper addresses some of the key advances and some of the shortcomings of wireless networks security. It reviews various types of security levels currently offered by standard wireless networks, such as the wired equivalent privacy (WEP); the WiFi protected access (WPA); and 802.11 the latter defined as the ultimate security available for wireless networks to date. The paper also lists benefits of wireless networks and examples of cost savings. Corporations have been found to consider wireless installations based on the lower total cost of ownership (TCO) and return on investment (ROI) scenarios. There are few industries that have expanded their boundaries in the wireless arena to financial, educational institutional, healthcare facilities and airports (travel). With security being one of the major concerns irrespective of the industry type, the authors highlight factors that senior and mid level IT management should consider when implementing wireless networks. The success story of General Motors investment in wireless LANs factories presents a best practice for WLANs implementations. In the conclusions, questions still open and opportunities for future research are discussed. Key words: Technology, Corporation. Network, Security, Wireless, Wi-Fi, ___________________________________ I. Introduction Wireless local area networks (WLANs) based on the wireless fidelity (Wi-Fi) standards are one of today’s fastest growing technologies in businesses, schools and homes, for good reasons. They provide mobile access to the internet and to enterprise networks so users can remain connected away from their desks. But having provided these attractive benefits, most existing WLANs have not effectively addressed security-related issues. All computer networks which by definition consist of autonomous computing nodes are potentially subject to security problems. Authentication is the foundation technology for protecting networks, servers, client systems, data, and applications from improper disclosure, tampering, destruction, and other forms of interference. Standardized attempts to manage authentication- and access-control-based dangers are open system authentication, MAC address authentication and shared key authentication II. Threats to WLAN Environments All wireless computer systems face security threats that can compromise its systems and services. Unlike the wired network, the intruder does not need physical access in order to pose the following security threats: Eavesdropping: This involves attacks against the confidentiality of the data that is being transmitted across the network. In the wireless network, eavesdropping is the most significant threat because the attacker can intercept the transmission over the air from a distance away from the premise of the company. 1) Tampering: The attacker can modify the content of the intercepted packets from the wireless network and this results in a loss of data integrity. 2) Unauthorized access and spoofing: The attacker could gain access to privileged data and resources in the network by assuming the identity of a valid user. This kind of attack is known as spoofing. To overcome this attack, proper authentication and access control mechanisms need to be put up in the wireless network. Fig.1 Network Infrastructure Other security threats: The other threats come from the weakness in the network administration and vulnerabilities of the wireless LAN standards, e.g. the vulnerabilities of the Wired Equivalent Privacy (WEP), which is supported in the IEEE 802.11 wireless LAN standard. III. 802.11-1997 (802.11 LEGACY) The original version of the standard IEEE 802.11 was released in 1997 and clarified in 1999, but is today obsolete. It specified two net bit rates of 1 or 2 megabits per second (Mbit/s), plus forward error correction code. It specified three alternative physical layer technologies: diffuse infrared operating at 1 Mbit/s; frequency-hopping spread spectrum operating at 1 Mbit/s or 2 Mbit/s; and directsequence spread spectrum operating at 1 Mbit/s or 2 Mbit/s. The latter two radio technologies used microwave transmission over the Industrial Scientific Medical (ISM) frequency band at 2.4 GHz. Some earlier WLAN technologies used lower frequencies, such as the U.S. 900 MHz ISM band. Legacy 802.11 with direct-sequence spread spectrum was rapidly supplanted and popularized by 802.11b. 1) 802.11a: The 802.11a standard uses the same data link layer protocol and frame format as the original standard, but an OFDM based air interface (physical layer). It operates in the 5 GHz band with a maximum net data rate of 54 Mbit/s, plus error correction code, which yields realistic net achievable throughput in the mid-20 Mbit/s. 802.11a too suffers from interference, but locally there may be fewer signals to interfere with, resulting in less interference and better throughput. 2) 802.11b: 802.11b has a maximum raw data rate of 11 Mbit/s and uses the same media access method defined in the original standard. 802.11b products appeared on the market in early 2000, since 802.11b is a direct extension of the modulation technique defined in the original standard. 3) 802.11g: In June 2003, a third modulation standard was ratified: 802.11g. This works in the 2.4 GHz band (like 802.11b), but uses the same OFDM based transmission scheme as 802.11a. It operates at a maximum physical layer bit rate of 54 Mbit/s exclusive of forward error correction codes, or about 22 Mbit/s average throughput. 802.11g hardware is fully backwards compatible with 802.11b hardware and therefore is encumbered with legacy issues that reduce throughput when compared to 802.11a by ~21%. 4) 802.11-2007: In 2003, task group TGma was authorized to "roll up" many of the amendments to the 1999 version of the 802.11 standard. REVma or 802.11ma, as it was called, created a single document that merged 8 amendments (802.11a, b, d, e, g, h, i, j) with the base standard. Upon approval on March 8, 2007, 802.11REVma was renamed to the then-current base standard IEEE 802.11-2007. 5) 802.11n: 802.11n is an amendment which improves upon the previous 802.11 standards by adding multiple-input multipleoutput antennas (MIMO). 802.11n operates on both the 2.4 GHz and the lesser used 5 GHz bands. The IEEE has approved the amendment and it was published in October 2009. Prior to the final ratification, enterprises were already migrating to 802.11n networks based on the Wi-Fi Alliance's certification of products conforming to a 2007 draft of the 802.11n proposal. 6) 802.11ac: IEEE 802.11ac is a standard under development which will provide high throughput in the 5 GHz band. This specification will enable multi-station WLAN throughput of at least 1 Gigabit per second and a maximum single link throughput of at least 500 megabit per second, by using wider RF bandwidth, more l streams (up to 8), and high-density modulation (up to 256 QAM). 7) 802.11i: In addition to 802.1x standard created by IEEE, one up-and-coming 802.11x specification, which is 802.11i, provides replacement technology for WEP security. 802.11i is still in the development and approval processes. While these elements might change, the information provided will provide insight into some of the changes that 802.11i promises to deliver to enhance the security features provided in a WLAN system. The 802.11i specification consists of three main pieces organized into two layers. On the upper layer is the 802.1x, which has been discussed in the previous section. As used in 802.11i, 802.1x provides a framework for robust user authentication and encryption key distribution. On the lower layer are improved encryption algorithms. The encryption algorithms are in the form of the TKIP (Temporal Key Integrity Protocol) and the CCMP (counter mode with CBC-MAC protocol).[12] IV. Wired Equivalent Privacy (WEP) WEP provides two functions. One is to ensure privacy through encryption and the other function is to offer a form of access control. WEP uses a symmetric encryption scheme where a shared key is used for both encryption and decryption. The encryption method used is the RC4 stream cipher system from RSA. A 40 bit shared secret key forms the heart of the system. This key must exist in both the client and access point in order for it to work. Two other additional features were added to augment the system. An Integrity Check Value (ICV) field, which does a 32-bit CRC check on the data frame. The result from the ICV is added to the end of the frame. It is to prevent a hacker from modifying or changing the contents of the packet during transmission. An Initialization Vector (IV) is also added to the shared secret key in each packet to ensure that each packet has a different RC4 key. The IV is a 24-bit field, which produces a 64-bit field when combined with the 40-bit key. This IV is sent in clear text in a WEP data frame and the 802.11b standard states that changing the IV with each packet is an optional feature. Fig.2 Example of Shared Key Authentication The WEP encryption standard was the original encryption standard for wireless. As its name implies, this standard was intended to make wireless networks as secure as wired networks. Unfortunately, this never happened as flaws were quickly discovered and exploited. There are several open source utilities like aircracking, weplab, WEP crack, or air snort that can be used by crackers to break in by examining packets and looking for patterns in the encryption. WEP comes in different key sizes. The common key lengths are currently 128- and 256-bit. The longer the better as it will increase the difficulty for crackers. However, this type of encryption is now being considered outdated and seriously flawed. In 2005 a group from the FBI held a demonstration where they used publicly available tools to break a WEP encrypted network in three minutes. WEP protection is better than nothing, though generally not as secure as the more sophisticated WPA-PSK encryption. A big problem is that if a cracker can receive packets on a network, it is only a matter of time until the WEP encryption is cracked. Fig3. WEP Encryption V. WPA SHORT PACKET SPOOFING In November 2008 Erik Tews and Martin Beck - researchers at two German technical universities (TU Dresden and TU Darmstadt) - uncovered a WPA weakness which relied on a previously known flaw in WEP that could be exploited only for the TKIP algorithm in WPA. The flaw can only decrypt short packets with mostly known contents, such as ARP messages. The attack requires Quality of Service (as defined in 802.11e) to be enabled, which allows packet prioritization as defined. The flaw does not lead to key recovery, but only a keystream that encrypted a particular packet, and which can be reused as many as seven times to inject arbitrary data of the same packet length to a wireless client. For example, this allows someone to inject faked ARP packets which make the victim send packets to the open Internet. This attack was further optimized by two Japanese computer scientists Toshihiro Ohigashi and Masakatu Morii. Their attack doesn't require quality of service to be enabled. In October 2009, Halvorsen with others made further progress, enabling attackers to inject larger malicious packets (596 bytes, to be more specific) within approximately 18 minutes and 25 seconds. In February 2010, a new attack was found by Martin Beck that allows an attacker to decrypt all traffic towards the client. The authors say that the attack can be defeated by deactivating QoS, or by switching from TKIP to AES-based CCMP. The vulnerabilities of TKIP are significant in that WPA-TKIP was, up until the proofof-concept discovery, held to be an extremely safe combination. WPA-TKIP is still a configuration option upon a wide variety of wireless routing devices provided by many hardware vendors. VII. AAA PROTOCOL AAA stands for Authentication, Authorization, Accounting. These are necessary protocols used for remote network accesing. 1) Authentication: Authentication refers to the process where an entity's identity is authenticated, typically by providing evidence that it holds a specific digital identity such as an identifier and the corresponding credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called). 2) Authorization: The authorization function determines whether a particular entity is authorized to perform a given activity, typically inherited from authentication when logging on to an application or service. 3) Accounting: Accounting refers to the tracking of network resource consumption by users for the purpose of capacity and trend analysis, cost allocation, billing. VIII. EAP PROTOCOL The Extensible Authentication Protocol (EAP) is a general authentication protocol defined in IETF (Internet Engineering Task Force) standards. It was originally developed for use with PPP. It is an authentication protocol that provides a generalized framework for several authentication mechanisms. These include Kerberos, public key, smart cards and onetime passwords. With a standardized EAP, interoperability and compatibility across authentication methods become simpler. For example, when user dials a remote access server (RAS) and use EAP as part of the PPP connection, the RAS does not need to know any of the details about the authentication system. Only the user and the authentication server have to be coordinated. By supporting EAP authentication, RAS server does not actively participate in the authentication dialog. Instead, RAS just repackages EAP packets to hand off to a RADIUS server to make the actual authentication decision.[12] IX. SOLUTIONS FOR DENIAL OF SERVICE As with wired networks, tracking down WLAN DoS attacks can be difficult, slow, and inefficient. Radio jamming can be tracked down fairly easily with the handheld or laptop tools used for detecting rogue access points, and some of the permanently placed detection systems will also be useful to track these problems down. Most of the other attacks can only be unmasked by careful monitoring and analysis with a protocol analyser. Some of these vulnerabilities could be mitigated with changes to the standards, but none of them are on a standards track for now. Fig4. Denial of Service Attack X. MOBILE DEVICES With increasing number of mobile devices with 802.1x interfaces, security of such mobile devices becomes a concern. While open standards such as Kismet are targeted towards securing laptops,access points solutions should extend towards covering mobile devices also. Host based solutions for mobile handsets and PDA's with 802.1x interface. Security within mobile devices fall under three categories: 1. Protecting against ad-hoc networks 2. Connecting to rogue access points 3. Mutual authentication schemes such as WPA2 as described above Wireless IPS solutions now offer wireless security for mobile devices. Mobile patient monitoring devices are becoming an integral part of healthcare industry and these devices will eventually become the method of choice for accessing and implementing health checks for patients located in remote areas. For these types of patient monitoring systems, security and reliability are critical. XI. CONCLUSIONS WLANs should only be deployed with full awareness of the potential security breaches they can introduce. In fact, an enterprise’s security policy should define: who is allowed to use WLANs; who is permitted to install and configure WLANs; what standards of authentication, access control, encryption, and integrity assurance must be met in varying types of facilities; what current and future features must be available in wireless products that will be deployed; how unauthorized access points will be discovered and corrected; and numerous other wireless-oriented issues. If there are unprotected WLANs connected to an enterprise network, it’s crucial that these WLANs be located outside the firewall and other perimeter defences. Wherever WLANs are attached to the enterprise network, it’s crucial to install and maintain a secure authentication system that is commensurate with the security risks the enterprise faces. In addition, it’s crucial to find and secure any unauthorized access points. In most cases, enterprises will want to update their existing access point firmware and software, client driver software, and authentication servers to the WPA standards, and only purchase WPAcompliant products going forward. REFERENCES: [1]Akyildiz , W.Su, Y.Sankara subramaniam , and E. Cayirci , "Wireless sensor networks: a survey," in Computer Networks. vol. 38, pp . 393-422 , IEEE 2002. [2] CISCO Packet Magazine, 2nd Quarter 2002. http://www.cisco.com/en/US/about/ac123/ac114/ac173/ac168/about cisco packet issue home.html [3]J Lopez “Analysis of security threats requirements, technologies and standards in wireless sensor networks” Springer, 2009. [4] Janise McNair, ang Zhu, “Vertical Handoffs in Fourth-Generation Multinetwork Environments”, IEEE Wireless Communications, June2004. [5]Meysam Argany, Mir Abolfazl Mostafavi,Farid Karimipour,“Voronoi-based Approaches for Geosensor Networks Coverage Determination and Optimization: A Survey”, International Symposium on Voronoi Diagrams in Science and Engineering 2010. [6] Ms.Mitali R. Ingle, “An Energy Efficient Deployment of Nodes in Wireless Sensor Network using Voronoi Diagram”, IEEE 2011. [7] Nadjib Aitsaadi, Nadjib Achir, Khaled Boussetta and Guy Pujolle Multi-Objective WSN Deployment : Quality of Monitoring, Connectivity and Lifetime, Institute Galil ́ee – University of Paris 13,99 Avenue J-B Cl ́ement, 93430 Villetaneuse, France.IEEE proceedings, 2010. [8] Nirav Patel, “VORONOI Diagrams Robust and efficient implementation ”, IEEE MAY 2005 [9] Robert McMillan. "Once thought safe, WPA Wi-Fi encryption is cracked" [10] Toni Janevski, “AAA System for PLMN-WLAN Internetworking”, Journal of Communications and Networks (JCN), pp.192-206, Volume 7,Number 2, June 2005. [11] Tony Bradley, CISSP-ISSAP, “Hack Proofing Your Wireless Network”. [12] Rafidah Abdul Hamid, “Wireless LAN: Security Issues and Solutions”. SANS Institute Reading Room site.
