Wireless networks: Security

WIRELESS networks ,due to ease of installation ,cost benefits and the capability of connectivity , hence communication anywhere ,has made it the most popular way of network setup in this 21st century. With increase in the need of mobile systems, the current electronic market has also been flooding with laptops, pdas, RFID devices, healthcare devices and wireless VOIP (Voice over IP) which are WIFI (Wireless Fidelity) enabled. With the 3G (Third Generation) and 4G (Fourth Generation) cellular wireless standards, mobiles phones are also WIFI enabled with very high speed being provided for data upload and download .Nowadays a malls and public areas not mention even cities are WIFI capable, enabling a person to access the internet or even contact a remote server in his office from anywhere in that city or even from his mobile phone while just strolling down the road.

But as every good technology has its own drawbacks so does the wireless networks .Just as in the case of wired networks they are also prone to intruder attacks or more commonly known as Wireless hacking thus compromising the networks , security, integrity and privacy. The basic reason for this is when the wireless network was first introduced, it was considered to have security and privacy built into the system while transmitting data. This misconception had basically arisen because wireless system transmitters and receivers used spread spectrum systems which have signals in the wide transmission band. Since the RF(Radio Frequency ) receivers which at that time could only intercept signal in the narrow transmission band these wireless signals were potentially considered in the safe zone .But it did not take long to invent devices that could intercept these wireless signals as well .Hence the integrity of data send over wireless networks could be easily compromised .With the development of technology so has the methods and ways in which a network can be attacked become more vicious .

Fig-1: WLAN (Wireless Local Area Network)

Security of wireless networks against such vicious attacks is hence the become the priority for the network industry. This is because not all networks are equally secure .The security depends on where this network is used. For example, if the requirement of the wireless is to provide a wireless hotspot in a shopping mall then then the security of this is never concerned with but if it’s for a corporate they have their own security authentication and user access control implemented in the network.

II. WHY WIRELESS networks are prone to attacks?

There are number of reasons why wireless networks are prone to malicious attacks .These are the most challenging aspects to eb considered when a secure wireless network has to be established.

a) Wireless network are open networks: The reason for this is that there is no physical media protecting these networks .Any packet transmitted and received can be intercepted if the receiver has the same frequency as the transmitter receiver used by h wireless network .There is also a common misconception that if the authentication and encryption are properly used the network will not be compromised .But what about the messages send back and forth before the authentication and encryption comes into play ?

b) Distance and Location: The attacker can attack from any distance and location and is only limited by the power of the transmitter .Special devices have been designed which can attack even short distance networks such the Bluetooth

c) Identity of the Attacker: Attacker can always remain unidentified because he uses a series of antennas or other compromised networks before reaching the actual target. This makes wireless network attackers very difficult to track.

Some of the reasons why such attacks are so common is because of the easy availability of information from none other than the Internet, easy to use cheap technology and of course the motivation to hack .

III. wireless hacking – step by step

To understand the security protocols for wireless networks currently in use, first it is important to understand the methods through which a weak network is attacked by a hacker .These are also known as wireless intrusion methods .

A. Enumeration:

Also know as network Enumeration, the first and foremost step to hacking which is finding the wireless network. The wireless network could be any specific target or even a random weak network which can be compromised and used to attack other end systems or networks .This feat is achieved by using a network discovery software which are now a day’s available online in plenty, to name a few are Kismet and Network stumbler .

In order to have more information about the network, the packets that are send and received by the network can sniffed using network analyzers also known as sniffers .A large number of information can be obtained by using this including IP address, SSID numbers even sensitive information such as MAC address , type of information and also the other networks that this compromised end system.

Yet another problem faced is the use of network mappers which can be used to find he servers that run these compromised networks hence also attacking these servers which could then affect proper functioning and information transfer between these servers and to other networks connected to it .

B. Vulnerability Assesment:

This is mainly done by the hacker y using a vulnerability scanner .After the hacker has found the network he want to attack he uses this program in order to detect the weakness of the computer , computer systems networks or even applications. After this the intruder decided on the most possible means of entry into the network.

C. Means of Entry:

IV. TYPES OF THREATS & ATTACKS

A. Eaves Dropping and Traffic Analysis:

This is the form of attack that makes use of the weak encryption of the network .This always compromises the integrity and security of the network .All attacks such as war driving , war chalking ,packet sniffing traffic analysis all fall under this category

 

B. Message Modification:

These attacks are mainly used to modify the data that is send across a network .The modification might be giving wrong information or also adding malicious content to the data packet send form one station to another .This compromises the integrity and privacy of the Data .

C. Rogue Devices:

Theses could be devices such as APS , application software programs which has been compromised by the intruder and made to function according to him/her. Such devices can compromise the integrity of the network as well as the data send across it .These devices can also launch reply attacks and also make the network associated to malicious content websites or information.

D. Session Hijacking:

This attack occurs after a valid session has been established between two nodes to through the AP.In the attacker poses as a valid AP to the node trying to establish connection and a valid node to the AP .The attacker can then send malicious or false information to the node that the connection has already been established with .The legitimate node believe that the AP has terminated he connection with it . The hacker can then use this connection to get sensitive information from the network or the node .

E. Man In the Middle Attacks:

This is similar to that of a session hijacking attack but in this case it is a rogue AP that acts as valid client to the legitimate AP and valid AP to the legitimate client .Once this has been established the rogue AP can access all information from the , intercept communication , send malicious information to other clients through this .

These are just few of the security threats and attacks in wireless environments .With the advancing technologies there many more possible security threats that can be faced by these networks in the future.

V. BASIC REQUIREMENTS IN WIRELESS NETWORK SECURITY

With the vulnerability of wireless networks ,security and countering o such malicious attacks have become one of the top priorities addressed by enterprises ,corporate as well as research fields in IT .There are many pints to be considered when the security of a network is concerned the most important f which are : authentication, accountability and encryption .

A. Authentication:

This is very familiar to anyone using a network in his or her work place or even accessing he email on the internet and the very first step in promoting a secure wireless network . .There many different ways of authentication and many different tools and methods have been used over the years in order.. make the primary process, more reliable and fool prof.Some of the most widely used methods are :

a) User name and Password combinations generally defined as something that a person knows.

b) Smart Card, RFIDs and Token technologies also known as something that a person has

c) Biometric Solutions such as finger printing , retina scanning which can be generally defined as something that a person is or are.

Now the reliability of each one of these methods can vary depending on the level on which it has been implemented .In the case very low level authentication s only one kind of method I used to secure the network .One of the weakest forms of authentication can be considered as the use of only ID card or token technologies as if a person looses this , he can compromise the security of the network .Even in the case of username and password the strength of the authentication is only as good as the complexity of the information used as username or even password .People generally prefer to use passwords that are easy to remember but also known to many other people in that organization or even outside One of the much better ways of securing a network through authentication is to use biometric solutions such as fingerprinting or retina scanning .But of course technology has advanced to the extend that even fingerprints or even retinas can be forged .Nowadays a number of methods of combinational methods are used as authentication with high security premises or networks guarded by more than two or three kinds of authentications .

B. Accountability

After a user has been authenticated to use the network it is important to have t able to track the computer usage of each person using the network so that incase of any foul play the person responsible can be held responsible .When the networks were very small it was very easy f a network administrator to track the usage of each person on a network .But with huge networks, remote access facilities and of course the wireless networks it has become quite a difficult task .AS mentioned earlier , there are many ways in which a hacker can make himself difficult to track down .Many software’s and firmware’s have been created which is used in conjecture with the authentication protocols inoder to make the wireless network more secure and robust .

C. Encryption:

This is the most important step in building and securing a strong wireless network infrastructure .he steps generally followed for this are :

a) Methods based on public key infrastructure (PKI)

b) Using high bit encryption scheme

c) Algorithm used for encryption must be well known and proven to be very unbreakable.

Current wireless network security solutions can be classified into three broad categories:

a) unencrypted solutions

b)encrypted solutions

c) combination.

In this paper with emphasis as explained in the abstract will eb on encrypted solutions for wireless security. A brief discussion on the unencrypted methods has still been given for basic understanding.

I n the case of encryption based security protocols ,a details description is given about the ones that are commonly used in wireless LANS in this paper .After which the latest and developing technologies will be discussed .The three major generations of security as existing today and also cited in many papers ,journals and magazines are as follows :

1) WEP (Wired Equivalent Privacy)

2) WPA (Wi-Fi Protected Access)

3) WPA2

The image below shows the layer in which the wireless network security protocols come into play which is of course the link layer:

Fig-1: 802.11 AND OSI MODEL

VI. WIRELESS SECURITY – UNENCRYPTED

A. MAC Registration:

This is one of the weakest methods network security..MAC registration was basically used to secure university residential networks as college apartments or dorm rooms. The basic way of doing this is to configure DHCP (Dynamic Host Configuration Protocol) to lease IP address to only a know set of MAC address which can be obtained manually by running automated scripts on a network server so basically any person with a valid registration can enter into the network .Session logs also cannot be generated because of which accounting of the logs become impossible. Last but not the least since this method of securing was basically used for switched and wired networks encryption was never included.

B. Firewalls:

In this method, network authentication is one through either HTTP( Hyper text Transfer Protocol),HTTPS or telnet .When an authentication requirement is received by the network it is directed to the authentication server .On validating the authentication the firewalls add rules to the IP address provided to that user , This IP address also has timer attached to it in order to indicate the rule time out of this IP address. When executed through HTTPS it is basically a session based as well as a secure process .But any other process which is adapted from a switched wired network firewalls does not provided encryption.

C. Wireless Firewall Gateways :

One of the most latest as well as considerably fool proof method in unencrypted solutions in Wireless Firewall Gateways or WFGs.This is a single wireless gate way is integrated with firewall, router, web server and DHCP server and it’s because of all these being in one system that makes WFGS a very secure wireless security solution. When a user connects to the WFG, he/she receives a IP address form the DHCP serve .Then the web server ( HTTPS) asks for a user name and password and this is executed by the PHP ( Hypertext Preprocessor).Address spoofing and unauthorized networks are avoided by PHP as the DHCP logs are constantly compare with the current updated ARP(Address Resolution Protocol).This verifies that the computer that is connect to the network is using he the IP address that has been leased to it by the DHCP server .Then this information is passed on to the authentication server which in turn adds rules to this IP address .Up ne the expiration of the DHCP lease the sessions are terminated . The WFGS hence make the authentication and accountably pat f the network more reliable ,But as this is also an unencrypted method it lacks the most important accept of security.

VII. WEP-WIRED EQUIVALENT PRIVACY

This protocol was written in accordance with the security requirements required for IEE 802.11 wireless LAN protocol .IT is adapted from the wired LAN system and hence the security and privacy provided by it is also equivalent to the security and privacy provided a wired LAN. Through it’s an optional part of wireless network security, it will give a considerably secure networking environment.

The algorithm used in WEP is known as the RC4(Rivest Cipher 4) .In this method a pseudo random number is generated using encryption keys of random lengths .This is then bound with the data bits using a OR(XOR) functionality in order t generate an encrypted data that is then send .Too look at in more in detail :

A. Sender Side:

The pseudo random number is generated using the 24 bit IV(initialization Vector ) given by the administrator network and also a 40 r 104 bit secret key or WEP key given by the wireless device itself. Which is then added together and passed on to theWEP PRNG (Pseudo Random Number Generator).At the same time the plain text along with an integrity algorithms combined together to form ICV (integrity check value) .The pseudo number and the ICV are then combined together to form a cipher text by sending them through an RC4.This cipher text is then again combined with IV to form the final encrypted message which is then send.

Fig-2: WEP SENDER SIDE

B. Receiver Side:

In the receiver side the message is decrypted in five steps .Firs the preshared key and the encrypted message are added together .The result is then passed through yet another PRNG .The resulting number is passed through an CR4 algorithm and this resulting in retrieving the plain text .This again combines with another integrity algorithm to form a new ICV which is then compared with the previous ICV t check for integrity.

Fig-3: WEP RECIEVER SIDE

C. Brief Descriptions:

a) Initialization Vector : are basically random bit the size f which is generally 24 bits but it also depends on the encryption algorithm .This IV is also send to the receiver side as it is required for decrypting the data send .

b) Preshared Key: is more or less like a password .This is basically provided by the network administrator and is shared between the access point and all network users

c) Pseudo Random Number Generator: This basically creating a unique secret key for each packet sends through the network. This is done by using some 5 to at most 13 characters in preshared key and also by using randomly taken characters from IV.

d) ICV and Integrated Algorithm: This is used to encrypt the plain text or data and also to create a check value which can be then compared y the receiver side when it generates its own ICV .This is done using CRC (Cyclic Redundancy Code) technique to create a checksum .For WEP, the CRC-32 of the CRC family is used.

D. RC4 Algorithm:

RC$ algorithm is not only proprietary to WEP .IT can also be called a random generator, stream cipher etc .Developed in RSA laboratories in 1987 , this algorithm uses logical functions to be specific XOR to add the key to the data .

Figure 5: RC4 Algorithm

E. Drawbacks of WEP:

There are many drawbacks associated with the WEP encryptions. There are also programs now available in the market which can easily hack through these encryption leaving the network using WEP vulnerable to malicious attacks:

Some of the problems faced by WEP:

• WEP does not prevent forgery of packets.
• WEP does not prevent replay attacks. An attacker cans simply record and replay packets as desired and they will be accepted as legitimate
• WEP uses RC4 improperly. The keys used are very weak, and can be brute-forced on standard computers in hours to minutes, using freely available software.
• WEP reuses initialization vectors. A variety of available

Cryptanalytic methods can decrypt data without knowing the encryption key

• WEP allows an attacker to undetectably modify a message without knowing the encryption key.
• Key management is lack and updating is poor
• Problem in the RC-4 algorithm.
• Easy forging of authentication messages.

VIII. WPA -WIFI PROTECTED ACCESS

WPA was developed by the WI-FI alliance to overcome most of the disadvantages of WEP. The advantage for the use is that they do not have t change the hardware when making the change from WEP to WPA.

WPA protocol gives a more complex encryption when compared to TKIP and also with the MC in this it also helps to counter against bit flipping which are used by hackers in WEP by using a method known as hashing .The figure below shows the method WPA encryption.

Figure 6: WAP Encryption Algorithm (TKIP)

As seen it is almost as same as the WEP technique which has been enhanced by using TKIP but a hash is also added before using the RC4 algorithm to generate the PRNG. This duplicates the IV and a copy this is send to the next step .Also the copy is added with the base key in order to generate another special key .This along with the hashed IV is used to generate the sequential key by the RC4.Then this also added to the data or plan text by using the XOR functionality .Then the final message is send and it is decrypted by using the inverse of this process.

A. TKIP (Temporal Key Integrity Protocol):

The confidentiality and integrity of the network is maintained in WPA by using improved data encryption using TKIP. This is achieved by using a hashing function algorithm and also an additional integrity feature to make sure that the message has not been tampered with

The TKIP has about four new algorithms that do various security functions:

a) MIC or Micheal: This is a coding system which improves the integrity of the data transfer via WPA .MIC integrity code is basically 64bits long but is divided into 32 bits of little Endean words or least significant bits for example let it be (K0 , K1) .This method is basically used to make that the data does not get forged .

b) Countering Replay: There is one particular kind of forgery that cannot me detected by MIC and this is called a replayed packet .Hackers do this by forging a particular packet and then sending it back at another instance of time .In this method each packet send by the network or system will have a sequence number attached to it .This is achieved by reusing the IV field .If the packet received at the receiver has an out of order or a smaller sequencing number as the packet received before this , it is considered as a reply and the packet is hence discarded by the system .

c) Key mixing: In WEP a secure key is generated by connecting end to end the base layer which is a 40 bit or 104 bit sequence obtained for the wireless device with the 24 bit IV number obtained from the administrator or the network. In the case of TKIP, the 24 bit base key is replaced by a temporary key which has a limited life time .It changes from one destination to another. This is can be explained in Phase one of the two phases in key mixing.

In Phase I, the MAC address of the end system or the wireless router is mixed with the temporary base key .The temporary key hence keeps changing as the packet moves from one destination to another as MAC address for any router gateway or destination will be unique.

In Phase II, the per packet sequence key is also encrypted by adding a small cipher using RC4 to it. This keeps the hacker from deciphering the IV or the per packet sequence number.

d) Countering Key Collision Attacks or Rekeying : This is basically providing fresh sequence of keys which can then be used by the TKIP algorithm .Temporal keys have already been mentioned which has a limited life time .The other two types f keys provided are the encryption keys and the master keys .The temporal keys are the ones which are used by the TKIP privacy and authentication algorithms .

B. Advantages of WPA:

The advantage of WPA over WEP can be clearly understood from the above descriptions .Summarising a few:

a) Forgeries to the data are avoided by using MIC

b) WPA can actively avoid packet replay by the hacker by providing unique sequence number to each packets.

c) Key mixing which generates temporal keys that change at every station and also per packet sequence key encryption.

d) Rekeying which provides unique keys for that consumed by the various TKIP algorithms.

IX. WPA2-WIFI PROTECTED ACCESS 2

WPA 2 is the as the name suggests is a modified version of WPA in which Micheal has be replaced with AES based algorithm known as CCMP instead of TKIP .WPA” can operate in two modes: one is the home mode and he enterprise mode .In the home mode all he users are requires to use a 64 bit pass phrase when accessing the network. This is the sort encryption used in wireless routers used at home or even in very small offices. The home version has the same problems which are faced by users of WEP and the original WPA security protocol.

The enterprise version is of course for used by larger organisation where security of the network is too valuable to be compromised .This is based on 802.1X wireless architecture , authentication framework know as RADIUS and the another authentication protocol from the EAP ( Extensible Authentication Protocol ) Family which is EAP-TLS and also a secure key .

A. 802.1X:

Figure 7: 802.1X Authentication Protocol

In order to understand the security protocols used in WPA2 it is important know a little bit about the 802.1X architecture for authentication. This was developed in order to overcome many security issues in 802.11b protocol. It provides much better security for transmission of data and its key strength is of course authentication There are three important entities in 802.1x protocol which is the client, authenticator and authentication.

a) Client : is the STA(station) in a wireless area network which is trying to access the network ,This station could be fixed , portable or even mobile. It of course requires client software which helps it connect to the network.

b) Authenticator: This is yet another name given to an AP (Access Point).This AP receives the signal from the client and send it over to the network which the client requires connection from There are two parts to the AP i.e. the non control port and the control port which is more of a logical partitioning than an actual partition..The non control port receives the signal and check its authentication to see if the particular client is allowed to connect to the network .If the authentication is approved the control port of the AP is opened for the client to connect with the network.

c) Authentication: RADIUS (Remote Authentication Dial in User Service) server .This has its own user database table which gives the user that has access to the he network, this makes it easier for the APs as user information database need not be stored in the AP .The authentication in RADIUS is more user based than device based .RADIUS makes the security system more scalable and manageable.

Figure 8: EAP/RADIUS Message Exchange

B. EAP (Extended Authentication Protocol):

The key management protocol used in WAP2 is the EAP (Extended Authentication Protocol).It can also be called as EAPOW (EAP over wireless).Since there are many versions of this protocols in the EAP family it will advisable to choose the EAP protocol which is very best suited for that particular network .The diagram and the steps following it will describe how a suitable EAP can be selected for that network :

a) Step1: By checking the previous communication records of the node using a network analyser program, it can be easily detected if any malicious or considerably compromising packets has been send to other nodes or received from to her nodes to this node .

b) Step 2: By checking the previous logs for the authentication protocols used, the most commonly used authentication protocol used and the most successful authentication protocol can be understood.

Figure 9: EAP Authentication with Method Selection Mechanism

c) Step 3: The specifications of the node itself have to be understood such as the operating system used the hardware software even the certificate availability of the node.

After all this has been examined the following steps can be run in order to determine and execute the most suitable EAP authentication protocol:

1. Start

2. if (communication_record available) then

read communication_record;

if(any_suspicious_packets_from_the_other_node) then

abort authentication;

go to 5;

else

if (authentication record available) then

read authentication record;

if (successful authentication available) then

read current_node_resources;

if (current_node_resources comply with

last_successful_method) then

method = last_successful_method;

go to 4;

else

if (current_node_resources comply with

most_successful_method) then

method = most_successful_method;

go to 4;

else

go to 3;

else

go to 3;

else

go to 3;

else

go to 3;

3. read current_node_resources;

execute method_selection(current_node_resources);

4. execute authentication_process;

5.End

X. RSN-ROBUST SECURITY NETWORKS

RSN was developed with reference to IEEE 802.11i wireless protocol .This connection can provide security from very moderate level to high level encryption schemes .The main entities of a 802.11i is same as that of 802.1x protocol which is the STA (Client), AP and the AS (authentication server).RSN uses TKIP or CCMP is used for confidentiality and integrity protection of the data while EAP is used as the authentication protocol.

RSN is a link layer security i.e it provides encryption from one wireless station to its AP to from one wireless station to another..It does not provided end to end security IT can only be used for wireless networks and in the case of hybrid networks only the wireless part of the network .

The following are the features of secure network that are supported by RSN ( WRITE REFERENCE NUMBER HERE) :

a) Enhanced user authentication mechanisms

b) Cryptographic key management

c) Data Confidentiality

d) Data Origin and Authentication Integrity

e) Replay Protection.

A. Phases of RSN:

RSN protocol functioning can be divided in the five distinct phases .The figure as well as the steps will describe the phases in brief:

a) Discovery Phase: This can also be called as Network and Security Capability discovery of the AP.In this phase the AP advertises that it uses IEE 802.11i security policy .An STA which wishes to communicate to a WLAN using this protocol will up n receiving this advertisement communicate with the AP .The AP gives an option to the STA on the cipher suite and authentication mechanism it wishes to use during the communication with the wireless network.

Figure 9: Security States of RSN

b) Authentication Phase: Also known as Authentication and Association Phase .In the authentication phase, the AP uses its non control part to check the authentication proved by the STA with the AS .Any other data other than the authentication data is blocked by the AP until the AS return with the message that the authentication provided by the STA is valid .During this phase the client has no direct connection with the RADIUS server .

c) Key Generation and Distribution: During this phase cryptographic keys are generated by both the AP and the STA. Communication only takes place between the AP and STA during this phase.

d) Protected Data Transfer Phase: This phase as the name suggest is during which data is transferred through and from the STA that initiated .the connection through the AP to the STA on the other end of the network.

e) Connection Termination Phase: Again as the name suggests the data exchanged is purely between the AP and the STA to tear down the connection