Differing Vulnerabilities In Wireless Local Area Networks Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

All the vulnerabilities wireless LANs brings out a new further series of risks belonging to wired network. In system management protocol the critical vulnerabilities are access control vulnerabilities, authentication vulnerabilities, WEP vulnerabilities, and WPA/WPA2 vulnerabilities. With a 4-byte Cyclic Redundancy Check (CRC) computed over data the fundamental IEEE 802.3 Ethernet protocol that emphasizes the 802.11 standards acts as logical work for securing data integrity. Reliable network security indicates for cryptographic integrity checks however the data on wireless networks is open to outsiders. These devices assemble the government standard part certification needs for exposure to radio emissions however no reliable research sustaining this risk at several users may identify at the risk from being open to radio wave energy. Further will be argued in detail about wireless LAN technical standpoint this matter will not be measured. As the most popular wireless LAN standard is far at this time, the subsequent discussion will be fixed to the alternatives of IEEE 802.11 standard. As the modalities of risk are identical to all kinds of wireless LANs, Information related to vulnerabilities and performance discussed here is applicable only to the 802.11 series of networks. In additional terminology, all wireless LANs faced by the 802.11 series as the similar group of risks to message confidentiality, integrity, authenticity and denial of service. The technical information of vulnerabilities and dealing only with the threats vary from standard to standard.

Access Control Vulnerabilities


The following two features of the 802.11 standard do not offer limited forms of address access control.


Unfortunately, the employ of SSID is repeatedly incorrect password protection. The SSID is applied for recognizing the network, not as a security measure. The SSID contained in the signal frame is always sent in plaintext, regardless of the deployment WEP option. To get the SSID for this low level access can bypass control listen several wireless client, malicious or not, for this signal.

MAC Address Access Control List (ACL)

By specifying access to only approved wireless cards several 802.11 vendors offer a MAC Address ACL element that gives minimal access control. The packets enclose the MAC addresses are sent in a clear text that access on the ACL can be simply obtain unfortunately during traffic monitoring. An unauthorized user can take-off these MAC addresses and aim to gain access the AP. The AP has the factory configuration for the administrator username and password moat of the time. The configuration of the AP preserve varied the unauthorized user has accessed on the AP.

Authentication Mechanism Vulnerabilities


There are vulnerabilities here in both the design and the implementation of the service.

The authentication mechanism defined in the 802.11 is applied to get the wireless link up to unspecified physical standards of wired link.

Shared Key Authentication Flaw

The Shared Key authentication mechanism is allowed to apply in front of an association. In the challenge-response sequence, some the plaintext challenge and the encrypted challenge are transmitted. It allows finding the key and the fourth pair used of this authentication sequence of the potential security vulnerability. The implementations watch this recommendation of the 802.11 standard recommends avoids with the same key and fourth pair for the next frame transmitted however no security. Since noted earlier in this document, using Open System Authentication by the WEP is usually measured further secure as key-related information is not transmitted for this cause.

802.1X/EAP Vulnerabilities

The 802.1X framework has the really possibility of develop the authentication capabilities of 802.11 wireless networks initially introduced in WPA. The authentication protocol assigned by 802.1X is vulnerable to approach mainly due to its incapability of confirm its own messages incongruously. As this defect, EAP messages might be copied man-in-the-middle state, potentially permitting an attacker to avoid an authentication mechanism or to hijack an 802.11 session.

WEP Vulnerabilities

The report focus on the minimal security offered by the WEP protocol, in particular, the following weaknesses:

a. High probability of key re-use due to the short IV (On a busy network, IV re-use occurs often enough that the hacker may obtain the key in minutes to hours);

b. Weak message authentication due to the short key length used; and

c. Lack of a key management specification.

Key stream Re-use

Based on the use of a relatively short 24-bit IV, it is highly likely that over a short period of time on an active wireless network, the IV will be re-used. This could facilitate an attack on the system to recover the plaintext. This vulnerability exists regardless whether 64-bit or 128-bit WEP is used.

Message Integrity

The CRC-32 checksum is used to ensure the integrity of the packets during transmission. It is possible for controlled changes to be made to cipher text without changing the checksum appended to the message and to inject messages without detection.

Key Management

The distributed shared key is the weakest aspect of the system. By using static shared keys, distributed among all the clients as “passwords,â€Â the number of users aware of these keys will grow as the network expands. This creates the following problems:

a. Shared key among many people does not stay secret for long;

b. The manual distribution of shared key can be time consuming, especially in a large environment with many users. Quite often, this results in key not being changed as frequently as required; and

c. The frequency of IV re-uses increases as the network size expands, which makes it more vulnerable to attack.

WPA/WPA2 Vulnerabilities


WPA and WPA2 have introduced measures designed to address the major vulnerabilities of WEP, however a few new vulnerabilities were introduced and some vulnerabilities remain, particularly in WPA because of the requirement for backwards compatibility, and low compute requirements.

Key Management

Although 802.1X authentication support was made mandatory in WPA/WPA2, its use requires an external authentication server and so the user is given an option to use a simple pre-shared key mechanism like WEP. Unfortunately, as with WEP, the pre-shared key authentication mechanism for both WPA and WPA2 is vulnerable to key management issues: it is virtually impossible to keep a single shared key secret among a large community, and re-keying and distributing new keys for a large community is likewise difficult.

4-Way Handshake and Weak Passphrase Vulnerability

The Pre-Shared Key mechanism allows the use of security features in WPA/WPA2 in situations where the additional 802.1X infrastructure is not available. As with the shared key in WEP, all users share a common “secret keyâ€Â. Although the Pre-Shared Key is used as the Pair wise Master Key (PMK) in WPA/WPA2, unlike WEP, the WPA shared key is not used directly as an encryption key, but is instead combined with other session-specific information exchanged during the 4-Way Handshake, to generate a Pair wise Transient Key (PTK), which is in turn used to generate dynamic encryption and message integrity keys.

Although the short key and IV re-use issue has been resolved by this mechanism, a pre-shared key in WPA/WPA2 is now vulnerable to dictionary attacks. By capturing the 4-Way Handshake authentication exchange and using this information along with a dictionary file it is possible to successfully guess the session keys if the Pre-Shared Key is one of the words in the dictionary; if the shared key is short or very simple, it may even be found through a brute-force search. A successful dictionary attack can lead to two scenarios: recovered session keys can be used to eavesdrop on or disrupt an ongoing session, or the recovered PSK can be used to initiate a new session and allow unauthorized use of the network resources. If this mechanism must be used, it is imperative that a long, non-dictionary passphrase be used to secure the access point.

Simple Network Management Protocol (SNMP)

Many 802.11 APs support management of the wireless device via SNMP. Often, this feature permits someone to view system and configuration information, and in some cases, allows the capability to update this information. Access to this information is normally restricted by the use of a community string, which is not a password, but simply an identifier given to the SNMP network. Further, this string is usually a well-known value, obtainable by a simple Internet search.