The Security Of Wireless Fidelity Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Wi-Fi which stands for Wireless Fidelity is becoming widely spread and nowadays many organisations implement Wi-Fi in order to connect to the internet. The expediency of wireless access, low cost, and plug-and play nature of the technology have been the major drivers for Wi-Fi's attractiveness among Internet users. Progressively businesses are implementing wireless LANs to increase productivity and cut costs. Nowadays all laptops, PDAs, and smart phones have Wi-Fi built in. Wi-Fi hotspots, spanning coffee shops, hotels, airports, or even cities, are mushrooming to meet the growing demand of Wi-Fi Internet access.

It has quickly grown to become the dominant wireless Local Area Network standard. Wi-Fi uses a number of base stations to connect user devices to an existing fixed network. Wi-Fi operates in the 2.4Ghz radio spectrum which is the same spectrum used by cordless phone, garage door openers, microwave ovens, and other devices. This spectrum is free therefore no license is required.

Wi-Fi proffers a new level of freedom, flexibility and productivity for users, the user can easily connect to the access point or hotspots to get access to the internet. As a result of wireless networks being easier to access, hackers can access the wireless network with the same ease. Hence, one of the biggest challenges of Wi-Fi networks is the security of the network and the users that are connected to the network.

The main factors that define security in a Wi-Fi are authentication, theft, access control, encryption and safeguards (Seung-Jung Shin, 2005). These factors are crucial in developing a secured Wi-Fi network that enables users to use the internet free of hackers, viruses and other dilemmas that will arise from possessing an unsecured network.

The institute of Electrical and Electronic engineers (IEEE) introduced the 802.11 standard in 1997 (IEEE, 2010); it included a couple of methods for essential authentication. This standard was a disaster and was easily hacked into costing users' the loss of data and countless other problems.

WEP which stands for Wired Equivalent Privacy is an essential method which was introduced at the time to increase the security in the Wi-Fi network. This type of authentication allowed 802.11 acquiescent devices to connect to Wi-Fi. The WEP security most wireless LAN products currently offer, provides only rudimentary protection, as it uses a single static 40 or 128- bit key for both encryption and authentication. This key is shared by everyone on the Wireless LAN. WEP encrypts the data in each transmitted packet in an attempt to keep the data private between network adapters and access points. When WEP encryption was added to other commonly implemented security measures, such as passwords and authentication, the concept was that the network would be secure. Unfortunately, a number of software programs such as Airsnort and WebCrack are readily available. They can decipher the WEP encryption and allow intruders to gain access to the network. These programs can be used to recover encryption keys by passively monitoring wireless transmission and, after gathering enough encryption samples, the encryption key is computed.

The WEP standard was created to give wireless network the safety and security features it previously lacked. The fundamental goal of WEP is to prevent eavesdropping, which is confidentiality. The second goal was to permit authorised access to the wireless network, which is availability. The third goal was to prevent the interference of any wireless communication, which is integrity. Confidentiality, availability and integrity are the basic tenets for information security in the WEP and all the other essential methods that were subsequently developed. For medium and large networks, WEP is a major management burden, as administrators must enter WEP key information manually on every single WLAN enabled device. And despite all that effort, anyone can hack WEP using one of the utilities that are available for free on the Web. There are numerous types of hacking techniques used in a wireless network such as Wired Equivalent Privacy (WEP) hacking, sniffing technique, Denial of Service (DOS) attack etc. WEP does not provide end-to-end security, but rather provides security only for the wireless portion of the connection.

I believe that this standard was a reliable and efficient standard for only a short time after the development of Wi-Fi. Later on when WEP was cracked during the year of 2001 (Nikita Borisov, 1997) , it generated a large security violation and unfavourably impacting the use of Wi-Fi in the enterprise and homes. What began as a great technology of mobile internet connection was distorted into a hideous threat to personal users and businesses. Hackers of at the time learned how easily they can penetrate wireless LANs, including those protected with so-called industry-standard Wi-Fi encryption, and accessed personal data of users. Following this tragedy it can be avowed that WEP nowadays can stand for Weak Encryption Protocol.

In October 2002 The Wi-Fi Alliance announced a new security standard called WPA (Emigh, 2002), which stands for Wi-Fi Protected Access. WPA was developed expressly to increase the level of security for new wireless LANs, and manage existing solutions with software or firmware updates. This solution targeted all known WEP vulnerabilities and is forward compatible with the upcoming 802.11i standard.

WPA is a combination of an existing authentication framework, a robust encryption scheme called the Temporal Key Integrity Protocol, and a message integrity checker, to insure that packets haven't been forged. WPA has been used differently by large and small installations. Most large organisations will use their existing radius servers to authenticate WLAN users.

When WPA is enabled, a client card first tries to associate with the access point (AP). The AP blocks access to the WLAN until the user's credentials can be approved by the authentication server. After accepting the user's credentials, the authentication server produces a unique 128-bit master session key that TKIP distributes to the user and the AP. The user then joins the WLAN, and WPA sets up a key management mechanism that automatically generates a different key for each packet transmitted.

WPA offers two configuration options; one targeted at home users and smaller networks, and the second designed for larger networks. WPA pre-shared Key (WPA-PSK) is best suited for small businesses and home networks. A shared key or password, is configured in the wireless access point (WAP) and any wireless laptop or desktop devices. WPA-PSK generates a unique key for each session between a wireless client and the associated WAP. The unique key used in the client to access point communications makes reverse engineering of the pre-shared key more difficult for attackers. WPA-PSK uses more advanced security techniques to encrypt and monitor the message stream. While WPA-PSK still uses the RC4 encryption standard used in WEP, it implements temporal key integrity protocol (TKIP), which provides per packet key mixing, a message integrity check and a re-keying mechanism. TKIP's algorithms and method- integrity checking techniques prevent the unwanted decryption of and tampering with packets in the wireless message stream.

Regardless of the benefits it provides, pitfalls are also expressed. One pit fall of WPA-PSK is that the pre-shared key is subject to dictionary attacks, this is where the password is being guessed. Good password management techniques, such as long passwords, and the mixing of alphanumeric characters and punctuation marks are required to help reduce the chance of a successful attack.

Larger networks can use WPA 802.1X/EAP, or Radius, for implementing WPA security. While more complicated to set up than WPA-PSK, this method can leverage an existing network and directory infrastructure to require a unique user ID and password for each wireless user connecting to the WLAN. Rather than relying on a predefined shared key, WPA 802.1X/EAP employs a user ID and password to authenticate each wireless device when it associates with a WAP. The credentials supplied are validated against a Radius server or a directory server such as Windows Active Directory supporting the Radius protocol. Once the device is authenticated, WPA 802.1X produces a unique master key for that wireless device's session. TKIP is then used to distribute this key to the client. The same encryption and message integrity checking implemented in WPA-PSK is used from this point forward.

Additional wireless security options are offered through the 802.11i standards efforts, 802.11i includes implementation of TKIP, as well as advanced encryption standards (AES). The stronger encryption offered by AES requires WAP hardware upgrades due to the CPU intensive nature of AES.

The IEEE committee that wrote 802.11i pointed out that "an eight to ten character passphrase actually has less than fourty bits of security that the most basic version of WEP offers", and continues on saying (IEEE, 2010):

"A passphrase of less than about 20 characters is unlikely to deter attacks."

As with WEP, wireless cracking tools exist that are specifically designed to recover the PSK from a WPA protected network. As Fogie points out (Fogie, 2006), The KisMAC tool can recover an eight character PSK using off the shelf tools against any product using such a short password with only a few days of work.

WPA with 802.1X authentication often called WPA Enterprise creates a very tight network, providing strong authentication that is positive for both the WLAN infrastructure and the station, while gaining a secure, encryption per session key that is cannot be attacked very easily. As 802.1X authentication requires a momentous infrastructure including 802.1X complaint RADIUS server with a digital certificate, and a software for the client from every user that supports 802.1X and for any authentication mode is used, hence, this security comes with a cost.

I believe that the WPA standard enhanced the security of the Wi-Fi network, averted the problems that arose with the WEP standard and made it more difficult for hackers to interrupt the Wi-Fi network and gain access of it. Regardless to the advantages it shaped and the improvements it presented to the Wi-Fi network, downfalls were exploded when the network was cracked using a similar method as with the WEP network. Simple softwares were available on the internet for public download, which unfortunately provided the hacker with the power to penetrate and create problems for the users of such Wi-Fi network. It can be manifested that WPA is not as secure as it really is intended to be, due to the availability of cracking softwares WPA's security has been breached and so creating a less secure network. Furthermore, it can be patent that as the security levels are being updated and improved to secure the network so are the hacking softwares, therefore, this creates a continuous process where the standards of the Wi-Fi network are being readily updated to be more secure and in advance of the hacking softwares that are being implemented.

This is evident in July 2004 where WPA2 was introduced, which is an improvement of the WPA standard. WPA2 is the Wi-Fi alliance certification program, based on the support by equipment and software for what it considers to be mandatory features of 802.11i. The features in IEEE 802.11i and WPA2 are virtually identical. The two most important features beyond WPA to become standardised through 802.11i and WPA2 are pre-authentication and the use of CCMP standing for Counter-Mode with CBC-MAC Protocol, pre-authentication enables secure fast roaming without noticeable signal latency; and the use of CCMP cipher suite in place of TKIP. CCMP is based on the AES which stands for Advanced Encryption Standard cipher. AES yields the high level of data privacy required by some enterprises, government agencies and other organisations.

WPA2 certification comes in two authentication modes, WPA2 enterprise and WPA2 personal. WPA2 enterprise includes the full set of WPA2 requirements, with support for Radius and 802.11X based authentication and pre-shared key. WPA2 personal is used for small business and home environments and only includes the use of a pre-shared key.

Like most advances, wireless LANs poses both opportunities and risks. The technology can represent a powerful complement to an organization's networking capabilities, enabling increased employee productivity and reducing IT costs. To minimize the attendant risks, IT administrators can implement a range of measures, including establishment of wireless security policies and practices, as well as implementation of various LAN design and implementation measures. Achieving this balance of opportunity and risk allows enterprises to confidently implement wireless LANs and realize the benefits this increasingly viable technology offers. It is made evident that several Wi-Fi protocols are being developed based on previous models, which exemplifies that the protocols being developed are at low security levels when compared to the cracking softwares that are readily available on the internet, which leads on to the continuous process of upgrading the Wi-Fi protocols and providing users with a greater security level.