Wireless Network Security

RSS Author RSS     Views:N/A
Bookmark and Share         
In recent years, the advancement in wireless technology has been tremendous. These technologies include the mobile communication networks, wireless local area networks (LANs), Ultra Wideband (UWB), ad hoc and sensor networks. The mobile networks technology has been dramatic in recent years, including the third generation and fourth generation termed as the Long Term Evolution network (LTE). However, despite the advancement made, security enforcement in these wireless networks is still a big problem. This is a major challenge in that it impedes the deployment of the wireless networks. Security mechanisms are very crucial in in any communication system. It is essential to protect data integrity and confidentiality, access control, authentication, quality of service, user privacy, and continuity of service. The security mechanisms also protect the basic functions of the wireless networks. There are several issues regarding security in wireless networks. These include cryptographic co-processors, encryption, authentication, key management, secure routing, secure medium access control, intrusion, intrusion detection, security performance analysis, security issues in applications among others (Xiao et. Al, 2007, p. 1 ). In this paper, emphasis will be on the security issues regarding the IEEE 802.1.

The need for Wireless network security
Wireless networks provide flexible means for data communication. These systems are implemented as an alternative or an extension to wired networks. Wireless communication systems transmit and receive data using radio frequency technology, thus reducing reliance on wired connections. This helps in linking data connectivity with user movement. In recent years, they have gained popularity and are now known as general-purpose connectivity substitute among business customers. Data sent over the wireless networks can be easily broken and compromised. The security matter in wireless networks is much more serious than in wired communication. Any person with special equipment and knowledge can tap the data sent over wireless networks. Counter measures need to be put in place to avoid these. There is need to address major issues like threat to physical security of the network, unauthorized access by unwanted parties and privacy (Papadimitriou et. Al, 2003, p. 328).

How wireless networks work
Wireless networking relies on the same principles that drive cordless phones and all these other wireless devices. A transceiver, which is a combination of transmitter and receiver, sends signals by vibrating waves of electromagnetic radiation that propagate out from an antenna; the same antenna receives signals by being appropriately vibrated by passing signals at the right frequencies. Wireless networking overcomes the line-of-sight problem by jumping to a different portion of the electromagnetic spectrum. Modern wireless networks typically work at 2.4 GHz or 5 GHz, far below the visible light spectrum. At those frequencies, the wavelength of each transmission is so small that signals can pass through seemingly solid objects.

Standards are very important in any sector and industry. No matter what the context, successful communication can take place only if all parties are speaking the same language. In the networking world, such a language is called a specification, and if it’s sufficiently agreed-upon by enough parties or given a stamp of approval by an industry body, it may increase in status to become a standard. That is the theory, anyway, but every industry has a host of so-called standards that fail to work with one another and are a point of competition between manufacturers. However, the wireless networking world has, remarkably, almost entirely evolved beyond this quagmire of competing standards. When you talk about wireless networking, you are talking about a family of standards that work together: equipment that supports one standard is always compatible with other devices that support the same standard. Even better, backward compatibility has been the rule rather than the exception.
From 1999 to 2001, the lead specification was IEEE 802.11b, also known as Wi-Fi, or by Apple’s name for the technology, AirPort. 802.11b was wildly successful, and companies have sold tens of millions of devices that support it. In 2001, the much-faster 802.11a standard finally appeared in shipping equipment, and although it was similar to 802.11b, the two standards could not work with each other because they use different parts of the spectrum.
The solution for achieving 802.11a’s speed while maintaining compatibility with 802.11b finally came in 2003 with 802.11g. This latest standard runs as fast as 802.11a while working in the same frequencies as 802.11b, thus providing full backward compatibility with all those millions and millions of 802.11b devices. Realistically, 802.11g will gradually replace 802.11b and will likely consign 802.11a to niche applications. For those who want to hedge their bets, some manufacturers offer “a/b/g” adapters that support all three specifications. The industry association that controls Wi-Fi has expanded the definition to include all three of these specifications, and anything you buy labeled Wi-Fi will note whether it works in the 2.4 GHz band, the 5 GHz band, or both. All Wi-Fi gear has been certified as working with all other Wi- Fi gear in the same band, which is just another way of saying that all 802.11b and 802.11g equipment will work together, but 802.11a devices will only work with other 802.11a devices.
When we wrote the first edition of this book in mid-2002, there was still a question as to whether Wi-Fi wireless networking would be the ultimate winner, since there were still some competing standards, such as HomeRF.
Security mechanisms for 802.11
Despite there being standards set for the 802.11, security methods were not specified initially. Some manufacturers provided security mechanisms by providing authentication based on MAC address. In this scheme, access points maintained a list of MAC address of devices that were allowed to access the network. This approach had its drawbacks in that it suffered scalability issues. This is because maintaining a list of all devices in a network is a problem if the number of devices keep on increasing (Alan and Holt, 802.11, p. 98). This was not the only problem, it also had weaknesses in that the MAC address could be spoofed and security circumvented easily. The standardizing body introduced wired equivalent privacy (WAP) in the 802.11b. This still had loopholes, which were amended in the 802.11i. The purpose for the amendment specification produced a robust security network association (RSNA) design that would improve authentication, key management, and confidentiality and integrity (Alan 98). There were continuous efforts to improve security and the Wi-Fi Alliance produced an interim solution called Wi-Fi protected access (WPA). The purpose of WPA was to address the shortcomings of WEP as 802.11i underwent some ratification. WPA was an implementation of draft version of 802.11i and included pre-RSNA algorithms. As 802.11i underwent the ratification process, the Wi-Fi alliance released the WPA2.

Technologies addressing security for 802.11
IEEE 802.11i identifies and defines two technologies that enhance its security. The two technologies designed are the robust security network and transition security network. For robust security network only RSNA is implemented and works while for the transition security network, both pre-RSNA and RSNA are allowed, that is, it supports 802.11i stations as well as the 802.11 – 1999 stations.
The pre – RSNA security mechanism is composed of authentication and data confidentiality support. This mechanism has been withdrawn from the IEEE 802.11i because they do not meet the set objectives meant for it. The WEP was designed under the pre – RSNA to protect the confidentiality of data exchange among authorized stations. It uses a 40 bit security key to achieve protection against eavesdropping. During its inception, it was believed that it would be capable of providing security at the same level as a wired network. However, after its implementation, there were several flaws that were identified in this system (Lee & Choi, 2008, p.483). The pre - RSNA uses integrity check value (ICV) to achieve encryption and integrity. The integrity check value (ICV) is a 32-bit CRC. It is computed for each frame (M) of data. A plaintext frame M yields ICV = CRC32 (M). The ICV is tied to a plain text packet M to form P = M | ICV. The key stream is generated using a pseudo random number generator (PRNG) from the WEP key and a 24-bit initialization vector (IV). A new IV is used for each frame. The IV is pre-attached to the WEP key to form a per-frame key. The packet is then encrypted using RC4 cipher. The cipher text message is derived by XORing the per frame key with the packet.
RSNA 802.11i outlines the Robust Security Network Association (RSNA) launch process to offer strong reciprocated verifications and advanced key generation management for the data privacy procedures. 802.11i RSNA launch procedure includes the 802.1X validation and key management procedures. Three entities are involved, the wireless station, the Authenticator or the Access Point, and the Authentication Server. Effective authentication means that the wireless station and the authenticator authenticate each other’s uniqueness and produce some shared secret for subsequent key derivations. Based on this shared secret, the key management protocols compute and distribute usable keys for data communication sessions. The authentication server can be implemented either in a single device with the authenticator, or through a separate server, assuming the link between the authentication server and the authenticator is physically secure. Six steps are followed in the analysis of 802.11i RSNA. The steps are discovery of capabilities of the network, authentication and association, 802.1X authentication, 4-way handshake, group key handshake and communication of secure data.
Centered on the comprehensive RSNA launch process, we will investigate the security of 802.11i bearing in mind each conceivable threat separately. Since the management frames are not protected in a WLAN, an adversary is capable of interfering with initial stages of the RSNA launch. An enemy can send deceived security abilities and topological views of the network to a supplicant on behalf of an authenticator. When this happens, the supplicant will have no choice but to use wrong security details to communicate with the genuine authenticator, or link with a malicious access point. Alternatively, an attacker may also forge Link Requests to the authenticator with perhaps weak security abilities, which might cause glitches if no further securities are put in place.
When the comprehensive RSNA handshakes are done, the authentication and key management process seem to be protected. However, since the attacker has the ability to interfere with the initial stages, it might be able to cheat the authenticator and the supplicant, and avert completion of the RSNA; this is described as a Security Level Rollback Attack. Some executions might also allow a reflection attack in latter stages. Moreover, while we accept the link amongst the authenticator and the authentication server is protected, an attacker may still be able to discover the shared secret in by offline dictionary attacks. While a 256-bit PSK is implemented as a PMK, the PSK can be able to deduce from a passphrase, making the PSK susceptible to dictionary attacks. When implementing, one should cautiously pick a decent passphrase or use a 256-bit random value to remove this weakness.
Future trends in 802.11i wireless network security
The implementation of security mechanisms for the 802.11 technology has taken time. Industry players as well as researchers do admit that the 802.11 technology is mature. The standard protocol 802.11i has achieved high levels of security (Djamel & Francine, 2007, p. 89). It is noted that the security algorithms for encryption, authentication and key management have been thoroughly researched in various wireless networks (Ian & Xudong, 2009, p. 160). The remaining challenge is to reduce the complexity of these algorithms while maintaining their quality. They should also be modified to allow them to be cross applicable across various network types so that a wide range of devices can be supported.
Companies involved with 802.11
There are many participant in this field including the standardizing bodies, research companies and the consumer electronics companies.
The IEEE or the Institute of Electrical and Electronics Engineers, pronounced Eye-triple- E, is a non-profit, technical professional association with 380,000 members. The IEEE’s mission is to develop consensus-based technical standards for electronics in several industries. Many of the manufacturers of 802.11b equipment are involved with subcommittees of the IEEE.
The IEEE 802 Committee deals with networking: the 802.11 Working Group handles wireless local area networks (WLANs); and the various Task Groups (a, b, e, f, g, h, and i, among others) handle specific types of WLANs or specific problems related to wireless networking, such as multimedia data streaming, inter-access point communication, and security.
Wi-Fi Alliance is an industry association that has led the charge in wireless technology to ensure compatibility among devices from different manufacturers using the IEEE 802.11. The Wi-Fi Alliance was so successful at spreading the name Wi-Fi that it changed its name from the more clunky but more explanatory Wireless Ethernet Compatibility Alliance. The Wi- Fi Alliance requires substantial membership fees from members who submit their equipment— along with additional fees—to the association’s certification lab for testing. The certification process makes sure that thousands of individual features work correctly using a standard suite of tests. Only if the device passes those tests can a manufacturer legally use the Wi-Fi seal and name. Although other trade groups have had mixed success in pushing standards, the Wi-Fi Alliance’s approach really is a sign of compatibility you can trust. Bluetooth, for instance, is more of a marketing concept, because manufacturers aren’t required to undergo a rigorous independent certification process before they can apply the name to their products.
In October 2002, the Wi-Fi Alliance updated the Wi-Fi certification mark to identify whether a piece of equipment could work in the 2.4 GHz band (802.11b at the time, but now also 802.11g), in the 5 GHz band (802.11a), or in both, thanks to equipment that supports multiple specifications. Older Wi-Fi gear just has the mark by itself; with newer gear, you need to check which bands the device supports. The information should be prominently displayed on the box. More recently, the Wi-Fi Alliance has added additional standards, such as WPA (Wi-Fi Protected Access, a new security specification), to the Wi-Fi certification process to ensure that new, more sophisticated options for wireless networking work together just as well as the basic elements.
Other companies associated with 802.11 are electronic manufactures of devices that integrate this technology in their products.

The 900-megahertz (MHz), 2.4 gigahertz (GHz), and large parts of the 5 GHz frequency bands are reserved in the U.S. and in many other countries for unlicensed use. Wireless networks operate under these frequency bandwidths (Bartz, 2012, p. 499). There are two kinds of licenses that regulate the use of these frequencies. There is that owned by companies operating equipment on various frequencies, such as cell telephone companies, and those using the equipment, like amateur radio operators. These unlicensed bands, as you would guess from the name, require neither kind of license. However, the FCC (Federal Communications Commission) and national regulatory bodies must still certify the equipment that uses these bands. Because a license is not necessary, the FCC and similar regulatory bodies in other countries require that unlicensed devices use very little power, which restricts their range. It also means that these devices must be highly resistant to interference, because there is no guarantee that any user will have exclusive access to any of the unlicensed frequencies. Unfortunately, interference can still happen if a 2.4 GHz cordless phone, wireless camera, or a microwave oven, which can spew 2.4 GHz radiation as it twists water molecules, is used near an access point. The 2.4 GHz band has a few licensed uses that overlap part of the unlicensed range, including amateur radio in the lower part, and certain public safety, television station remote signal, and commercial microwave transmissions. These licensed users have priority, but, so far, low-power use of wireless networking has not caused any major turf disputes (Gast, 2002, p. 243).
Global impact
A well-designed and implemented wireless network security is very important. It is much better to have a functioning security in wireless networks that protect its users than having one than to have protection features but with a loophole. People are using the wireless networks now more than ever. The number keeps on increasing. Lack of security compromise private data of people. It is better not use unsecured wireless channels than use one that an attacker can tap personal details. Having secure wireless networks is important in social and economic being of a society. People can exchange information without fear and carry out financial services. Securing a network will prevent mischievous users from stealing bandwidth from your network or gaining access to private information. Eventually, reduces the world into a small society, enhancing global communication become easy and consequently better global economy be within reach.

Report this article

Bookmark and Share

Ask a Question about this Article