I. Introduction:
Wireless Local Area Network (WLAN) is the linking of two or more computers without using wires. WLAN makes use of the spread spectrum technology based on radio waves to enable communication between two devices in a limited area.
Wireless local area networks (WLANs) based on the Wi-Fi (wireless fidelity) standards are one of today's fastest growing technologies in businesses, schools, and homes, for good reasons. They provide mobile access to the Internet and to enterprise networks so users can remain connected away from their desks. These networks can be up and running quickly when there is no available wired Ethernet infrastructure. They are reported to reduce setting up costs by 15%. But, with these benefits come the security concerns. WLANs have very little security. An attacker can listen to you, take control of your laptops/desktops and forge him to be you. He can cancel your orders, make changes into your databases, or empty your credit cards.
a. The 802.11 Wireless LAN Standard: In 1997, the IEEE ratified the 802.11 Wireless LAN standards, establishing a global standard for implementing and deploying Wireless LANS. The throughput for 802.11 is 2Mbps, which was well below the IEEE 802.3 Ethernet counterpart
Late in 1999, the IEEE ratified the 802.11b standard extension, which raised the throughput to 11 Mbps, making this extension more comparable to the wired equivalent. The 802.11b also supports the 2 Mbps data rate and operates on the 2.4GHz band in radio frequency for high-speed data communications. As with any of the other 802 networking standards (Ethernet, Token Ring, etc.), the 802.11 specification affects the lower layers of the OSI reference model, the Physical and Data Link layers. The Physical Layer defines how data is transmitted over the physical medium. The IEEE assigned 802.11 two transmission methods for radio frequency (RF) and one for Infrared. The two RF methods are: • Frequency hopping spread-spectrum (FHSS) • Direct sequence spread-spectrum (DSSS) These transmission methods operate within the ISM (Industrial, Scientific, and Medical) 2.4 GHz band for unlicensed use. FHSS and DSSS are different techniques to transmit data over radio waves. FHSS uses a simple frequency hopping technique to navigate the 2.4GHz band which is divided into 75 sub-channels 1MHz each. The sender and receiver negotiate a sequence pattern over the sub-channels. DSSS, however, utilizes the same channel for the duration of the transmission by dividing the 2.4 GHz band into 14 channels at 22MHz each with 11 channels overlapping the adjacent ones and three non-overlapping channels. To compensate for noise and interference, DSSS uses a technique called "chipping", where each data bit is converted into redundant patterns called "chips". The Data Link layer is made up of two sub-layers: • Media Access Control (MAC) layer • Logical Link Control (LLC) layer The Data Link layer determines how transmitted data is packaged, addressed and managed within the network. The LLC layer uses the identical 48-bit addressing found in other 802 LAN networks like Ethernet where the MAC layer uses a unique mechanism called carrier sense multiple access, collision avoidance (CSMA/CA). This mechanism is similar to the carrier sense multiple access collision detect (CSMA/CD) used in Ethernet, with a few major differences. Opposed to Ethernet, which sends out a signal until a collision is detected before a resend, CSMA/CA senses the airwaves for activity and sends out a signal when the airwaves are free. If the sender detects conflicting signals, it will wait for a random period before retrying. This technique is called "listening before talking" (LBT). To minimize the risk of transmission collisions, the 802.11 committee decided a mechanism called Request-To-Send / Clear-To-Send (RTS/CTS). An example of this would be when an AP accepts data transmitted from a wireless station; the AP would send a RTS frame to the wireless station that requests a specific amount of time that the station has to deliver data to it. The wireless station would then send a CTS frame acknowledging that it will wait to send any communications until the AP completes sending data. All the other wireless stations will hear the transmission as well and wait before sending data. Due to the fragile nature of wireless transmission compared to wired transfers, the acknowledgement model (ACK) is employed on both ends to ensure that data does not get lost in the airwaves. b. 802.11 Extensions: Several extensions to the 802.11 standard have been either ratified or are in progress. Below are standards that affect WLAN users most directly: 802.11a The 802.11a extension operates on a different physical layer specification than the 802.11 standard at 2.4GHz. 802.11a operates at 5GHz and supports date rates up to 54Mbps. The FCC (Federal Communication Committee) has allocated 300Mz of RF spectrum for unlicensed operation in the 5GHz range. Although 802.11a supports much higher data rates, the effective distance of transmission is much shorter than 802.11b and is not compatible with 802.11b equipment. 802.11b IEEE expanded on the original 802.11 standard in July 1999, creating the 802.11b specification. The 802.11b is de facto standard for Wireless LANs. The 802.11b extension raised the data rate bar from 2Mbps to 11Mbps, even though the actual throughput is much less. The original method employed by the 802.11 committee for chipping data transmissions was the 11-bit chipping encoding technique called the "Barker Sequence". The increased data rate from 2Mbps to 11Mbps was achieved by utilizing an advanced encoding technique called Complementary Code Keying (CCK). The CCK uses Quadrature Phase Shift Keying (QPSK) for modulation to achieve the higher data rates. 802.11b better serves the home market. 802.11g In 2002 and 2003, WLAN products supporting a newer standard called 802.11g emerged on the market. The 802.11g, like 802.11a is focusing on raising the data transmission rate up to 54Mbps, , and it uses the 2.4 GHz frequency for greater range. The specification was approved by the IEEE in 2001 and is expected to be ratified in the second half of 2002. It is an attractive alternative to the 802.11a extension due to its backward compatibility to 802.11b, which preserves previous infrastructure investments, meaning that 802.11g access points will work with 802.11b wireless network adapters and vice versa. 802.11d This group is focusing on extending the technology to countries that are not covered by the IEEE. It is focusing on Quality of service Support. 802.11e This group is focusing on improving multi-media transmission quality of service. 802.11f This group is focusing on enhancing roaming between APs and interoperability between vendors. 802.11h This group is addressing concerns on the frequency selection and power control mechanisms on the 5GHz band in some European countries. It is an Enhanced version of 802.11a. 802.11i This group is focusing on enhancing wireless LAN security and authentication for 802.11 that include incorporating Remote Access Dialing User Service (RADIUS), Kerberos and the network port authentication (IEEE 802.1X). 802.1X has already been implemented by some AP vendors. II. Types of Wireless LANS:
The part of success behind the popularity of WLANs is due to the availability of the 802.11 standard from IEEE. The standard specifies operation of WLANs in three ways:
• Infrastructure Mode: Every WLAN workstation (WS) communicates to any machine through an access point (AP). The machine can be in the same WLAN or connected to the outside world through the AP.
• Ad Hoc Network Mode: Every WS talks to another WS directly.
• Mixed Network Mode: Every WS can work in the above two modes simultaneously. This is also called the Extended Basic Service Set (EBSS)
[pic]
III. Wireless LAN Components:
One important advantage of WLAN is the simplicity of its installation. Installing a wireless LAN system is easy and can eliminate the needs to pull cable through walls and ceilings. The physical architecture of WLAN is quite simple. Basic components of a WLAN are:
• access points (APs) • Network Interface Cards (NICs)/client adapters.
Access Points:
Access Point (AP) is essentially the wireless equivalent of a LAN hub. It is typically connected with the wired backbone through a standard Ethernet cable, and communicates with wireless devices by means of an antenna. An AP operates within a specific frequency spectrum and uses 802.11 standard specified modulation techniques. It also informs the wireless clients of its availability, and authenticates and associates wireless clients to the wireless network.
Network Interface Cards (NICs)/client adapters:
Wireless client adapters connect PC or workstation to a wireless network either in ad hoc peer-to-peer mode or in infrastructure mode with APs (will be discussed in the following section). Available in PCMCIA (Personal Computer Memory Card International Association) card and PCI (Peripheral Component Interconnect), it connects desktop and mobile computing devices wirelessly to all network resources. The NIC scans the available frequency spectrum for connectivity and associates it to an access point or another wireless client. It is coupled to the PC/workstation operating system using a software driver. The NIC enables new employees to be connected instantly to the network and enable Internet access in conference rooms.
IV. Threats To Wireless LAN Environments:
All wireless computer systems face security threats that can compromise its systems and services. Unlike the wired network, the intruder does not need physical access in order to pose the following security threats:
Eavesdropping:
This involves attacks against the confidentiality of the data that is being transmitted across the network. In the wireless network, eavesdropping is the most significant threat because the attacker can intercept the transmission over the air from a distance away from the premise of the company.
[pic]
Tampering:
The attacker can modify the content of the intercepted packets from the wireless network and this result in a loss of data integrity.
Unauthorized access and spoofing:
The attacker could gain access to privileged data and resources in the network by assuming the identity of a valid user. This kind of attack is known as spoofing. To overcome this attack, proper authentication and access control mechanisms need to be put up in the wireless network.
Ad-hoc networks:
Peer to peer wireless networking between laptops without an access point opens up a laptop to be directly attacked and used as a conduct to the network.
Policy Violation:
Authorized users who are violate network policies against vulnerable access points, file sharing, and turning off security measures in network security.
Identify theft:
Intruders can pick off service set identifiers (SSID) and media access control (MAC) address to steal the identity of an authorized user.
Man in the middle attacks:
Hackers can force a rogue station between an authorized station and an access point where all traffic between the authorized station and the access point is routed through the rouge station.
Denial of Service:
In this attack, the intruder floods the network with either valid or invalid messages affecting the availability of the network resources. The attacker could also flood a receiving wireless station thereby forcing to use up its valuable battery power. V. Wireless Network Security Methods: Few Wireless Network Security Protocols are:
Wi-Fi Protected Access (WPA)
Wired Equivalent Privacy (WEP)
802.1X authentication
Wi-Fi Protected Access (WPA): WPA encrypts information, and it also checks to make sure that the network security key has not been modified. WPA also authenticates users to help ensure that only authorized people can access the network. There are two types of WPA authentication: WPA and WPA2.WPA is designed to work with all wireless network adapters, but it might not work with older routers or access points. WPA2 is more secure than WPA, but it will not work with some older network adapters. WPA is designed to be used with an 802.1X authentication server, which distributes different keys to each user. This is referred to as WPA-Enterprise or WPA2-Enterprise. It can also be used in a pre-shared key (PSK) mode, where every user is given the same passphrase. This is referred to as WPA-Personal or WPA2-Personal.
Wired Equivalent Privacy (WEP):
WEP is an older network security method that is still available to support older devices, but it is no longer recommended. When you enable WEP, you set up a network security key. This key encrypts the information that one computer sends to another computer across your network. However, WEP security is relatively easy to crack.
802.1X authentication:
802.1X authentication can help enhance security for 802.11 wireless networks and wired Ethernet networks. 802.1X uses an authentication server to validate users and provide network access. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (e.g., RADIUS). On wireless networks, 802.1X can work with Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA) keys. This type of authentication is typically used when connecting to a workplace network. VI. New Standards for Improving WLAN Security:
New standards that intend to improve the security of WLAN.
Advanced encryption Standard (AES): Advanced Encryption Standard is gaining acceptance as appropriate replacement for RC4 algorithm in WEP. AES uses the Rijandale Algorithm and supports the following key lengths:
" 128 bit key
" 192 bit key " 256 bit key
AES is considered to be un-crackable by most Cryptographers. NIST has chosen AES for Federal Information Processing Standard (FIPS). In order to improve wireless LAN security the 802.11i is considering inclusion of AES in WEPv2.
Temporal Key Integrity Protocol (TKIP):
The temporal key integrity protocol (TKIP), initially referred to as WEP2, is an solution that fixes the key reuse problem of WEP, that is, periodically using the same key to encrypt data. The TKIP process begins with a 128-bit "temporal key" shared among clients and access points. TKIP combines the temporal key with the client's MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data. TKIP also prevents the passive snooping attack by hashing the IV.
TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network. The Temporal Key Integrity Protocol is part of the IEEE 802.11i encryption standard for wireless LANs. TKIP is the next generation of WEP, the Wired Equivalency Protocol, which is used to secure 802.11 wireless LANs. TKIP provides per-packet key mixing, a message integrity check and a re-keying mechanism, thus fixing the flaws of WEP.
VII. Tools for Protecting Wireless LAN:
There are some products that can minimize the security threats of WLAN such as:
AirDefense:
It is a commercial wireless LAN intrusion protection and management system that discovers network vulnerabilities, detects and protects a WLAN from intruders and attacks, and assists in the management of a WLAN. It also provides a robust WLAN management functionality that allows users to understand their network, monitor network performance and enforce network policies.
Isomair Wireless Sentry:
This product from Isomair Ltd. automatically monitors the air space of the enterprise continuously using unique and sophisticated analysis technology to identify insecure access points, security threats and wireless network problems.It is a completely automated system, centrally managed, and will integrate seamlessly with existing security infrastructure. Wireless Security Auditor (WSA): It is an IBM research prototype of an 802.11 wireless LAN security auditor, running on Linux on an iPAQ PDA (Personal Digital Assistant). WSA helps network administrators to close any vulnerabilities by automatically audits a wireless network for proper security configuration. VIII. Disadvantages and Advantages of Wireless LAN:
Disadvantages of Wireless LAN: • As the number of computers using the network increases, the data transfer rate to each computer will decrease accordingly. • As standards change, it may be necessary to replace wireless cards and/or access points. • Lower wireless bandwidth means some applications such as video streaming will be more effective on a wired LAN. • Security is more difficult to guarantee and requires configuration. • Devices will only operate at a limited distance from an access point, with the distance determined by the standard used and buildings and other obstacles between the access point and the user. Advantages of Wireless LAN:
• It is easier to add or move workstations.
• It is easier to provide connectivity in areas where it is difficult to lay cable.
• Installation is fast and easy, and it can eliminate the need to pull cable through walls and ceilings.
• Access to the network can be from anywhere within range of an access point.
• Portable or semi-permanent buildings can be connected using a WLAN.
• Although the initial investment required for WLAN hardware can be similar to the cost of wired LAN hardware, installation expenses can be significantly lower.
REFRENCES:
http://compnetworking.about.com/cs/wireless80211/a/aa80211standard.htm
http://windows.microsoft.com/en-US/windows-vista/What-are-the-different-wireless-network-security-methods
http://en.wikipedia.org/wiki/Wireless_security
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
http://www.airdefense.net/products/index.shtm
www.wi-fi.org/
http://insight.zdnet.co.uk/communications/wireless/0,39020430,2132483,00.htm 