Wireless networks: Security

Wireless meshs warrantor radio nets ,due to ease of induction ,cost benefits and the capability of connectivity , hence communication whatsoeverwhere ,has made it the close best-selling(predicate) way of communicate setup in this 21st century. With increase in the need of mobile formations, the current electronic market has excessively been inundate with laptops, pdas, RFID devices, healthc be devices and tuner VOIP (Voice over IP) which argon WIFI (Wireless Fidelity) enabled. With the 3G (Third Generation) and 4G (Fourth Generation) cellular radio receiver standards, mobiles phones argon excessively WIFI enabled with in truth mellow speed macrocosm provided for entropy upload and tear download .Nowadays a m anys and overt beas non appoint steady cities atomic number 18 WIFI capable, enabling a somebody to recover the internet or even contact a opposed waiter in his office from anywhere in that city or even from his mobile phone term just strolling down the road.But as e rattling good applied science has its own drawbacks so does the radiocommunication electronic lucres .Just as in the case of wired internets they be in like manner prone to interloper attacks or more commonly cognize as Wireless hacking and so(prenominal) compromising the lucres , protective cover measure, righteousness and privacy. The introductory reason for this is when the piano tuner net income was set-back introduced, it was con typefacered to gather in auspices and privacy built into the dodge while communicate info. This misconception had essenti aloney arisen beca practise receiving set system vectors and receivers use spread spectrum systems which have signals in the wide transmission band. Since the RF(Radio Frequency ) receivers which at that time could only interrupt signal in the narrow transmission band these wireless signals were potentially con expressionred in the safe zone .But it did non take long to comprise devi ces that could intercept these wireless signals as well(p) .Hence the ace of data orchestrate over wireless cyberspaces could be easily compromised .With the development of applied science so has the modes and ways in which a meshwork crowd out be attacked belong more vicious .Fig-1 WLAN (Wireless Local Area Network)Security of wireless internets against much(prenominal) vicious attacks is hence the become the priority for the network industry. This is because not all networks are equally stiff .The gage dep finishs on where this network is utilise. For example, if the requirement of the wireless is to provide a wireless hotspot in a shopping mall so then the protective cover of this is neer interested with simply if its for a corporate they have their own protection credentials and exploiter entre control implemented in the network.II. wherefore WIRELESS networks are prone to attacks? in that respect are progeny of reasons why wireless networks are prone to indorsementchy attacks .These are the close to contest aspects to eb considered when a secure wireless network has to be hited.a) Wireless network are open networks The reason for this is that there is no physical media defend these networks .Any sheaf transmitted and received bay window be intercepted if the receiver has the aforementioned(prenominal) frequency as the transmitter receiver employ by h wireless network .There is excessively a common misconception that if the assay-mark and encoding are decorously utilise the network will not be compromised .But what about the messages pass around back and forth to begin with the credential and encryption comes into play ?b) Distance and Location The attacker great deal attack from any aloofness and location and is only limited by the power of the transmitter .Special devices have been designed which tail end attack even short distance networks such the Bluetoothc) Identity of the Attacker Attacker fag always expect unidentified because he uses a series of antennas or other compromised networks earlier reaching the actual tar go for it. This makes wireless network attackers genuinely difficult to track. roughly of the reasons why such attacks are so common is because of the abstemious availableness of data from none other than the Internet, easy to use cheap technology and of course the motivation to hack .III. wireless hacking footprint by stepTo understand the security communications protocols for wireless networks currently in use, first it is weighty to understand the method actings through with(predicate) with(predicate) which a half-hearted network is attacked by a cyberpunk .These are also issuen as wireless infringement methods .A. EnumerationAlso know as network Enumeration, the first and for the first time step to hacking which is finding the wireless network. The wireless network could be any specific tar work or even a random feeble network which flush toil et be compromised and used to attack other end systems or networks .This feat is achieved by development a network stripping software which are now a days available online in plenty, to name a few are Kismet and Network boner .In dress to have more in weeation about the network, the packet boats that are channelise and received by the network scum bag sniffed victimization network analyzers also known as sniffers .A large bout of teaching can be obtained by victimisation this including IP mouth, SSID numbers even reasonable information such as MAC organise , type of information and also the other networks that this compromised end system.Yet other problem approach is the use of network mappers which can be used to find he waiters that run these compromised networks hence also attacking these hosts which could then affect proper functioning and information transfer between these master of ceremoniess and to other networks connected to it .B. vulnerability Assesment This is mainly done by the hacker y victimisation a vulnerability scanner .After the hacker has found the network he trust to attack he uses this program in hunting lodge to detect the helplessness of the computer , computer systems networks or even applications. After this the intruder opinionated on the some achievable means of entry into the network.C. Means of launchingIV. TYPES OF THREATS ATTACKSA. Eaves Dropping and Traffic AnalysisThis is the form of attack that makes use of the weak encryption of the network .This always compromises the integrity and security of the network .All attacks such as war driving , war chalking ,packet sniffing traffic analysis all fall under this categoryB. Message ModificationThese attacks are mainly used to modify the data that is dedicate crossways a network .The modification might be giving wrong information or also adding bitchy content to the data packet organize form one space to some other .This compromises the integrity a nd privacy of the info .C. mon disclose DevicesTheses could be devices such as APS , application software programs which has been compromised by the intruder and made to function according to him/her. Such devices can compromise the integrity of the network as well as the data trust across it .These devices can also launch reply attacks and also make the network associated to malicious content websites or information.D. Session HijackingThis attack occurs aft(prenominal) a logical session has been established between two nodes to through the AP.In the attacker poses as a valid AP to the node seek to establish connecter and a valid node to the AP .The attacker can then send malicious or false information to the node that the data link has already been established with .The legitimate node believe that the AP has terminated he connection with it . The hacker can then use this connection to get sensitive information from the network or the node .E. Man In the Middle AttacksThis is similar to that of a session hijacking attack but in this case it is a rogue AP that acts as valid lymph gland to the legitimate AP and valid AP to the legitimate client .Once this has been established the rogue AP can access all information from the , intercept communication , send malicious information to other clients through this .These are just few of the security threats and attacks in wireless environments .With the advancing technologies there legion(predicate) more possible security threats that can be faced by these networks in the future.V. staple fibre REQUIREMENTS IN WIRELESS NETWORK SECURITYWith the vulnerability of wireless networks ,security and countering o such malicious attacks have become one of the top priorities intercommunicate by efforts ,corporate as well as research fields in IT .There are many pints to be considered when the security of a network is concerned the most measurable f which are earmark, accountability and encryption .A. credential This is very familiar to anyone using a network in his or her work place or even accessing he email on the internet and the very first step in promoting a secure wireless network . .There many different ways of authentication and many different tools and methods have been used over the years in dictate.. make the primary process, more reliable and fool prof.Some of the most widely used methods are a) User name and Password combinations generally defined as something that a soulfulness knows.b) Smart Card, RFIDs and Token technologies also known as something that a person hasc) Biometric Solutions such as finger printing , retina examine which can be generally defined as something that a person is or are.Now the reliability of each one of these methods can quit depending on the level on which it has been implemented .In the case very lower-ranking level authentication s only one kind of method I used to secure the network .One of the weakest forms of authentication can be consid ered as the use of only ID card or token technologies as if a person looses this , he can compromise the security of the network .Even in the case of exploitername and rallying cry the strength of the authentication is only as good as the complexity of the information used as username or even password .People generally prefer to use passwords that are easy to remember but also known to many other pack in that organization or even outside One of the much reform ways of securing a network through authentication is to use biometric solutions such as fingerprinting or retina scanning .But of course technology has advanced to the extend that even fingerprints or even retinas can be forged .Nowadays a number of methods of combinational methods are used as authentication with high security premises or networks guarded by more than two or three kinds of authentications .B. AccountabilityAfter a user has been authenticated to use the network it is important to have t able to track the c omputer routine of each person using the network so that incase of any foul play the person responsible can be held responsible .When the networks were very small it was very easy f a network administrator to track the usage of each person on a network .But with huge networks, remote access facilities and of course the wireless networks it has become quite a difficult task .AS mentioned earlier , there are many ways in which a hacker can make himself difficult to track down .Many softwares and firmwares have been created which is used in conjecture with the authentication protocols inoder to make the wireless network more secure and robust .C. EncryptionThis is the most important step in building and securing a strong wireless network infrastructure .he steps generally followed for this are a) Methods based on public depict infrastructure (PKI)b) Using high situation encryption final causec) algorithm used for encryption must be well known and proven to be very unbreakable.Curr ent wireless network security solutions can be classified into three broad categoriesa) unencrypted solutionsb)encrypted solutionsc) combination.In this piece with emphasis as ex bolded in the abstract will eb on encrypted solutions for wireless security. A brief discussion on the unencrypted methods has still been given for introductory understanding.I n the case of encryption based security protocols ,a flesh out description is given about the ones that are commonly used in wireless LANS in this paper .After which the latest and developing technologies will be discussed .The three major generations of security as existing today and also cited in many papers ,journals and magazines are as follows 1) WEP (Wired Equivalent Privacy)2) WPA (Wi-Fi protect Access)3) WPA2The image below shows the layer in which the wireless network security protocols come into play which is of course the link layerFig-1 802.11 AND OSI MODELVI. WIRELESS SECURITY UNENCRYPTEDA. MAC RegistrationThis is o ne of the weakest methods network security..MAC registration was basically used to secure university residential networks as college apartments or dorm rooms. The basic way of doing this is to configure DHCP (Dynamic Host Configuration Protocol) to renting IP address to only a know set of MAC address which can be obtained manually by running automated scripts on a network server so basically any person with a valid registration can enter into the network .Session logs also cannot be generated because of which accounting of the logs become impossible. Last but not the least since this method of securing was basically used for switched and wired networks encryption was never included.B. FirewallsIn this method, network authentication is one through either HTTP( Hyper text Transfer Protocol),HTTPS or telnet .When an authentication requirement is received by the network it is directed to the authentication server .On validating the authentication the firewalls add rules to the IP addre ss provided to that user , This IP address also has timer attached to it in order to indicate the rule time out of this IP address. When actd through HTTPS it is basically a session based as well as a secure process .But any other process which is qualified from a switched wired network firewalls does not provided encryption.C. Wireless Firewall Gateways One of the most latest as well as considerably fool create method in unencrypted solutions in Wireless Firewall Gateways or WFGs.This is a wholeness wireless gate way is integrated with firewall, router, web server and DHCP server and its because of all these being in one system that makes WFGS a very secure wireless security solution. When a user connects to the WFG, he/she receives a IP address form the DHCP serve .Then the web server ( HTTPS) asks for a user name and password and this is executed by the PHP ( Hypertext Preprocessor).Address spoofing and unauthorized networks are avoided by PHP as the DHCP logs are constantly compare with the current updated ARP(Address resolving power Protocol).This verifies that the computer that is connect to the network is using he the IP address that has been leased to it by the DHCP server .Then this information is passed on to the authentication server which in turn adds rules to this IP address .Up ne the expiration of the DHCP lease the sessions are terminated . The WFGS hence make the authentication and accountably pat f the network more reliable ,But as this is also an unencrypted method it lacks the most important accept of security.VII. WEP-WIRED EQUIVALENT PRIVACYThis protocol was written in accordance with the security requirements required for IEE 802.11 wireless LAN protocol .IT is qualified from the wired LAN system and hence the security and privacy provided by it is also equivalent to the security and privacy provided a wired LAN. finished its an optional part of wireless network security, it will give a considerably secure networking environment.T he algorithm used in WEP is known as the RC4(Rivest Cipher 4) .In this method a pseudo random number is generated using encryption primaevals of random lengths .This is then bound with the data spotlights using a OR(XOR) functionality in order t generate an encrypted data that is then send .Too look at in more in detail A. transmitter SideThe pseudo random number is generated using the 24 bit IV(initialization Vector ) given by the administrator network and also a 40 r 104 bit secret detect or WEP mention given by the wireless device itself. Which is then added together and passed on to theWEP PRNG (Pseudo Random Number reservoir).At the same time the plain text along with an integrity algorithms combined together to form ICV (integrity duty tour value) .The pseudo number and the ICV are then combined together to form a vigor text by sending them through an RC4.This cipher text is then again combined with IV to form the final encrypted message which is then send.Fig-2 WEP SE NDER SIDEB. Receiver SideIn the receiver side the message is decrypted in five steps .Firs the preshared key and the encrypted message are added together .The result is then passed through tho another(prenominal) PRNG .The resulting number is passed through an CR4 algorithm and this resulting in retrieving the plain text .This again combines with another integrity algorithm to form a new ICV which is then compared with the precedent ICV t check for integrity.Fig-3 WEP RECIEVER SIDEC. Brief Descriptionsa) Initialization Vector are basically random bit the size f which is generally 24 bits but it also depends on the encryption algorithm .This IV is also send to the receiver side as it is required for decrypting the data send .b) Preshared Key is more or less like a password .This is basically provided by the network administrator and is shared between the access point and all network usersc) Pseudo Random Number Generator This basically creating a unique secret key for each packet sends through the network. This is done by using some 5 to at most 13 characters in preshared key and also by using randomly taken characters from IV.d) ICV and Integrated Algorithm This is used to encrypt the plain text or data and also to create a check value which can be then compared y the receiver side when it generates its own ICV .This is done using CRC (Cyclic Redundancy Code) technique to create a checksum .For WEP, the CRC-32 of the CRC family is used.D. RC4 AlgorithmRC$ algorithm is not only proprietary to WEP .IT can also be called a random generator, stream cipher etc .Developed in RSA laboratories in 1987 , this algorithm uses synthetical functions to be specific XOR to add the key to the data .Figure 5 RC4 AlgorithmE. Drawbacks of WEPThere are many drawbacks associated with the WEP encryptions. There are also programs now available in the market which can easily hack through these encryption leaving the network using WEP vulnerable to malicious attacksSome of the pro blems faced by WEPWEP does not forbid counterfeit of packets.WEP does not prevent replay attacks. An attacker cans simply memorialize and replay packets as desired and they will be accepted as legitimateWEP uses RC4 improperly. The keys used are very weak, and can be brute-forced on standard computers in hours to minutes, using freely available software.WEP reuses initialization vectors. A variety of availableCryptanalytic methods can decrypt data without crafty the encryption keyWEP allows an attacker to undetectably modify a message without discriminating the encryption key.Key management is lack and updating is poor problem in the RC-4 algorithm.Easy forge of authentication messages.VIII. WPA -WIFI PROTECTED ACCESSWPA was developed by the WI-FI alliance to overcome most of the disadvantages of WEP. The advantage for the use is that they do not have t qualify the hardware when making the change from WEP to WPA.WPA protocol gives a more complex encryption when compared to TK IP and also with the MC in this it also helps to counter against bit flipping which are used by hackers in WEP by using a method known as hashing .The figure below shows the method WPA encryption.Figure 6 WAP Encryption Algorithm (TKIP)As seen it is almost as same as the WEP technique which has been heighten by using TKIP but a hash is also added before using the RC4 algorithm to generate the PRNG. This duplicates the IV and a copy this is send to the next step .Also the copy is added with the base key in order to generate another special key .This along with the hashed IV is used to generate the sequential key by the RC4.Then this also added to the data or plan text by using the XOR functionality .Then the final message is send and it is decrypted by using the inverse of this process.A. TKIP (Temporal Key Integrity Protocol)The confidentiality and integrity of the network is maintained in WPA by using improved data encryption using TKIP. This is achieved by using a hashing functio n algorithm and also an additional integrity feature to make sure that the message has not been tampered with The TKIP has about four new algorithms that do various security functionsa) MIC or Micheal This is a coding system which improves the integrity of the data transfer via WPA .MIC integrity code is basically 64bits long but is divided into 32 bits of gnomish Endean words or least significant bits for example let it be (K0 , K1) .This method is basically used to make that the data does not get forged .b) Countering Replay There is one particular kind of forgery that cannot me detected by MIC and this is called a replayed packet .Hackers do this by forging a particular packet and then sending it back at another instance of time .In this method each packet send by the network or system will have a order number attached to it .This is achieved by reusing the IV field .If the packet received at the receiver has an out of order or a smaller sequencing number as the packet received before this , it is considered as a reply and the packet is hence discarded by the system .c) Key mixing In WEP a secure key is generated by connecting end to end the base layer which is a 40 bit or 104 bit sequence obtained for the wireless device with the 24 bit IV number obtained from the administrator or the network. In the case of TKIP, the 24 bit base key is replaced by a temporary key which has a limited career time .It changes from one destination to another. This is can be explained in physical body one of the two phases in key mixing.In Phase I, the MAC address of the end system or the wireless router is mixed with the temporary base key .The temporary key hence keeps changing as the packet moves from one destination to another as MAC address for any router gateway or destination will be unique.In Phase II, the per packet sequence key is also encrypted by adding a small cipher using RC4 to it. This keeps the hacker from deciphering the IV or the per packet sequence numb er.d) Countering Key Collision Attacks or Rekeying This is basically providing fresh sequence of keys which can then be used by the TKIP algorithm .Temporal keys have already been mentioned which has a limited life time .The other two types f keys provided are the encryption keys and the captain keys .The profane keys are the ones which are used by the TKIP privacy and authentication algorithms .B. Advantages of WPAThe advantage of WPA over WEP can be clearly understood from the higher up descriptions .Summarising a fewa) Forgeries to the data are avoided by using MICb) WPA can actively avoid packet replay by the hacker by providing unique sequence number to each packets.c) Key mixing which generates temporal keys that change at every station and also per packet sequence key encryption.d) Rekeying which provides unique keys for that consumed by the various TKIP algorithms.IX. WPA2-WIFI PROTECTED ACCESS 2WPA 2 is the as the name suggests is a modified form of WPA in which Michea l has be replaced with AES based algorithm known as CCMP instead of TKIP .WPA can operate in two modes one is the crime syndicate mode and he enterprise mode .In the home mode all he users are requires to use a 64 bit pass phrase when accessing the network. This is the dissever encryption used in wireless routers used at home or even in very small offices. The home version has the same problems which are faced by users of WEP and the original WPA security protocol.The enterprise version is of course for used by larger organisation where security of the network is too valuable to be compromised .This is based on 802.1X wireless architecture , authentication framework know as r and the another authentication protocol from the EAP ( Extensible corroboration Protocol ) Family which is EAP-TLS and also a secure key .A. 802.1XFigure 7 802.1X trademark ProtocolIn order to understand the security protocols used in WPA2 it is important know a little bit about the 802.1X architecture for authentication. This was developed in order to overcome many security issues in 802.11b protocol. It provides much better security for transmission of data and its key strength is of course authentication There are three important entities in 802.1x protocol which is the client, valuator and authentication.a) Client is the STA(station) in a wireless area network which is trying to access the network ,This station could be fixed , portable or even mobile. It of course requires client software which helps it connect to the network.b) Authenticator This is yet another name given to an AP (Access Point).This AP receives the signal from the client and send it over to the network which the client requires connection from There are two move to the AP i.e. the non control port and the control port which is more of a logical partitioning than an actual partition..The non control port receives the signal and check its authentication to see if the particular client is allowed to connect to the network .If the authentication is O.K. the control port of the AP is opened for the client to connect with the network.c) authentication wheel spoke (Remote Authentication Dial in User Service) server .This has its own user database table which gives the user that has access to the he network, this makes it easier for the APs as user information database need not be stored in the AP .The authentication in RADIUS is more user based than device based .RADIUS makes the security system more scalable and manageable.Figure 8 EAP/RADIUS Message rallyB. EAP (Extended Authentication Protocol)The key management protocol used in WAP2 is the EAP (Extended Authentication Protocol).It can also be called as EAPOW (EAP over wireless).Since there are many versions of this protocols in the EAP family it will advisable to choose the EAP protocol which is very best suited for that particular network .The diagram and the steps pursuance it will describe how a suitable EAP can be selected for th at network a) Step1 By checking the previous communication records of the node using a network analyser program, it can be easily detected if any malicious or considerably compromising packets has been send to other nodes or received from to her nodes to this node .b) Step 2 By checking the previous logs for the authentication protocols used, the most commonly used authentication protocol used and the most self-made authentication protocol can be understood.Figure 9 EAP Authentication with Method Selection Mechanismc) Step 3 The specifications of the node itself have to be understood such as the operating system used the hardware software even the certificate availability of the node.After all this has been examined the following steps can be run in order to determine and execute the most suitable EAP authentication protocol1. kick the bucket2. if (communication_record available) then read communication_record if(any_suspicious_packets_from_the_other_node) then abort authenticatio n go to 5 else if (authentication record available) then read authentication record if (successful authentication available) then read current_node_resources if (current_node_resources fall out with last_successful_method) then method = last_successful_method go to 4elseif (current_node_resources comply withmost_successful_method) then method = most_successful_method go to 4 else go to 3 else go to 3 else go to 3 else go to 33. read current_node_resources execute method_selection(current_node_resources)4. execute authentication_process5.EndX. RSN-ROBUST SECURITY NETWORKSRSN was developed with reference to IEEE 802.11i wireless protocol .This connection can provide security from very moderate level to high level encryption schemes .The main entities of a 802.11i is same as that of 802.1x protocol which is the STA (Client), AP and the AS (authentication server).RSN uses TKIP or CCMP is used for confidentiality and integrity protection of the data while EAP is used as the authenticati on protocol.RSN is a link layer security i.e it provides encryption from one wireless station to its AP to from one wireless station to another..It does not provided end to end security IT can only be used for wireless networks and in the case of hybrid networks only the wireless part of the network .The following are the features of secure network that are supported by RSN ( WRITE REFERENCE NUMBER HERE) a) Enhanced user authentication instrumentsb) Cryptographic key managementc) Data Confidentialityd) Data melodic line and Authentication Integritye) Replay Protection.A. Phases of RSNRSN protocol functioning can be divided in the five distinct phases .The figure as well as the steps will describe the phases in briefa) discovery Phase This can also be called as Network and Security Capability discovery of the AP.In this phase the AP advertises that it uses IEE 802.11i security policy .An STA which wishes to communicate to a WLAN using this protocol will up n receiving this publici zing communicate with the AP .The AP gives an option to the STA on the cipher suite and authentication mechanism it wishes to use during the communication with the wireless network.Figure 9 Security States of RSNb) Authentication Phase Also known as Authentication and Association Phase .In the authentication phase, the AP uses its non control part to check the authentication proved by the STA with the AS .Any other data other than the authentication data is impede by the AP until the AS return with the message that the authentication provided by the STA is valid .During this phase the client has no direct connection with the RADIUS server .c) Key Generation and Distribution During this phase cryptographic keys are generated by both the AP and the STA. Communication only takes place between the AP and STA during this phase.d) Protected Data Transfer Phase This phase as the name suggest is during which data is transferred through and from the STA that initiated .the connection throug h the AP to the STA on the other end of the network.e) link Termination Phase Again as the name suggests the data transfer is purely between the AP and the STA to tear down the connection