“WiFi Technology: Security Aspects regarding Networking”

Khan Asif Ahmed ¹, Anita B. Dube ², C. H. Sawarkar ³

1 aasifnasim@gmail.com, 2 abdube@gmail.com, chsawarkar@gmail.com

Department of Computer Science & IT Shri Shivaji College of Arts Commerce & Science, Akola

ABSTRACT:

Wi-Fi (Wireless Fidelity) is one of today’s leading wireless technologies, with Wi-Fi support being integrated into more and more devices: laptops, PDAs, mobile phones. However, one configuration aspect all too often goes unnoticed: security. Let's have a closer look at the level of security of encryption methods used in modern Wi-Fi implementations.

INTRODUCTION:

What is WiFi?

The IEEE standard that governs Wi-Fi technology is IEEE 802.11; that standard has gone through several generations since its inception in 1997.

The IEEE sets standards for a range of technological protocols, and it uses a numbering system to classify these standards

“A wireless network uses radio waves, just like cell phones, televisions and radios do. In fact, communication across a wireless network is a lot like two-way radio communication”.

Here's what happens:

1. A computer's wireless adapter translates data into a radio signal and transmits it using an antenna.

2. A wireless router receives the signal and decodes it. The router sends the information to the Internet using a physical, wired Ethernet connection.

· WIRELESS STANDARDS:

Wireless networking uses a range of standards -- the rules that routers and receivers use to communicate with each other. Most common are:

· 802.11a - 54 Mbps data rate in the 5 GHz band of the radio spectrum

· 802.11b - 11 Mbps, 2.4 GHz

· 802.11g - 54 Mbps, 2.4 GHz

· 802.11e - 54 Mbps, 2.4 GHz, with quality of service (QoS) protocols, which should improve VoIP and streaming media quality

A separate standard, 802.16 (or WiMAX), transmits at 70 Mbps and has a range of up to 30 miles. It can operate in licensed or an unlicensed band of the spectrum from 2 to 6 GHz. WiMAX typically links multiple 802.11 networks or sends Internet data over long distances.

WEP

Network security:

The main issue with wireless network security is its simplified access to the network compared to traditional wired networks such as Ethernet. With wired networking it is necessary to get past either gain access to a building, physically connecting into the internal network or break through an external firewall. With wireless it is necessary only to get reception and spend as long as you want snooping without alerting the network owner. Most business networks protect sensitive data and systems by attempting to disallow external access. Thus being able to get wireless reception (and thus possibly break the encryption) becomes an attack vector on the network as well.

Attackers who have gained access to a Wi-Fi network can use DNS spoofing attacks very effectively against any other user of the network, because they can see the DNS requests made, and often respond with a spoofed answer before the queried DNS server has a chance to reply.

SECURITY:

Security is an important part of a home wireless network, as well as public WiFi hotspots. If you set your router to create an open hotspot, anyone who has a wireless card will be able to use your signal. Most people would rather keep strangers out of their network, though. Doing so requires you to take a few security precautions.

The Wired Equivalency Privacy (WEP) security measure was once the standard for WAN security. The idea behind WEP was to create a wireless security platform that would make any wireless network as secure as a traditional wired network. But hackers discovered vulnerabilities in the WEP approach, and today it's easy to find applications and programs that can compromise a WAN running WEP security.

· Securing methods:

Two common, but unproductive, measures to deter unauthorized users include suppressing the AP's SSID broadcast, allowing only computers with known MAC addresses to join the network, and various encryption standards. Suppressed SSID and MAC filtering are ineffective security methods as the SSID is broadcast in the open in response to a client SSID query and a MAC address can easily be spoofed. If the eavesdropper has the ability to change his MAC address, then he can potentially join the network by spoofing an authorized address.

· WPA (WiFi Protected Access):

To counteract this in 2002, the Wi-Fi Alliance blessed Wi-Fi Protected Access (WPA) which uses TKIP as a stopgap solution for legacy equipment. Though more secure than WEP, it has outlived its designed lifetime, has known attack vectors and is no longer recommended.

In 2004 the full IEEE 802.11i (WPA2) encryption standards were released. If used with an 802.1X server or in pre-shared key mode with a strong and uncommon pass phrase WPA2 is still considered secure, as of 2009^[update].

· Piggybacking:

During the early popular adoption of 802.11, providing open access points for anyone within range to use was encouraged to cultivate wireless community networks; particularly since people on average use only a fraction of their upstream bandwidth at any given time.

Recreational logging and mapping of other people's access points has become known as war driving. It is also common for people to use open (unencrypted) Wi-Fi networks as a free service, termed piggybacking. Indeed, many access points are intentionally installed without security turned on so that they can be used as a free service. These activities do not result in sanctions in most jurisdictions; however legislation and case law differ considerably across the world. A proposal to leave graffiti describing available services was called war chalking. In a Florida court case, owner laziness was determined not to be a valid excuse.

Piggybacking is often unintentional. Most access points are configured without encryption by default, and operating systems such as Windows XP SP2 and Mac OS X may be configured to automatically connect to any available wireless network. A user who happens to start up a laptop in the vicinity of an access point may find the computer has joined the network without any visible indication. Moreover, a user intending to join one network may instead end up on another one if the latter's signal is stronger. In combination with automatic discovery of other network resources (see DHCP and Zeroconf) this could possibly lead wireless users to send sensitive data to the wrong middle man when seeking a destination (see Man-in-the-middle attack). For example, a user could inadvertently use an insecure network to login to a website, thereby making the login credentials available to anyone listening, if the website is using an insecure protocol like HTTP, rather than a secure protocol like HTTPS.

PROCESS:

The process also works in reverse, with the router receiving information from the Internet, translating it into a radio signal and sending it to the computer's wireless adapter.

The radios used for WiFi communication are very similar to the radios used for walkie-talkies, cell phones and other devices. They can transmit and receive radio waves, and they can convert 1s and 0s into radio waves and convert the radio waves back into 1s and 0s. But WiFi radios have a few notable differences from other radios:

· They transmit at frequencies of 2.4 GHz or 5 GHz. This frequency is considerably higher than the frequencies used for cell phones, walkie-talkies and televisions. The higher frequency allows the signal to carry more data.

· They use 802.11 networking standards, which come in several flavors:

· 802.11a transmits at 5 GHz and can move up to 54 megabits of data per second. It also uses orthogonal frequency-division multiplexing (OFDM), a more efficient coding technique that splits that radio signals into several sub-signals before they reach a receiver. This greatly reduces interference.

· 802.11b is the slowest and least expensive standard. For a while, its cost made it popular, but now it's becoming less common as faster standards become less expensive. 802.11b transmits in the 2.4 GHz frequency band of the radio spectrum. It can handle up to 11 megabits of data per second, and it uses complementary code keying (CCK) modulation to improve speeds.

· 802.11g transmits at 2.4 GHz like 802.11b, but it's a lot faster -- it can handle up to 54 megabits of data per second. 802.11g is faster because it uses the same OFDM coding as 802.11a.

· 802.11n is the newest standard that is widely available. This standard significantly improves speed and range. For instance, although 802.11g theoretically moves 54 megabits of data per second, it only achieves real-world speeds of about 24 megabits of data per second because of network congestion. 802.11n, however, reportedly can achieve speeds as high as 140 megabits per second. The standard is currently in draft form -- the Institute of Electrical and Electronics Engineers (IEEE) plans to formally ratify 802.11n by the end of 2009.

· WiFi radios can transmit on any of three frequency bands. Or, they can "frequency hop" rapidly between the different bands. Frequency hopping helps reduce interference and lets multiple devices use the same wireless connection simultaneously.

Wireless Basics:

The early days of home Internet access required using a modem connected to a computer to dial a number and maintain a connection. It was cumbersome and slow. The faster modems became, the more people realized how painfully sluggish data transmission had been in the days of 300 baud. Eventually, home users who could afford a jump in price could get broadband access via digital subscriber lines (DSL), cable and satellite.

Wireless networking or Wi-Fi has changed all that. Wireless networks use 802.11 networking standards to allow devices to communicate. In a WiFi network, data travels from place to place via radio waves. You still have to physically connect a wireless router to a modem, but you can move your computer from place to place.

802.11 networking uses the unlicensed radio spectrum to send and receive data. Many other parts of the spectrum, such as the bands that carry radio and TV signals, require a license to use. The unlicensed spectrum is accessible to anyone who has the right equipment. In the case of wireless computer networking, that's a wireless router and wireless technology in the device you're using.

PRECAUTIONS:

· WiFi Protected Access (WPA) is a step up from WEP and is now part of the 802.11i wireless network security protocol. It uses temporal key integrity protocol (TKIP) encryption. As with WEP, WPA security involves signing on with a password. Most public hotspots are either open or use WPA or 128-bit WEP technology, though some still use the vulnerable WEP approach.

· Media Access Control (MAC) address filtering is a little different from WEP or WPA. It doesn't use a password to authenticate users -- it uses a computer's physical hardware. Each computer has its own unique MAC address. MAC address filtering allows only machines with specific MAC addresses to access the network. You must specify which addresses are allowed when you set up your router. This method is very secure, but if you buy a new computer or if visitors to your home want to use your network, you'll need to add the new machines' MAC addresses to the list of approved addresses. The system isn't foolproof.

· Adding extra security: Setting up a Firewall once this is set up and tested, you can add extra firewall rules using whatever firewall tool is included in your distribution. Some typical front-ends for setting up firewall rules include:

ü firestarter - a graphical client for Gnome, which requires that your server is running Gnome

ü knetfilter – a graphical client for KDE, which requires that your server is running KDE

ü Shorewall – a set of scripts and configuration files that will make it easier to setup an iptables firewall. There are also frontends for shorewall, such as webmin-shorewall

ü fwbuilder - a powerful, but slightly complex graphical tool that will let you create iptables scripts on a machine separate from your server, and then transfer them to the server later. This does not require you to be running a graphical desktop on the server, and is a strong option for the security conscious. Once everything is configured properly, make sure that all settings are reflected in the system startup scripts. This way, your changes will continue to work should the machine need to be rebooted.

CONCLUSION:

There’s an old saying that the only way to completely secure a computer is to unplug it, lock it in a safe, destroy the key, and bury the whole thing in concrete. While such a system might be completely “secure”, it is useless for communication.