Individual Research Paper submitted for the course- Wireless LANs

1. Measures for Improving Wireless Security Needs of Enterprise Corporate-based
Users as Compared to Home-based Users
Shruti Sreenivasa Reddy
University of Colorado, Boulder
sreeniva@colorado.edu
Abstract made on the current security issues of both corporate and
home-based users. Further, recommendations will be
Wireless LANs are being deployed ubiquitously. They are provided for improving the security of corporate-based
finding their way into a wide variety of markets. Most of users as well as home-based users.
these deployments are, unfortunately, not secure. The
security needs for a home-based environment is different 2. Background
from the corporate environment. The proposed study for
this paper is to find better encryption techniques for 2.1 Security threats and attacks
corporate retailers as opposed to the basic home security
required for Wireless LANs, and to address the security The different security threats or attacks and the tools
problem being faced by the enterprise users. used to cause these attacks are listed below:
Encryption attacks are those in which the encryption
1. Introduction key is intercepted and recovered by actively monitoring
the network traffic. AirSnort is a tool available on the
Wireless LANs use radio waves as means of internet as an open source which can assist in an
transmitting information over air. Air space does not have encryption attack. AirSnort works on both Windows and
any boundary that limits these radio signals. These signals Linux Operating Systems [2], [5].
are not confined to a building and can travel through WepAttack is another WLAN open source Linux tool
doors and windows. Therefore, making it easy for person which aids active encryption attacks. This tool uses
to access the services of the network or listen to the data dictionary attack, which tests every possibility in the
travelling through the network. dictionary to arrive at the right encryption key. Another
It is very important for retailers to avoid intelligent type of attack is the brute force attack which guesses the
hackers from stealing information from their network. encryption key based on the most probable letters or
Retailers have vital personal information of their symbols that can be used. [5], [1].
customers such as their credit card information, addresses, The security of network could also be attacked by
phone numbers, etc. Wireless networks are very easy to denying a legitimate user access to the network. This kind
hack into as compared to a wired network as the attacker of attack is known as Denial of service attack. By
does not have to break into any building or find a cable to passively monitoring the traffic and obtaining the client
access information. information, the attacker can pretend to be the client and
It takes the attackers several hours to obtain access deny the rightful user access to the network resources [1].
into a wireless network by using different tools that are Another possible security leak would be Insertion
available easily on the internet. The method of driving attacks with the use of soft access points, where a station
around with a laptop installed with software and looking functions as an access point by using the SSID of the
for wireless networks is known as Wardriving [2]. There network. [1] This can be done using a tool called FakeAP,
are many such Wardriving tools that are operating system- which works on Linux, or RawAP. This confuses tools
specific or support only certain wireless card-types. such as Netstumbler, Wi-Fi scanner, etc. that are used
Wardriving tools are used to attack a wireless network monitor wireless traffic [5].
in several ways. These tools are easily available and can Security breaches could also happen due to
be downloaded from the internet. To make a network Misconfiguration of access points and client software.
immune to these kinds of attacks various encryption These access points are a loop hole in the network. [1]
techniques are used. They are also known as “Rogue” access points, which
This paper will discuss how a wireless LAN can be give access to internal network for hackers. Most secure
attacked and how these attacks can be prevented by using wireless LANs are known to be prone to attacks due to
different encryption techniques. A comparison will be wrong configuration of the access points [4].

2. Man-in-middle attacks occur when the hacker is able to when it is transmitted. TKIP also uses message integrity
access the data being transferred between two stations check (MIC or Michael) this helps prevent an injection
with each of the stations being unaware of the hacker’s attack [1].
presence. The hacker can modify the information or not IEEE 802.11i: This standard implements stronger security
transmit the information at all to the other station. [1] techniques. The main purpose of this standard is to define
a Robust Security Network (RSN) [8]. According to [1],
2.2 Encryption techniques “...RSN dynamically negotiates the authentication and
encryption algorithms to be used for communications
WEP (Wireless Equivalent Privacy): This encryption is between wireless access point and wireless clients. This
used by 802.11b networks. It is the first encryption means that as new threats are discovered, new algorithms
protocol used for wireless networks. The algorithm used can be added...” The algorithm used for encryption in
by WEP for encryption is RC4. WEP uses a shared secret 802.11i is AES (Advanced Encryption Standard). AES
key, which is known to the wireless station and the access uses key-length up to 128-bits. It uses two methods of
point. The RC4 algorithm is a stream cipher that generates encryption techniques, counter mode and CBC-MAC
pseudorandom stream of bits. The purpose of RC4 (Cipher Block Chaining Message Authentication Code).
algorithm is to prevent hackers from altering the The authors of [1] affirm that, “...The counter mode uses
information that is being transmitted, therefore before a an arbitrary number that changes with each block of text,
data packet is transmitted, a checksum is computed and making it difficult for an eavesdropper to spot a pattern.
WEP concatenates the data with the key stream using The CBC-MAC protocol is a message integrity method,
exclusive-or (XOR) [1]. which ensures that none of the plaintext bits that were
This algorithm was discovered to be vulnerable in used in the encryption were changed...”
2001. By sniffing the network for a few hours and
observing a few thousands of packets, a hacker could use 3. Current security scenario for home users
an XOR function to mathematically link two packets of a
session that have the same RC4 keys and recover the key. Most home users do not use any security measures as
Another weakness of WEP is that it does not use any key the home user is usually a common man with little or no
management [1]. computer knowledge. These users find it difficult to set up
WPA (Wi-Fi Protected Access): to overcome the flaws an 802.11 network with security. The home users are less
of WEP, WPA was created by Wi-Fi Alliance. WPA uses prone to an attack. It will take several hours for a hacker
more powerful encryption techniques than WEP. WPA to break the encryption key (if being used) and will obtain
works in two modes, enterprise and personal mode. personal data of one person, whereas the same amount of
Enterprise mode uses a separate authentication server such time spent on a retail store will fetch him personal data of
as Remote Access Dial-In-User Service (RADIUS) that millions of customers [1]. This does not mean that they
checks if the information is correct [6]. The personal will not be attacked. The home users need to use basic
mode (or consumer mode) uses a combination of Pre- encryption techniques like WEP protocol.
Shared Keys (PSK). WPA-PSK is easy to implement but
uses one common key between many devices. A hacker 3.1 Recommendations for improving security of
can disrupt the entire network, if the key is stolen, until home users
the key is changed at every AP and data terminal [1], [3].
In [1] the authors state that, “...The current standard The home users need to enable the security settings
for wireless security, Wi-Fi Protected Access 2 (WPA2), offered by their devices. While enabling these settings, the
was introduced in September 2004. The IEEE 802.11i SSID should not reveal the location or any other important
standard WPA2, addresses three main security areas: information of the user [1].
authentication, key management, and data transfer It would be best for the home users to use the WPA-
privacy. WPA2 uses the Advanced Encryption Standard PSK encryption because the key is shared only among few
(AES) for data encryption and is backward compatible users as compared to thousands employees in an
with WPA…” enterprise. WPA-PSK is not free from brute force attack.
EAP (Extensible Authentication Protocol): is used to Though, WPA-PSK was originally deployed for home
authenticate data between the RADIUS server and the users it used by SOHO (Small Office Home Office) users
access point [1]. Wireless LANs uses the IEEE 802.1x because of its simplicity and easy deployment [1]. The
standard along with EAP over LAN (EAPoL) [6]. key needs to be changed frequently to prevent brute force
TKIP (Temporal Key Integrity Protocol): This protocol attack.
was essentially used to make WEP more secure. The The SSID is automatically broadcasted to all users in
temporal keys used in TKIP are rotated and every packet the range of the wireless network. Another way to prevent
in TKIP has a 48-bit serial number that is incremented

3. casual users from using your wireless network would be to 83 percent reported a monetary loss. Any wireless device
disable the broadcast of the SSID. This may look or unauthorized access point creates an on-ramp to the
complicated for an average user who is not comfortable entire wireless and wired networks. Unless properly
using complex software. Designing of easier software configured, secured and monitored, these wireless devices
where security settings are easily accessible will allow the and networks are dangerous to the entire organization...”
user to utilize these security options more easily [1]. [4]. Most of the retailers use just WEP for encryption,
There are some new protocols that work specifically which has resulted in monetary loss, the most recent and
home users. This uses a combination of password popular security fiasco was that of TJ Maxx’s data breach,
protection as well as MAC address authentication along which resulted in 45.7 million credit and debit card data
with a certification [7]. The protocol uses the MAC being stolen [3]. According to the Wall Street Journal, the
addresses of the authenticated users and assigns a new hackers who worked in a group tapped data from a hand-
password to the users. The MAC address table manages held equipment that was used to maintain the inventory.
the number of authenticated users [7]. These equipments were used to communicate with the
Placing of an access point strategically would help cash registers and house-keeping data in the store [3].
reduce the probability of an attack. Access point should be
placed in the center of the building and away from 4.1 Recommendations for improving security of
windows and doors [9]. retailers
4. Current security scenario of retailers The retailers should consider using better encryption
techniques to improve their security and not rely on WEP
The retailers need more security than just a WEP for encryption. It is advised to use stronger encryption
encryption. The weak links in security leads to potential techniques such as EAPoL that uses RADIUS, an
damage to the company. A data breach would cost the authentication server.
company not only in dollars but will also cause brand To improve the security, it is recommended that they
damage. Though the advantages of using wireless are use suggestions provided for home users in addition to the
tremendous, it has numerous security issues which cannot recommendations that follow.
be resolved by mere use of firewalls and VPN-based The deployment of a central controller along with the
solutions. A typical retailers’ network is as shown in use of wireless policies would be help maintain the
Figure 1. number of devices connected to the network and would
reduce the attacks through rogue devices. The wireless
policy of Information Technology Services (ITS) of
University of Colorado, Boulder, affirms that ITS will be
responsible for the deployment of all the access points in
the university. All devices that access the university’s
wireless network should be registered. This controls rogue
devices from accessing important information, like student
data, from the network [8].
Numerous devices may enter or leave the network in an
enterprise. The use of wireless intrusion and detection
techniques will help curb suspicious activity in a network.
The air traffic should therefore, be continuously
monitored for rogue devices. The use of an analyzer will
help identify all the wireless devices that are being used in
the network [3], [4].
Physical access to wireless access points, gateways and
hand-held devices should be restricted [3]. Another
Figure 1: Typical retail store network and its wireless suggestion would be to place the firewall inside the access
vulnerabilities. From [3] point and installing antivirus software and regularly
updating the version of software used [9].
With the advent of intelligent hackers, it is very Using a directional antenna for the access points would
important to secure customers personal information. help in directing the radio waves to the authenticate users.
According a white paper by AirDefense, “…According to Further, reducing the signal strength of the antenna will
a November, 2003 survey by PricewaterhouseCoopers, 46 prevent the leakage of the signal outside the building.
percent of companies and agencies who have wireless Figure 2 shows how good antenna design will help
networks have been victims of a security breach. Of these,

4. improve the coverage and prevent rogues devices from 6. References
accessing signals that carry secure information [9].
[1] C. Maple, H. Jacobs, M. Reeve, “Choosing the right
wireless LAN security protocol for the home and business user”
Availability, Reliability and Security, 2006. ARES 2006. The
First International Conference on 20-22 April 2006 Page(s):8
pp.
[2] Z. Tao, A. B. Ruighaver, “Wireless Intrusion Detection:
Not as easy as Traditional network intrusion detection”
TENCON 2005 2005, IEEE Region 10 Nov. 2005
Page(s): 1-5
[3] “Preventing Wireless Data Breaches in Retail”, white
paper, AirDefense, Inc., 2002-2007
[4] “Wireless LANs: Is My Enterprise At Risk?” ”, white
Figure 2: Antenna design considerations. From [9] paper, AirDefense, Inc., 2002-2006
5. Conclusion and Future work [5] “Wireless LAN – Tools”, ForInSect, undated.
http://www.forinsect.de/wlan/wlan-tools.html
Securing and preserving your personal information is
[6] Benny Bing, “Emerging Technologies in Wireless LANs-
essential. A network requires basic security despite the
Theory, Design and Deployment”, Cambridge University Press,
location of its deployment and its usage. With the use of New York, 2008
proper software and tools many attacks can be prevented.
The future of wireless security looks bright, with new [7] Lee Ju-A, Kim Jae-Hyun, Park Jun-Hee, Moon Kyung-
standards like IEEE 802.11i and 802.11w which will Duk, “A Secure Wireless LAN Access Technique for Home
enhance the security in wireless networks. Network”, Vehicular Technology Conference, 2006. IEEE 63rd
However, there are some issues which can be further Volume 2, 7-10 May 2006 Page(s):818 – 822
researched upon. Some of these are as follows:
[8] “Wireless Deployment and Management Policy”,
For a retailers’ wireless security to be foolproof, apart
undated.
from the technology it will an effective wireless access http://www.colorado.edu/its/docs/policies/wireless.html
policy. What would be the competent way of defining a
wireless access policy? If there are extensions in the [9] “Wireless 802.11 LAN Security: Understanding the Key
company, should the wireless access policy be re-stated? Issues”, white paper, Systems experts, 2002,
The current standard 802.11i uses AES as a linear http://www.systemexperts.com/tutors/wireless-issues.pdf
encryption algorithm. A non-linear algorithm will be more
effective as it will be tricky for hackers to decrypt the
message Will developing a non-linear encryption
algorithm improve the security needs of the network? Will
this solution require complex computations and will it be
cost effective?
As stated in the recommendations, it would help the
users if new easy-to-use software was designed for
security settings in a home network. The easy-to-use
software along with intrusion-detection mechanism a
home user can identify when the network suffers an attack.
Retailers can further improve on their security
measures by using custom made access points. The
companies that manufacture access points that have
specific antenna designs in accordance with the retail store
building to prevent leakage of signals.