WIRELESS NETWORK
SECURITY
Presented by
Dr. G. Fathima
Prof & Head
Dept. of CSE
Adhiyamaan College of Engineering,
Hosur

AGENDA
• Security Requirements
• Wireless Network Threats
• Wireless Security Measures
• Wireless LAN Security

Security Requirements
• Authentication
• Confidentiality
• Integrity
• Non-repudiation
• Availability
• Detection and Isolation

Security Requirements
• Authentication: A node must know the
identity of the peer node it is
communicating with.
• Confidentiality: Ensures certain
information is never disclosed to
unauthorized entities.
• Integrity: Message being transmitted is
never corrupted.

Contd..
• Non-Repudiation: The sender cannot later
deny sending the information and the
receiver cannot deny the reception.
• Availability: Nodes should be available for
communication at all times. A node need
continue to provide services despite attacks.
• Detection and Isolation: Require the protocol
can identify misbehaving nodes and render
them unable to interfere with routing.

WIRELESS NETWORKS
• # wireless (mobile) phone subscribers now
exceeds # wired phone subscribers (5-to-1)!
• # wireless Internet-connected devices equals
# wireline Internet-connected devices
– laptops, Internet-enabled phones promise anytime
untethered Internet access
• two important (but different) challenges
– wireless: communication over wireless link
– mobility: handling the mobile user who changes
point of attachment to network

WIRELESS DEMAND
• Wireless nodes will soon dominate the
Internet.
• Currently ~1B nodes, including wireline.

infrastructure mode
 base station connects
mobiles into wired
network
 handoff: mobile
changes base station
due to device mobility
Elements of a wireless network
network
infrastructure

ad hoc mode
 no base stations
 nodes can only
transmit to other
nodes within link
coverage
 nodes organize
themselves into a
network: route
among themselves
Elements of a wireless network

Wireless Security Overview
• concerns for wireless security are similar
to those found in a wired environment
• security requirements are the same:
confidentiality, integrity, availability,
authenticity, accountability
• most significant source of risk is the
underlying communications medium

Wireless Networks Security –
Key Factors
• Key factors contributing to higher security risk of wireless
networks compared to wired networks include:
–Channel
• Wireless networking typically involves
broadcast communications, which is far
more susceptible to eavesdropping and
jamming than wired networks
–Mobility
• Wireless devices are far more portable
and mobile, thus resulting in a number
of risks

Wireless Networks Security –
Key Factors
– Resources
• Some wireless devices, such as smartphones and
tablets, have sophisticated operating systems but
limited memory and processing resources with which
to counter threats, including denial of service and
malware
– Accessibility
• Some wireless devices, such as sensors and robots,
may be left unattended in remote and/or hostile
locations, thus greatly increasing their vulnerability
to physical attacks

Wireless Network Threats
accidental
association
malicious
association
ad hoc
networks
nontraditional
networks
identity theft
(MAC
spoofing)
man-in-the
middle attacks
denial of
service (DoS)
network
injection

Wireless Security Techniques
use encryption
use anti-virus and
anti-spyware
software and a
firewall
turn off identifier
broadcasting
change the
identifier on your
router from the
default
change your
router’s pre-set
password for
administration
allow only specific
computers to
access your
wireless network

Securing Wireless Access Points
• main threat involving wireless access points is
unauthorized access to the network
• principal approach for preventing such access is
the IEEE 802.1X standard for port-based network
access control
– provides an authentication mechanism for
devices wishing to attach to a LAN or wireless
network
• use of 802.1X can prevent rogue access points and
other unauthorized devices from becoming
insecure backdoors

Securing Wireless Transmissions
countermeasures for eavesdropping:
signal-hiding techniques
• turning off service set identifier (SSID) broadcasted by wireless
access points;
• assigning cryptic names to SSIDs
• reducing signal strength to the lowest level that still provides
requisite coverage;
• use of directional antennas and of signal-shielding techniques.
encryption
• the use of encryption and authentication protocols is the standard
method of countering attempts to alter or insert transmissions
• Cryptographic algorithms

Wireless LAN
• IEEE 802 committee for LAN standards formed
new working group for Wireless LAN
• IEEE 802.11 formed in 1990’s
– charter to develop a protocol & transmission
specifications for wireless LANs (WLANs)
• since then demand for WLANs, at different
frequencies and data rates, has exploded, ever-
expanding list of standards has been issued

Wireless Fidelity (Wi-Fi) Alliance
• 802.11b
– first 802.11 standard to gain broad industry
acceptance
• Wireless Ethernet Compatibility Alliance
(WECA)
– industry consortium formed in 1999 to address the
concern of products from different vendors
successfully interoperating
– later renamed the Wi-Fi Alliance
• created a test suite to certify interoperability
• Certification was initially for 802.11b, later
extended to 802.11g
• Certified 802.11b products are called as Wi-Fi

IEEE 802 Protocol Architecture

IEEE 802.11 Network Components

IEEE 802.11 Terminology

802.11 Wireless LAN Security
• original 802.11 spec had security features
• Wired Equivalent Privacy (WEP) algorithm
• but found this contained major weaknesses
– 802.11i task group developed capabilities to address
WLAN security issues
– Wi-Fi Alliance developed certification procedures for
IEEEE 802.11 security standards called as Wi-Fi
Protected Access (WPA)
– final form 802.11i standard -Robust Security Network
(RSN)
– Recent version of WPA is WPA2 – incorporates all
security features of IEEE802.11i WLAN security
specification

IEEE 802.11 Services

802.11i RSN Services and Protocols
TKIP – Temporal Key Integrity Protocol
CCMP – Counter Mode with Cipher Block Chaining MAC
Protocol

802.11i RSN Cryptographic Algorithms

802.11i Phases of Operation

Phases of Operation
• Discovery: An AP uses messages called Beacons and
Probe Responses to advertise its IEEE 802.11i security
policy. The STA uses these to identify an AP for a WLAN
with which it wishes to communicate. The STA associates
with the AP, which it uses to select the cipher suite and
authentication mechanism when the Beacons and Probe
Responses present a choice.
• Authentication: During this phase, the STA and AS
prove their identities to each other. The AP blocks non-
authentication traffic between the STA and AS until the
authentication transaction is successful. The AP does not
participate in the authentication transaction other than
forwarding traffic between the STA and AS.
•

Phases of Operation
• Key generation and distribution: The AP and the STA
perform several operations that cause cryptographic keys to
be generated and placed on the AP and the STA. Frames are
exchanged between the AP and STA only
• Protected data transfer: Frames are exchanged
between the STA and the end station through the AP. As
denoted by the shading and the encryption module icon,
secure data transfer occurs between the STA and the AP
only; security is not provided end-to-end.
• Connection termination: The AP and STA exchange
frames. During this phase, the secure connection is torn
down and the connection is restored to the original state.

?
Thank You