CHAPTER FIVE

Security in Wireless Communication

Security in Wireless Communication

Main Contents
●
The Need for wireless network security
●
Security threats in wireless networks
●
Wireless Security management Protocols
●
WAP, WEP and WPA2
●
Virtual private network (VPN)
The Need for wireless network security
●
What is Security –  any activity designed to protect the usability and
integrity of a network system and data. It includes both hardware and
software technologies.
●
The issue of security in a wireless networks is critical as the medium is an
open and very venerable to security threats
●
Security professionals spend more time on protecting their system and make
the following determinations:
1) Who will have access to data?
2) What resources will users have access to?
3) When will users access resources?
●
Decisions depend on the organization we are serving, because some
resources can be trusted more than others.
The Need for wireless network security..(Con’t)
●
Wireless Communication system are becoming more widely
recognized as a general-purpose connectivity alternative for a
broad range of business customers.
●
But insecure and the data sent over the them can be easily broken
and compromised.
●
Any computer network, wireless or Wire-line, is subject to
substantial security risks, mainly
1) Threats to the physical security
2) Privacy
3) Unauthorized access by unwanted parties
The Need for wireless network security (Cont’d)
Why we need security ?
●
There must be Strong level of security in any Communication
system, especially in Wireless network/system. because data carried
in the networks are sensitive, especially on the networks of financial
institutions and banks and e-commerce, e-government, and military
networks. → Confidentiality and Privacy!
●
The security issue in wireless networks is much more critical than in
wired networks, because data sent on a wireless system is quite
literally broadcast for the entire computing entity to hear.
●
Generally, we need security to ensure ”SECURITY OBJECTIVES”
The Need for wireless network security (Cont’d)
When performing security tasks, security professionals try to protect
their environments as effectively as possible to maintain CIA
1) Confidentiality: Ensure that no data is disclosed(make known)
intentionally or unintentionally.
2) Integrity: Make sure that:
->No data is modified by unauthorized personnel,
->No unauthorized changes are made by authorized personnel, and
->The data remains consistent, both internally and externally.
3) Availability: Provide reliable and timely access to data and
resources.
Security attacks in Wireless Network
•
Security attacks :An attempt to gain unauthorized access
of computing assets of an entity with the objective of stealing
data or perform other malicious activity.
Security attacks in Wireless Network ..(Cont’d)
1) Active attacks: An Active attack attempts to alter system
resources or effect their operations. It involve some modification
of the data stream or creation of false statement. And further
classified as:
1) Masquerade : occurs when one entity pretends to be a different
entity.
Security attacks in Wireless Network ..(Cont’d)
1) Active attacks…cont’d
2) Reply: the passive capture of a data unit and its subsequent
re-ransmission to construct unwanted access.
Security attacks in Wireless Network ..(Cont’d)
1) Active attacks…cont’d
3) Modification of messages: It means that some portion of a message
is altered or that message is delayed or reordered to produce an
unauthorised effect.
Security attacks in Wireless Network ..(Cont’d)
1) Active attacks…cont’d
4) Denial of service: service disruption, its normal function and prevents
other users from accessing it either by disabling the network or
overloading by flooding the entire network/server with traffic load until
the server get shutdown.
Security attacks in Wireless Network ..(Cont’d)
2)Passive Attack: Gaining access to a computing assets but
without making any change to the data, leaving it intact.
Passive Attack gaining access to a computing assets but without
making any change to the data, leaving it intact.
●
It is very difficult to detect b/c they don’t involve any alteration of
the data.
Categorized in to two:
1) The release of message content
2) Traffic analysis
Security attacks in Wireless Network ..(Cont’d)
2)Passive Attack:…Cont’d
1) The release of message content
Telephonic conversation, an electronic mail message or a transferred file may
contain sensitive or confidential information. We would like to prevent an opponent
from learning the contents of these transmissions.
Security attacks in Wireless Network ..(Cont’d)
2)Passive Attack:…cont’d
2) Traffic analysis: making analysis of the assets, E.g., check how many
number of messages send by the sender with same pattern to get the
location or origin of message. E.g., Kidnapping is a passive attack
Security attacks in Wireless Network ..(Cont’d)
In general, networks have security problems due to:
1) Sharing: resources are shared, more users have the potential
to access networked systems rather than just a single computer
node.
2) Complexity
3) Anonymity: A hacker or intruder can attack a network
system from hundreds of miles away.
4) Multiple point of attack.: When a file exists physically on a
remote host, it may pass many nodes in the network before
reaching the user.
Security attacks in Wireless Network ..(Cont’d)
Services of Security
●
Confidentiality:-is just protecting computing assets being carried by
the network from passive attacks is protecting traffic from a hacker who
attempts to analyze it.
●
Nonrepudiation:- This service prevents the sending or receiving party
from denying the sent or received message.
●
Authentication:-Ensure that the message is from an authentic source.
Ensure that the connection is not interfered with in a way that a third
party impersonates one of the authorized parties.
●
Access control:-Ensure only authorized parties can use the system.
●
These Services must be accurate and intelligent enough.
Security attacks in Wireless Network ..(Cont’d)

Integrity services are of two types

1) Connection-Oriented Integrity Services :- Deals with
a stream of messages .Ensures that the messages are sent
properly without duplication, modification, reordering or
reply.
2) Connectionless Integrity service:-Service deals only
with the protection against message modification .
WLAN network Security
WLAN architecture has three components:
•
11 1)Wireless end station
• Any physical device that has the capability to use the 802.11 protocol
suite.
• E.g. Laptops, workstations, and PDAs, as well as printers and scanners
•
2 2)Access points
• Also known as Base Station
• It is layer 2 device because it is like a bridge connecting two type of
networks : Wireless and the wired network just like switch which
handles frames and MAC address as a relay between stations attached
to the same AP.
• 3
WLAN Architecture

3) Basic service sets (BSS)

• A group of wireless
network devices that are
working with the same AP.
 Basic service set identifier ,
or BSSID is the AP’s
physical/ MAC address
which is 48-bits long
hexadecimal number .
Setting up a Wireless network …(cont’d)
• By default , an AP broadcast its SSID in its service area to
announce the available wireless network
• As a user, we only care about SSID ,
you select one from the list
of wireless devises and use the
network
• Secure networks may require to
provide username and password.
Setting up a Wireless network
• During the scanning process:
 - Beacon frames are data frames periodically transmitted
by the AP to announce the presence of wireless network to
clients in its range
 SSID is cast in ‘beacon frames’ every few seconds.
 The station listens for beacon frames to locate and
identify the BSS within the range.
• The information in the beacon frame contains service set
identifiers (SSIDs), supported rates, and timestamps.
Wireless clients Authentication methods
• The 802.11 speciation stipulates mechanisms for authenticating
WLAN clients:
• 1 1) Open authentication
• AP broadcast SSIDs
• No credentials are required for the clients to set associated to the
AP
2) Shared key authentication
• The first step is that the client sends an Authentication Request
frame to the AP.
• When the device tries to connect to that network, it puts in the
key and if that matches, then the device is allowed onto the
network.
Wireless clients Authentication methods

Open authentication
Wireless clients Authentication methods..(Cont’d)

3) Authentication by client MAC address: Any network

devises can be connected just providing the AP password,
but external security is maintained by filtering MAC
address from a server, so any network device that has been
listed in the server will be able to connect to the AP
Wireless security Protocols
1) Wired Equivalent Protocol (WEP)
• A security protocol for Wireless Local Area Networks(WLANs)
defined in the IEEE 802.11b standard.
• LAN is more secure than WLAN which are a radio waves more
venerable for tempering
• WEP provide security by encrypting data over radio wave.
• Uses 40bit RC4 (Rivest Cipher 4) encryption
• Provide confidentiality and data integrity and protect access to the
network
• Unfortunately,RC4 has been proven insecure, leaving the 802.11
protocol wide open for attack
Wireless security Protocols

Wired Equivalent Protocol (WEP)

Interaction diagram
Wireless security Protocols…(cont’d)
Wi-Fi Protected Access (WPA)
• Defects in WEP known since January 2001 - defects include weak
encryption (keys no longer than 40 bits), static encryption keys, lack of
key distribution method.
• In April 2003, the Wi-Fi Alliance introduced an interoperable security
protocol known as Wi-Fi Protected Access (WPA).
• WPA was designed to be a replacement for WEP networks without
requiring hardware replacements.
• WPA provides stronger data encryption and user authentication .
Wireless security Protocols …(cont’d)
The goal were strong data encryption through TKIP and mutual authentication
through 802.1x
• Provides a dynamic key encryption technique to ensure data integrity.
• Temporal Key Integrity Protocol (TKIP) is a wireless network security
protocol of the IEEE 802.11 which made the encryption process strong.
• TKIP encryption is more robust than Wired Equivalent Privacy (WEP), which
was the first Wi-Fi security protocol
• TKIP adds the following strengths to WAP:
• Per-packet key construction and distribution:
• WPA automatically generates a new unique encryption key periodically for each
client. This avoids the same key staying in use for weeks or months as they do
with WEP.
• Message integrity code: guard against fake attacks.
Wireless security Protocols…(Cont’d)
WPA2- Security Protocol
• In July 2004, the IEEE approved the full IEEE 802.11i specification, which was
quickly followed by a new interoperability testing certification from the Wi-Fi
Alliance known as WPA2.
• Strong encryption and authentication for infrastructure and ad-hoc networks
(WPA1 is limited to infrastructure networks)
• Use AES (Advanced Encryption Standard) instead of RC4 (Rivest Cipher 4) for
encryption.
• WPA2 certification has become mandatory for all new equipment certified by the
Wi-Fi Alliance, ensuring that any reasonably modern hardware will support both
WPA1 and WPA2.
• While WPA use TKIP for encryption which is known to have some
limitations, WPA2 uses AES
Wireless security Protocols…(Cont’d)

Example :- Wireless security configuration

VPN – (Virtual Private Network)
• VPN – (Virtual Private Network) :- allows computers or networks to connect to
each other securely over the internet
VPN – (Virtual Private Network)…(Cont’d)
• A service that offers a secure, reliable connection over a shared
public infrastructure such as the Internet.
• Cisco denes a VPN as an encrypted connection between private
networks over a public network.
• There are three types of VPNs:
1 Remote access
• 2 Site-to-Site
• 3 Firewall Based
• Firewall-based is almost the same as a site-to-site setup.
VPN – (Virtual Private Network)…(Cont’d)
VRemote Access VPN:-
• Allows the company user to access their corporate network remotely
while out of the office.
VPN – (Virtual Private Network)…(Cont’d)
Site- To Site VPNs
• Connects two or more networks. Site-to-Site VPNs
• Organizations use site-to-site VPNs to leverage an internet connection for private
trac.
• Site-to-site VPNs are frequently used by companies with multiple offices in
different geographic locations
• In a site-to-site VPN, a company can
securely connect its remote offices and
utilize the resources such as printers, file sharing
etc. found in the main offices as if it he is in
the local office.
VPN – (Virtual Private Network)…(Cont’d)
What is the Key Aspect in enabling VPNS?
• Generic Routing Encapsulation (GRE) tunnels are the simplest form
of VPNs, and they are very easy to configure.
• For instance Displays a GRE tunnel from Router A to Router D.
1 -When a packet is sent through the tunnel, it is encapsulated in a
GRE packet.
• 2 - So Router B and Router C
do not see the original packet.
Questions.
1. What is the Deference B/n IPSce VPN and SSL VPN ?

2. What are the challenges/ or disadvantages of using VPN ?

Summery:- Wireless Security Methods Comparison
Question ??
………..
………
End of chapter 5