Unit - IV

Wireless Security

Mention advantages of wireless network. – 5

 Resistance to EMI/RFI: It is more resistant to signal attenuation and distortion due
to EMI and RFI
 Easy Installation: Greatly reduces the time required to install LAN
 Mobility: Users could move freely around the network.
 Flexibility: Computers and Devices can be connected in areas where cabling is not
possible.
 Expansion: Use of Access Point helps to expand the network to larger size.
Conventional LANs could be expanded using AP. And AP provides communication
between LAN and WLAN.
=== * ===

Limitations of wireless devices are:

 Small display capabilities.
 Limited processing capabilities
 Clumsy input devices
 Low bandwidth-only about 9600 bps.
===*===

Explain WAP protocol architecture. – 10

 Wireless Application Protocol (WAP) is designed for access to Internet and advanced
telephony services from mobile phones.
 WAP is based on layered architecture.
o Layering is the concept of breaking up the entire communication process into
discrete pieces.
o Each of these pieces handles a specific function.
 The layers of WAP are:
 Wireless application environment (WAE)
 Wireless session protocol (WSP)
 Wireless transaction protocol (WTP)
 Wireless transport layer security (WTLS)
 Wireless datagram protocol (WDP)

UNIT-IV: Wireless Security 1

 Figure: WAP Protocol architecture

Wireless application environment (WAE): provides an interoperable environment to build

services in wireless space. WAE provides facilities like:
 User agent: The browser or a client program.
 Wireless markup language (WML): a lightweight markup language, similar to
HTML.
 WML script: A lightweight client side scripting language, similar to Java script in
web.
 Wireless telephony application: Telephony services and programming interfaces.
 Content formats: Set of well-defined data formats, including images, phone book
records and calendar information.

Wireless Session Protocol (WSP): provides a consistent interface between two session
services (Client and Server). It provides the cooperating client/server application to:
 Establish a reliable session from client to server and close it in orderly manner.
 Agree on a common level of protocol functionality using capability negotiation.
 Exchange content between client and server using compact encoding.
 Suspend and resume the session.

Wireless Transaction Protocol (WTP): runs on top of a datagram service and provides a
lightweight transaction -oriented protocol that is suitable for implementation in "thin" clients.
 WTP allows for
o interactive browsing (request/response) applications.
 WTP supports three transaction classes:
o unreliable with no result message,

UNIT-IV: Wireless Security 2

 o reliable with no result message and
o reliable with one reliable message.

Wireless Transport Layer Security (WTLS) is a security protocol based upon the transport
layer security (TLS) protocol.
 WTLS provides
o data integrity,
o privacy,
o authentication and
o denial-of-service protection.

Wireless Datagram Protocol (WDP): The WDP layer operates above the data capable
bearer services supported by the various network type general transport service. It is a
Transport layer protocol in the WAP architecture.
 WDP offers a consistent service to the upper layer protocols of WAP and
communicates transparently over one of the available bearer services.
 WDP uses IP as the routing protocol.
 It does not use TCP; instead, it uses UDP (User Datagram Protocol).
=== * ===

Describe WAP security. – 10

WAP Security:
 Security is optional in the wireless application protocol (WAP).
 In the WAP specification, security is provided through the Wireless Transport
Security (WTLS) layer.
 The goals of the WTLS specification are to provide
o Authentication,
o Integrity,
o Confidentiality.

 Authentication:
◦ Authentication means, communicating parties are authorized persons.
◦ Authentication is optional in the WTLS protocol.
◦ Authentication can be performed using digital certificates, tokens or simple
passwords.
◦ Authentication in WTLS is done with digital certificates; three type of certificates
supported by WTLS include the native WTS type, X509, and X9.68.
◦ The server and client will provide their certificates to each other.
◦ Once the certificates are processed, authentication is complete.
 Integrity:

UNIT-IV: Wireless Security 3

 ◦ Integrity means reliable information.
◦ The requirement of Integrity is decided during WTLS handshake.
◦ This is done by generating checksum of the message with a one-way hash
function.
▪ When the receiver gets the data, he recalculates and compares the two sums, if
they match, then the data was unaltered.
◦ WTLS uses message authentication codes (MACs) like MD5 and SHA MAC
algorithms.
◦ The MAC algorithm is also decided during the WTLS handshake.
 Confidentiality:
◦ Confidentiality makes sure that no one can read the packets that sender and
receiver exchanging.
◦ This can be achieved by encrypting data plain text and then send over the
airwaves as ciphertext.
◦ The originator and the recipient both have keys to decrypt the data and reproduce
the plain text.
◦ The WTLS protocol supports block encryption algorithms, like DES, Triple
DES(40, or 56bit), RC5, and IDEA(40, or 56, or 128 bit).
▪ To share key WTLS may use Diffie-Hellman and RSA.
▪ The algorithms used to encrypt the session key and the methods of key
exchange used in WTLS are decided during the WTLS handshake.
=== * ===

List and Explain various WLAN configurations. – 10

Various configurations for WLAN network are:
 Ad hoc Network
 Infrastructure Network
 Hotspots
 Point-to-Point Bridge
 Point-to-Multipoint Bridge
 Ethernet to Wireless Bridge

 Ad hoc network
o An ad hoc network is a peer to peer network formed by a set of stations within the
range of each other that dynamically configure themselves to set up a temporary
network.
o In an ad hoc two stations communicate directly with each other without an access
point.
o Every mobile station node in a network must be able to act as a router that will pass
messages onwards and the nodes must be collectively responsible for network traffic.

UNIT-IV: Wireless Security 4

 o Every node must be aware which routes are available at a given time.
 This is a responsibility of the routing protocol used.
o This type of topology is also referred to as mesh topology.
o Since ad hoc networks have no formal structures, several nodes try to communicate
with one another resulting in the chaos.
 Several algorithms select a master from the collective and makes all others
slaves.

Figure: Ad hoc WLAN (Mesh configuration).

 Infrastructure Network
o In an infrastructure network, WLAN clients connect to the network through a
wireless access point, and then operate as a wired client would.
o Most corporate wireless LANs operate in infrastructure mode and access the wired
network for connections to printers and file servers.
High speed Backbone Wired LAN

Nomadic Station

Figure: Infrastructure wireless LAN.

 Hotspots
o A hotspot provides wireless LAN service, free or for a free, from a wide variety of
public meeting areas, including coffee shops and airport lounges.
o To use hotspots, the user's notebook must be configured with the Wi-Fi citified logo
and can send and receive data anywhere within the range of a wireless LAN in the
allocated frequency band.

UNIT-IV: Wireless Security 5

 Point-to-Point Bridge
o A point-to-point bridge interconnects two buildings having their own Ethernet
networks.
o For example, a wireless LAN bridge can interface with an Ethernet network directly
to a particular access point. This may be necessary if there are several devices in
different parts of the facility that are interconnected using Ethernet.
o A wireless bridge, can then, be used to interconnect them wirelessly.

 Point-to-Multipoint Bridge
o When connecting three or more LANs that may be located on different floors in a
building or across buildings, the point-to-multipoint wireless bridge is utilized.
o The multipoint wireless bridge configuration is similar to a point-to-point bridge in
many ways.

 Ethernet to Wireless Bridge

o An Ethernet to wireless bridge connects a single device that has an Ethernet port but
not an 802.11 Network Interface Card (NIC), such as a network printer.

Figure: Ethernet to wireless bridge.

===*===

Write a short note on Wireless LAN Security – 5

 Security in wireless LANs is addressed primarily through the use of Wired Equivalent
Privacy (WEP).
 WEP uses the RC4 Stream Cipher to Encrypt the data as it is transmitted through the
air.
o This encryption is synchronous and based upon a key shared by the Access
point and all the clients using the access point.
o WEP comes in both 40- and 104-bit key strengths. RC4 is a well-known
strong algorithm, and thus, is not easily attacked.
 The authentication service of WEP can be used to authenticate the workstation to the
access point.

UNIT-IV: Wireless Security 6

 o WEP can also use cryptographic authentication mechanism (RC4) to prove
the identity of the workstation to the Access Point.
o It DOES NOT provide mutual authentication, so the workstation has NO
PROOF that the access point is in fact a valid AP on the network.
o Thus, may lead to interception or man-in-the-middle attack.

Figure: Man-in-the-middle attack against WEP

 The WEP protocol specification includes an integrity check on each packet.
o The integrity check that is used is a cyclic redundancy check (CRC) of 32 bits.
o The CRC is calculated for each packet before the packet is encrypted and then
the data plus the CRC is encrypted and sent to destination.
o Though CRC is not strong, encryption provides sufficient protection.
o This might be a sufficiently strong system if the encryption were strong.
=== * ===

Wireless networks become more and more common throughout the organization.
Because, they are inexpensive and easy to set up and work. But, it opens up some fairly
serious security issues for organizations like eaves dropping and authentication.
Wireless networking is the transmission of packetized data by means of a physical
topology not using direct physical links. That is networks that use radio-waves to carry the
signals, over either public or private bands. Two most commonly used protocols for wireless
technology (point-to-multipoint) are Wireless Application Protocol (WAP) and IEEE 802.11.
The WAP is a system developed to send data to small handheld devices such as cellular
phones, wireless e-mail handhelds, and PDAs. The 802.11 protocol has been standardized by
the IEEE for wireless local area networks.

===*===
WAP Gateway: WAP gateway acts as a middleware which performs coding and encoding
between cellular device and the web server. The WAP gateway can be located either in a
telecom network or within a computer data network (an Internet Service Provider).
Once user requests a page using URL, the gateway establishes a connection to the
target WAP site. It collects the document from the site. Then the WAP page is "compiled"

UNIT-IV: Wireless Security 7

and converted from WML to binary code. The code is then sent across to the phone or the
wireless device over the air. When the phone receives the stream of octets, it "de-compiles"
it. The client browser does the reverse operation of compilation by decompiling the binary
code. This will allow the client to regenerate the normal WML page and then displays it on
the device.

===*===
Security Issues with WTLS:
 The WTLS has to be able to cope with small amounts of memory and limited
processor capacity, as well as long round-trip times.
 As the protocol is designed around more capable servers than devices, the
specification can allow connections with little to no security.
 Clients with low memory or CPU capabilities cannot support encryption and
choosing null or weak encryption greatly reduces confidentiality.
 Authentication is also optional in the protocol and omitting authentication reduces
security by leaving the connection vulnerable to a man-in-the middle-type attack.
 WTLS must address several known security vulnerabilities, like chosen plaintext
attack and alert message truncation attack.
 WTLS has number of inherent security problems, such as weak encryption required
by the low-computing power of the devices and the network transition that must
occur at the cellular provider’s network.
===*===
Wireless LAN:
 A Wireless Local Area Network (WLAN) is a grouping of network components
connected through electromagnetic waves.
 WLANs transmit and receive data over the air, minimizing the need for wired
connections.
 WLAN provide roaming by allowing users real-time access to information from
anywhere in their organization, without having to find a place to connect to the
network with a cable or wire, thereby increasing productivity.
 WLANs also have inherent ease of implementation and affordability as they do not
require expensive and time-consuming cable installations, especially in environments
that require frequent moves and changes and are difficult to wire.
 WLANs are highly reliable, because it LAN with fewer wires and connectors imply
fewer problems for the users and the network managers.
 WLANs are adaptable to the changing environment, because, WLAN systems can
easily be configured and rearranged to accommodate a variety of office settings and a
number of users, from small to extensive.
 WLANs can be seen as a combination of fixed wireless and mobile wireless services.
 WLANs have two primary components: the wireless network interface card (NIC) in

UNIT-IV: Wireless Security 8

 the remote device and the wireless access point.
 Fixed wireless refers to wireless devices or systems that are situated in fixed
locations. Fixed wireless devices normally derive their electrical power from utility
mains.
 WLANs technology centers around IEEE 802.11a, 802.11b, 802.11g series of
standards and these allow workstations to establish connections up to 54 Mbps with a
wireless access point (WAP).
 The standards provide for the exchange of authentication information and for the
encryption of the information.
 WLANs are used to replace wired computer networks, adding flexibility, freedom of
movement, and easy of installation within the work place.

Figure: Wireless network architecture

In Wireless LAN, there must be sufficient coverage over the areas where the
employees or guests will place their computers. Indoors, the range of a typical 802.11x
WLAN is approximately 150 feet. Outdoors, the range can be up to 1,500 feet.
===*===
 The 802.11b protocol sends packetized data traffic over radio waves 2.4 GHz band.
It provides the multiple-rate. Typically uses direct-sequence spread spectrum (DSSS).
The supporting data rates are 1 Mbps, 2 Mbps, 5.5 Mbps and 11 Mbps.
 The 802.11a protocol sends packetized data traffic over radio waves 5 GHz band. It
works only to improve the speed of the network and does not have security updates. It
uses Orthogonal Frequency Division Multiplexing (OFDM). Supporting data rate is
up to 54 Mbps. Although it is faster, the higher frequency used by 802.11 a shortens
the usable range of devices.
 802.11g technology has been focused on making traffic in the 2.4 GHz band run at
the data rates supported by the 802.11a's 5 GHz band. While the 802.11 g standard
does support a longer WEP key, this does not solve the problems with WEP. The
802.11g uses portions of both of the above standards: it uses the 2.4 GHz band for
greater range but uses the OFDM transmission method to achieve the faster 54 Mbps
data rates.
All these protocols operate in bands that are "Unlicensed" by the "Federal

UNIT-IV: Wireless Security 9

Communications Commission".
===*===
Comparison of WLAN technologies
Infrared Spread spectrum Radio
Diffused Directed-beam Frequency Direct - Narrowband
infrared infrared hopping sequence microwave
Data Rate
1 to 4 1 to 10 1 to 3 2 to 20 10 to 20
(Mbps)
Stationary/ Stationary
Mobility Mobile Stationary/mobile
mobile with LOS
Range (m) 15 to 60 25 30 to 100 30 to 250 10 to 40
Detectabi1ity Negligible Little Some
902 to 928 MHz 902 to 928 MHz
Wavelength/
A: 800 to 900 nm 2.4 to 2.4835 GHz 5.2 to 5.775 GHz
frequency
5.725 to 5.85 GHz 18.825 to 19.205 GHz
Modulation ASK FSK QPSK FSK/QPSK
technique
Radiated power - <1W 25 mW
Token Ring, Reservation
Access method CSMA CSMA
CSMA ALOHA, CSMA
License No No Yes unless ISM
required ===*===
Wireless LAN Security
Security in wireless LANs is addressed primarily through the use of Wired Equivalent
Privacy (WEP). WEP uses the RC4 Stream Cipher to encrypt the data as it is transmitted
through the air. This encryption is synchronous and based upon a key shared by the Access
point and all the clients using the access point. WEP comes in both 40- and 104-bit key
strengths. RC4 is a well-known strong algorithm, and thus, is not easily attacked.
The authentication service of WEP can be used to authenticate the workstation to the
access point. WEP can also use cryptographic authentication mechanism (RC4) to prove the
identity of the workstation to the access point. It does not provide mutual authentication, so
the workstation has no proof that the access point is in fact a valid AP on the network. Thus,
may lead to interception or man-in-the-middle attack.

UNIT-IV: Wireless Security 10

 Figure: Man-in-the-middle attack against WEP

The WEP protocol specification includes an integrity check on each packet. The
integrity check that is used is a cyclic redundancy check (CRC) of 32 bits. The CRC is
calculated for each packet before the packet is encrypted and then the data plus the CRC is
encrypted and sent to destination. Though CRC is not strong, encryption provides sufficient
protection. This might be a sufficiently strong system if the encryption were strong.
Access Point Security
Ideally, the AP will allow you set a WEP key. Make sure this key cannot be easily
guessed. If possible, use MAC addresses of the workstation to establish connection. This will
introduce more management overhead into the entire project, but it can also help to limit
some AP detection.
Workstation Security
If an intruder were to get on the WLAN, sniffers will allow him to identify other
workstations. Even if he cannot attack internal systems or eavesdrop on information flowing
on the network, he may still be able to attack other workstations. Appropriate antivirus
software should be used in workstations. If the risk is high, personal firewalls should also be
deployed on the workstations.
Safeguarding Wireless LANs
The level of security that is implemented in WLAN must match the security
requirements of the wired LAN and the data that passes over it. The two primary security
safeguards for wireless LANs are the degree of control that is required in identifying the
remote user and the degree to which the network traffic must be safeguard.
===*===
Wireless access point (WAP): A device connected to the wired local area network that
receives signals and transmits signals back to wireless NICs, and that acts as both the base
station and bridge for a wireless network.
===*===

UNIT-IV: Wireless Security 11

Explain how to safeguard Wireless LANs.
How to safeguard a wireless LAN? Explain. – 5 (May 2014)
The level of security that is implemented in WLAN must match the security
requirements of the wired LAN and the data that passes over it. The two primary security
safeguards for wireless LANs are the degree of control that is required in identifying the
remote user and the degree to which the network traffic must be safeguard. Some of the steps
to safeguard the wireless LAN are;
 Discovery of Rogue Access Points & Vulnerabilities
 Lock Down All Access Points from accessing the Access Points
 Use Encryption, Authentication and VPN for protect the data
 Set & Enforce Wireless LAN Policies
 Employ Intrusion Detection & Protection Mechanism
=== * ===

UNIT-IV: Wireless Security 12