security in wireless networks and devices

Security in Wireless Networks Security in Wireless Networks and Devicesand Devices

Computer Network SecurityComputer Network Security

Kizza - Computer Network SecurityKizza - Computer Network Security 22

Wireless technology is a new technology Wireless technology is a new technology that started in the early 1970s. that started in the early 1970s. The rapid technological developments of The rapid technological developments of the last twenty years have seen wireless the last twenty years have seen wireless technology as one of the fastest technology as one of the fastest developing technologies of the developing technologies of the communication industry. communication industry. Because of its ability and potential to Because of its ability and potential to make us perform tasks while on the go make us perform tasks while on the go and bring communication in areas where and bring communication in areas where it would be impossible with the traditional it would be impossible with the traditional wired communication, wireless technology wired communication, wireless technology has been embraced by millions.has been embraced by millions.It is based on wireless networking It is based on wireless networking technology that includes WLAN, Wireless technology that includes WLAN, Wireless WAN, Web and an industry of wireless WAN, Web and an industry of wireless communication devices. communication devices.


Cellular Wireless Communication Network InfrastructureCellular Wireless Communication Network Infrastructure

The wireless infrastructure, because of The wireless infrastructure, because of distance problems, is in most parts distance problems, is in most parts supported and complemented by other supported and complemented by other wired and other communication wired and other communication technologies such as satellite, infrared, technologies such as satellite, infrared, microwave, and radio. microwave, and radio.

In its simplest form, wireless technology is In its simplest form, wireless technology is based on a concept of a cell. That is why based on a concept of a cell. That is why wireless communication is sometimes wireless communication is sometimes referred to as cellular communication.referred to as cellular communication.


The cell concept is based on the current cellular The cell concept is based on the current cellular technology that transmits analog voice on technology that transmits analog voice on dedicated bandwidth. This bandwidth is split into dedicated bandwidth. This bandwidth is split into several segments permanently assigned to small several segments permanently assigned to small geographical regions called cells. geographical regions called cells. This has led to the tiling of the whole This has led to the tiling of the whole communication landscape with small cells of communication landscape with small cells of roughly ten square miles or less depending on the roughly ten square miles or less depending on the density of cellular phones in the geographical density of cellular phones in the geographical cell. cell. Each cell has, at its center, a communication Each cell has, at its center, a communication tower called the base station (BS) which the tower called the base station (BS) which the communication devices use to send and receive communication devices use to send and receive data. The BS receives and sends data usually via data. The BS receives and sends data usually via a satellite. Each BS operates two types of a satellite. Each BS operates two types of channels: channels: – The control channel which is used in the exchange The control channel which is used in the exchange

when setting up and maintaining calls when setting up and maintaining calls – The traffic channel to carry voice/data.The traffic channel to carry voice/data.


The satellite routes the data signal to a second The satellite routes the data signal to a second communication unit, the Mobile Telephone Switching Office communication unit, the Mobile Telephone Switching Office (MTSO). The MTSO, usually some distance off the (MTSO). The MTSO, usually some distance off the origination cell, may connect to a land-based wired origination cell, may connect to a land-based wired communication infrastructure for the wired receiver or to communication infrastructure for the wired receiver or to another MTSO or to a nearest BS for the wireless device another MTSO or to a nearest BS for the wireless device receiver. receiver. An enabled wireless device such as a cellular phone must An enabled wireless device such as a cellular phone must be constantly in contact with the provider. This continuous be constantly in contact with the provider. This continuous contact with the provider is done through the cell device contact with the provider is done through the cell device constantly listening to its provider’s unique System constantly listening to its provider’s unique System Identification Code (SID) via the cell base stations. Identification Code (SID) via the cell base stations. If the device moves from one cell to another, the current If the device moves from one cell to another, the current tower must hand over the device to the next tower and so tower must hand over the device to the next tower and so on so the continuous listening continues unabated. As long on so the continuous listening continues unabated. As long as the moving device is able to listen to the SID, it is in the as the moving device is able to listen to the SID, it is in the provider’s service area and it can, therefore, originate and provider’s service area and it can, therefore, originate and transmit calls. transmit calls. In order to do this, however, the moving device must In order to do this, however, the moving device must identify itself to the provider. This is done through its own identify itself to the provider. This is done through its own unique SID assigned to the device by the provider. Every unique SID assigned to the device by the provider. Every call originating from the mobile device must be checked call originating from the mobile device must be checked against a database of valid device SIDs to make sure that against a database of valid device SIDs to make sure that the transmitting device is a legitimate device for the the transmitting device is a legitimate device for the provider. provider.


The mobile unit, usually a cellphone, may originate a call The mobile unit, usually a cellphone, may originate a call by selecting the strongest setup idle frequency channel by selecting the strongest setup idle frequency channel from among its surrounding cells by examining information from among its surrounding cells by examining information in the channel from the selected BS. in the channel from the selected BS. Using the reverse of this frequency channel, it sends the Using the reverse of this frequency channel, it sends the called number to the BS. The BS then sends the signal to called number to the BS. The BS then sends the signal to the MTSO. The MTSO attempts to complete the connection the MTSO. The MTSO attempts to complete the connection by sending the signal, called a page call, to a select number by sending the signal, called a page call, to a select number of BSs via a land-based wired MTSO or another wireless of BSs via a land-based wired MTSO or another wireless MTSO, depending on the called number.MTSO, depending on the called number.The receiving BS broadcasts the page call on all its The receiving BS broadcasts the page call on all its assigned channels. The receiving unit, if active, recognizes assigned channels. The receiving unit, if active, recognizes its number on the setup channel being monitored and its number on the setup channel being monitored and responds to the nearest BS which sends the signal to its responds to the nearest BS which sends the signal to its MTSO. MTSO. The MTSO may backtrack the routes or select new ones to The MTSO may backtrack the routes or select new ones to the call initiating MTSO which selects a channel and notifies the call initiating MTSO which selects a channel and notifies the BS which notifies its calling unit. See Figure 17.2 for the BS which notifies its calling unit. See Figure 17.2 for details of this exchange.details of this exchange.


During the call period, several things may During the call period, several things may happen including: happen including: – Call block which happens when channel Call block which happens when channel

capacity is low due to high unit density in the capacity is low due to high unit density in the cell. This means that at this moment all traffic cell. This means that at this moment all traffic channels are being used channels are being used

– Call termination when one of two users hangs Call termination when one of two users hangs upup

– Call drop which happens when there is high Call drop which happens when there is high interference in the communication channel or interference in the communication channel or weak signals in the area of the mobile unit. weak signals in the area of the mobile unit.

– Handoff when a BS changes assignment of a Handoff when a BS changes assignment of a unit to another BS. This happens when the unit to another BS. This happens when the mobile unit is in motion such as in a moving mobile unit is in motion such as in a moving car and the car moves from one cell unit to car and the car moves from one cell unit to another adjacent cell unit. another adjacent cell unit.


Limited and Fixed Wireless Communication Limited and Fixed Wireless Communication Networks Networks

This is a limited area wireless, known mainly as This is a limited area wireless, known mainly as cordless wireless, that is commonly found in cordless wireless, that is commonly found in homes and offices. homes and offices. Cordless telephones were developed for the Cordless telephones were developed for the purpose of providing users with mobility. purpose of providing users with mobility. Cordless has been popular in homes with a single Cordless has been popular in homes with a single base station that provides voice and data base station that provides voice and data support to enable in-house and a small perimeter support to enable in-house and a small perimeter around the house or office communication. around the house or office communication. However, in office, this can be extended, if there However, in office, this can be extended, if there is a need, especially in a big busy office, to is a need, especially in a big busy office, to multiple BSs connected to a single public branch multiple BSs connected to a single public branch exchange (PBX) of a local land telephone exchange (PBX) of a local land telephone provider. provider.


Cordless wireless is limited in several areas Cordless wireless is limited in several areas including:including:– The range of the handset is limited to an average The range of the handset is limited to an average

radius of around 200 m from the BSradius of around 200 m from the BS– Frequency flexibility is limited since one or a few users Frequency flexibility is limited since one or a few users

own the BS and handset and, therefore, do not need a own the BS and handset and, therefore, do not need a range of choices they are not likely to use.range of choices they are not likely to use.

A wireless loop (WLL) provides services using one A wireless loop (WLL) provides services using one or a few cells, where each cell has a BS antenna or a few cells, where each cell has a BS antenna mounted on something like a tall building or a mounted on something like a tall building or a tall mast. Then each subscriber reaches the BS tall mast. Then each subscriber reaches the BS via a fixed antenna mounted on one’s building via a fixed antenna mounted on one’s building with an unobstructed line of sight to the BS. The with an unobstructed line of sight to the BS. The last link between the BS and the provider last link between the BS and the provider switching center can be of wireless or fixed switching center can be of wireless or fixed technology. WLL offers several advantages technology. WLL offers several advantages including:including:– It is less expensive after the start up costs.It is less expensive after the start up costs.– It is easy to install after obtaining a usable frequency It is easy to install after obtaining a usable frequency

band. band.


The FCC has allocated several frequency The FCC has allocated several frequency bands for fixed wireless communication bands for fixed wireless communication because it is becoming very popular. because it is becoming very popular.

Two popular technologies of WLL are:Two popular technologies of WLL are:– local multipoint distribution service (LMDS) – local multipoint distribution service (LMDS) –

delivers TV signals and two-way broadband delivers TV signals and two-way broadband communications with relatively high data rates communications with relatively high data rates and provides video, telephone, and data for and provides video, telephone, and data for low costlow cost

– multi-channel multipoint distribution service multi-channel multipoint distribution service (MMDS) - competes with cable TV services and (MMDS) - competes with cable TV services and provides services to rural areas not reached by provides services to rural areas not reached by TV broadcast or cable. TV broadcast or cable.


Wireless LAN (WLAN) or Wireless Fidelity (Wi-Fi) Wireless LAN (WLAN) or Wireless Fidelity (Wi-Fi)

Wireless LAN (WLAN) or just Wi-Fi, as it is Wireless LAN (WLAN) or just Wi-Fi, as it is commonly known in industry, is becoming commonly known in industry, is becoming common in industry and for individuals.common in industry and for individuals.

A wireless LAN offers many advantages to a A wireless LAN offers many advantages to a business to supplement the traditional LAN. business to supplement the traditional LAN. – It is cheap to install; It is cheap to install; – it is fast, it is fast, – it is flexible to cover traditionally unreachable it is flexible to cover traditionally unreachable

areas.areas.


A wireless LAN have applications in four areas: A wireless LAN have applications in four areas: LAN extension, cross-building interconnection, LAN extension, cross-building interconnection, nomadic access, and ad hoc networks:nomadic access, and ad hoc networks:– LAN extensions are wireless LANs (WLANs) linked to LAN extensions are wireless LANs (WLANs) linked to

wired backbone networks as extensions to them. The wired backbone networks as extensions to them. The existing LAN may be an Ethernet LAN, for example. The existing LAN may be an Ethernet LAN, for example. The WLAN is interfaced to a wired LAN using a control WLAN is interfaced to a wired LAN using a control module that includes either a bridge or a router.module that includes either a bridge or a router.

– Cross-building interconnection WLANs are connected to Cross-building interconnection WLANs are connected to nearby or adjacent backbone fixed LANs in the building nearby or adjacent backbone fixed LANs in the building by either bridges or routers. by either bridges or routers.

– Nomadic access is a wireless link that connects a fixed Nomadic access is a wireless link that connects a fixed LAN to a mobile IP device such as a laptop. Most LAN to a mobile IP device such as a laptop. Most wireless communication security problems are found in wireless communication security problems are found in this configuration.this configuration.

– Ad Hoc Networking involves a peer-to-peer network Ad Hoc Networking involves a peer-to-peer network temporarily and quickly set up to meet an urgent need. temporarily and quickly set up to meet an urgent need.


WLAN (Wi-Fi) TechnologyWLAN (Wi-Fi) Technology

WLAN technology falls in three types based on WLAN technology falls in three types based on the type of transmission used by the LAN:the type of transmission used by the LAN:– Infrared (IR) LANs are LANs in which cells are formed by Infrared (IR) LANs are LANs in which cells are formed by

areas, without obstructing objects between network areas, without obstructing objects between network elements, that the network is in. This is necessitated by elements, that the network is in. This is necessitated by the fact that infrared light does not go through objects.the fact that infrared light does not go through objects.

– Spread spectrum LANs use spread spectrum Spread spectrum LANs use spread spectrum transmission technology. If the transmission band is kept transmission technology. If the transmission band is kept within a certain frequency range then no FCC licensing is within a certain frequency range then no FCC licensing is required. This means they can be used in a relatively required. This means they can be used in a relatively larger area than a single room.larger area than a single room.

– Narrowband microwave LANS operate at microwave Narrowband microwave LANS operate at microwave frequencies, which means that they operate in large frequencies, which means that they operate in large areas and, therefore, require FCC licensing. areas and, therefore, require FCC licensing.


Mobile IP and Wireless Application Protocol Mobile IP and Wireless Application Protocol (WAP)(WAP)

The growth in popularity of WLANs has been The growth in popularity of WLANs has been fueled by the growing number of portable fueled by the growing number of portable communication devices whose prices are communication devices whose prices are plummeting.plummeting.In response new technologies such as Mobile IP In response new technologies such as Mobile IP and WAP, and standards such as the IEEE 803.11 and WAP, and standards such as the IEEE 803.11 ( as we will shortly see) have been developed. ( as we will shortly see) have been developed. IN a fixed network, datagrams are moved from IN a fixed network, datagrams are moved from clients to servers and from server to server using clients to servers and from server to server using the source and destination addresses (the IP the source and destination addresses (the IP addresses) in the datagram header. addresses) in the datagram header. While this is not a problem in fixed networks, in While this is not a problem in fixed networks, in wireless networks with a moving transmitting and wireless networks with a moving transmitting and receiving element, keeping connectivity in a receiving element, keeping connectivity in a dynamically changing IP addressing situation is a dynamically changing IP addressing situation is a challenge. challenge.


A mobile node has a home IP address ( in the A mobile node has a home IP address ( in the fixed LAN) and it is considered static. For this fixed LAN) and it is considered static. For this mobile unit to move from this home base and still mobile unit to move from this home base and still communicate with it while in motion, the communicate with it while in motion, the following protocol handshake must be done. following protocol handshake must be done. – Once the mobile unit moves, it seeks a new Once the mobile unit moves, it seeks a new

attachment to a new network; this new attachment to a new network; this new network is called a network is called a foreign networkforeign network. The mobile . The mobile unit must make its presence known to the new unit must make its presence known to the new network by registering with a new network network by registering with a new network node on the foreign network, usually a router, node on the foreign network, usually a router, known as a known as a foreign agentforeign agent. .

– The mobile unit must then choose another The mobile unit must then choose another node from the home network, the node from the home network, the home agenthome agent, , and give that node a and give that node a care-of addresscare-of address. This . This address is its current location in the foreign address is its current location in the foreign network. With this in place, communication network. With this in place, communication between the mobile unit and the home network between the mobile unit and the home network can begin. can begin.


IN this environments packets are moved IN this environments packets are moved from the home network to the mobile unit from the home network to the mobile unit as:as:– A datagram with a mobile unit’s IP address as A datagram with a mobile unit’s IP address as

its destination address is forwarded to the its destination address is forwarded to the unit’s home network. unit’s home network.

– The incoming datagram is intercepted by the The incoming datagram is intercepted by the designated home agent who encapsulate the designated home agent who encapsulate the datagram into a new datagram with the mobile datagram into a new datagram with the mobile unit’s care-of address as the destination unit’s care-of address as the destination address in its IP header. This process is called address in its IP header. This process is called tunneling.tunneling.

– Upon receipt of the new tunneled datagram, Upon receipt of the new tunneled datagram, the foreign agent opens the datagram to the foreign agent opens the datagram to reveal the inside old datagram with the mobile reveal the inside old datagram with the mobile unit’s original IP address. It then delivers the unit’s original IP address. It then delivers the datagram to the mobile unit.datagram to the mobile unit.

– The process is reversed for the return trip. The process is reversed for the return trip.


Wireless Application Protocol Wireless Application Protocol (WAP)(WAP)

Just as the Mobile IP wireless Just as the Mobile IP wireless technology was dictated by the technology was dictated by the mobility of customers, WAP mobility of customers, WAP technology was also dictated by the technology was also dictated by the mobility of users and their need to mobility of users and their need to have access to information services have access to information services including the Internet and the Web. including the Internet and the Web.

See WAP Protocol stack – page 478See WAP Protocol stack – page 478


Standards for Wireless Networks Standards for Wireless Networks While protocols spell out the “how While protocols spell out the “how to” framework for the two or more to” framework for the two or more communicating devices, standards communicating devices, standards govern the physical, electrical, and govern the physical, electrical, and procedural characteristics of the procedural characteristics of the communicating entities. communicating entities. There has been a rapid development There has been a rapid development of wireless standards – so rapid that of wireless standards – so rapid that some people have called the many some people have called the many standards – a children alphabet. We standards – a children alphabet. We discuss two: IEEE 802.11 and discuss two: IEEE 802.11 and Bluetooth. Bluetooth.


The IEEE 802.11 The IEEE 802.11 – Developed by the IEEE 802.11 working Developed by the IEEE 802.11 working

group, IEEE 802.11 or more commonly group, IEEE 802.11 or more commonly 802.11, is the most well known and 802.11, is the most well known and most widely used and most prominent most widely used and most prominent wireless LAN specification standard. wireless LAN specification standard.

It is a shared, wireless local area network It is a shared, wireless local area network (LAN) standard. (LAN) standard.

It is based on the OSI layering model of the It is based on the OSI layering model of the fixed LAN including a similar physical layer fixed LAN including a similar physical layer

In fact the IEEE 802.11 is an umbrella In fact the IEEE 802.11 is an umbrella standard of many different standards standard of many different standards varying in speed, range, security, and varying in speed, range, security, and management capabilities as shown in Table management capabilities as shown in Table 17.2.17.2.


Bluetooth (See Figure 17.9)Bluetooth (See Figure 17.9)Bluetooth was developed in 1994 by Ericsson, a Swedish Bluetooth was developed in 1994 by Ericsson, a Swedish mobile-phone company, to let small mobile devices such as mobile-phone company, to let small mobile devices such as a laptop make calls over a mobile phone. It is a short-range a laptop make calls over a mobile phone. It is a short-range always-on radio hookup embedded on a microchip. always-on radio hookup embedded on a microchip. It uses a low-power 2.4 GHz band, which is available It uses a low-power 2.4 GHz band, which is available globally without a license, to enable two Bluetooth devices globally without a license, to enable two Bluetooth devices within a small limited area of about 5 m radius to share up within a small limited area of about 5 m radius to share up to 720 kbps of data. to 720 kbps of data. Bluetooth has a wide range of potential applications and Bluetooth has a wide range of potential applications and gives users a low-power, cheap, untethered, and confined gives users a low-power, cheap, untethered, and confined ability to: ability to: – Create wireless connections among computers, printers, Create wireless connections among computers, printers,

keyboards, and the mousekeyboards, and the mouse– Wirelessly use MP3 players with computers to download Wirelessly use MP3 players with computers to download

and play musicand play music– Remotely and wirelessly monitor devices in a home Remotely and wirelessly monitor devices in a home

including remotely turning on home devices from a including remotely turning on home devices from a remote location outside the home.remote location outside the home.


Security in Wireless Networks Security in Wireless Networks Wireless networks are inherently insecure. This problem is Wireless networks are inherently insecure. This problem is compounded by the untraceable hackers who use invisible compounded by the untraceable hackers who use invisible links to victimize WLANs and the increasing number of links to victimize WLANs and the increasing number of fusions between LANs and WLANs, thus adding more fusions between LANs and WLANs, thus adding more access points (the weak points) to the perimeters of secure access points (the weak points) to the perimeters of secure networks. networks. WLANs need to not only provide users with the freedom and WLANs need to not only provide users with the freedom and mobility which is so crucial for their popularity but also the mobility which is so crucial for their popularity but also the privacy and security of all users and the information on privacy and security of all users and the information on these networks.these networks.Several security mechanisms required in WLANS include Several security mechanisms required in WLANS include confidentiality, authentication, and access control. confidentiality, authentication, and access control. The “wired equivalent” concept for the IEEE 802.11 WLAN The “wired equivalent” concept for the IEEE 802.11 WLAN standard was to define authentication and encryption standard was to define authentication and encryption based on the Wired Equivalent Privacy (WEP) algorithm. based on the Wired Equivalent Privacy (WEP) algorithm. This WEP algorithm defines the use of a 40-bit secret key This WEP algorithm defines the use of a 40-bit secret key for authentication and encryption. for authentication and encryption. But all these mechanisms failed to work fully as intended. But all these mechanisms failed to work fully as intended.


WLAN found itself facing severe privacy WLAN found itself facing severe privacy and security problems including the and security problems including the following:following:– Identity in WLANs - WALN protocol contains a Identity in WLANs - WALN protocol contains a

media access control (MAC) protocol layer in its media access control (MAC) protocol layer in its protocol stack which the WLAN standard uses protocol stack which the WLAN standard uses as its form of identity for both devices and as its form of identity for both devices and users. However, in the newer open source users. However, in the newer open source device drivers, this MAC is changeable, device drivers, this MAC is changeable, creating a situation for malicious intruders to creating a situation for malicious intruders to masquerade as valid users. masquerade as valid users.

In addition, WLAN uses a Service Set Identifier (SSID) In addition, WLAN uses a Service Set Identifier (SSID) as a device identifier (name) in a network. It allows as a device identifier (name) in a network. It allows clients to communicate with the appropriate BS. Each clients to communicate with the appropriate BS. Each BS comes with a default SSID, but attackers can use BS comes with a default SSID, but attackers can use these SSIDs to penetrate a BS. As we will see later, these SSIDs to penetrate a BS. As we will see later, turning off SSID broadcasts cannot stop hackers from turning off SSID broadcasts cannot stop hackers from getting to these SSIDs. getting to these SSIDs.


Other weaknesses include:Other weaknesses include:– Lack of Access Control Mechanism Lack of Access Control Mechanism – Lack of Authentication Mechanism in 802.11Lack of Authentication Mechanism in 802.11– Lack of a WEP Key Management Protocol Lack of a WEP Key Management Protocol

security in wireless networks and devices

Documents