Transcript of "3) Emerging wireless technologies Recent advancements and ..."
National Conference on Recent Trends in Information Technology: Opportunities and
Title: Emerging wireless technologies: Recent advancements and associated security risk
Author: Gaurav Parashar
In this paper, we showcase the latest Wireless Technologies and the security threats emerging
from them. We have addressed the security risk in various Wireless Technologies viz Wireless
Networks (WLAN, WWAN, etc), Bluetooth Technology and other wireless handheld devices. Safe
and secured Wireless networks hold the key to future information sharing and to growth of
Information Technology sector.
Gaurav Parashar is currently a Junior Undergraduate (Third Year Student) at the prestigious
Indian Institute of Technology, Bombay (IIT Bombay). He is pursuing bachelors in Department
of Computer Science and Engineering.
Emerging wireless technologies: Recent advancements and associated security risk
Wireless communications offer organizations and users many benefits such as portability and
flexibility, increased productivity, and lower installation costs. Wireless technologies cover a
broad range of differing capabilities oriented toward different uses and needs. Less wiring means
greater flexibility, increased efficiency, and reduced wiring costs. Ad hoc networks, such as
those enabled by Bluetooth, allow data synchronization with network systems and application
sharing between devices. Bluetooth functionality also eliminates cables for printer and other
peripheral device connections. Handheld devices such as personal digital assistants (PDA) and
cell phones allow remote users to synchronize personal databases and provide access to network
services such as wireless e-mail, Web browsing, and Internet access. Moreover, these
technologies can offer dramatic cost savings and new capabilities to diverse applications ranging
from retail settings to manufacturing shop floors to first responders.
However, risks are inherent in any wireless technology. Some of these risks are similar to those
of wired networks; some are exacerbated by wireless connectivity; some are new. Perhaps the
most significant source of risks in wireless networks is that the technology’s underlying
communications medium, the airwave, is open to intruders, making it the logical equivalent of an
Ethernet port in the parking lot. The loss of confidentiality and integrity and the threat of denial
of service (DoS) attacks are risks typically associated with wireless communications.
Unauthorized users may gain access to agency systems and information, corrupt the agency’s
data, consume network bandwidth, degrade network performance, and launch attacks that
prevent authorized users from accessing the network, or use agency resources to launch attacks
on other networks.
2. Overview of Wireless Technologies
A brief overview of the recent technologies and research in the field of wireless networks,
devices, standards, and security issues is presented in this section. With advances in wireless
technologies, it will become even more sophisticated to control or even reduce the security risks.
2.1 Wireless Networks
Wireless networks serve as the transport mechanism between devices and among devices and the
traditional wired networks (enterprise networks and the Internet). Wireless networks are many
and diverse but are frequently categorized into three groups based on their coverage range:
Wireless Wide Area Networks (WWAN), Wireless Local Area Networks (WLAN), and Wireless
Personal Area Networks (WPAN). WWAN includes wide coverage area technologies such as 2G
cellular, Cellular Digital Packet Data (CDPD), and Global System for Mobile Communications
(GSM), and Mobitex. WLAN, representing wireless local area networks, includes 802.11,
HiperLAN, and several others. WPAN represents wireless personal area network technologies
such as Bluetooth and IR. All of these technologies are “tether-less”—they receive and transmit
information using electromagnetic (EM) waves.
2.2 Wireless Devices
A wide range of devices use wireless technologies, with handheld devices being the most
prevalent form today. This document discusses the most commonly used wireless handheld
devices such as mobile phones, laptops, PDAs, and smart phones.
3. Emerging Wireless Technologies
A lot of technologies have emerged in wireless networks. While wireless networking was a
luxury a few years ago, it has turned into a necessity today. Some new features of 2008 include
Wireless USB and Bluetooth. The USB standard is also getting a wireless makeover, giving us,
predictably enough, Wireless USB (WUSB). It is based on the Ultra WideBand (UWB) platform,
a short-range, high data-rate radio frequency transmission standard. Wireless USB is designed to
give the same performance as USB2 devices (480Mbps) at distances under 3 meters, scaling
down to 110Mbps at distances up to 10 meters. Bluetooth 3.0 is currently also under
development, being built on the UWB protocol. However, unlike WUSB, Bluetooth can use
security to pair devices, which when coupled with the proposed 480Mbps transmission rate,
could make it a serious contender for short-range peripheral connectivity. WirelessHD (WiHD)
and Wireless HDMI (WHDI) are new technologies for transmitting High-Definition videos and
audio signals from one device to another.
4. Emerging Security Standards and Technologies
4.1 Wireless LAN Securities
There have been three major improvements in the WLAN security standards and technologies.
• IEEE 802.11 Task Group i (TGi) have proposed significant modifications to the existing
IEEE 802.11 standard as a long-term solution for security. The TGi is defining additional
ciphers based on the newly released Advanced Encryption Standard (AES). The AES-
based solution will provide a highly robust solution for the future but will require new
hardware and protocol changes.
• For improving WLAN security TGis had provided a short-term solution, namely, WiFi
Protected Access (WPA)—to address the problems of WEP. The group is defining the
Temporal Key Integrity Protocol (TKIP) to address the problems without requiring
hardware changes—that is, requiring only changes to firmware and software drivers.
• IEEE has introduced a new standard, IEEE 802.1X-2001, a generic framework for port-
based network access control and key distribution. By defining the encapsulation of EAP
(defined in RFC 2284) over IEEE 802 media, IEEE 802.1X enables an AP and station to
mutually authenticate one another. Currently new generations of EAP methods are being
developed within the IETF, focused on addressing wireless authentication and key
management issues. These methods support additional security features such as
cryptographic protection of the EAP conversation, identity protection, secure cipher suite
negotiation, tunneling of other EAP methods, etc.
4.2 Wireless PAN and Bluetooth Security
Bluetooth is an ad hoc networking technology. In ad hoc networks, devices maintain random
network configurations formed “on the fly,” relying on a system of mobile routers connected by
wireless links that enable devices to communicate with each other. Bluetooth offers several
benefits and advantages. Bluetooth Technologies need to address security concerns for
confidentiality, data integrity, and network availability.
• Software solutions: Software solutions in Bluetooth technology are the Bluetooth PIN
and private authentication. Bluetooth enforces Bluetooth PINs at the link level. PINs may
be 1 to 16 octets (8 bits to 128 bits) in length, depending on the degree of security
selected by the device user. Bluetooth devices use the PIN, in effect, for device
authentication. Since Bluetooth devices can store and automatically access link-level
PINs from memory, Bluetooth devices are now employing device authentication as an
extra layer of security. Since Bluetooth has established itself in wireless communications
technology, supplemental software solutions (e.g., application security tool kits, robust IP
security, and VPN overlay) have appeared in the marketplace.
• Hardware Solutions: Hardware security solutions for Bluetooth devices are inherent in
the design of the standard itself. Bluetooth uses a device address that is unique to each
device. The device address, a 48-bit identifier—note that this is a 6-byte public parameter
—serves several purposes such as generating 128-bit link keys and encryption keys.
Another hardware solution, inherent in the Bluetooth design, is the use of frequency-
hopping schemes. Frequency-hopping schemes offer protection from burst errors by
continually moving signals in and out of the interference band and by making bit error
corrections using FEC. Frequency-hopping schemes have been thought to protect
authorized users from malicious users by transmitting the signal with a pseudo-random
sequence that moves the signal arbitrarily around the bandwidth, making it very difficult
to track. Modern devices that have Bluetooth applications have employed a form of voice
authentication for security. Voice authentication helps in preventing malicious users from
compromising remote Bluetooth devices and networks.
4.3 Wireless Handheld Devices
Although handheld devices were earlier not viewed as posing security threats, their increased
computing power and the ease with which they can access networks and exchange data with
other handheld devices introduces new security risks to an agency’s computing environment.
Since handheld devices are supporting more networking capabilities now, there is a need to
assess the risks they introduce into the existing computing environment. The recent Technical
Countermeasures for securing wireless handheld devices include various techniques such as
Identification and Authentication, Encryption, Antivirus Software, PKI, VPN and Firewalls.
The benefits of wireless networks are driving the explosive growth of the WLAN market. Since
security has been the single largest concern for wireless network deployment in the corporate
setting, strong security solutions are available to make wireless networks as secure as wired
1. NIST Special Publication 46, Security for Telecommuting and Broadband Communications,
National Institute for Standards and Technology.
2. Norton, P., and Stockman, M. Peter Norton’s Network Security Fundamentals. 2000.
3. White papers, surveys, and reports on wireless network security.
4. Cisco Web site provides information on securing wireless networks (http://www.cisco.com)
5. ZDNet India Magazine Web site provides white papers, surveys, and reports on wireless
network security (http://www.zdnetindia.com)
6. SC Magazine Web site, an information security online magazine provides information on
wireless security issues (http://www.scmagazine.com)