Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used to find them are mobile and easy to access. Securing wireless networks can be difficult because these networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to compromise it. In recent years, a range of technologies and mechanisms have helped makes networking more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related authentication, confidentiality and integrity problems. It discovered that strength of each solution depends on how well the encryption, authentication and integrity techniques work. The work suggested using a Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth comparative analysis of each of the security mechanisms is driven by review of related work in WLAN security solutions.
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
The growing volume of attacks on the Internet has
increased the demand for more robust systems and
sophisticated tools for vulnerability analysis, intrusion
detection, forensic investigations, and possible responses.
Current hacker tools and technologies warrant reengineering
to address cyber crime and homeland security. The being
aware of the flaws on a network is necessary to secure the
information infrastructure by gathering network topology,
intelligence, internal/external vulnerability analysis, and
penetration testing. This paper has as main objective to
minimize damages and preventing the attackers from
exploiting weaknesses and vulnerabilities in the 4 ways
handshake (WIFI).
We equally present a detail study on various attacks and
some solutions to avoid or prevent such attacks in WLAN.
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksChema Alonso
Trabajo realizado para la medición del grado de inseguridad de una red WiFi a la que se conecta un equipo. En él se analizan las medidas de seguridad, el riesgo y los motivos por los que existen las redes WiFi inseguras
A comparitive analysis of wireless security protocols (wep and wpa2)pijans
Wireless local area networks (WLANs) are become popular as they are fast, cost effective, flexible and easy
to use. There are some challenges of security and for IT administrators the choice of security protocol is a
critical issue. The main motive of this paper is to make the non-specialist reader knowledgeable about
threats in the wireless security and make them aware about the disadvantages of wireless security
protocols. WEP (Wired Equivalent privacy), WPA (Wi-Fi Protected Access) and RSN (Robust Security
Network) security protocols are defined and examined here. This security protocols are compared with the
common.
This paper is a comparative analysis of WEP, WPA and WPA2. We have tried to perform and check
authentication of all 3 protocols by implying the legendary attack vector scripts i.e. Air crack set of tools.
The test was conducted on Back Track operating system which is considered as dedicated pentesting
operating system. In the test result, we found out that WEP is the weakest, to which WPA was a temporary
solution and WPA2 is a very solid and long term solution.
This paper is a mixture of wireless security weaknesses and counter measures to the problems faced until
recently. After reading this paper the non specialist reader will have complete review and awareness about
the wireless security and vulnerabilities involved with it.
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISIJNSA Journal
Like most advances, wireless LAN poses both opportunities and risks. The evolution of wireless networking in recent years has raised many serious security issues. These security issues are of great concern for this technology as it is being subjected to numerous attacks. Because of the free-space radio transmission in wireless networks, eavesdropping becomes easy and consequently a security breach may result in unauthorized access, information theft, interference and service degradation. Virtual Private Networks (VPNs) have emerged as an important solution to security threats surrounding the use of public networks for private communications. While VPNs for wired line networks have matured in both research and commercial environments, the design and deployment of VPNs for WLAN is still an evolving field. This paper presents an approach to secure IEEE 802.11g WLAN using OpenVPN, a transport layer VPN solution and its impact on performance of IEEE 802.11g WLAN.
Wireless Networks Security in Jordan: A Field StudyIJNSA Journal
The potential of wireless communications, has resulted in a wide expand of wireless networks. However, the vulnerabilities and threats that wireless networks are subjectedto resulted in higher risk for unauthorized users to access the computer networks.This research evaluates the deployed Wireless Network in Jordan as well as the use of the security setting of the systems and equipment used. Caution will be taken to avoid network access as only existence of the network is sought. Wardriving involve the use of freeware tools such as NetStumbler, or Kismet, which was originally developed to be used for helping network administrators make their systems more secure. Thestudy is carried out through field evaluation of the Wireless Local Area Network (WLAN)in light of the use of Wardriving, and proposessome measures that can be taken to improve securityof the wireless network by the users.
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
The growing volume of attacks on the Internet has
increased the demand for more robust systems and
sophisticated tools for vulnerability analysis, intrusion
detection, forensic investigations, and possible responses.
Current hacker tools and technologies warrant reengineering
to address cyber crime and homeland security. The being
aware of the flaws on a network is necessary to secure the
information infrastructure by gathering network topology,
intelligence, internal/external vulnerability analysis, and
penetration testing. This paper has as main objective to
minimize damages and preventing the attackers from
exploiting weaknesses and vulnerabilities in the 4 ways
handshake (WIFI).
We equally present a detail study on various attacks and
some solutions to avoid or prevent such attacks in WLAN.
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksChema Alonso
Trabajo realizado para la medición del grado de inseguridad de una red WiFi a la que se conecta un equipo. En él se analizan las medidas de seguridad, el riesgo y los motivos por los que existen las redes WiFi inseguras
A comparitive analysis of wireless security protocols (wep and wpa2)pijans
Wireless local area networks (WLANs) are become popular as they are fast, cost effective, flexible and easy
to use. There are some challenges of security and for IT administrators the choice of security protocol is a
critical issue. The main motive of this paper is to make the non-specialist reader knowledgeable about
threats in the wireless security and make them aware about the disadvantages of wireless security
protocols. WEP (Wired Equivalent privacy), WPA (Wi-Fi Protected Access) and RSN (Robust Security
Network) security protocols are defined and examined here. This security protocols are compared with the
common.
This paper is a comparative analysis of WEP, WPA and WPA2. We have tried to perform and check
authentication of all 3 protocols by implying the legendary attack vector scripts i.e. Air crack set of tools.
The test was conducted on Back Track operating system which is considered as dedicated pentesting
operating system. In the test result, we found out that WEP is the weakest, to which WPA was a temporary
solution and WPA2 is a very solid and long term solution.
This paper is a mixture of wireless security weaknesses and counter measures to the problems faced until
recently. After reading this paper the non specialist reader will have complete review and awareness about
the wireless security and vulnerabilities involved with it.
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISIJNSA Journal
Like most advances, wireless LAN poses both opportunities and risks. The evolution of wireless networking in recent years has raised many serious security issues. These security issues are of great concern for this technology as it is being subjected to numerous attacks. Because of the free-space radio transmission in wireless networks, eavesdropping becomes easy and consequently a security breach may result in unauthorized access, information theft, interference and service degradation. Virtual Private Networks (VPNs) have emerged as an important solution to security threats surrounding the use of public networks for private communications. While VPNs for wired line networks have matured in both research and commercial environments, the design and deployment of VPNs for WLAN is still an evolving field. This paper presents an approach to secure IEEE 802.11g WLAN using OpenVPN, a transport layer VPN solution and its impact on performance of IEEE 802.11g WLAN.
Wireless Networks Security in Jordan: A Field StudyIJNSA Journal
The potential of wireless communications, has resulted in a wide expand of wireless networks. However, the vulnerabilities and threats that wireless networks are subjectedto resulted in higher risk for unauthorized users to access the computer networks.This research evaluates the deployed Wireless Network in Jordan as well as the use of the security setting of the systems and equipment used. Caution will be taken to avoid network access as only existence of the network is sought. Wardriving involve the use of freeware tools such as NetStumbler, or Kismet, which was originally developed to be used for helping network administrators make their systems more secure. Thestudy is carried out through field evaluation of the Wireless Local Area Network (WLAN)in light of the use of Wardriving, and proposessome measures that can be taken to improve securityof the wireless network by the users.
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
Nowadays Wireless local area networks (WLANs) are growing very rapidly. Due to the popularity of 802.11 networks, possibilities of various attacks to the wireless network have also increased. In this paper, a special type of attack De-Authentication/disassociation attack has been investigated. In a normal scenario, a wireless client or user sends a de-authentication frame when it wants to terminate the connection. These frames are in plain text and are not encrypted. These are not authenticated by the access point. Attackers take advantage of this, and spoof these packets and disable the communication between the connected client and access point. In this paper, an algorithm based on radio-tap header information is suggested to identify whether there is a De-Authentication attack on the client or not.
1
Table of Contents
Wireless Network Security3
Introduction3
Overview of Wireless Technologies4
Standards of Wireless Specification:6
Security Features6
Wireless Threats7
Wireless Networks Attacks8
Conclusion9
References10
Wireless Network SecurityIntroduction
The wireless technology has been under threat in terms of security because of hacking aspect, the wireless technology has been under threat as the same as the wired network, but on the other hand they are vulnerable to additional risk( Silva, Santos & Nogueira,2015). The wireless network usually transmits data via the radio frequencies that enhance the possibility of tapping the information by threaten invaders if it is not properly protected. The threaten invaders have founded a way to get the access to the wireless system to steal or destroy the original information, the attackers launch strikes which are related to network bandwidth and prevent the authorized users to use their desired services, and they also keep an eye on the conversations that are taking place. For instance, the hackers or threaten invaders successfully get into wireless systems to have access to important information. The project mainly focuses on the IEEE802.11 and IEEE802.16 which are group of standards for wireless local area networks (WLANs) and metropolitan area networks (WMANs) respectively.Overview of Wireless Technologies
The wireless technologies make the gadgets to have communication without any connection physically, implying that they do not need peripheral or network cabling. The wireless range from the complicated environments, for instance mobile networks that includes 3G mobile phones and local area networks, to less complicated gadgets such as microphones without wire, earphones and other gadgets which will not save or process data and usually used for small range procedures like infrared or communications via Bluetooth (BT) (Egners, Herrmann & Meyer,2015).
Typical IP network wireless devices or infrastructure
Access points or base stations
· Station wireless
· Router wireless
Retransmission devices (Sun, Yan, Zhang & Rong, 2015).
· Repeater wireless
· Network bridge wireless
End points
· Cards or adapters wireless
· Laptops
· PDAs
· Mobile telephones
Infrared devices, such as cordless computer keyboards, remote controls and mice all needs a direct line of sight between the receiver and transmitter to complete the link. Even though the infrared communication replaced by BT technology in most of the gadgets, some legacy standard gadgets still use IR for short range communication (Illiano, & Lupu, 2015).
Network classification of wireless networks
Wireless networks act as date transmitter mechanism between other wireless communications and the traditional wired networks. Wireless network can be structured in different ways but they are frequently categorized into 4 main categories based on their coverage range.
· Wireless wide area network (WWAN)
Which invol ...
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
https://www.ijmst.com/
IJMST Volume 1 Issue 1, Manuscript 4
As the popularity of mobile devices and wireless networks significantly increased over the
past years. The wireless adhoc network has now become one of the most vibrant and active
fields of communication and networking research. These networks are a new generation of
networks offering unrestricted mobility without any underlying infrastructure. As their
principle application is in disastrous environments, security is critical. Various challenges are
faced in the adhoc environment, mostly due to the resource poorness of these networks. One
man confront in the design of these networks is their vulnerability to security attacks. The
solutions for conventional networks are usually not sufficient to provide efficient adhoc
operations. Just because of its wireless nature of communication and lack of any security
infrastructure raise several security problems and threats.
In this paper, we briefly review the threats an adhoc network faces and the security goals to
be achieved. Moreover, it also presents existing security schemes used in wireless adhoc
networks in order to handle security threats.
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSIJNSA Journal
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
Throughput Analysis of IEEE WLAN "802.11 ac" Under WEP, WPA, and WPA2 Securit...CSCJournals
WLAN (Wireless Local Area Networks) are gaining their grounds, and widely deployed in organizations, college campuses, public places, and residential areas. This growing popularity of WLAN makes these networks more vulnerable towards attacks and data thefts. Attacker attempts unauthorized access to the network for accessing the sensitive data of the users. Thus, it's necessary to address all the security challenges and its countermeasures using various encryption algorithms to prevent the attacks. However, with the use of security protocols the performance of the WLAN network can be varied. Thus this paper addresses the impact of various security protocols on the WLAN network, keeping throughput as the benchmark for network performance.
IEEE 802.11 ac is the latest wireless standard that operates in 5 Ghz frequency band with higher data rate, compare to its previous standards. This research has also chosen IEEE 802.11 ac standard for investigating the impact of security protocols including WEP (Wired Equivalent Privacy), WPA (WiFi Protected Access), and WPA2 (WiFi Protected Access 2) on throughput of WLAN IEEE 802.11 ac in Windows environment using TCP and UDP traffic for both IP versions (IPv4 & IPv6). The research was launched in a real test-bed setup, with a Client/Server network structure. The results from the experiment showed that the performance of data throughput in the open system were higher comparable to secured systems. However, the results demonstrated that the performance of throughput have different behavior to different security protocols under TCP/UDP traffic with IPV4 & IPV6. A detailed comparison of results in all scenarios is explained in the paper.
A trust-based authentication framework for security of WPAN using network sli...IJECEIAES
New technologies and their seamless wireless interconnectivity bring along many chal- lenges including security and privacy issues that require immediate attention. Wireless personal area networks (WPANs) are characterized by limited energy resources and computing power which call for lightweight security mechanisms in these networks as a mandatory requirement. In this paper, a lightweight trust-based framework for node authentication in WPAN is proposed. Our main objective is to minimise the effort in distinguishing valid requests of trustworthy nodes from invalid requests of malicious nodes that can result in network compromises. We achieve this through network slicing which divides the network into primary and secondary virtual networks. The proposed framework has three-fold benefits. Firstly, it authenticates nodes’ requests based on a novel method of trust value calculation. Secondly, the framework maintains energy efficiency while authenticating nodes’ requests to access WPAN resources. Finally, the framework provides a solution for the biasing problem that can arise due to unexpected behaviour of malicious users in WPANs. The framework efficacy is illustrated by using a case study to show how it can accurately capture trust relations among nodes while preventing malicious behavior.
: While conventional cryptographic security mechanisms are essential to the overall problem, of securing wireless networks, the wireless medium is a powerful source of domain-specific information, that can complement and enhancetraditional security mechanisms . In this work a security paradigms, which exploit physical layer properties of the wireless medium, can enhance confidentiality and authentication services.In essence using the physical layer information available , we are able to continuously authenticate packets at the same layer. However ,this form of security is only possible through physical layer security mechanisms. An approach where wireless devices, interested in establishing a secret key, sample the link signature space in a physical area to collect and combine uncorrelated measurements channel based secrecy algorithms ,based on ITS key derivation protocol, in order to improve existing wireless security system had been laid down and modified as appropriate algorithms.
Composition Assistance - Topic Gun ControlAssignment 2 Your R.docxdonnajames55
Composition Assistance - Topic Gun Control
Assignment 2: Your Research Paper's Annotated Bibliography
Revisit the topic that you listed in your research proposal from Module 1, and do some research. If you have some trouble, you may need to narrow it a bit to find appropriate academic source material. Your selected topic will be the topic for your final paper in this class.
For this assignment, you need to complete an annotated bibliography of the sources you are finding for your research paper. As you continue to work on your project, add to your list, so that when you are ready for your final draft you can remove the unused citations and all annotations. After these things are removed, and your page is re-titled “References,” it will be ready to submit as part of the final paper. Here are the things you should look for in a good annotated bibliography:
· You use at least three university-level resources that are authoritative, correct, unbiased, current, and coherent.
· Your title is “References,” not “Bibliography.” Your authors are listed in alphabetical order, and there is a short explanation after every citation.
· Your citations are APA formatted (with hanging indent) and each needed block of annotation text is in the appropriate order.
· The work is formatted in 12 point, Times New Roman font, with one inch margins all around.
· You offer a description of the source’s usefulness: statistics, clever quote, graph, table, fact, or other relevant information. If a source is not useful, you note that it is not going to be used in your paper.
5
Table of Contents
Wireless Network Security 3
Introduction 3
Overview of Wireless Technologies 4
Standards of Wireless Specification: 6
Security Features 6
Wireless Threats 7
Wireless Networks Attacks 8
Conclusion 9
References 10
Wireless Network SecurityIntroduction
The wireless technology has been under threat in terms of security because of hacking aspect, the wireless technology has been under threat as the same as the wired network, but on the other hand they are vulnerable to additional risk( Silva, Santos & Nogueira,2015). The wireless network usually transmits data via the radio frequencies that enhance the possibility of tapping the information by threaten invaders if it is not properly protected. The threaten invaders have founded a way to get the access to the wireless system to steal or destroy the original information, the attackers launch strikes which are related to network bandwidth and prevent the authorized users to use their desired services, and they also keep an eye on the conversations that are taking place. For instance, the hackers or threaten invaders successfully get into wireless systems to have access to important information. The project mainly focuses on the IEEE802.11 and IEEE802.16 which are group of standards for wireless local area networks (WLANs) and metropolitan area networks (WMANs) respectively.Overview of Wireless Technologi.
Event Management System Vb Net Project Report.pdfKamal Acharya
In present era, the scopes of information technology growing with a very fast .We do not see any are untouched from this industry. The scope of information technology has become wider includes: Business and industry. Household Business, Communication, Education, Entertainment, Science, Medicine, Engineering, Distance Learning, Weather Forecasting. Carrier Searching and so on.
My project named “Event Management System” is software that store and maintained all events coordinated in college. It also helpful to print related reports. My project will help to record the events coordinated by faculties with their Name, Event subject, date & details in an efficient & effective ways.
In my system we have to make a system by which a user can record all events coordinated by a particular faculty. In our proposed system some more featured are added which differs it from the existing system such as security.
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
Maintaining high-quality standards in the production of TMT bars is crucial for ensuring structural integrity in construction. Addressing common defects through careful monitoring, standardized processes, and advanced technology can significantly improve the quality of TMT bars. Continuous training and adherence to quality control measures will also play a pivotal role in minimizing these defects.
More Related Content
Similar to Evaluation of Enhanced Security Solutions in 802.11-Based Networks
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
Nowadays Wireless local area networks (WLANs) are growing very rapidly. Due to the popularity of 802.11 networks, possibilities of various attacks to the wireless network have also increased. In this paper, a special type of attack De-Authentication/disassociation attack has been investigated. In a normal scenario, a wireless client or user sends a de-authentication frame when it wants to terminate the connection. These frames are in plain text and are not encrypted. These are not authenticated by the access point. Attackers take advantage of this, and spoof these packets and disable the communication between the connected client and access point. In this paper, an algorithm based on radio-tap header information is suggested to identify whether there is a De-Authentication attack on the client or not.
1
Table of Contents
Wireless Network Security3
Introduction3
Overview of Wireless Technologies4
Standards of Wireless Specification:6
Security Features6
Wireless Threats7
Wireless Networks Attacks8
Conclusion9
References10
Wireless Network SecurityIntroduction
The wireless technology has been under threat in terms of security because of hacking aspect, the wireless technology has been under threat as the same as the wired network, but on the other hand they are vulnerable to additional risk( Silva, Santos & Nogueira,2015). The wireless network usually transmits data via the radio frequencies that enhance the possibility of tapping the information by threaten invaders if it is not properly protected. The threaten invaders have founded a way to get the access to the wireless system to steal or destroy the original information, the attackers launch strikes which are related to network bandwidth and prevent the authorized users to use their desired services, and they also keep an eye on the conversations that are taking place. For instance, the hackers or threaten invaders successfully get into wireless systems to have access to important information. The project mainly focuses on the IEEE802.11 and IEEE802.16 which are group of standards for wireless local area networks (WLANs) and metropolitan area networks (WMANs) respectively.Overview of Wireless Technologies
The wireless technologies make the gadgets to have communication without any connection physically, implying that they do not need peripheral or network cabling. The wireless range from the complicated environments, for instance mobile networks that includes 3G mobile phones and local area networks, to less complicated gadgets such as microphones without wire, earphones and other gadgets which will not save or process data and usually used for small range procedures like infrared or communications via Bluetooth (BT) (Egners, Herrmann & Meyer,2015).
Typical IP network wireless devices or infrastructure
Access points or base stations
· Station wireless
· Router wireless
Retransmission devices (Sun, Yan, Zhang & Rong, 2015).
· Repeater wireless
· Network bridge wireless
End points
· Cards or adapters wireless
· Laptops
· PDAs
· Mobile telephones
Infrared devices, such as cordless computer keyboards, remote controls and mice all needs a direct line of sight between the receiver and transmitter to complete the link. Even though the infrared communication replaced by BT technology in most of the gadgets, some legacy standard gadgets still use IR for short range communication (Illiano, & Lupu, 2015).
Network classification of wireless networks
Wireless networks act as date transmitter mechanism between other wireless communications and the traditional wired networks. Wireless network can be structured in different ways but they are frequently categorized into 4 main categories based on their coverage range.
· Wireless wide area network (WWAN)
Which invol ...
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
https://www.ijmst.com/
IJMST Volume 1 Issue 1, Manuscript 4
As the popularity of mobile devices and wireless networks significantly increased over the
past years. The wireless adhoc network has now become one of the most vibrant and active
fields of communication and networking research. These networks are a new generation of
networks offering unrestricted mobility without any underlying infrastructure. As their
principle application is in disastrous environments, security is critical. Various challenges are
faced in the adhoc environment, mostly due to the resource poorness of these networks. One
man confront in the design of these networks is their vulnerability to security attacks. The
solutions for conventional networks are usually not sufficient to provide efficient adhoc
operations. Just because of its wireless nature of communication and lack of any security
infrastructure raise several security problems and threats.
In this paper, we briefly review the threats an adhoc network faces and the security goals to
be achieved. Moreover, it also presents existing security schemes used in wireless adhoc
networks in order to handle security threats.
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSIJNSA Journal
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
Throughput Analysis of IEEE WLAN "802.11 ac" Under WEP, WPA, and WPA2 Securit...CSCJournals
WLAN (Wireless Local Area Networks) are gaining their grounds, and widely deployed in organizations, college campuses, public places, and residential areas. This growing popularity of WLAN makes these networks more vulnerable towards attacks and data thefts. Attacker attempts unauthorized access to the network for accessing the sensitive data of the users. Thus, it's necessary to address all the security challenges and its countermeasures using various encryption algorithms to prevent the attacks. However, with the use of security protocols the performance of the WLAN network can be varied. Thus this paper addresses the impact of various security protocols on the WLAN network, keeping throughput as the benchmark for network performance.
IEEE 802.11 ac is the latest wireless standard that operates in 5 Ghz frequency band with higher data rate, compare to its previous standards. This research has also chosen IEEE 802.11 ac standard for investigating the impact of security protocols including WEP (Wired Equivalent Privacy), WPA (WiFi Protected Access), and WPA2 (WiFi Protected Access 2) on throughput of WLAN IEEE 802.11 ac in Windows environment using TCP and UDP traffic for both IP versions (IPv4 & IPv6). The research was launched in a real test-bed setup, with a Client/Server network structure. The results from the experiment showed that the performance of data throughput in the open system were higher comparable to secured systems. However, the results demonstrated that the performance of throughput have different behavior to different security protocols under TCP/UDP traffic with IPV4 & IPV6. A detailed comparison of results in all scenarios is explained in the paper.
A trust-based authentication framework for security of WPAN using network sli...IJECEIAES
New technologies and their seamless wireless interconnectivity bring along many chal- lenges including security and privacy issues that require immediate attention. Wireless personal area networks (WPANs) are characterized by limited energy resources and computing power which call for lightweight security mechanisms in these networks as a mandatory requirement. In this paper, a lightweight trust-based framework for node authentication in WPAN is proposed. Our main objective is to minimise the effort in distinguishing valid requests of trustworthy nodes from invalid requests of malicious nodes that can result in network compromises. We achieve this through network slicing which divides the network into primary and secondary virtual networks. The proposed framework has three-fold benefits. Firstly, it authenticates nodes’ requests based on a novel method of trust value calculation. Secondly, the framework maintains energy efficiency while authenticating nodes’ requests to access WPAN resources. Finally, the framework provides a solution for the biasing problem that can arise due to unexpected behaviour of malicious users in WPANs. The framework efficacy is illustrated by using a case study to show how it can accurately capture trust relations among nodes while preventing malicious behavior.
: While conventional cryptographic security mechanisms are essential to the overall problem, of securing wireless networks, the wireless medium is a powerful source of domain-specific information, that can complement and enhancetraditional security mechanisms . In this work a security paradigms, which exploit physical layer properties of the wireless medium, can enhance confidentiality and authentication services.In essence using the physical layer information available , we are able to continuously authenticate packets at the same layer. However ,this form of security is only possible through physical layer security mechanisms. An approach where wireless devices, interested in establishing a secret key, sample the link signature space in a physical area to collect and combine uncorrelated measurements channel based secrecy algorithms ,based on ITS key derivation protocol, in order to improve existing wireless security system had been laid down and modified as appropriate algorithms.
Composition Assistance - Topic Gun ControlAssignment 2 Your R.docxdonnajames55
Composition Assistance - Topic Gun Control
Assignment 2: Your Research Paper's Annotated Bibliography
Revisit the topic that you listed in your research proposal from Module 1, and do some research. If you have some trouble, you may need to narrow it a bit to find appropriate academic source material. Your selected topic will be the topic for your final paper in this class.
For this assignment, you need to complete an annotated bibliography of the sources you are finding for your research paper. As you continue to work on your project, add to your list, so that when you are ready for your final draft you can remove the unused citations and all annotations. After these things are removed, and your page is re-titled “References,” it will be ready to submit as part of the final paper. Here are the things you should look for in a good annotated bibliography:
· You use at least three university-level resources that are authoritative, correct, unbiased, current, and coherent.
· Your title is “References,” not “Bibliography.” Your authors are listed in alphabetical order, and there is a short explanation after every citation.
· Your citations are APA formatted (with hanging indent) and each needed block of annotation text is in the appropriate order.
· The work is formatted in 12 point, Times New Roman font, with one inch margins all around.
· You offer a description of the source’s usefulness: statistics, clever quote, graph, table, fact, or other relevant information. If a source is not useful, you note that it is not going to be used in your paper.
5
Table of Contents
Wireless Network Security 3
Introduction 3
Overview of Wireless Technologies 4
Standards of Wireless Specification: 6
Security Features 6
Wireless Threats 7
Wireless Networks Attacks 8
Conclusion 9
References 10
Wireless Network SecurityIntroduction
The wireless technology has been under threat in terms of security because of hacking aspect, the wireless technology has been under threat as the same as the wired network, but on the other hand they are vulnerable to additional risk( Silva, Santos & Nogueira,2015). The wireless network usually transmits data via the radio frequencies that enhance the possibility of tapping the information by threaten invaders if it is not properly protected. The threaten invaders have founded a way to get the access to the wireless system to steal or destroy the original information, the attackers launch strikes which are related to network bandwidth and prevent the authorized users to use their desired services, and they also keep an eye on the conversations that are taking place. For instance, the hackers or threaten invaders successfully get into wireless systems to have access to important information. The project mainly focuses on the IEEE802.11 and IEEE802.16 which are group of standards for wireless local area networks (WLANs) and metropolitan area networks (WMANs) respectively.Overview of Wireless Technologi.
Event Management System Vb Net Project Report.pdfKamal Acharya
In present era, the scopes of information technology growing with a very fast .We do not see any are untouched from this industry. The scope of information technology has become wider includes: Business and industry. Household Business, Communication, Education, Entertainment, Science, Medicine, Engineering, Distance Learning, Weather Forecasting. Carrier Searching and so on.
My project named “Event Management System” is software that store and maintained all events coordinated in college. It also helpful to print related reports. My project will help to record the events coordinated by faculties with their Name, Event subject, date & details in an efficient & effective ways.
In my system we have to make a system by which a user can record all events coordinated by a particular faculty. In our proposed system some more featured are added which differs it from the existing system such as security.
Quality defects in TMT Bars, Possible causes and Potential Solutions.PrashantGoswami42
Maintaining high-quality standards in the production of TMT bars is crucial for ensuring structural integrity in construction. Addressing common defects through careful monitoring, standardized processes, and advanced technology can significantly improve the quality of TMT bars. Continuous training and adherence to quality control measures will also play a pivotal role in minimizing these defects.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Democratizing Fuzzing at Scale by Abhishek Aryaabh.arya
Presented at NUS: Fuzzing and Software Security Summer School 2024
This keynote talks about the democratization of fuzzing at scale, highlighting the collaboration between open source communities, academia, and industry to advance the field of fuzzing. It delves into the history of fuzzing, the development of scalable fuzzing platforms, and the empowerment of community-driven research. The talk will further discuss recent advancements leveraging AI/ML and offer insights into the future evolution of the fuzzing landscape.
Vaccine management system project report documentation..pdfKamal Acharya
The Division of Vaccine and Immunization is facing increasing difficulty monitoring vaccines and other commodities distribution once they have been distributed from the national stores. With the introduction of new vaccines, more challenges have been anticipated with this additions posing serious threat to the already over strained vaccine supply chain system in Kenya.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Evaluation of Enhanced Security Solutions in 802.11-Based Networks
1. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
DOI : 10.5121/ijnsa.2014.6403 29
Evaluation of Enhanced Security Solutions in
802.11-Based Networks
Ajah Ifeyinwa Angela
Department of Computer Science, Ebonyi State University Abakaliki, Nigeria
ABSTRACT
Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially
vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used
to find them are mobile and easy to access. Securing wireless networks can be difficult because these
networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to
compromise it. In recent years, a range of technologies and mechanisms have helped makes networking
more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related
authentication, confidentiality and integrity problems. It discovered that strength of each solution depends
on how well the encryption, authentication and integrity techniques work. The work suggested using a
Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth
comparative analysis of each of the security mechanisms is driven by review of related work in WLAN
security solutions.
KEYWORDS
AES, Attacks, CCMP, IPSec, Radius, SSL, TKIP, VPN
1. INTRODUCTION
Wireless network has gained wide deployment due to numerous benefits such as user mobility,
rapid and cheap installation, flexibility, scalability, and increased productivity it offers. In
addition, rapid advances in this technology with improved capabilities which is seen in third
generation (3G) and fourth generation (4G) wireless devices make it attractive for enterprise to
run their business. However, the use of this novel technology does not go without security risk.
802.11 network also referred to as WLAN is challenged by lack of physical protection in the
medium. Moreover, the fact that WLAN device are ship with all security features disabled make
it a playground for hackers to tread on. Higher percentage of these hacker use to to access internet
freely and others use it for malicious activites. Traditional WLAN that relies on WEP has security
flaws that were revealed in FMS attack (2001), Korek attack (2004), PTW attack (2007), and
ChopChop attack (2008), [1]. The consequences of unsecured WLAN are very dangerous to
users and business enterprise. Attacks pepertrated on the networks have adverse effects on both
individual users and business enterprises. Currently, the availability of more secured security
solutions and security deployment best practises has greatly addressed security issues of the
legacy protocols. This has made many wireless deployments to be probably more secure than the
wired LAN. This is possible because many of the IEE802.11 standards (802.1X, 802.11i) offer
security features designed to resolve long standing weakness or address newly discovered ones.
Researchers have proved the standards to be vulnerable and these are cited in section two of this
work. To the best of my knowledge this is the first worked that holistically surveyed and
evaluated the outcome of these past researches on security protocols; 802.1X, WPA , WPA2 ,in
juxtaposition to VPN SSL, and VPN IPsec. The objectives of the study are; to give the reader a
2. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
30
solid grounding in enhanced WLAN security concepts and technologies solutions at a glance. It
will equally allow the network administrator to fully assess the risks associated with using
wireless and how to mitigate the risks. The main significance of this work is to inform and
encourage WLAN users to adopt security measures and best practices that help bring down their
risks to a manageable level. The discussion is focused on their operations, performance impact,
limitations, possible attacks on them and recommendation of biometric integration on the solution
and best practices for addressing threats to WLAN. This work did not discuss WEP but provided
good references for accessing details in WEP. The performance metrics used is based on Strength
of algorithm used in encryption, authentication and integrity, and are weighted on a four point
(weak, strong, fairly strong and very strong). In addition, susceptibility to attacks, and cost of
implementation are also indicated. The key highlight of the work is that there is no one solution
that guarantees highly secured network. WLAN requires implementing security at all wireless
security layers which include wireless signal security, connection security, data protection, device
security, network protection, and end user protection. The work is presented in the following
order: Reviewed literature on WLAN attacks and solutions is done in section2. Section 3 gives an
overview of enhanced WLAN security solutions. Section 4 presents the comparison of WLAN
security Protocols. This document presumes that readers have understanding of WLAN
architecture, possible attacks on them and flaws in WEP and the details on the aforementioned
background knowledge can be accessed in [2][3]. Readers are encouraged to tailor the solutions
and recommended guidelines to meet their specific security and business requirements.
2. LITERATURE REVIEW
The IEEE 802.11 standards and several researchers have made significant contributions on
WLAN security aspects. It was examined in [4] how users from the general public understand and
deal with privacy threats associated with Wi-Fi use. It was found that users lack knowledge of
immediate risks, and this made them unmindful of privacy and security in using Wifi. It was
recommended that privacy and Wifi security problem can be effectively handled through end-
user awareness tools and improving wifi infrastructure. An approach for providing an end-to-end
wireless security for local area network client/server environment was proposed and
implemented in [5]. Performance of encryption algorithms— Rivest Cipher 4 (RC4) and
Advanced Encryption Standard (AES) in terms of time, memory and power were evaluated for
different devices, key sizes, and the cryptographic algorithms with and without transmission. The
result of the work showed that both RC4 and AES performed similarly in just about all cases. But
when transmission of data is considered, RC4 performed slightly better than AES in lightweight
devices such as on pocket PC that have very limited processing power and memory. The results
question the reality of relying on secret key crypto system in establishing credentials and data
protection. A research by [6] on IEEE 802.11-2007 Media Access Control (MAC) security in
union to IPsec concludes that the security provided by the 802.11 standard is successful in
defending against many popular attacks including: session hijacking, denial-of-service attacks
against the authenticator, man-in-the-middle attacks, forgery attacks, data manipulation attacks,
fragmentation attacks, iterative guessing attacks, redirection attacks, and impersonation attacks
but denial-of service attacks against the supplicant are still possible to achieve. The paper
concludes that implementing Internet Protocol Security (IPsec) concepts in any part of the Robust
Security Network Association (RSNA) would successfully prevent denial-of-service attacks.
IPSec is aimed at Denial of service (DoS) attacks, Spoofing attacks and Man-in-the-middle
attacks (MITMs). It was report in [7] that Verisign has issued two digital certificates to someone
who improperly posed as a representative of Microsoft. This indicates that a sufficiently
motivated attacker’s ability to forge credentials may exceed the ability of the Public Key
Infrastructure (PKI) provider to detect them. There is need to adopt in IPSec, a mechanism that
permits secure administration and distribution of keys such that public keys are associated to
intended entities that owns them. WPA and IEEE 802.11i was evaluated in [8] to be robust to a
3. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
31
lot of attacks. However, they presented scenarios that produce a DoS attack and DoS flooding
attacks on these protocols and finally proposed Static and Dynamic 4-WayHandshake solutions to
avoid the attacks. Secure Angle enabled access point that uses angles of arrival (AoA) was
designed to operate alongside existing wireless security protocols to enable a “virtual fence” that
drops frames injected into the network from a client physically located outside a building, and
prevent malicious parties from spoofing the link-layer address of legitimate clients. In preventing
spoofing attack, the administrator manually certifies a legitimate client’s signature and compares
it against the incoming packets. They envisaged a challenge of signatures changing to some
degree when obstacles in the environment move, and therefore are of the opinion that signatures
must be tracked and updated. However, the exact signature specifications are left as an open
research question [9]. In my own view, it appears that the Secure Angle will work on only
802.11n APs as there is no statement on whether other IEEE 802.11 specifications such as
802.11a, 802.11b, and 802.11g can support the system. Also I perceived that this approach does
not support user mobility which is one of the benefit of WLAN. Address Resolution Protocol
(ARP) [10] spoofing was demonstrated on WPA-enabled network and the work equally showed
that in a real world scenario, using strong password in WPA network is brekable [1]. It was
argued in [11] that WPA was not really cracked. According to him, the vulnerability seen in
WPA was due to a poor deployment of WPA-PSK. He stated that a simple 10-character alpha-
numeric random PSK (or greater) will make WPA unable to be cracked with dictionary attacks.
The benefits of Wi-Fi Protected Access 2 (WPA2) over previous protocols and the vulnerabilities
was explored in [12]. Available modes to secure a wireless network using the WPA2 protocol
were also discussed. Suggestions on how the protocol vulnerabilities might be addressed through
enhancements or new protocols were made. Patch solution and a new algorithm for dummy
authentication key-establishment was proposed in [13]. Study conducted by [14] demonstrated
weakness in nonce construction and transmission mechanism used in Counter Mode with Cipher
Block Chaining Message Authentication Code Protocol (CCMP) that made it vulnerable to time
memory trade off (TMTO) pre-computation attack. The solution on how the attack can be
prevented was not given. A biometrics approach to WLAN security was presented in [15], in
which user’s iris was used by the network server for authentication.
3. OVERVIEW OF WLAN SECURITY EXTENSIONS
Service Set Identifier (SSID), MAC Address Filtering and wired equivalent protocol (WEP) were
the original 802.11 specifications by the IEEE for securing WLAN. These mechanisms lead to a
number of practical attacks that demonstrate their failure to achieving security goals. Alternative
security mechanisms such as 802.Ix, 802.11i, SSL, and IPsec, were created to enhance WLAN
security and are discussed below. Virtual Private Networks (VPN) is deployed in an enterprise
wired network for secured data transmission. Its success made it attractive to wireless developers
and administrators as security option in an enterprise WLANs
VPN technology provides three levels of security; Authentication, Encryption and Data
authentication. VPN server authenticates every user that uses VPN client to connect to the
WLAN. It provide data confidentiality by encrypting the traffic passing through the secure tunnel
created on top of the in-secured internet medium. It also guarantees that all traffic is from
authenticated devices. The network topology diagram in Fig. 1 presents a hybrid solution where
both VPN and Wi-Fi security are deployed in an enterprise network.
4. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
32
Figure 1. VPN and Wi-Fi security
The VPN gateway permits secured access for internet users and the access points offers secured
connectivity for local devices. Wi-Fi association is granted through access control and
authentication. Encryption occurs at layer two and above and is hardware based. Centralized
RADIUS authentication model is implemented here, in which the network access devices (access
points and VPN gateway ) forward RADIUS authentication requests to the RADIUS server for
verification. This is used to provide true single sign-on for both Wi-Fi and VPN security.
3.1. IPsec
IPsec is “a framework of open standards for ensuring secure private communications over IP
networks through the use of cryptographic security services.” It consists of two separate security
protocols, Authentication Header (AH) and Encapsulated Security Protocol (ESP) that ensures the
authenticity and integrity of the data. AH authenticates packets by signing them. The signature is
specific to the packet being transmitted, and therefore prevents the data from being modified
(integrity). In addition to handling the authenticity and integrity of data ESP ensures data
confidentiality through encryption, digital signature, and/or secure hashes. When AH and ESP are
implemented together the entire packet is authenticated. IPSec uses Internet Key Exchange (IKE)
mechanism to authenticate end users and manage secret keys by providing a secure exchange of a
pre-shared key before IPSec transmissions begin. IKE is not reliable and could end up in a dead
state. Dead-Peer-Detection was an improvement in IKE to handle dead state occurrence due to
reliability flaws. IPSec uses security association (SA) to describe how parties will use AH and
encapsulating security payload to communicate. The SA can be established through manual
intervention or by using the Internet Security Association and Key Management Protocol
(ISAKMP). ISAKMP approach has advantage over IKE; duplication of functionality in each
security protocol is minimal and it uses little time in setting up Communication. IPSec is a widely
used VPN protocol. IPSec VPNs can be deployed in either transport mode or tunnel mode. In
transport mode the IPSec-protected data is carried in IP packets that use the original IP addresses
of the two VPN peers. Transmission here is faster since the IP headers are not encrypted, and the
packets are smaller. The disadvantage in this mode is that a hacker can sniff the network and
gather information about end parties. The Tunnel mode encapsulates and encrypts all IP packets
and ensures end-to-end transmission using new IP header of the two VPN peers. Tunnel mode is
used in host-to gateway or gateway-to-gateway VPNs. IPsec uses Triple DES (3DES), or
Advanced Encryption Standard (AES) to ensure confidentiality of IP traffic.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
33
3.2. Secure Socket Layer (SSL)
SSL consists of two protocols, the SSL record protocol that defines the format used to transmit
data and the SSL handshake protocol that uses the record protocol to exchange messages between
the SSL-enabled server and the client when they establish a connection [7]. SSL is used in VPN
to protect transmitted data. SSL VPN solution for WLAN provides the following functionality;
Centralized security and management, strong and scalable data encryption for maximum security
and to secure most sensitive transactions such as online banking on the Internet, “auto reconnect.”
feature of SSL VPN supports mobility of users, scalability and provides endpoint security. SSL
addresses the need of confidentiality integrity and authentication. Confidentiality is achieved by
using public key cryptography. Data integrity is preserved by performing a special calculation
(hash function) on the contents of the message and storing the result with the message itself. The
SSL protocol uses Message authentication codes (MAC) to provide data integrity. It uses Ron
Rivest,Adi Shamir, and Leonard Adleman (RSA) algorithm for encryption. The result of the
algorithm depends both on the message and the key used. The attacker has no access to the key,
and therefore lacks capacity to modify both the message and the digest. SSL uses digital
certificates for authentication. Digital certificates contains information such data as the server’s
name, public encryption key, and the trusted Certificate Authority (CA).
Connection between the client and server is negotiated through a handshake procedure. Here, the
client connects to the SSL-enabled server and requests that the server sends back information in
the form of a digital certificate. The server can require the client to present a valid certificate as
well but this is optional. The client checks the validity of the server certificate. When the
handshake phase ends, data exchanged between the client and server is then used with hashing
functions to generate session keys that are used for encryption, decryption and tamper detection
of data throughout the SSL session. According to [16], quantum cryptography that relies on
photon and uses key longer than 128-bit or 256-bit keys will provide better protection than RSA
algorithm. It will make data communication potentially unhackable and guarantee security
against future computer improvements.
3.3. 802.IX/EAP
IEEE 802.IX is specified for port-based network access control for wired networks and has been
extended for use in wireless networks. It provides user-based authentication, access control and
implements Extensible Authentication Protocol (EAP), which was originally designed for Point-
to Point Protocol (PPP). EAP is a layer 3 protocol and can use any authentication mechanism to
add flexibility to 802.1X . 802.IX uses;
1. The Supplicant: A station that requests access to the network offered by the authenticator.
It dialogue with the authentication server through the authenticator.
2. The Authenticator: Typically a wireless access point that controls the state of each port
(open/close) and mediates an authentication session between the client and the
authentication server.
3. The Authentication Server: This is a Remote Authentication Dials In User Service
(RADIUS) server that do the authentication process for the authenticato.
802.1X and EAP approach are characterized by three main elements that make it better than the
basic 802.11 securities. They are:
1. Mutual authentication between client and authentication (Remote Access Dial-In user
Service (Radius) server.
6. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
34
2. Encryption keys dynamically derived after authentication
3. Centralized policy control, that stimulate re-authentication and fresh encryption key
generation when a session expires.
EAP Authentication Process is shown in Fig.2 and the sequence of events are numbered
1-9.
Figure 2. EAP Authentication Process
Here, user login credentials must be provided through an EAP supplicant before wireless client
can associate with access point. When association is established, the client and the RADIUS
mutually authenticate each other via the access point. The RADIUS server and the client then
determine a session key (WEP key) that it distinct to the client. The RADIUS server sends the a
session key to the access point via the wired LAN. The access point in turn, encrypts its broadcast
key with the session key and sends the encrypted key to the client. The client uses the session key
to decrypt it. These keys are valid for all communications during the remainder of the session or
until the session expires. A new WEP key is then generated. The session key and broadcast key
are changed at regular intervals and can be configured on the access point. Different types of
EAP that can be used in wireless network for user authentication include LEAP_Cisco Wireles
(LEAP), EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), EAP-tunneled TLS
(EAP-TTLS) and EAP-Subscriber.
3.4. IEEE 802.11i
IEEE 802.11i defines Robust Security Network (RSN)” [17] that is aimed solving the problems
in 802.11b and WEP which include Poor Privacy, lack of encryption key management, Weak
authentication and authorization and no Accounting. The RSN adopts an approach that grants the
authenticated entity a set of privileges for a limited amount of time. Devices joining in a RSN
need to support Counter Mode-CBC MAC protocol (CCMP), a protocol built around the
IEEE802.1X standard for access control and AES. These two protocols made RSN a stronger and
scalable solution [17]. WEP users using RC4 requires hardware upgrades to join CCMP users. To
address this problem RSN allows the use of Temporal Key Integrity Protocol (TKIP), which
allows WEP systems to be upgraded to be secure. To support the transition from WEP to TKIP, a
network model called transition security network was defined. Transition security Network allows
pre-robust security Network associations. This means that WEP users using RC4 can coexist
within the same wireless local area network with CCMP users who use AES and TKIP users who
use RC4 and security enhancements [18].
7. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
35
3.5. Temporal Key Integrity Protocol (TKIP)
TKIP was temporally provided to mitigate the security challenge of WEP in combination with
802.1x authentication and EAP-TLS. It uses 802.IX for key management and establishment.
TKIP uses a key scheme based on RC4, but extends this key hierarchy to include a key hash
function, and a message integrity check (MIC). The key hash function reduces the exposure of the
master secret and to provide per-packet key mixing. TKIP hashes the combination of the IV
value, the data encryption key (derived from the master secret), and the MAC address to form the
traffic key. This mechanism addresses the WEP problem and then reduces the ability of the
related key attack.
3.6. Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access is a WLAN data encryption method that uses TKIP to alleviate WEP key
flaw by generating a new 128-bit per packet transmitted. [3]. WPA enhances WEP by adding a re-
keying mechanism to provide a fresh encryption and integrity key. Temporal keys are changed for
every 10,000 packets. This makes it much harder to crack TKIP keys than with WEP. In WPA, a
temporal encryption key, transmit address and TKIP Sequence Counter (TSC) form the input to
the RC4 algorithm that generates a keystream. MAC Service Data Unit (MSDU) and Message
Integrity Check (Michael) are combined using the Michael algorithm. The combination of the
MSDU and the MIC is fragmented to generate MAC Protocol Data Units, which is MPDU. From
the MPDU, a 32-bit Integrity Check Value is calculated for the MPDU. The combination PDU
and the ICV is bit-wise exclusive ORed with a keystream to produce the encrypted data. The IV is
added to the encrypted data to generate the MAC frame. According to [19], Michael is not a very
strong algorithm. However, it was the best choice given the constraints.
3.7. WPA2
This is an enhancement to WPA. It uses AES algorithm for encryption which is stronger than
TKIP. AES in combination with Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP) provide high level security to WLAN. The CCMP
algorithm creates message integrity code (MIC) to protect data integrity. WPA2 supports both
Enterprise mode and Personal mode. WPA2 Personal uses a set of password. WPA2 Enterprise
uses EAP and a RADIUS server for centralized client authentication using multiple authentication
methods such as token cards, Kerberos, and certificates.
Figure 3. WPA2 CCMP Procedure
During the CCMP procedure, the MAC header produces additional authentication data (AAD)
that is added to the CCM encryption process. This protects the frame against alteration of the non
encrypted portions of the frame. A sequence packet number PN is included in the CCMP header
8. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
36
to protect against replay attacks. The PN and the portions of the MAC header are used to generate
a nonce that is turned, is used by the CCM encryption process. In WPA and WPA2 keys are
derived during the four-way handshake shown in Fig. 4 Encryption keys are derived from the
Pairwise Master Key. The PMK is derived during the EAP Authentication Session. In the EAP
success message, the Pairwise Master Key is sent to the access point, but it is not directed to the
Wi-Fi client as it has derived its own copy of the Pairwise Master Key.
Figure 4. The Four-Way Handshake
1. A client uses the nonce sent by the access point to generate the Pairwise Transient Key
(PTK).
2. The client responds with its own nonce value, an Snonce, to the access point together
with a message integrity check code which is Michael.
3. The access point sends the groupwise transient key (GTK) and a sequence number
together with another MIC which is used in the next broadcast frames.
4. The client confirms that the temporal keys are installed.
4. DISCUSSION
Table 1 presented different security standards and solutions such as 802.1x, 802.11i, VPN based
SSL and VPN based IPSec, as enhancement to WEP which has several flaws that make the
systems that implemented it vulnerable to attackers.
Table 1. Enhanced Wlan Security Comparison
802.1x 802.11i
SSL based
VPN
IPsec
based VPN
EAP with TKIP WPA WPA2
FEATURES LEAP PEAP TLS
Encryption
algorithm
RSA key
exchange
3DES or
AES
RC4 RC4 RC4 RC4-TKIP AES-
CCMP
Key length 1024- 4096
bit
168/128,
192, 256 bit
128 bit 128 bit 128 bit 128 bit 128-192-
256 bit
IV length 48 bit 48 bit
Authentication Mutual Mutual Mutual Mutual Mutual Mutual Mutual
Certificate
requirements
SSL-
enabled
Server
Optional NONE RADIUS
server
RADIUS
server/
WLAN
client
RADIUS
serve
RADIUS
serve
Packet
Integrity
MAC MD5-
HMAC/
SHA-
HMAC
CRC-
32/MIC
CRC-
32/MIC
CRC-
32/MIC
MIC CCM-
MIC
Key type Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic
Key
distribution
Digital
certificate
Dynamic Dynamic Dynamic Dynamic Dynamic
9. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
37
Single sign-on
support
Yes Yes Yes No Yes Yes Yes
Open standard NO Yes No IETF draft
RFC
Yes IEEE
802.11i
IEEE
802.11i
ATTACKS
MITM (active
attacks)
Alleviated Vulnerable Alleviated Alleviated Alleviated Vulnerable Alleviated
Dos Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Alleviated
Rogue access
points
Alleviated Alleviated Alleviated Alleviated Vulnerable Alleviated
Passive
attacks (FMS
paper)
Alleviated Alleviated Alleviated Alleviated Alleviated Vulnerable Alleviated
Brute-force
dictionary
attacks
Vulnerable Alleviated Vulnerable
with weak
password
Alleviated Alleviated Vulnerable
with weak
password
Alleviated
Authentication
forging
Alleviated Alleviated Alleviated Alleviated Alleviated Vulnerable
with weak
password
Alleviated
OSI LAYER Layer 4 Layer 3 Layer 3 Layer 3 Layer 4 Layer 2 Layer 2
These enhanced solutions offer security at different layers of Open System Interconnect (OSI)
model and provide confidentiality, integrity, authenticity and availability which is the basic
security requirements needed in a secured network. Each uses encryption algorithm and
authentication algorithm shown in the table to ensure secured network. The performance of any
of the solutions is dependent on the algorithm and protocols supported. Key length supported by
each of these WLAN solutions are shown in the table. Authentication between client and server is
mutual but in SSL Client authentication is optional. Using a password-based scheme should
require the use of some form of mutual authentication so that the authentication process is
protected against brute-force dictionary attacks. Brute-force dictionary attacks against LEAP can
be mitigated if strong password is used. It is a good practise for IT administrators to reduce the
number of login attempts before an account is locked. Users should be educated on the danger of
passing out their username and password to any screen that pop up. The use of one time token
should be adopted in build application that run online. When implementing EAP, dictionary
attacks can be avoided by using non-password-based schemes such as biometrics, certificates,
OTP, Smart Cards, and token cards.
According to [12], WPA2 is vulnerable to RF jamming attack, Layer 2 session hijacking and data
flooding attack. In addition, management frames report network topology and modify client
behaviour. This facilitates the ability of an attacker to see network layout, discover device
location and launch Denial of Service (DoS) attacks. Various researches reviewed in section 2 of
this work show that the enhanced solutions and standards are still vulnerable to various attacks
they are meant to fight but has made hacking process difficult for the attacker. Unless
administrators protect their wireless infrastructure with proven tools and techniques, engage in
security awareness training, establish standards and policies that identify proper deployment and
security methodology, the integrity of wireless networks will be threatened.
The nature of Wireless communication (over the air) made it vulnerable to passive, active, MITM
,and jamming attacks. A passive attack occurs when someone eavesdrops on network traffic.
Cheap availability of wireless network adapter that supports promiscuous mode as well as easily
available tools such as Network Monitor in Microsoft products, TCPDump in Linux-based
products, NetStumbler, or AirSnort which can be used to capture network traffic for analysis
make detecting and reporting on wireless networks a hobby for many wireless wardriving
enthusiasts. Disabling SSID broadcast will make the AP not respond to “empty set”SSID beacons
and will consequently be “invisible” to network traffic analysis tools. However, it is still possible
to capture the “raw”802.11b frames and decode them using programs such as Wireshark
10. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
38
(formerly Ethereal) and Wild Packet’s AiroPeek to determine the information. Once an attacker
has gained sufficient information from a passive attack, they can launch an active such as
spoofing, DoS, flooding attacks, introduction of malware and the theft of devices against the
network. DoS and flooding attacks can take place once an attacker has authenticated and
associated with a wireless network. This can be achieved through the placement and use of rogue
access points that prevent wireless traffic from being forwarded properly. Placing a rogue AP
within range of a wireless station is a wireless-specific variation of a MITM attack. This attack
can be used to gain valuable information about a wireless network, such as authentication
requests, the secret key, read private data from a session or to modify the packets thus violating
the integrity of a session. Because of their undetectable nature, the only defense against rogue
APs is vigilance through frequent site surveys (using tools such as directional or parabolic dish
antennae, GPS receivers NetStumbler, Wireshark. and AiroPeek,) and physical security. Rogue
access point detection provide a first-level of defence against someone exploiting an access point,
but even if they do exploit it, deploying SSL VPN will provide additional layer of security
through protection of critical applications and data. It should be noted that NetStumbler will not
identify other DoS attacks or other non-networking equipment that is causing conflicts (such as
wireless telephones, wireless security cameras, amateur TV (ATV) systems, RF-based remote
controls, wireless headsets, microphones and audio speakers, and other devices that use the 2.4
GHz frequency). Spoofing and unauthorized attacks can be protected using MAC filtering to
allow only clients that possess valid MAC addresses to access the wireless network. However,
MAC addresses are sent in the plain on wireless networks and therefore can easily be changed
using edit of the registry in windows or a root shell command in UNIX. A better protection
requires the following additional measures; using RADIUS or SecurID, use of VPN to access the
wired network, allow only SSH access or SSL-encrypted traffic into the network and use of
firewall to isolate unwanted access.
4.1. Enhanced 801.11 Security Protocols Performance Evaluation
Strength of algorithm used in encryption, authentication and integrity was used to measure the
performance of the enhanced 801.11 Security Protocols. They are weighted on a four point scale
(weak, strong, fairly strong and very strong). In addition, susceptibility to attacks and cost of
implementation are also indicated.
Table 2. Performance Evaluation for Enhanced 801.11 Security Protocols
802.1x 802.11i
METRICS SSL
based
VPN
IPsec based
VPN
EAP with TKIP WPA WPA2
Algorithm
Strength
LEAP PEAP TLS
Encryption Very
Strong
(RSA)
Very Strong
(3DESor AES)
Weak
(RC4 )
Weak
(RC4 )
Weak
(RC4 )
Strong
(RC4-
TKIP)
Very Strong
(AES-
CCMP)
Authentication Strong
(Digital
Signature)
Strong
(AH &ESP)
Weak
(password)
Fairly
Strong
(PEAP)
Strong
(Digital
Certificates)
Strong
(EAP)
Strong
(EAP)
Packet Integrity Strong
(MAC)
Strong
(MD5-HMAC/
SHA-HMAC )
Fairly
Strong
(CRC-32/
MIC )
Fairly
Strong
(CRC-32
/MIC )
Fairly
Strong
(CRC-32 /
MIC)
Fairly
Strong
(MIC)
Very Strong
(CCM-MIC)
Susceptibility
to Attacks
Low Low High Low Low Low Very Low
Cost of Imple -
mentation
High High Low Low Moderate Low High
11. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
39
1. Strength of Algorithm
VPN ensures a higher degree of confidentiality for traffics. It is difficult for hacker to crack the
VPN encryption to see the corporate traffics. If a wireless device is stolen and the theft
unreported, the thief would have to know the user credentials to gain access to the VPN. IPSec
and SSL are commonly used protocols in VPN to provides for confidentiality of IP traffic, and
secure data during transmission . IPSec achieves confidentiality using 3DESor AES. SSL secure
most sensitive online transactions such as online banking. It uses digital certificate for
authentication, RSA algorithm for encryption and MAC for data integrity
Unlike WEP that that uses pre-shared key for authentication which is easily cracked by attacker,
802.1X uses EAP that provides three significant benefits over WEP, the mutual authentication
scheme effectively eliminate MITM attacks. The dynamic distribution of keys prevent lost
wireless device from gaining unauthorized access. The centralized policy control enables re-
authentication and new key generation. access can us different types of EAP to authenticate users.
EAP is a standard authentication method for both WPA and WPA2. There are many types of EAP
implementation (LEAP, PEAP, and EAP-TLS) which contributes to its flexibility. LEAP uses
passwords for authentication, and does not use digital certificates. Information transported by
LEAP is often visible to attackers. User credentials are not strongly protected in LEAP, and are
thus easily compromised. PEAP was created as a more secure means of authentication than EAP.
It uses an encrypted and authenticated TLS tunnel to send EAP authenticated data. The EAP-TLS
algorithm can derive dynamic WEP keys, and the authentication server will send the client the
WEP key for use during that session. EAP-TLS is highly secure because it uses certificate-based
algorithms and it is hard to crack certificate digitally signed by a CA.
WPA uses RC4 in addition to TKIP. It uses TKIP to encrypt data which enables keys rotation so
that every data packet uses a unique encryption key. This makes transmitted data more difficult to
hack. TKIP provides a solution to WEP’s checksum issues, by using a larger, more secure 48-bit
IV, and transmits the IV as an encrypted hash. WPA2 uses AES algorithm for encryption and
CCMP for data encryption. CCMP is currently the strongest protocol for encrypting data in a
WPA2 network. AES provides much stronger encryption than RC4 and TKIP.
2. Susceptibility to Attacks
In 802.11X, certain “flavors”of RADIUS servers and Web servers can be compromised by buffer-
overflow attacks. A buffer-overflow attack occurs when a buffer is flooded with more information
than it can hold. The extra data overflows into other buffers, which may be accessible to hackers.
Thus, IEEE 802.1x is susceptible to several attacks, due to the following vulnerabilities:
1. The lack of the requirement of strong mutual authentication. While EAP-TLS does provide
strong mutual authentication it is not required and can be overridden.
2. The vulnerability of the EAP Success message to a MITM attack.
3. The lack of integrity protection for 802.1x management frames.
However, the networks are not as vulnerable as they would be without EAP and 802.1x.
Vulnerabilities seen in other solution in Table 2 are discussed in section 2 of this paper. They are
comparatively low when compared with WEP. WPA2 still remains the most current secured layer
2 protocol .
3. Cost of Implementation
Solutions based on 802.11X are generally more cost effective than those based on VPN for two
reasons: First, with 802.1X, the infrastructure is already put in place is augmented. Secondly, the
12. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
40
complexity associated with setting up and maintaining VPNs may require more of staff time to
manage. Distributing VPN access to remote sites requires installation or adding capacity to a
VPN server at that site, and setting up all WLAN users outside the firewall. It is easy to distribute
802.1X-based WLAN access to separate departments, floors and other off-site locations with little
administrative overhead.
In WPA, transition from WEP to TKIP is cheap when compared to WPA2. The 802.11i standard
requires AES as a replacement for the compromised RC4 algorithm. However, because of the
additional processing power required for AES encryption, the addition of a co-processor is likely
necessary in wireless device hardware and will make upgrading legacy wireless devices to
support AES very costly. As with all other security measures, administrators and managers will
have to compare the costs of implementation against the threats the implementation will mitigate.
4.2. Using a Defence-in-Depth Strategy
Agencies can mitigate risks to their WLANs by applying Defence-in-Depth Strategy as shown in
Fig.5 to address specific threats and vulnerabilities.
Use VPN Tunnel
Encryption
Figure 5. Security In-Dept Approach
The defense-in-depth strategy specifies the use of multiple layers of network security. This can
be achieved by
1. Collecting, analyzing and assessing security events in real time using Wireless Intrusion
Detection System (IDS) and a security information and event management (SIEM) solution
such as HP’s ArcSight. Additional layer of security can be applied the network by
disabling Dynamic Host Configuration Protocol ( DHCP).
2. Per-packet authentication using RADIUS and centralized encryption and security
management using SSL VPN for connection security .
3. WPA2 and AES for Data Protection. Also Using HTTPS instead of HTTP will ensure
application layer encryption for a session with a secure web server
4. use vulnerabilities and patches for device security
5. deploy a stateful per user firewall for End user protection
6. auditing, and VPN, IPSec, biometrics for access control. Use strong authentication for
network access protection .
7. Use of encrypted proxy services that allows access to the web server, but with an encrypted
tunnel at the local end.
8. Change all default settings, such as passwords and service set identifiers, or SSIDs.
Biometrics provides added layer of protection and can be integrated with wireless smart cards or
other wireless device. It can as well combine with VPN solutions to provide authentication and
data confidentiality. It is very difficult to guess physical human characteristics and this made
13. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
41
biometric-based authentication highly reliable when compared to password-based authentication.
Other counter measures include disable the network when not required, and place wireless access
points in a secured location. Planning the Wi-Fi RF coverage area include proper placement of
wireless access points and appropriate shielding using thin layer of aluminum under the drywall
within the building where possible. Control all access points’ power levels, but not to level
that legitimate device on the network can no longer connect. These will substantially
alleviate RF jamming attack and makes the network highly available. Some wireless interface
cards or their drivers cannot capture any packets that are not addressed to the device. Such
devices would not allow sniffing on the wireless portion of the network.
It is necessary to highlight that Wi-Fi security standards cannot handle AP failure. They equally
lack capacity to handle attacks on physical layer since they provide security on layer two and
above.
5. CONCLUSIONS
This paper evaluated alternative security mechanisms for WLAN; 802.1X and 802.11i , VPN,
IPSec, and SSL. The result of the discussion shows that there is no one solution that is the best.
Security problem and mitigation is a continuous process as long as swift changes in wireless
technology exist. However, WPA2 is still far more secure than other 802.11options and is still in
common use. Therefore achieving secured WLAN requires implementing security at all layers
which include wireless signal security, connection security, data protection, device security,
network protection, and end user protection. Organizations should perform a risk analysis of their
network, develop, and implement relevant and comprehensive security policies throughout their
network. Users should be educated on the operation, security and safe computing practices of
both wired and wireless networks. This work recommended the use of biometric cryptosystem in
place of user name and password for a more secured user authentication. Quantum cryptography
is also a likely solution for future machines with exponentially more processing power than
today's technology.
REFERENCES
[1] Beck, M. and Tews. E. (2009). Practical Attacks Against WEP and WPA. Available:
http://dl.acm.org/citation.cfm?id=1514286.
[2] Housley, R. and Arbaugh, W. (2003). Security Problems in 802.11-Based Networks.Communications
of the ACM, 46(5), pp. 31-34.
[3] Hal, B. and Jacon , U. (2004). Wireless Infidelity II: Airjacking. Communications of the ACM,
47(12) , pp. 15-20.
[4] Predrag, K.., Sunny, C., Jaeyeon, J., Benjamin, L., Louis, L. Pauline , P. and David, W.
(2009).“When I am on Wi-Fi, I am Fearless:” Privacy Concerns & Practices in Everyday Wi-Fi Use.
CHI 2009 ~ Security and Privacy ~ Boston, MA, USA.
[5] Ezedin, S., Emad, E and Kadhim, H. (2006). “End-To- End Security Solutions for WLAN: A
Performance Analysis for the Underlying Encryption Algorithms in the Lightweight Devices,” In
Proceedings of the 2006 international conference on Wireless communications and mobile computing,
pp. 1295-1300.
[6] Stanley, L., Aftab, A., Luay, A., Wahsheh, M. J., Sandra L. and Aurelia,T. (2011). “How Secure is
WiFi MAC Layer in Comparison with IPsec for Classified Environments?” In Proceedings of the
14th Communications and Networking Symposium. pp. 110-116.
[7] Michael, C., Jeremy, F., Eli, F., Michael, G., Alun J. and Marc, P. (2007). “How to Cheat at Securing
Your Network,” Syngress Publishing. Available: http://delivery.acm.org/10.1145/1560 000
/1554876/9780080558646.pdf.
[8] Floriano, D., Dionigi C. and Salvatore, M. (2006). Static and Dynamic 4-WayHandshake Solutions
to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE802.11i. Hindawi Publishing
14. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
42
Corporation. EURASIP Journal on Wireless Communications and Networking. ArticleID 47453,
pp.1–19. DOI10.1155/WCN/2006/47453
[9] Jie, X. and Kyle, J. (2010). Secure Angle: Improving Wireless Security Using Angle-of-Arrival
Information. SIGCOMM’10, NewDelhi, India. ACM 978-1-4503-0201-2/10/08.
[10] Plummer, D. C. (1982). RFC 826: Ethernet Address Resolution Protocol: Or converting network
protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware
[11] George, O. (2007). Why VPN can't replace Wi-Fi Security. Real World IT. Available:
http://www.zdnet.com /blog /ou/why-vpn-cant-replace-wi-fi-security/489.
[12] Arana, P. (2006). Benefits and Vulnerabilities of Wi-Fi Protected Access2 (WPA2) .INFS 612–
Fall.Available:http://cs.gmu.edu/~yhwang1/INFS612/SampleProjects/Fall06_GPN6_Final_
Report.pdf
[13] Zhimin , Y., Adam, C ., Boxuan, G., Xiaole, B. and Dong, X. (2009). “Link-Layer Protection in
802.11i WLANs with Dummy Authentication.” WiSec ’09 proceding of the second ACM conference
on Wireless network security, pp.131-138. ISBN:978-1-60558-460-7 doi.10.1145/1514 274.1514294.
[14] Junaid, M., Muid M. and Umar, M. I. (2007). Vulnerabilities of IEEE 802.11i Wireless LAN CCMP
Protocol. World Academy of Science, Engineering and Technology , 11( 200), pp. 910-915.
[15] Saraswathi, K., Jayaram, B. and Balasubramanian, R. (2011). Iris Biometrics Based Authentication
and Key Exchange System. IACSIT. International Journal of Engineering and Technology, 3(1),
ISSN: 1793-8236
[16] Mone, G. (2013). Future-Proof Encryption. Communications of the ACM, Vol. 56(11), pp. 12-14
DOI. 10.1145/2524713.2524718.
[17] Stubblefield, A., Ioannidis, J. and Rubin, D. (2001). Using the Fluhrer, Mantin, and Shamir Attack.
to Break WEP. AT&T Laboroties and Rice. Available: University.http://www.uninett.no /wlan
/download/wep_attack.pdf.
[18] IEEE (2003). Standard 802.11i draft 7.
[19] Edney, J. and Arbaugh, W. (2003). “Real 802.11 Security: WiFi Protected Access and 802.11i”.
ISBN: 0-321-13620-9.
Author
Ifeyinwa A. Ajah is a lecturer in the Computer Science department of Ebonyi State
University, Abakaliki Nigeria. She has B.Sc. in Computer Science, M.Sc in Computer
System Engineering and Ph.D. in Computer Science. Her research interests include
networking, software engineering, internet programming, and database. Dr. Ajah was a
recipient of Ambassador for ACM in 2014, Award Certificate from Student Associate
Scheme University of East London, United Kingdom, in 2005 and a Commendation Letter
from the Cross River State NYSC for Outstanding Performance in the Service Year in
February 2000.