Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially
vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used
to find them are mobile and easy to access. Securing wireless networks can be difficult because these
networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to
compromise it. In recent years, a range of technologies and mechanisms have helped makes networking
more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related
authentication, confidentiality and integrity problems. It discovered that strength of each solution depends
on how well the encryption, authentication and integrity techniques work. The work suggested using a
Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth
comparative analysis of each of the security mechanisms is driven by review of related work in WLAN
security solutions.
Network infrastructures have played important part in most daily communications for business industries,
social networking, government sectors and etc. Despites the advantages that came from such
functionalities, security threats have become a daily struggle. One major security threat is hacking.
Consequently, security experts and researchers have suggested possible security solutions such as
Firewalls, Intrusion Detection Systems (IDS), Intrusion Detection and Prevention Systems (IDP) and
Honeynet. Yet, none of these solutions have proven their ability to completely address hacking. The reason
behind that, there is a few researches that examine the behavior of hackers. This paper formally and
practically examines in details the behavior of hackers and their targeted environments. Moreover, this
paper formally examines the properties of one essential pre-hacking step called scanning and highlights its
importance in developing hacking strategies. Also, it illustrates the properties of hacking that is common in
most hacking strategies to assist security experts and researchers towards minimizing the risk of hack.
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...IJNSA Journal
Network defense implies a comprehensive set of software tools to preclude malicious entities from conducting activities such as exfiltration of data, theft of credentials, blocking of services and other nefarious activities. For most enterprises at this time, that defense builds upon a clear concept of the fortress approach. Many of the requirements are based on inspection and reporting prior to delivery of the communication to the intended target. These inspections require decryption of packets and this implies that the defensive suite either impersonates the requestor, or has access to the private cryptographic keysof the servers that are the target of communication. This is in contrast to an end-to-end paradigm where known good entities can communicate directly and no other entity has access to the content unless that content is provided to them. There are many new processes that require end-to-end encrypted communication, including distributed computing, endpoint architectures, and zero trust architectures and enterprise level security. In an end-to-end paradigm, the keys used for authentication, confidentiality, and integrity reside only with the endpoints. This paper examines a formulation that allows unbroken communication, while meeting the inspection and reporting requirements of a network defense. This work is part of a broader security architecture termed Enterprise Level Security (ELS)framework.
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...IJNSA Journal
Network defense implies a comprehensive set of software tools to preclude malicious entities from conducting activities such as exfiltration of data, theft of credentials, blocking of services and other nefarious activities. For most enterprises at this time, that defense builds upon a clear concept of the fortress approach. Many of the requirements are based on inspection and reporting prior to delivery of the communication to the intended target. These inspections require decryption of packets and this implies that the defensive suite either impersonates the requestor, or has access to the private cryptographic keysof the servers that are the target of communication. This is in contrast to an end-to-end paradigm where known good entities can communicate directly and no other entity has access to the content unless that content is provided to them. There are many new processes that require end-to-end encrypted communication, including distributed computing, endpoint architectures, and zero trust architectures and enterprise level security. In an end-to-end paradigm, the keys used for authentication, confidentiality, and integrity reside only with the endpoints. This paper examines a formulation that allows unbroken communication, while meeting the inspection and reporting requirements of a network defense. This work is part of a broader security architecture termed Enterprise Level Security (ELS)framework.
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
The growing volume of attacks on the Internet has
increased the demand for more robust systems and
sophisticated tools for vulnerability analysis, intrusion
detection, forensic investigations, and possible responses.
Current hacker tools and technologies warrant reengineering
to address cyber crime and homeland security. The being
aware of the flaws on a network is necessary to secure the
information infrastructure by gathering network topology,
intelligence, internal/external vulnerability analysis, and
penetration testing. This paper has as main objective to
minimize damages and preventing the attackers from
exploiting weaknesses and vulnerabilities in the 4 ways
handshake (WIFI).
We equally present a detail study on various attacks and
some solutions to avoid or prevent such attacks in WLAN.
Network infrastructures have played important part in most daily communications for business industries,
social networking, government sectors and etc. Despites the advantages that came from such
functionalities, security threats have become a daily struggle. One major security threat is hacking.
Consequently, security experts and researchers have suggested possible security solutions such as
Firewalls, Intrusion Detection Systems (IDS), Intrusion Detection and Prevention Systems (IDP) and
Honeynet. Yet, none of these solutions have proven their ability to completely address hacking. The reason
behind that, there is a few researches that examine the behavior of hackers. This paper formally and
practically examines in details the behavior of hackers and their targeted environments. Moreover, this
paper formally examines the properties of one essential pre-hacking step called scanning and highlights its
importance in developing hacking strategies. Also, it illustrates the properties of hacking that is common in
most hacking strategies to assist security experts and researchers towards minimizing the risk of hack.
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...IJNSA Journal
Network defense implies a comprehensive set of software tools to preclude malicious entities from conducting activities such as exfiltration of data, theft of credentials, blocking of services and other nefarious activities. For most enterprises at this time, that defense builds upon a clear concept of the fortress approach. Many of the requirements are based on inspection and reporting prior to delivery of the communication to the intended target. These inspections require decryption of packets and this implies that the defensive suite either impersonates the requestor, or has access to the private cryptographic keysof the servers that are the target of communication. This is in contrast to an end-to-end paradigm where known good entities can communicate directly and no other entity has access to the content unless that content is provided to them. There are many new processes that require end-to-end encrypted communication, including distributed computing, endpoint architectures, and zero trust architectures and enterprise level security. In an end-to-end paradigm, the keys used for authentication, confidentiality, and integrity reside only with the endpoints. This paper examines a formulation that allows unbroken communication, while meeting the inspection and reporting requirements of a network defense. This work is part of a broader security architecture termed Enterprise Level Security (ELS)framework.
RESOLVING NETWORK DEFENSE CONFLICTS WITH ZERO TRUST ARCHITECTURES AND OTHER E...IJNSA Journal
Network defense implies a comprehensive set of software tools to preclude malicious entities from conducting activities such as exfiltration of data, theft of credentials, blocking of services and other nefarious activities. For most enterprises at this time, that defense builds upon a clear concept of the fortress approach. Many of the requirements are based on inspection and reporting prior to delivery of the communication to the intended target. These inspections require decryption of packets and this implies that the defensive suite either impersonates the requestor, or has access to the private cryptographic keysof the servers that are the target of communication. This is in contrast to an end-to-end paradigm where known good entities can communicate directly and no other entity has access to the content unless that content is provided to them. There are many new processes that require end-to-end encrypted communication, including distributed computing, endpoint architectures, and zero trust architectures and enterprise level security. In an end-to-end paradigm, the keys used for authentication, confidentiality, and integrity reside only with the endpoints. This paper examines a formulation that allows unbroken communication, while meeting the inspection and reporting requirements of a network defense. This work is part of a broader security architecture termed Enterprise Level Security (ELS)framework.
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
The growing volume of attacks on the Internet has
increased the demand for more robust systems and
sophisticated tools for vulnerability analysis, intrusion
detection, forensic investigations, and possible responses.
Current hacker tools and technologies warrant reengineering
to address cyber crime and homeland security. The being
aware of the flaws on a network is necessary to secure the
information infrastructure by gathering network topology,
intelligence, internal/external vulnerability analysis, and
penetration testing. This paper has as main objective to
minimize damages and preventing the attackers from
exploiting weaknesses and vulnerabilities in the 4 ways
handshake (WIFI).
We equally present a detail study on various attacks and
some solutions to avoid or prevent such attacks in WLAN.
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
Security in wireless network is one of the prime concern in todays Information Age, where information is an asset not only to an organisation but also to an individual. Security to a great extent is able to protect the network from various unauthorized attacks. On the other side implementation of security mechanisms also causes an overhead in terms of increased load in the network. Further the increased load in the network paves path to congestion which degrades the performance of the wireless network. In this paper we try to highlight various challenges pertaining to security in mesh networks and the ways of reducing security threats. We propose an improved version of AODV which has a congestion avoidance mechanism. We also use a security technique called PGP for enhanced security of Mesh network. Mankiran Kaur | Jagjit Kaur"Security Technique and Congestion Avoidance in Mesh Network" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-1 | Issue-6 , October 2017, URL: http://www.ijtsrd.com/papers/ijtsrd4690.pdf http://www.ijtsrd.com/engineering/computer-engineering/4690/security-technique-and-congestion-avoidance-in-mesh-network/mankiran-kaur
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
A trust-based authentication framework for security of WPAN using network sli...IJECEIAES
New technologies and their seamless wireless interconnectivity bring along many chal- lenges including security and privacy issues that require immediate attention. Wireless personal area networks (WPANs) are characterized by limited energy resources and computing power which call for lightweight security mechanisms in these networks as a mandatory requirement. In this paper, a lightweight trust-based framework for node authentication in WPAN is proposed. Our main objective is to minimise the effort in distinguishing valid requests of trustworthy nodes from invalid requests of malicious nodes that can result in network compromises. We achieve this through network slicing which divides the network into primary and secondary virtual networks. The proposed framework has three-fold benefits. Firstly, it authenticates nodes’ requests based on a novel method of trust value calculation. Secondly, the framework maintains energy efficiency while authenticating nodes’ requests to access WPAN resources. Finally, the framework provides a solution for the biasing problem that can arise due to unexpected behaviour of malicious users in WPANs. The framework efficacy is illustrated by using a case study to show how it can accurately capture trust relations among nodes while preventing malicious behavior.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmEditor IJMTER
As per the recent studies, the volatile growth has been seen in the use of mobile devices as
the supporting technology for accessing Internet based services, as well as for personal
communication needs in networking. Various studies indicate that it is impossible to utilize strong
cryptographic functions for implementing security protocols on mobile devices. Our research negates
this. Explicitly, a performance analysis focused on the most commonly used cryptographic protocols
based on the location address (latitude & longitude) of the user for mobile applications and projected
provably secure authentication protocol that is more efficient than any of the prevailing
authentication protocol is being used by the network security methods. Understanding the use of
public key cryptography which makes potential use of discrete logarithms problem. The security of
ECC depends on the difficulty of Elliptic Curve Discrete Logarithm. To provide secure
communication for mobile devices, authenticated protocol is an important primitive for establishing
trusted connection. In this paper, it has been shown that the location based system using improved
Rabin Algorithm provides a better security and acquires much less energy consumption than the
existing authentication protocols.
Due to inherent limitations in wireless sensor networks, security is a crucial issue. While research in WSN security is progressing at tremendous pace, no comprehensive document lists the security issues and the threat models which pose unique threats to the wireless sensor networks. In this paper we have made an effort to document all the known security issues in wireless sensor networks and have provided the research direction towards countermeasures against the threats posed by these issues
2.espk external agent authentication and session key establishment using publ...EditorJST
Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed and deployed in a un attend environment, these are vulnerable to numerous security threats. In this paper, describe the design and implementation of public-key-(PK)-based protocols that allow authentication and session key establishment between a sensor network and a third party. WSN have limitations on computational capacity, battery etc which provides scope for challenging problems. We fundamentally focused on the security issue of WSNs The proposed protocol is efficient and secure in compared to other public key based protocols in WSNs.
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
The Internet of Things (IoT) alludes to the continually developing system of physical articles that component an
IP address for web availability, and the correspondence that happens between these items and other Web
empowered gadgets and frameworks. The security issues of the Internet of Things (IoT) are straight forwardly
identified with the wide utilization of its framework. IoT securities and enhancing the design and several
elements of this work showcases various security issues with respect to IoT and thinks of solutions for the issues
under the advancements included. Here we are going to do a study of all the security issues existing in the
Internet of Things (IoT) alongside an examination of the protection issues that an end-client might confront as
an outcome of the spread of IoT. Most of the overview is centred around the security emerging out of the data
trade innovations utilized as a part of Internet of Things. As a piece of IoTs, genuine concerns are raised over
access of individual data relating to gadget and individual protection. This review tells about the security and
protection issues of IoT.
Gartner report on Cisco TrustSec assessing technical components, interoperability considerations, Cisco’s progress in implementing support across product lines and customer deployment experiences.
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
Security in wireless network is one of the prime concern in todays Information Age, where information is an asset not only to an organisation but also to an individual. Security to a great extent is able to protect the network from various unauthorized attacks. On the other side implementation of security mechanisms also causes an overhead in terms of increased load in the network. Further the increased load in the network paves path to congestion which degrades the performance of the wireless network. In this paper we try to highlight various challenges pertaining to security in mesh networks and the ways of reducing security threats. We propose an improved version of AODV which has a congestion avoidance mechanism. We also use a security technique called PGP for enhanced security of Mesh network. Mankiran Kaur | Jagjit Kaur"Security Technique and Congestion Avoidance in Mesh Network" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-1 | Issue-6 , October 2017, URL: http://www.ijtsrd.com/papers/ijtsrd4690.pdf http://www.ijtsrd.com/engineering/computer-engineering/4690/security-technique-and-congestion-avoidance-in-mesh-network/mankiran-kaur
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
A trust-based authentication framework for security of WPAN using network sli...IJECEIAES
New technologies and their seamless wireless interconnectivity bring along many chal- lenges including security and privacy issues that require immediate attention. Wireless personal area networks (WPANs) are characterized by limited energy resources and computing power which call for lightweight security mechanisms in these networks as a mandatory requirement. In this paper, a lightweight trust-based framework for node authentication in WPAN is proposed. Our main objective is to minimise the effort in distinguishing valid requests of trustworthy nodes from invalid requests of malicious nodes that can result in network compromises. We achieve this through network slicing which divides the network into primary and secondary virtual networks. The proposed framework has three-fold benefits. Firstly, it authenticates nodes’ requests based on a novel method of trust value calculation. Secondly, the framework maintains energy efficiency while authenticating nodes’ requests to access WPAN resources. Finally, the framework provides a solution for the biasing problem that can arise due to unexpected behaviour of malicious users in WPANs. The framework efficacy is illustrated by using a case study to show how it can accurately capture trust relations among nodes while preventing malicious behavior.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
A Location Based Cryptosystem For Mobile Devices Using Improved Rabin AlgorithmEditor IJMTER
As per the recent studies, the volatile growth has been seen in the use of mobile devices as
the supporting technology for accessing Internet based services, as well as for personal
communication needs in networking. Various studies indicate that it is impossible to utilize strong
cryptographic functions for implementing security protocols on mobile devices. Our research negates
this. Explicitly, a performance analysis focused on the most commonly used cryptographic protocols
based on the location address (latitude & longitude) of the user for mobile applications and projected
provably secure authentication protocol that is more efficient than any of the prevailing
authentication protocol is being used by the network security methods. Understanding the use of
public key cryptography which makes potential use of discrete logarithms problem. The security of
ECC depends on the difficulty of Elliptic Curve Discrete Logarithm. To provide secure
communication for mobile devices, authenticated protocol is an important primitive for establishing
trusted connection. In this paper, it has been shown that the location based system using improved
Rabin Algorithm provides a better security and acquires much less energy consumption than the
existing authentication protocols.
Due to inherent limitations in wireless sensor networks, security is a crucial issue. While research in WSN security is progressing at tremendous pace, no comprehensive document lists the security issues and the threat models which pose unique threats to the wireless sensor networks. In this paper we have made an effort to document all the known security issues in wireless sensor networks and have provided the research direction towards countermeasures against the threats posed by these issues
2.espk external agent authentication and session key establishment using publ...EditorJST
Wireless sensor networks (WSNs) have recently attracted a lot of interest in the research community due their wide range of applications. Due to distributed and deployed in a un attend environment, these are vulnerable to numerous security threats. In this paper, describe the design and implementation of public-key-(PK)-based protocols that allow authentication and session key establishment between a sensor network and a third party. WSN have limitations on computational capacity, battery etc which provides scope for challenging problems. We fundamentally focused on the security issue of WSNs The proposed protocol is efficient and secure in compared to other public key based protocols in WSNs.
Security Issues and Challenges in Internet of Things – A ReviewIJERA Editor
The Internet of Things (IoT) alludes to the continually developing system of physical articles that component an
IP address for web availability, and the correspondence that happens between these items and other Web
empowered gadgets and frameworks. The security issues of the Internet of Things (IoT) are straight forwardly
identified with the wide utilization of its framework. IoT securities and enhancing the design and several
elements of this work showcases various security issues with respect to IoT and thinks of solutions for the issues
under the advancements included. Here we are going to do a study of all the security issues existing in the
Internet of Things (IoT) alongside an examination of the protection issues that an end-client might confront as
an outcome of the spread of IoT. Most of the overview is centred around the security emerging out of the data
trade innovations utilized as a part of Internet of Things. As a piece of IoTs, genuine concerns are raised over
access of individual data relating to gadget and individual protection. This review tells about the security and
protection issues of IoT.
Gartner report on Cisco TrustSec assessing technical components, interoperability considerations, Cisco’s progress in implementing support across product lines and customer deployment experiences.
Enhanced Authentication Mechanism in WLAN via MMBSPSRAJESH DUVVURU
The ability to provide a Quality of Service (QoS) is one of the
challenging aspects of any Wireless Network. This paper
concentrates in improvising the speedy authentication
mechanism in Wireless Local Area Network (WLAN). To
fulfill the specified important issue, this work introduces a
novel Multi Merged Bio-Cryptographic Security-Aware
Packet Scheduling (MMBSPS) algorithm. In merging the
different biometric images, it is commenced with the new
merging mechanism called Triple Equally Segmented Bio-
Image (TESB) algorithm and later it is encrypted with the
RSA algorithm for efficient security. Matlab tool is used for
conducting the simulations on Multi Merged Bio-Images
(MMBI) and Bio-Images. The results of MMBSPS algorithm
is presented in contrast with the EMBSPS and EBSPS
algorithms. In the results, it is observed that, MMBSPS
algorithm is working better than existing EMBSPS and
EBSPS algorithms with respect to the speedy authentication
besides assuring security in WLAN. It is also observed the
overall performance of MMBSPS is improved by
approximately 23% in terms of authentication mechanism in
WLAN.
IPsec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include:
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
Ppt for graphical password authentication using cued click pointsHari Krishnan
this ppt will give you more information abt. graphical password authentication using cued click points.
email id: harikrishnan89@yahoo.co.in
download and edit it..the upload had some problem with fonts.
To Download this PPT click on the link below:-
http://www29.zippyshare.com/v/14569917/file.html
Networking
Computer network
Types of network
Personal Area Networks (PANs)
Local Area Networks (LANs)
Metropolitan Area Networks (MANs)
Wide Area Networks (WANs)
Classification of Network Architecture
Client-server architecture
Peer-to-peer architecture
Hybrid architecture
Network topology
Bus Topology
Star Topology
Ring Topology
Mesh Topology
Tree Topology
Hybrid Topology
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksChema Alonso
Trabajo realizado para la medición del grado de inseguridad de una red WiFi a la que se conecta un equipo. En él se analizan las medidas de seguridad, el riesgo y los motivos por los que existen las redes WiFi inseguras
A comparitive analysis of wireless security protocols (wep and wpa2)pijans
Wireless local area networks (WLANs) are become popular as they are fast, cost effective, flexible and easy
to use. There are some challenges of security and for IT administrators the choice of security protocol is a
critical issue. The main motive of this paper is to make the non-specialist reader knowledgeable about
threats in the wireless security and make them aware about the disadvantages of wireless security
protocols. WEP (Wired Equivalent privacy), WPA (Wi-Fi Protected Access) and RSN (Robust Security
Network) security protocols are defined and examined here. This security protocols are compared with the
common.
This paper is a comparative analysis of WEP, WPA and WPA2. We have tried to perform and check
authentication of all 3 protocols by implying the legendary attack vector scripts i.e. Air crack set of tools.
The test was conducted on Back Track operating system which is considered as dedicated pentesting
operating system. In the test result, we found out that WEP is the weakest, to which WPA was a temporary
solution and WPA2 is a very solid and long term solution.
This paper is a mixture of wireless security weaknesses and counter measures to the problems faced until
recently. After reading this paper the non specialist reader will have complete review and awareness about
the wireless security and vulnerabilities involved with it.
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISIJNSA Journal
Like most advances, wireless LAN poses both opportunities and risks. The evolution of wireless networking in recent years has raised many serious security issues. These security issues are of great concern for this technology as it is being subjected to numerous attacks. Because of the free-space radio transmission in wireless networks, eavesdropping becomes easy and consequently a security breach may result in unauthorized access, information theft, interference and service degradation. Virtual Private Networks (VPNs) have emerged as an important solution to security threats surrounding the use of public networks for private communications. While VPNs for wired line networks have matured in both research and commercial environments, the design and deployment of VPNs for WLAN is still an evolving field. This paper presents an approach to secure IEEE 802.11g WLAN using OpenVPN, a transport layer VPN solution and its impact on performance of IEEE 802.11g WLAN.
Wireless Networks Security in Jordan: A Field StudyIJNSA Journal
The potential of wireless communications, has resulted in a wide expand of wireless networks. However, the vulnerabilities and threats that wireless networks are subjectedto resulted in higher risk for unauthorized users to access the computer networks.This research evaluates the deployed Wireless Network in Jordan as well as the use of the security setting of the systems and equipment used. Caution will be taken to avoid network access as only existence of the network is sought. Wardriving involve the use of freeware tools such as NetStumbler, or Kismet, which was originally developed to be used for helping network administrators make their systems more secure. Thestudy is carried out through field evaluation of the Wireless Local Area Network (WLAN)in light of the use of Wardriving, and proposessome measures that can be taken to improve securityof the wireless network by the users.
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
Nowadays Wireless local area networks (WLANs) are growing very rapidly. Due to the popularity of 802.11 networks, possibilities of various attacks to the wireless network have also increased. In this paper, a special type of attack De-Authentication/disassociation attack has been investigated. In a normal scenario, a wireless client or user sends a de-authentication frame when it wants to terminate the connection. These frames are in plain text and are not encrypted. These are not authenticated by the access point. Attackers take advantage of this, and spoof these packets and disable the communication between the connected client and access point. In this paper, an algorithm based on radio-tap header information is suggested to identify whether there is a De-Authentication attack on the client or not.
1
Table of Contents
Wireless Network Security3
Introduction3
Overview of Wireless Technologies4
Standards of Wireless Specification:6
Security Features6
Wireless Threats7
Wireless Networks Attacks8
Conclusion9
References10
Wireless Network SecurityIntroduction
The wireless technology has been under threat in terms of security because of hacking aspect, the wireless technology has been under threat as the same as the wired network, but on the other hand they are vulnerable to additional risk( Silva, Santos & Nogueira,2015). The wireless network usually transmits data via the radio frequencies that enhance the possibility of tapping the information by threaten invaders if it is not properly protected. The threaten invaders have founded a way to get the access to the wireless system to steal or destroy the original information, the attackers launch strikes which are related to network bandwidth and prevent the authorized users to use their desired services, and they also keep an eye on the conversations that are taking place. For instance, the hackers or threaten invaders successfully get into wireless systems to have access to important information. The project mainly focuses on the IEEE802.11 and IEEE802.16 which are group of standards for wireless local area networks (WLANs) and metropolitan area networks (WMANs) respectively.Overview of Wireless Technologies
The wireless technologies make the gadgets to have communication without any connection physically, implying that they do not need peripheral or network cabling. The wireless range from the complicated environments, for instance mobile networks that includes 3G mobile phones and local area networks, to less complicated gadgets such as microphones without wire, earphones and other gadgets which will not save or process data and usually used for small range procedures like infrared or communications via Bluetooth (BT) (Egners, Herrmann & Meyer,2015).
Typical IP network wireless devices or infrastructure
Access points or base stations
· Station wireless
· Router wireless
Retransmission devices (Sun, Yan, Zhang & Rong, 2015).
· Repeater wireless
· Network bridge wireless
End points
· Cards or adapters wireless
· Laptops
· PDAs
· Mobile telephones
Infrared devices, such as cordless computer keyboards, remote controls and mice all needs a direct line of sight between the receiver and transmitter to complete the link. Even though the infrared communication replaced by BT technology in most of the gadgets, some legacy standard gadgets still use IR for short range communication (Illiano, & Lupu, 2015).
Network classification of wireless networks
Wireless networks act as date transmitter mechanism between other wireless communications and the traditional wired networks. Wireless network can be structured in different ways but they are frequently categorized into 4 main categories based on their coverage range.
· Wireless wide area network (WWAN)
Which invol ...
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
https://www.ijmst.com/
IJMST Volume 1 Issue 1, Manuscript 4
As the popularity of mobile devices and wireless networks significantly increased over the
past years. The wireless adhoc network has now become one of the most vibrant and active
fields of communication and networking research. These networks are a new generation of
networks offering unrestricted mobility without any underlying infrastructure. As their
principle application is in disastrous environments, security is critical. Various challenges are
faced in the adhoc environment, mostly due to the resource poorness of these networks. One
man confront in the design of these networks is their vulnerability to security attacks. The
solutions for conventional networks are usually not sufficient to provide efficient adhoc
operations. Just because of its wireless nature of communication and lack of any security
infrastructure raise several security problems and threats.
In this paper, we briefly review the threats an adhoc network faces and the security goals to
be achieved. Moreover, it also presents existing security schemes used in wireless adhoc
networks in order to handle security threats.
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSIJNSA Journal
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
Throughput Analysis of IEEE WLAN "802.11 ac" Under WEP, WPA, and WPA2 Securit...CSCJournals
WLAN (Wireless Local Area Networks) are gaining their grounds, and widely deployed in organizations, college campuses, public places, and residential areas. This growing popularity of WLAN makes these networks more vulnerable towards attacks and data thefts. Attacker attempts unauthorized access to the network for accessing the sensitive data of the users. Thus, it's necessary to address all the security challenges and its countermeasures using various encryption algorithms to prevent the attacks. However, with the use of security protocols the performance of the WLAN network can be varied. Thus this paper addresses the impact of various security protocols on the WLAN network, keeping throughput as the benchmark for network performance.
IEEE 802.11 ac is the latest wireless standard that operates in 5 Ghz frequency band with higher data rate, compare to its previous standards. This research has also chosen IEEE 802.11 ac standard for investigating the impact of security protocols including WEP (Wired Equivalent Privacy), WPA (WiFi Protected Access), and WPA2 (WiFi Protected Access 2) on throughput of WLAN IEEE 802.11 ac in Windows environment using TCP and UDP traffic for both IP versions (IPv4 & IPv6). The research was launched in a real test-bed setup, with a Client/Server network structure. The results from the experiment showed that the performance of data throughput in the open system were higher comparable to secured systems. However, the results demonstrated that the performance of throughput have different behavior to different security protocols under TCP/UDP traffic with IPV4 & IPV6. A detailed comparison of results in all scenarios is explained in the paper.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
1. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
DOI : 10.5121/ijnsa.2014.6403 29
Evaluation of Enhanced Security Solutions in
802.11-Based Networks
Ajah Ifeyinwa Angela
Department of Computer Science, Ebonyi State University Abakaliki, Nigeria
ABSTRACT
Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially
vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used
to find them are mobile and easy to access. Securing wireless networks can be difficult because these
networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to
compromise it. In recent years, a range of technologies and mechanisms have helped makes networking
more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related
authentication, confidentiality and integrity problems. It discovered that strength of each solution depends
on how well the encryption, authentication and integrity techniques work. The work suggested using a
Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth
comparative analysis of each of the security mechanisms is driven by review of related work in WLAN
security solutions.
KEYWORDS
AES, Attacks, CCMP, IPSec, Radius, SSL, TKIP, VPN
1. INTRODUCTION
Wireless network has gained wide deployment due to numerous benefits such as user mobility,
rapid and cheap installation, flexibility, scalability, and increased productivity it offers. In
addition, rapid advances in this technology with improved capabilities which is seen in third
generation (3G) and fourth generation (4G) wireless devices make it attractive for enterprise to
run their business. However, the use of this novel technology does not go without security risk.
802.11 network also referred to as WLAN is challenged by lack of physical protection in the
medium. Moreover, the fact that WLAN device are ship with all security features disabled make
it a playground for hackers to tread on. Higher percentage of these hacker use to to access internet
freely and others use it for malicious activites. Traditional WLAN that relies on WEP has security
flaws that were revealed in FMS attack (2001), Korek attack (2004), PTW attack (2007), and
ChopChop attack (2008), [1]. The consequences of unsecured WLAN are very dangerous to
users and business enterprise. Attacks pepertrated on the networks have adverse effects on both
individual users and business enterprises. Currently, the availability of more secured security
solutions and security deployment best practises has greatly addressed security issues of the
legacy protocols. This has made many wireless deployments to be probably more secure than the
wired LAN. This is possible because many of the IEE802.11 standards (802.1X, 802.11i) offer
security features designed to resolve long standing weakness or address newly discovered ones.
Researchers have proved the standards to be vulnerable and these are cited in section two of this
work. To the best of my knowledge this is the first worked that holistically surveyed and
evaluated the outcome of these past researches on security protocols; 802.1X, WPA , WPA2 ,in
juxtaposition to VPN SSL, and VPN IPsec. The objectives of the study are; to give the reader a
2. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
30
solid grounding in enhanced WLAN security concepts and technologies solutions at a glance. It
will equally allow the network administrator to fully assess the risks associated with using
wireless and how to mitigate the risks. The main significance of this work is to inform and
encourage WLAN users to adopt security measures and best practices that help bring down their
risks to a manageable level. The discussion is focused on their operations, performance impact,
limitations, possible attacks on them and recommendation of biometric integration on the solution
and best practices for addressing threats to WLAN. This work did not discuss WEP but provided
good references for accessing details in WEP. The performance metrics used is based on Strength
of algorithm used in encryption, authentication and integrity, and are weighted on a four point
(weak, strong, fairly strong and very strong). In addition, susceptibility to attacks, and cost of
implementation are also indicated. The key highlight of the work is that there is no one solution
that guarantees highly secured network. WLAN requires implementing security at all wireless
security layers which include wireless signal security, connection security, data protection, device
security, network protection, and end user protection. The work is presented in the following
order: Reviewed literature on WLAN attacks and solutions is done in section2. Section 3 gives an
overview of enhanced WLAN security solutions. Section 4 presents the comparison of WLAN
security Protocols. This document presumes that readers have understanding of WLAN
architecture, possible attacks on them and flaws in WEP and the details on the aforementioned
background knowledge can be accessed in [2][3]. Readers are encouraged to tailor the solutions
and recommended guidelines to meet their specific security and business requirements.
2. LITERATURE REVIEW
The IEEE 802.11 standards and several researchers have made significant contributions on
WLAN security aspects. It was examined in [4] how users from the general public understand and
deal with privacy threats associated with Wi-Fi use. It was found that users lack knowledge of
immediate risks, and this made them unmindful of privacy and security in using Wifi. It was
recommended that privacy and Wifi security problem can be effectively handled through end-
user awareness tools and improving wifi infrastructure. An approach for providing an end-to-end
wireless security for local area network client/server environment was proposed and
implemented in [5]. Performance of encryption algorithms— Rivest Cipher 4 (RC4) and
Advanced Encryption Standard (AES) in terms of time, memory and power were evaluated for
different devices, key sizes, and the cryptographic algorithms with and without transmission. The
result of the work showed that both RC4 and AES performed similarly in just about all cases. But
when transmission of data is considered, RC4 performed slightly better than AES in lightweight
devices such as on pocket PC that have very limited processing power and memory. The results
question the reality of relying on secret key crypto system in establishing credentials and data
protection. A research by [6] on IEEE 802.11-2007 Media Access Control (MAC) security in
union to IPsec concludes that the security provided by the 802.11 standard is successful in
defending against many popular attacks including: session hijacking, denial-of-service attacks
against the authenticator, man-in-the-middle attacks, forgery attacks, data manipulation attacks,
fragmentation attacks, iterative guessing attacks, redirection attacks, and impersonation attacks
but denial-of service attacks against the supplicant are still possible to achieve. The paper
concludes that implementing Internet Protocol Security (IPsec) concepts in any part of the Robust
Security Network Association (RSNA) would successfully prevent denial-of-service attacks.
IPSec is aimed at Denial of service (DoS) attacks, Spoofing attacks and Man-in-the-middle
attacks (MITMs). It was report in [7] that Verisign has issued two digital certificates to someone
who improperly posed as a representative of Microsoft. This indicates that a sufficiently
motivated attacker’s ability to forge credentials may exceed the ability of the Public Key
Infrastructure (PKI) provider to detect them. There is need to adopt in IPSec, a mechanism that
permits secure administration and distribution of keys such that public keys are associated to
intended entities that owns them. WPA and IEEE 802.11i was evaluated in [8] to be robust to a
3. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
31
lot of attacks. However, they presented scenarios that produce a DoS attack and DoS flooding
attacks on these protocols and finally proposed Static and Dynamic 4-WayHandshake solutions to
avoid the attacks. Secure Angle enabled access point that uses angles of arrival (AoA) was
designed to operate alongside existing wireless security protocols to enable a “virtual fence” that
drops frames injected into the network from a client physically located outside a building, and
prevent malicious parties from spoofing the link-layer address of legitimate clients. In preventing
spoofing attack, the administrator manually certifies a legitimate client’s signature and compares
it against the incoming packets. They envisaged a challenge of signatures changing to some
degree when obstacles in the environment move, and therefore are of the opinion that signatures
must be tracked and updated. However, the exact signature specifications are left as an open
research question [9]. In my own view, it appears that the Secure Angle will work on only
802.11n APs as there is no statement on whether other IEEE 802.11 specifications such as
802.11a, 802.11b, and 802.11g can support the system. Also I perceived that this approach does
not support user mobility which is one of the benefit of WLAN. Address Resolution Protocol
(ARP) [10] spoofing was demonstrated on WPA-enabled network and the work equally showed
that in a real world scenario, using strong password in WPA network is brekable [1]. It was
argued in [11] that WPA was not really cracked. According to him, the vulnerability seen in
WPA was due to a poor deployment of WPA-PSK. He stated that a simple 10-character alpha-
numeric random PSK (or greater) will make WPA unable to be cracked with dictionary attacks.
The benefits of Wi-Fi Protected Access 2 (WPA2) over previous protocols and the vulnerabilities
was explored in [12]. Available modes to secure a wireless network using the WPA2 protocol
were also discussed. Suggestions on how the protocol vulnerabilities might be addressed through
enhancements or new protocols were made. Patch solution and a new algorithm for dummy
authentication key-establishment was proposed in [13]. Study conducted by [14] demonstrated
weakness in nonce construction and transmission mechanism used in Counter Mode with Cipher
Block Chaining Message Authentication Code Protocol (CCMP) that made it vulnerable to time
memory trade off (TMTO) pre-computation attack. The solution on how the attack can be
prevented was not given. A biometrics approach to WLAN security was presented in [15], in
which user’s iris was used by the network server for authentication.
3. OVERVIEW OF WLAN SECURITY EXTENSIONS
Service Set Identifier (SSID), MAC Address Filtering and wired equivalent protocol (WEP) were
the original 802.11 specifications by the IEEE for securing WLAN. These mechanisms lead to a
number of practical attacks that demonstrate their failure to achieving security goals. Alternative
security mechanisms such as 802.Ix, 802.11i, SSL, and IPsec, were created to enhance WLAN
security and are discussed below. Virtual Private Networks (VPN) is deployed in an enterprise
wired network for secured data transmission. Its success made it attractive to wireless developers
and administrators as security option in an enterprise WLANs
VPN technology provides three levels of security; Authentication, Encryption and Data
authentication. VPN server authenticates every user that uses VPN client to connect to the
WLAN. It provide data confidentiality by encrypting the traffic passing through the secure tunnel
created on top of the in-secured internet medium. It also guarantees that all traffic is from
authenticated devices. The network topology diagram in Fig. 1 presents a hybrid solution where
both VPN and Wi-Fi security are deployed in an enterprise network.
4. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
32
Figure 1. VPN and Wi-Fi security
The VPN gateway permits secured access for internet users and the access points offers secured
connectivity for local devices. Wi-Fi association is granted through access control and
authentication. Encryption occurs at layer two and above and is hardware based. Centralized
RADIUS authentication model is implemented here, in which the network access devices (access
points and VPN gateway ) forward RADIUS authentication requests to the RADIUS server for
verification. This is used to provide true single sign-on for both Wi-Fi and VPN security.
3.1. IPsec
IPsec is “a framework of open standards for ensuring secure private communications over IP
networks through the use of cryptographic security services.” It consists of two separate security
protocols, Authentication Header (AH) and Encapsulated Security Protocol (ESP) that ensures the
authenticity and integrity of the data. AH authenticates packets by signing them. The signature is
specific to the packet being transmitted, and therefore prevents the data from being modified
(integrity). In addition to handling the authenticity and integrity of data ESP ensures data
confidentiality through encryption, digital signature, and/or secure hashes. When AH and ESP are
implemented together the entire packet is authenticated. IPSec uses Internet Key Exchange (IKE)
mechanism to authenticate end users and manage secret keys by providing a secure exchange of a
pre-shared key before IPSec transmissions begin. IKE is not reliable and could end up in a dead
state. Dead-Peer-Detection was an improvement in IKE to handle dead state occurrence due to
reliability flaws. IPSec uses security association (SA) to describe how parties will use AH and
encapsulating security payload to communicate. The SA can be established through manual
intervention or by using the Internet Security Association and Key Management Protocol
(ISAKMP). ISAKMP approach has advantage over IKE; duplication of functionality in each
security protocol is minimal and it uses little time in setting up Communication. IPSec is a widely
used VPN protocol. IPSec VPNs can be deployed in either transport mode or tunnel mode. In
transport mode the IPSec-protected data is carried in IP packets that use the original IP addresses
of the two VPN peers. Transmission here is faster since the IP headers are not encrypted, and the
packets are smaller. The disadvantage in this mode is that a hacker can sniff the network and
gather information about end parties. The Tunnel mode encapsulates and encrypts all IP packets
and ensures end-to-end transmission using new IP header of the two VPN peers. Tunnel mode is
used in host-to gateway or gateway-to-gateway VPNs. IPsec uses Triple DES (3DES), or
Advanced Encryption Standard (AES) to ensure confidentiality of IP traffic.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
33
3.2. Secure Socket Layer (SSL)
SSL consists of two protocols, the SSL record protocol that defines the format used to transmit
data and the SSL handshake protocol that uses the record protocol to exchange messages between
the SSL-enabled server and the client when they establish a connection [7]. SSL is used in VPN
to protect transmitted data. SSL VPN solution for WLAN provides the following functionality;
Centralized security and management, strong and scalable data encryption for maximum security
and to secure most sensitive transactions such as online banking on the Internet, “auto reconnect.”
feature of SSL VPN supports mobility of users, scalability and provides endpoint security. SSL
addresses the need of confidentiality integrity and authentication. Confidentiality is achieved by
using public key cryptography. Data integrity is preserved by performing a special calculation
(hash function) on the contents of the message and storing the result with the message itself. The
SSL protocol uses Message authentication codes (MAC) to provide data integrity. It uses Ron
Rivest,Adi Shamir, and Leonard Adleman (RSA) algorithm for encryption. The result of the
algorithm depends both on the message and the key used. The attacker has no access to the key,
and therefore lacks capacity to modify both the message and the digest. SSL uses digital
certificates for authentication. Digital certificates contains information such data as the server’s
name, public encryption key, and the trusted Certificate Authority (CA).
Connection between the client and server is negotiated through a handshake procedure. Here, the
client connects to the SSL-enabled server and requests that the server sends back information in
the form of a digital certificate. The server can require the client to present a valid certificate as
well but this is optional. The client checks the validity of the server certificate. When the
handshake phase ends, data exchanged between the client and server is then used with hashing
functions to generate session keys that are used for encryption, decryption and tamper detection
of data throughout the SSL session. According to [16], quantum cryptography that relies on
photon and uses key longer than 128-bit or 256-bit keys will provide better protection than RSA
algorithm. It will make data communication potentially unhackable and guarantee security
against future computer improvements.
3.3. 802.IX/EAP
IEEE 802.IX is specified for port-based network access control for wired networks and has been
extended for use in wireless networks. It provides user-based authentication, access control and
implements Extensible Authentication Protocol (EAP), which was originally designed for Point-
to Point Protocol (PPP). EAP is a layer 3 protocol and can use any authentication mechanism to
add flexibility to 802.1X . 802.IX uses;
1. The Supplicant: A station that requests access to the network offered by the authenticator.
It dialogue with the authentication server through the authenticator.
2. The Authenticator: Typically a wireless access point that controls the state of each port
(open/close) and mediates an authentication session between the client and the
authentication server.
3. The Authentication Server: This is a Remote Authentication Dials In User Service
(RADIUS) server that do the authentication process for the authenticato.
802.1X and EAP approach are characterized by three main elements that make it better than the
basic 802.11 securities. They are:
1. Mutual authentication between client and authentication (Remote Access Dial-In user
Service (Radius) server.
6. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
34
2. Encryption keys dynamically derived after authentication
3. Centralized policy control, that stimulate re-authentication and fresh encryption key
generation when a session expires.
EAP Authentication Process is shown in Fig.2 and the sequence of events are numbered
1-9.
Figure 2. EAP Authentication Process
Here, user login credentials must be provided through an EAP supplicant before wireless client
can associate with access point. When association is established, the client and the RADIUS
mutually authenticate each other via the access point. The RADIUS server and the client then
determine a session key (WEP key) that it distinct to the client. The RADIUS server sends the a
session key to the access point via the wired LAN. The access point in turn, encrypts its broadcast
key with the session key and sends the encrypted key to the client. The client uses the session key
to decrypt it. These keys are valid for all communications during the remainder of the session or
until the session expires. A new WEP key is then generated. The session key and broadcast key
are changed at regular intervals and can be configured on the access point. Different types of
EAP that can be used in wireless network for user authentication include LEAP_Cisco Wireles
(LEAP), EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), EAP-tunneled TLS
(EAP-TTLS) and EAP-Subscriber.
3.4. IEEE 802.11i
IEEE 802.11i defines Robust Security Network (RSN)” [17] that is aimed solving the problems
in 802.11b and WEP which include Poor Privacy, lack of encryption key management, Weak
authentication and authorization and no Accounting. The RSN adopts an approach that grants the
authenticated entity a set of privileges for a limited amount of time. Devices joining in a RSN
need to support Counter Mode-CBC MAC protocol (CCMP), a protocol built around the
IEEE802.1X standard for access control and AES. These two protocols made RSN a stronger and
scalable solution [17]. WEP users using RC4 requires hardware upgrades to join CCMP users. To
address this problem RSN allows the use of Temporal Key Integrity Protocol (TKIP), which
allows WEP systems to be upgraded to be secure. To support the transition from WEP to TKIP, a
network model called transition security network was defined. Transition security Network allows
pre-robust security Network associations. This means that WEP users using RC4 can coexist
within the same wireless local area network with CCMP users who use AES and TKIP users who
use RC4 and security enhancements [18].
7. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
35
3.5. Temporal Key Integrity Protocol (TKIP)
TKIP was temporally provided to mitigate the security challenge of WEP in combination with
802.1x authentication and EAP-TLS. It uses 802.IX for key management and establishment.
TKIP uses a key scheme based on RC4, but extends this key hierarchy to include a key hash
function, and a message integrity check (MIC). The key hash function reduces the exposure of the
master secret and to provide per-packet key mixing. TKIP hashes the combination of the IV
value, the data encryption key (derived from the master secret), and the MAC address to form the
traffic key. This mechanism addresses the WEP problem and then reduces the ability of the
related key attack.
3.6. Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access is a WLAN data encryption method that uses TKIP to alleviate WEP key
flaw by generating a new 128-bit per packet transmitted. [3]. WPA enhances WEP by adding a re-
keying mechanism to provide a fresh encryption and integrity key. Temporal keys are changed for
every 10,000 packets. This makes it much harder to crack TKIP keys than with WEP. In WPA, a
temporal encryption key, transmit address and TKIP Sequence Counter (TSC) form the input to
the RC4 algorithm that generates a keystream. MAC Service Data Unit (MSDU) and Message
Integrity Check (Michael) are combined using the Michael algorithm. The combination of the
MSDU and the MIC is fragmented to generate MAC Protocol Data Units, which is MPDU. From
the MPDU, a 32-bit Integrity Check Value is calculated for the MPDU. The combination PDU
and the ICV is bit-wise exclusive ORed with a keystream to produce the encrypted data. The IV is
added to the encrypted data to generate the MAC frame. According to [19], Michael is not a very
strong algorithm. However, it was the best choice given the constraints.
3.7. WPA2
This is an enhancement to WPA. It uses AES algorithm for encryption which is stronger than
TKIP. AES in combination with Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP) provide high level security to WLAN. The CCMP
algorithm creates message integrity code (MIC) to protect data integrity. WPA2 supports both
Enterprise mode and Personal mode. WPA2 Personal uses a set of password. WPA2 Enterprise
uses EAP and a RADIUS server for centralized client authentication using multiple authentication
methods such as token cards, Kerberos, and certificates.
Figure 3. WPA2 CCMP Procedure
During the CCMP procedure, the MAC header produces additional authentication data (AAD)
that is added to the CCM encryption process. This protects the frame against alteration of the non
encrypted portions of the frame. A sequence packet number PN is included in the CCMP header
8. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
36
to protect against replay attacks. The PN and the portions of the MAC header are used to generate
a nonce that is turned, is used by the CCM encryption process. In WPA and WPA2 keys are
derived during the four-way handshake shown in Fig. 4 Encryption keys are derived from the
Pairwise Master Key. The PMK is derived during the EAP Authentication Session. In the EAP
success message, the Pairwise Master Key is sent to the access point, but it is not directed to the
Wi-Fi client as it has derived its own copy of the Pairwise Master Key.
Figure 4. The Four-Way Handshake
1. A client uses the nonce sent by the access point to generate the Pairwise Transient Key
(PTK).
2. The client responds with its own nonce value, an Snonce, to the access point together
with a message integrity check code which is Michael.
3. The access point sends the groupwise transient key (GTK) and a sequence number
together with another MIC which is used in the next broadcast frames.
4. The client confirms that the temporal keys are installed.
4. DISCUSSION
Table 1 presented different security standards and solutions such as 802.1x, 802.11i, VPN based
SSL and VPN based IPSec, as enhancement to WEP which has several flaws that make the
systems that implemented it vulnerable to attackers.
Table 1. Enhanced Wlan Security Comparison
802.1x 802.11i
SSL based
VPN
IPsec
based VPN
EAP with TKIP WPA WPA2
FEATURES LEAP PEAP TLS
Encryption
algorithm
RSA key
exchange
3DES or
AES
RC4 RC4 RC4 RC4-TKIP AES-
CCMP
Key length 1024- 4096
bit
168/128,
192, 256 bit
128 bit 128 bit 128 bit 128 bit 128-192-
256 bit
IV length 48 bit 48 bit
Authentication Mutual Mutual Mutual Mutual Mutual Mutual Mutual
Certificate
requirements
SSL-
enabled
Server
Optional NONE RADIUS
server
RADIUS
server/
WLAN
client
RADIUS
serve
RADIUS
serve
Packet
Integrity
MAC MD5-
HMAC/
SHA-
HMAC
CRC-
32/MIC
CRC-
32/MIC
CRC-
32/MIC
MIC CCM-
MIC
Key type Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic Dynamic
Key
distribution
Digital
certificate
Dynamic Dynamic Dynamic Dynamic Dynamic
9. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
37
Single sign-on
support
Yes Yes Yes No Yes Yes Yes
Open standard NO Yes No IETF draft
RFC
Yes IEEE
802.11i
IEEE
802.11i
ATTACKS
MITM (active
attacks)
Alleviated Vulnerable Alleviated Alleviated Alleviated Vulnerable Alleviated
Dos Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable Alleviated
Rogue access
points
Alleviated Alleviated Alleviated Alleviated Vulnerable Alleviated
Passive
attacks (FMS
paper)
Alleviated Alleviated Alleviated Alleviated Alleviated Vulnerable Alleviated
Brute-force
dictionary
attacks
Vulnerable Alleviated Vulnerable
with weak
password
Alleviated Alleviated Vulnerable
with weak
password
Alleviated
Authentication
forging
Alleviated Alleviated Alleviated Alleviated Alleviated Vulnerable
with weak
password
Alleviated
OSI LAYER Layer 4 Layer 3 Layer 3 Layer 3 Layer 4 Layer 2 Layer 2
These enhanced solutions offer security at different layers of Open System Interconnect (OSI)
model and provide confidentiality, integrity, authenticity and availability which is the basic
security requirements needed in a secured network. Each uses encryption algorithm and
authentication algorithm shown in the table to ensure secured network. The performance of any
of the solutions is dependent on the algorithm and protocols supported. Key length supported by
each of these WLAN solutions are shown in the table. Authentication between client and server is
mutual but in SSL Client authentication is optional. Using a password-based scheme should
require the use of some form of mutual authentication so that the authentication process is
protected against brute-force dictionary attacks. Brute-force dictionary attacks against LEAP can
be mitigated if strong password is used. It is a good practise for IT administrators to reduce the
number of login attempts before an account is locked. Users should be educated on the danger of
passing out their username and password to any screen that pop up. The use of one time token
should be adopted in build application that run online. When implementing EAP, dictionary
attacks can be avoided by using non-password-based schemes such as biometrics, certificates,
OTP, Smart Cards, and token cards.
According to [12], WPA2 is vulnerable to RF jamming attack, Layer 2 session hijacking and data
flooding attack. In addition, management frames report network topology and modify client
behaviour. This facilitates the ability of an attacker to see network layout, discover device
location and launch Denial of Service (DoS) attacks. Various researches reviewed in section 2 of
this work show that the enhanced solutions and standards are still vulnerable to various attacks
they are meant to fight but has made hacking process difficult for the attacker. Unless
administrators protect their wireless infrastructure with proven tools and techniques, engage in
security awareness training, establish standards and policies that identify proper deployment and
security methodology, the integrity of wireless networks will be threatened.
The nature of Wireless communication (over the air) made it vulnerable to passive, active, MITM
,and jamming attacks. A passive attack occurs when someone eavesdrops on network traffic.
Cheap availability of wireless network adapter that supports promiscuous mode as well as easily
available tools such as Network Monitor in Microsoft products, TCPDump in Linux-based
products, NetStumbler, or AirSnort which can be used to capture network traffic for analysis
make detecting and reporting on wireless networks a hobby for many wireless wardriving
enthusiasts. Disabling SSID broadcast will make the AP not respond to “empty set”SSID beacons
and will consequently be “invisible” to network traffic analysis tools. However, it is still possible
to capture the “raw”802.11b frames and decode them using programs such as Wireshark
10. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
38
(formerly Ethereal) and Wild Packet’s AiroPeek to determine the information. Once an attacker
has gained sufficient information from a passive attack, they can launch an active such as
spoofing, DoS, flooding attacks, introduction of malware and the theft of devices against the
network. DoS and flooding attacks can take place once an attacker has authenticated and
associated with a wireless network. This can be achieved through the placement and use of rogue
access points that prevent wireless traffic from being forwarded properly. Placing a rogue AP
within range of a wireless station is a wireless-specific variation of a MITM attack. This attack
can be used to gain valuable information about a wireless network, such as authentication
requests, the secret key, read private data from a session or to modify the packets thus violating
the integrity of a session. Because of their undetectable nature, the only defense against rogue
APs is vigilance through frequent site surveys (using tools such as directional or parabolic dish
antennae, GPS receivers NetStumbler, Wireshark. and AiroPeek,) and physical security. Rogue
access point detection provide a first-level of defence against someone exploiting an access point,
but even if they do exploit it, deploying SSL VPN will provide additional layer of security
through protection of critical applications and data. It should be noted that NetStumbler will not
identify other DoS attacks or other non-networking equipment that is causing conflicts (such as
wireless telephones, wireless security cameras, amateur TV (ATV) systems, RF-based remote
controls, wireless headsets, microphones and audio speakers, and other devices that use the 2.4
GHz frequency). Spoofing and unauthorized attacks can be protected using MAC filtering to
allow only clients that possess valid MAC addresses to access the wireless network. However,
MAC addresses are sent in the plain on wireless networks and therefore can easily be changed
using edit of the registry in windows or a root shell command in UNIX. A better protection
requires the following additional measures; using RADIUS or SecurID, use of VPN to access the
wired network, allow only SSH access or SSL-encrypted traffic into the network and use of
firewall to isolate unwanted access.
4.1. Enhanced 801.11 Security Protocols Performance Evaluation
Strength of algorithm used in encryption, authentication and integrity was used to measure the
performance of the enhanced 801.11 Security Protocols. They are weighted on a four point scale
(weak, strong, fairly strong and very strong). In addition, susceptibility to attacks and cost of
implementation are also indicated.
Table 2. Performance Evaluation for Enhanced 801.11 Security Protocols
802.1x 802.11i
METRICS SSL
based
VPN
IPsec based
VPN
EAP with TKIP WPA WPA2
Algorithm
Strength
LEAP PEAP TLS
Encryption Very
Strong
(RSA)
Very Strong
(3DESor AES)
Weak
(RC4 )
Weak
(RC4 )
Weak
(RC4 )
Strong
(RC4-
TKIP)
Very Strong
(AES-
CCMP)
Authentication Strong
(Digital
Signature)
Strong
(AH &ESP)
Weak
(password)
Fairly
Strong
(PEAP)
Strong
(Digital
Certificates)
Strong
(EAP)
Strong
(EAP)
Packet Integrity Strong
(MAC)
Strong
(MD5-HMAC/
SHA-HMAC )
Fairly
Strong
(CRC-32/
MIC )
Fairly
Strong
(CRC-32
/MIC )
Fairly
Strong
(CRC-32 /
MIC)
Fairly
Strong
(MIC)
Very Strong
(CCM-MIC)
Susceptibility
to Attacks
Low Low High Low Low Low Very Low
Cost of Imple -
mentation
High High Low Low Moderate Low High
11. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
39
1. Strength of Algorithm
VPN ensures a higher degree of confidentiality for traffics. It is difficult for hacker to crack the
VPN encryption to see the corporate traffics. If a wireless device is stolen and the theft
unreported, the thief would have to know the user credentials to gain access to the VPN. IPSec
and SSL are commonly used protocols in VPN to provides for confidentiality of IP traffic, and
secure data during transmission . IPSec achieves confidentiality using 3DESor AES. SSL secure
most sensitive online transactions such as online banking. It uses digital certificate for
authentication, RSA algorithm for encryption and MAC for data integrity
Unlike WEP that that uses pre-shared key for authentication which is easily cracked by attacker,
802.1X uses EAP that provides three significant benefits over WEP, the mutual authentication
scheme effectively eliminate MITM attacks. The dynamic distribution of keys prevent lost
wireless device from gaining unauthorized access. The centralized policy control enables re-
authentication and new key generation. access can us different types of EAP to authenticate users.
EAP is a standard authentication method for both WPA and WPA2. There are many types of EAP
implementation (LEAP, PEAP, and EAP-TLS) which contributes to its flexibility. LEAP uses
passwords for authentication, and does not use digital certificates. Information transported by
LEAP is often visible to attackers. User credentials are not strongly protected in LEAP, and are
thus easily compromised. PEAP was created as a more secure means of authentication than EAP.
It uses an encrypted and authenticated TLS tunnel to send EAP authenticated data. The EAP-TLS
algorithm can derive dynamic WEP keys, and the authentication server will send the client the
WEP key for use during that session. EAP-TLS is highly secure because it uses certificate-based
algorithms and it is hard to crack certificate digitally signed by a CA.
WPA uses RC4 in addition to TKIP. It uses TKIP to encrypt data which enables keys rotation so
that every data packet uses a unique encryption key. This makes transmitted data more difficult to
hack. TKIP provides a solution to WEP’s checksum issues, by using a larger, more secure 48-bit
IV, and transmits the IV as an encrypted hash. WPA2 uses AES algorithm for encryption and
CCMP for data encryption. CCMP is currently the strongest protocol for encrypting data in a
WPA2 network. AES provides much stronger encryption than RC4 and TKIP.
2. Susceptibility to Attacks
In 802.11X, certain “flavors”of RADIUS servers and Web servers can be compromised by buffer-
overflow attacks. A buffer-overflow attack occurs when a buffer is flooded with more information
than it can hold. The extra data overflows into other buffers, which may be accessible to hackers.
Thus, IEEE 802.1x is susceptible to several attacks, due to the following vulnerabilities:
1. The lack of the requirement of strong mutual authentication. While EAP-TLS does provide
strong mutual authentication it is not required and can be overridden.
2. The vulnerability of the EAP Success message to a MITM attack.
3. The lack of integrity protection for 802.1x management frames.
However, the networks are not as vulnerable as they would be without EAP and 802.1x.
Vulnerabilities seen in other solution in Table 2 are discussed in section 2 of this paper. They are
comparatively low when compared with WEP. WPA2 still remains the most current secured layer
2 protocol .
3. Cost of Implementation
Solutions based on 802.11X are generally more cost effective than those based on VPN for two
reasons: First, with 802.1X, the infrastructure is already put in place is augmented. Secondly, the
12. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
40
complexity associated with setting up and maintaining VPNs may require more of staff time to
manage. Distributing VPN access to remote sites requires installation or adding capacity to a
VPN server at that site, and setting up all WLAN users outside the firewall. It is easy to distribute
802.1X-based WLAN access to separate departments, floors and other off-site locations with little
administrative overhead.
In WPA, transition from WEP to TKIP is cheap when compared to WPA2. The 802.11i standard
requires AES as a replacement for the compromised RC4 algorithm. However, because of the
additional processing power required for AES encryption, the addition of a co-processor is likely
necessary in wireless device hardware and will make upgrading legacy wireless devices to
support AES very costly. As with all other security measures, administrators and managers will
have to compare the costs of implementation against the threats the implementation will mitigate.
4.2. Using a Defence-in-Depth Strategy
Agencies can mitigate risks to their WLANs by applying Defence-in-Depth Strategy as shown in
Fig.5 to address specific threats and vulnerabilities.
Use VPN Tunnel
Encryption
Figure 5. Security In-Dept Approach
The defense-in-depth strategy specifies the use of multiple layers of network security. This can
be achieved by
1. Collecting, analyzing and assessing security events in real time using Wireless Intrusion
Detection System (IDS) and a security information and event management (SIEM) solution
such as HP’s ArcSight. Additional layer of security can be applied the network by
disabling Dynamic Host Configuration Protocol ( DHCP).
2. Per-packet authentication using RADIUS and centralized encryption and security
management using SSL VPN for connection security .
3. WPA2 and AES for Data Protection. Also Using HTTPS instead of HTTP will ensure
application layer encryption for a session with a secure web server
4. use vulnerabilities and patches for device security
5. deploy a stateful per user firewall for End user protection
6. auditing, and VPN, IPSec, biometrics for access control. Use strong authentication for
network access protection .
7. Use of encrypted proxy services that allows access to the web server, but with an encrypted
tunnel at the local end.
8. Change all default settings, such as passwords and service set identifiers, or SSIDs.
Biometrics provides added layer of protection and can be integrated with wireless smart cards or
other wireless device. It can as well combine with VPN solutions to provide authentication and
data confidentiality. It is very difficult to guess physical human characteristics and this made
13. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
41
biometric-based authentication highly reliable when compared to password-based authentication.
Other counter measures include disable the network when not required, and place wireless access
points in a secured location. Planning the Wi-Fi RF coverage area include proper placement of
wireless access points and appropriate shielding using thin layer of aluminum under the drywall
within the building where possible. Control all access points’ power levels, but not to level
that legitimate device on the network can no longer connect. These will substantially
alleviate RF jamming attack and makes the network highly available. Some wireless interface
cards or their drivers cannot capture any packets that are not addressed to the device. Such
devices would not allow sniffing on the wireless portion of the network.
It is necessary to highlight that Wi-Fi security standards cannot handle AP failure. They equally
lack capacity to handle attacks on physical layer since they provide security on layer two and
above.
5. CONCLUSIONS
This paper evaluated alternative security mechanisms for WLAN; 802.1X and 802.11i , VPN,
IPSec, and SSL. The result of the discussion shows that there is no one solution that is the best.
Security problem and mitigation is a continuous process as long as swift changes in wireless
technology exist. However, WPA2 is still far more secure than other 802.11options and is still in
common use. Therefore achieving secured WLAN requires implementing security at all layers
which include wireless signal security, connection security, data protection, device security,
network protection, and end user protection. Organizations should perform a risk analysis of their
network, develop, and implement relevant and comprehensive security policies throughout their
network. Users should be educated on the operation, security and safe computing practices of
both wired and wireless networks. This work recommended the use of biometric cryptosystem in
place of user name and password for a more secured user authentication. Quantum cryptography
is also a likely solution for future machines with exponentially more processing power than
today's technology.
REFERENCES
[1] Beck, M. and Tews. E. (2009). Practical Attacks Against WEP and WPA. Available:
http://dl.acm.org/citation.cfm?id=1514286.
[2] Housley, R. and Arbaugh, W. (2003). Security Problems in 802.11-Based Networks.Communications
of the ACM, 46(5), pp. 31-34.
[3] Hal, B. and Jacon , U. (2004). Wireless Infidelity II: Airjacking. Communications of the ACM,
47(12) , pp. 15-20.
[4] Predrag, K.., Sunny, C., Jaeyeon, J., Benjamin, L., Louis, L. Pauline , P. and David, W.
(2009).“When I am on Wi-Fi, I am Fearless:” Privacy Concerns & Practices in Everyday Wi-Fi Use.
CHI 2009 ~ Security and Privacy ~ Boston, MA, USA.
[5] Ezedin, S., Emad, E and Kadhim, H. (2006). “End-To- End Security Solutions for WLAN: A
Performance Analysis for the Underlying Encryption Algorithms in the Lightweight Devices,” In
Proceedings of the 2006 international conference on Wireless communications and mobile computing,
pp. 1295-1300.
[6] Stanley, L., Aftab, A., Luay, A., Wahsheh, M. J., Sandra L. and Aurelia,T. (2011). “How Secure is
WiFi MAC Layer in Comparison with IPsec for Classified Environments?” In Proceedings of the
14th Communications and Networking Symposium. pp. 110-116.
[7] Michael, C., Jeremy, F., Eli, F., Michael, G., Alun J. and Marc, P. (2007). “How to Cheat at Securing
Your Network,” Syngress Publishing. Available: http://delivery.acm.org/10.1145/1560 000
/1554876/9780080558646.pdf.
[8] Floriano, D., Dionigi C. and Salvatore, M. (2006). Static and Dynamic 4-WayHandshake Solutions
to Avoid Denial of Service Attack in Wi-Fi Protected Access and IEEE802.11i. Hindawi Publishing
14. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
42
Corporation. EURASIP Journal on Wireless Communications and Networking. ArticleID 47453,
pp.1–19. DOI10.1155/WCN/2006/47453
[9] Jie, X. and Kyle, J. (2010). Secure Angle: Improving Wireless Security Using Angle-of-Arrival
Information. SIGCOMM’10, NewDelhi, India. ACM 978-1-4503-0201-2/10/08.
[10] Plummer, D. C. (1982). RFC 826: Ethernet Address Resolution Protocol: Or converting network
protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware
[11] George, O. (2007). Why VPN can't replace Wi-Fi Security. Real World IT. Available:
http://www.zdnet.com /blog /ou/why-vpn-cant-replace-wi-fi-security/489.
[12] Arana, P. (2006). Benefits and Vulnerabilities of Wi-Fi Protected Access2 (WPA2) .INFS 612–
Fall.Available:http://cs.gmu.edu/~yhwang1/INFS612/SampleProjects/Fall06_GPN6_Final_
Report.pdf
[13] Zhimin , Y., Adam, C ., Boxuan, G., Xiaole, B. and Dong, X. (2009). “Link-Layer Protection in
802.11i WLANs with Dummy Authentication.” WiSec ’09 proceding of the second ACM conference
on Wireless network security, pp.131-138. ISBN:978-1-60558-460-7 doi.10.1145/1514 274.1514294.
[14] Junaid, M., Muid M. and Umar, M. I. (2007). Vulnerabilities of IEEE 802.11i Wireless LAN CCMP
Protocol. World Academy of Science, Engineering and Technology , 11( 200), pp. 910-915.
[15] Saraswathi, K., Jayaram, B. and Balasubramanian, R. (2011). Iris Biometrics Based Authentication
and Key Exchange System. IACSIT. International Journal of Engineering and Technology, 3(1),
ISSN: 1793-8236
[16] Mone, G. (2013). Future-Proof Encryption. Communications of the ACM, Vol. 56(11), pp. 12-14
DOI. 10.1145/2524713.2524718.
[17] Stubblefield, A., Ioannidis, J. and Rubin, D. (2001). Using the Fluhrer, Mantin, and Shamir Attack.
to Break WEP. AT&T Laboroties and Rice. Available: University.http://www.uninett.no /wlan
/download/wep_attack.pdf.
[18] IEEE (2003). Standard 802.11i draft 7.
[19] Edney, J. and Arbaugh, W. (2003). “Real 802.11 Security: WiFi Protected Access and 802.11i”.
ISBN: 0-321-13620-9.
Author
Ifeyinwa A. Ajah is a lecturer in the Computer Science department of Ebonyi State
University, Abakaliki Nigeria. She has B.Sc. in Computer Science, M.Sc in Computer
System Engineering and Ph.D. in Computer Science. Her research interests include
networking, software engineering, internet programming, and database. Dr. Ajah was a
recipient of Ambassador for ACM in 2014, Award Certificate from Student Associate
Scheme University of East London, United Kingdom, in 2005 and a Commendation Letter
from the Cross River State NYSC for Outstanding Performance in the Service Year in
February 2000.