Ijecet 06 09_008

http://www.iaeme.com/IJECET/index.asp 65 editor@iaeme.com
International Journal of Electronics and Communication Engineering & Technology
(IJECET)
Volume 6, Issue 9, Sep 2015, pp. 65-74, Article ID: IJECET_06_09_008
Available online at
http://www.iaeme.com/IJECETissues.asp?JType=IJECET&VType=6&IType=9
ISSN Print: 0976-6464 and ISSN Online: 0976-6472
© IAEME Publication
THE IMPORTANCE OF CRYPTOGRAPHY
STANDARD IN WIRELESS LOCAL AREA
NETWORKING
Modesta. E. Ezema
Lecturer 1 Department of Computer Science,
University of Nigeria, Nsukka Enugu State, Nigeria
Chidera .C. Ezema
Department of Electrical Electronics Engineering,
Enugu State University of Science and Technology,
ESUT Enugu State, Nigeria
Asumpta Uju Ezugwu
Department of Computer Science,
University of Nigeria, Nsukka, Enugu State, Nigeria
ABSTRACT
The rapid proliferation of wireless networks and mobile computing
applications has changed the landscape of network security. The recent denial
of service attacks on major Internet sites have shown us, that no open
computer network is immune from intrusions. The wireless ad-hoc network is
particularly vulnerable due to its features of open medium, dynamic changing
topology, cooperative algorithms, lack of centralized monitoring and
management point, and lack of a clear line of defense. The traditional way of
protecting networks with firewalls and encryption software is no longer
sufficient and effective. The goal of this paper is to present a framework to
help managers understand the various threats associated with the use of
wireless technology, disadvantages and threats of the wireless security
protocols. WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access)
and RSN (Robust Security Network) Security protocols are examined in this
respect. Then they are compared via the common features in order to give
some insight to those who work with WLANs. I hope this paper give boost to
the IT security personnel and clarify the common questions of the non-
specialist reader.
Key word: Cryptography, Encryption, Security, Enciphering, Deciphering,
Cryptosystem, Cryptanalysis

Modesta. E. Ezema, Chidera .C. Ezema and Asumpta Uju Ezugwu
Cite this Article: Modesta. E. Ezema, Chidera .C. Ezema and Asumpta Uju
Ezugwu. The Importance of Cryptography Standard In Wireless Local Area
Networking, International Journal of Electronics and Communication
Engineering & Technology, 6(9), 2015, pp. 65-74.
http://www.iaeme.com/IJECET/issues.asp?JType=IJECET&VType=6&IType=
9
1. INTRODUCTION
As the Internet and the World Wide Web have exploded into our culture and are
replacing other media forms for people to find news, weather news, sports, recipes,
and a million other things, the new struggle is not only for time on the computer at
home, but for time on the Internet connection. The hardware and software vendors
have come forth with a variety of solutions allowing home users to share one Internet
connection among two or more computers. They all have one thing in common
though- the computers must somehow be networked.[1] To connect your computers
together has traditionally involved having some physical medium running between
them. It could be phone, wire, coaxial cable or the ubiquitous CAT5 cable. Recently
hardware has been introduced that even lets home users network computers through
the electrical wiring. But, one of the easiest ways to network computers throughout
your home is to use wireless technology. It is a fairly simple setup. The Internet
Service Provider comes in from of your provider and is connected to a wireless access
point or router which broadcasts the signal. You connect wireless antenna network
cards to your computers to receive that signal and talk back to the wireless access
point. The problem with having the signal broadcast is that it is difficult to contain
where that signal may travel. [2] The great flexibility of Transmission Control
Protocol/Internet Protocol (TCP/IP) has led to its worldwide acceptance as the basic
Internet and intranet communications protocol. At the same time, the fact that
Transmission Control Protocol/Internet Protocol (TCP/IP) allows information to pass
through intermediate computers makes it possible for a third party to interfere with
communications in the following ways:
Eavesdropping. Information remains intact, but its privacy is compromised. For
example, someone could learn your credit card number, record a sensitive
conversation, or intercept classified information.
Tampering. Information in transit is changed or replaced and then sent on to the
recipient. For example, someone could alter an order for goods or change a person's
resume.
Impersonation. Information passes to a person who poses as the intended recipient.
Impersonation can take two forms:
Spoofing. A person can pretend to be someone else. For example, a person can
pretend to have the email address jdoe@example.net, or a computer can identify
itself as a site called www.example.net when it is not. This type of impersonation is
known as spoofing.
Misrepresentation. A person or organization can misrepresent itself. For example,
suppose the site www.example.net pretends to be a furniture store when it is really
just a site that takes credit-card payments but never sends any goods.
Denial of Service: In this kind of attack, the intruder floods the network with either
valid or invalid messages affecting the availability of the network resources.

The Importance of Cryptography Standard In Wireless Local Area Networking
Evil Twin’ attack: The installation of an extra wireless access point posing as a
legitimate organisation-owned access point. If legitimate clients attempt to associate
with the rogue access point, the malicious user could steal or capture any
authentication credentials utilized.
Due to the nature of the radio transmission, the WLAN are very vulnerable against
denial of service attacks. The relatively low bit rates of WLAN can easily be
overwhelmed and leave them open to denial of service attacks [3]. By using a
powerful enough transceiver, radio interference can easily be generated that would
enable WLAN to communicate using radio path. Normally, users of the many
cooperating computers that make up the Internet or other networks do not monitor or
interfere with the network traffic that continuously passes through their machines.
However, many sensitive personal and business communications over the Internet
require precautions that address the threats listed above. Fortunately, a set of well-
established techniques and standards known as public-key cryptography make it
relatively easy to take such precautions. Cryptographic technique is a promising way
to protect our files against unauthorized access. Nowadays people have developed so
many useful cryptographic algorithms, from old DES (Data Encryption Standard) to
recent IDEA (International Data Encryption Algorithm), AES (Advanced Encryption
Standard) and etc. Some user-level tools (e.g. crypt program) based on these strong
and speedy algorithms have come out to help users do the encryption and decryption
routines, but they are not so convenient, not well integrated with the whole system
and sometimes may be vulnerable to non-crypto analytic system level
2. COMPUTER SECURITY AND ITS ROLE
One broad definition of a secure computer system is one that can be depended upon
to behave as it is expected. It is always a point of benefit to integrate security with
dependability and how to obtain a dependable computing system. [4] Dependability is
the trustworthiness of a system and can be seen as the quality of the service a system
offers. Integrating security and dependability can be done in various ways. One
approach is to treat security as one characteristic of dependability on the same level as
availability, reliability and safety as shown in the figure.
Dependability
Availability Reliability Safety Security
Figure 1 characteristics of a secured system
A narrower definition of security is the possibility for a system to protect objects with
respect to confidentiality, authentication, integrity and non-repudiation.
Confidentiality: Transforming data such that only authorized parties can decode it.
Authentication: Proving or disproving someone’s or something’s claimed identity.

3. HARDWARE REQUIREMENTS FOR LOCAL AREA
NETWORK
The kind of hardware you would need to setup a wireless network depends on what
the scale of the network will be. However you will almost certainly always need an
access point and a wireless network interface card. If you want to setup a temporary
network between two computers then two wireless Network Interface Card are
enough. If you wish to share a broadband internet connection then speeds of a 512k
and above are required. Lower bandwidth will work but only result in slower or
unacceptable performance.
3.1. Access Point
This piece of hardware acts as a bridge between the wired network and wireless
devices. It allows multiple devices to connect through it to gain access to the network.
An Access Point can also act as a router; a means by which the data transmission can
be extended and passed from one access point to another.
3.2. Wireless Network Card
A wireless network card is required on each device on a wireless network. A laptop
usually has an expansion slot where the network card would fit in. A desktop
computer would need an internal card – which will usually have a small antenna or an
external antenna on it. These antenna are optional on most equipment and they help to
increase the signal on the card.
Fig. 2: an example of a wireless network interface card (NIC)
4. WIRELESS NETWORK SETUP
We have different types of wireless network types. These will be explained below.

Figure 4 wireless network setup
4.1. Infrastructure
[5] In the case of wireless networking in Infrastructure mode you are connecting your
devices using a central device, namely a wireless access point. To join the WLAN, the
AP and all wireless clients must be configured to use the same SSID. The AP is then
cabled to the wired network to allow wireless clients access to, for example, Internet
connections or printers. It is also referred to as a “hosted” or “managed” wireless
network – it consists of one or more access points (known as gateways or wireless
routers) being connected to an existed network. Additional APs can be added to the
WLAN to increase the reach of the infrastructure and support any number of wireless
clients. In this case, infrastructure refers to switches, routers, firewalls, and access
points (APs). Infrastructure mode wireless networking is the mode that you most
often encounter in your work as a networking professional supporting networks for
clients or in a corporate environment.
Figure 5 infrastructure network
4.2. Ad-Hoc
Also referred to as an “unmanaged” or “peer to peer” wireless network – it consists of
each device connecting directly to each other. This will allow someone sitting outside
in the garden with a laptop to communicate with his desktop computer in the house
and access the Internet, for example.

Figure 6 Ad hoc wireless network
[6] Ad hoc networks are by definition temporary; they cease to exist when
members disconnect from them, or when the computer from which the network was
established moves beyond the 30-foot effective range of the others. You can share an
Internet connection through an ad hoc network, but keep in mind that the Internet
connection is then available to anyone logging on to a computer that is connected to
the network, and thus is likely not very secure.
5. METHODS OF WIRELESS NETWORKING SECURITY
The WEP, SSID and MAC Address filtering as three methods of wireless networking
security. Here we will get to know a little more about these and what other methods of
security are available.
5.1. WEP (Wired Equivalent Privacy)
[7] Wired Equivalent Privacy (WEP) is a security protocol for wireless networks that
encrypts transmitted data. Developed in the late 1990s, WEP is a basic protocol that is
sometimes overlooked by wireless administrators because of its numerous
vulnerabilities. The original implementations of WEP used 64-bit encryption (40-bit +
24-bit Initialization Vector). By means of a Brute Force attack, 64-bit WEP can be
broken in a matter of minutes, whereas the stronger 128-bit version will take hours.
It’s not the best line of defense against unauthorized intruders but better than nothing
and mainly used by the average home user. One of the drawbacks of WEP is that
since it uses a shared key, if someone leaves the company then the key will have to be
changed on the access point and all client machines. WEP, a data privacy encryption
for WLANs defined in 802.11b, didn't live up to its name. Its use of rarely changed,
static client keys for access control made WEP cryptographically weak.
Cryptographic attacks allowed attackers to view all data passed to and from the access
point.
WEP's weaknesses include the following:
 Static keys that are rarely changed by users.
 A weak implementation of the RC4 algorithm is used.
 An Initial Vector sequence is too short and "wraps around" in a short time, resulting
in repeated keys.

5.2. WEP2 (Wired Equivalent Privacy version 2)
[8] In an attempt to increase protection, these encryption methods were extended to
support longer keys including 104-bit (128 bits of total data), 152-bit and 256-bit.
When communicating over a Wi-Fi connection, the protocol encrypts the data stream
using these keys so that it is no longer human readable but still can be processed by
receiving devices. The keys themselves are not sent over the network but rather are
generally stored on the wireless network adapter or in the Windows Registry In 2004,
the IEEE proposed an updated version of WEP; WEP2 to address its predecessor’s
shortcomings. Like WEP it relies on the RC4 algorithm but instead uses a 128-bit
initialization vector making it stronger than the original version of WEP, but may still
be susceptible to the same kind of attacks.
5.3. WPA (Wi-Fi Protected Access)
WPA provides encryption via the Temporary Key Integrity Protocol (TKIP) using the
RC4 algorithm. [9] WPA is a security technology for Wi-Fi wireless computer
networks. WPA improves on the authentication and encryption features of WEP
(Wired Equivalent Privacy). In fact, WPA was developed by the networking industry
in response to the weaknesses of WEP.
WPA provides stronger encryption than WEP through use of either of two
standard technologies: Temporal Key Integrity Protocol (TKIP) and Advanced
Encryption Standard (AES). WPA also includes built-in authentication support that
WEP does not offer. Overall, WPA provides comparable security to VPN tunneling
with WEP, with the benefit of easier administration and use. It is based on the 802.1X
protocol and addresses the weaknesses of WEP by providing enhancements such as
Per-Packet key construction and distribution, a message integrity code feature and a
stronger IV (Initialization Vector). The downside of WPA is that unless your current
hardware supports WPA by means of a firmware upgrade, you will most likely have
to purchase new hardware to enjoy the benefits of this security method. The length of
a WPA key is between 8 and 63 characters – the longer it is the more secure it is.
5.4. WPA2 (Wi-Fi Protected Access version 2)
Based on the 802.11i standard, WPA2 was released in 2004 and uses a stronger
method of encryption – AES (Advanced Encryption Standard). AES supports key
sizes of 128 bits, 192 bits, and 256 bits. It is backward compatible with WPA and uses
a fresh set of keys for every session, so essentially every packet that sent over the air
is encrypted with a unique key. As did WPA, WPA2 offers two versions – Personal
and Enterprise. Personal mode requires only an access point and uses a pre-shared key
for authentication and Enterprise mode requires a RADIUS authentication server and
uses RADIUS authentication server and uses Extensible Authentication Protocol
(EAP)
5.5. MAC Address Filtering
MAC Address Filtering is a means of controlling which network adapters have access
to the access point. [10] A MAC (Media Access Control) address is a number that
identifies the network adapter(s) installed on your computer. The address is composed
of up to 6 pairs of characters, separated by colons. You may need to provide your
MAC address to a router in order to successfully connect to a network. A list of
MAC Addresses are entered into the access point and anyone whose MAC address on
the wireless network adapter does not match an entry in the list will not be allowed to

have access . This is a good means of security when also used with a packet
encryption method. However, keep in mind that MAC addresses can be spoofed. This
type of security is usually used as a means of authentication, in conjunction with
something like WEP for encryption. Below is a basic image demonstrating the MAC
Address Filtering process: In a local area network (LAN) or other network, the MAC
(Media Access Control) address is your computer's unique hardware number. (On
an Ethernet LAN, it's the same as your Ethernet address.) When you're connected to
the Internet from your computer (or host as the Internet protocol thinks of it), a
correspondence table relates your IP address to your computer's physical (MAC)
address on the LAN
Figure 7 a laptop in a local Area network showing its MAC address
A laptop, with MAC Address 00-0F-CA-AE-C6-A5 wants to access the wireless
network via the access point. The access point compares this Address to its list and
permits or denies access accordingly.
5.6. SSID (Service Set Identifier)
An SSID, or Network Name, is a “secret” name given to a wireless network.[11]
An SSID is the name of a wireless local area network (WLAN). All wireless devices
on a WLAN must employ the same SSID in order to communicate with each other. I
put secret in inverted commas because it can be sniffed pretty easily. By default, the
SSID is a part of every packet that travels over the WLAN. Unless you know the
SSID of a wireless network you cannot join it. Every network node must be
configured with the same SSID of the access point that it wishes to connect, which
becomes a bit of a headache for the network administrator.
5.7 VPN (Virtual Private Network) Link
Perhaps the most reliable form of security would be to setup a VPN connection over
the wireless network. VPNs have for long been a trusted method of accessing the
corporate network over the internet by forming a secure tunnel from the client to the
server. Setting up a VPN may affect performance due to the amount of data
encryption involved but your mind will be at rest knowing your data is secure. The
VPN option is preferred by many enterprise administrators because VPNs offer the
best commercially available encryption. VPN software uses advanced encryption
mechanisms (AES for example), which makes decrypting the traffic very hard, if not
impossible, task.

For a clearer understanding of the VPN link method, see fig 8 below.
Figure 8 virtual private Network connections
There are various levels of VPN technology, some of which are expensive and
include both hardware and software. Microsoft does however provide us with a basic
VPN technology – commonly used in small to medium enterprise networks -
Windows 2000 Advanced Server and Windows Server 2003. These are more than
capable of handling your wireless VPN requirements.
5.8. 802.1X
[12] Today WLANs are maturing and producing security innovations and standards
that will be used across all networking mediums for years to come. They have learned
to harness flexibility, creating solutions that can be quickly modified if weaknesses
are found. An example of this is the addition of 802.1x authentication to the WLAN
security toolbox. It has provided a method to protect the network behind the access
point from intruders as well as provide for dynamic keys and strengthen WLAN
encryption. With 802.1X the authentication stage is done via a RADIUS server (IAS
on Windows Server 2003) where the user credentials are checked against the server.
When a user first attempts to connect to the network they are asked to enter their
username and password. These are checked with the RADIUS server and access is
granted accordingly. Every user has a unique key that is changed regularly to allow
for better security. Hackers can crack codes but it does take time, and with a new code
being generated automatically every few minutes, by the time the hacker cracks the
code it would have expired. 802.1X is essentially a simplified standard for passing
EAP (Extensible Authentication Protocol) over a wireless (or wired) network. See
Fig 9 below the 802.1X process.
Figure 9 the802.1X
The wireless client (laptop) is known as the Supplicant. The Access Point is
known as the Authenticator and the RADIUS server is known as the Authentication
server.
6. PROFFERED SOLUTION TO WLAN
This involve the use of hardware and software solutions to help secure the wireless
environment. Software measures include proper Access Point (AP) configuration,
software patches and upgrades, authentication, intrusion detection systems (IDS),
personal firewalls for wireless devices and encryption. Hardware solutions include
smart cards, virtual private networks (VPNs), public key infrastructure (PKI), network
segregation and biometrics. It should be noted that some of these solutions are now
available either in hardware or software.

This solution should also include facilitation of encryption and authentication
controls described in each wireless standard. Encryption in wireless communication is
used primarily to protect the confidentiality of messages and connection setup data
transmitted over the network. Authentication in wireless networks occurs to validate
connections between one device and another, or to confirm that a user is permitted to
connect to a particular network.
Encryption protocols utilized in past wireless standards have been found to be
insecurely implemented and consequently easy to defeat (e.g. WEP RC4). Utilizing
the most current revisions of wireless standards is recommended, as they tend to allow
use of highly secure encryption protocols that have yet to be defeated (e.g. WPA2’s
AES protocol). The actual choice of encryption protocol utilized is dependent on
organizational infrastructure and should be encouraged.
7. CONCLUSION
The diligent management of network security is essential to the operation of
networks, regardless of whether they have segments or not. It is important to note that
absolute security is an abstract concept – it does not exist anywhere. All networks are
vulnerable to insider or outsider attacks, and eavesdropping. No one wants to risk
having the data exposed to the casual observer or open malicious mischief. wireless
networking , steps can and should always be taken to preserve network security and
integrity.
We have said that any secure network will have vulnerabilities that an adversary
could exploit. This is especially true for wireless ad-hoc networks. The various
method of wireless networking security discussed can help to greatly reduce the
vulnerability in wireless networks.
REFERENCES
[1] http://netsecurity.about.com/od/hackertools/a/aa072004b.htm
[2] https://developer.mozilla.org/en/docs/Introduction_to_Public-Key_Cryptography
[3] http://www.ksys.info/wlan_security_issues.htm
[4] http://www.acm.org/crossroads/xrds2-4/intrus.html
[5] http://www.dummies.com/how-to/content/wireless-networking-infrastructure-
mode.html
[6] https://technet.microsoft.com/en-us/magazine/dd296746.aspx
[7] http://kb.netgear.com/app/answers/detail/a_id/1141/~/what-is-wep-wireless-
encryption%3F
[8] http://compnetworking.about.com/cs/wirelesssecurity/g/bldef_wep.htm
[9] http://compnetworking.about.com/cs/wirelesssecurity/g/bldef_wpa.htm
[10] http://www.wikihow.com/Find-the-MAC-Address-of-Your-Computer
[11] http://compnetworking.about.com/cs/wireless/g/bldef_ssid.htm
[12] http://www.computerworld.com/article/2581074/mobile-wireless/how-802-1x-
authentication-works.html
[13] Sachin R. Sonawane, Sandeep Vanjale and Dr. P. B. Mane. A Survey on Evil
Twin Detection Methods for Wireless Local Area Network, International journal
of Computer Engineering & Technology , 4(2), 2013, pp. 493-499.

Ijecet 06 09_008

More Related Content

What's hot

Viewers also liked

Similar to Ijecet 06 09_008

More from IAEME Publication

Recently uploaded

Ijecet 06 09_008