SlideShare a Scribd company logo

Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities

Meletis Belsis MPhil/MRes/BSc
Meletis Belsis MPhil/MRes/BSc

A research paper provide a brief description of the commonest security issues around WiFi technologies.

Technology
1 of 10
Download to read offline
Wireless Security: Common Protocols and Vulnerabilities Meletis Belsis Phone number: +30-210-6841287 Fax number: +30-210-6841412 Email address: meletis@telecron.com Mail address: Telecron Hellas 32 Kiffisias Ave. Marousi, GR 15125 GREECE Alkis Simitsis (*) Phone number: +30-210-7721402, +30-210-7721602 Fax number: +30-210-7721442 Email address: asimi@dblab.ece.ntua.gr Mail address: Data and Knowledge Base Systems Laboratory Department of Electrical and Computer Engineering National Technical University of Athens 9 Iroon Polytechniou Street Zographou, GR 15780 GREECE Stefanos Gritzalis Phone number: +30-22730-82234, +30-210-6492112 Fax number: +30-22730-82009, +30-210-6492399 Email address: sgritz@aegean.gr Mail address: Lab. of Information and Communication Systems Security Dept. of Information and Communication Systems Engineering University of the Aegean Samos, GR 83200 GREECE (* Corresponding author)
1 Wireless Security: Common Protocols and Vulnerabilities Meletis Belsis, Telecron, Greece Alkis Simitsis, National Technical University of Athens, Greece Stefanos Gritzalis, University of the Aegean, Greece INTRODUCTION The fast growth of the wireless technology has exponentially increased the abilities and possibilities of computing equipment. Corporate users can now move around enterprise buildings with their laptops, PDAs and WiFi, enable VoIP handsets and retain communications with their offices. Business users can work from almost anywhere by attaching their laptop to a WiFi hotspot and connect to their corporate network. However, not many enterprises know and understand the potential security vulnerabilities that are introduced by the use of WiFi technologies. Wireless technologies are insecure by their nature. Anyone with the appropriate hardware can steal information transmitted using the airwaves. This chapter discusses the security vulnerabilities that are inherited in wireless networks. Also, it provides a description of the current security trends and protocols used to secure such WiFi networks along with the problems from their application. BACKGROUND Currently, several enterprises consider information security as a monolithic architecture, in which simply they install a firewall or an intrusion detection system. Unfortunately security is not a single device or software: «In the real world, security involves processes. It involves preventive technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. … » (Schneier, 2000). The above definition represents the fact that total protection of corporate networks goes beyond a firewall engine. Each appliance that is added and/or changed into a system should incorporate the re-designing of a systems overall security policy and infrastructure. The same principle exists when incorporating wireless devices to extend the overall enterprise architecture. Deploying a wireless network has as consequence the change of the security risks and needs of entire network infrastructure. Nowadays, the techniques that are used for the realization of attacks in wireless connected networks resemble with the ones that are used to target common LANs. In the next paragraphs, we present the major categories of attacks that include techniques that have been successfully used for attacking corporate wireless networks. Denial of Service. In their simplest form, an adversary can continuously transmit association request packets. Such action could render an access point unavailable to authorized users. Adversaries can use a powerful RF transceiver, to transmit amplified signals in all of frequency bands frequencies (channels), creating an interjection which prevents the communication of terminals with the corporate Access Points (RF Jamming). Such an attack could be easily deployed from the outside premises of an enterprise (e.g., parking). An example appliance that can be used for the concretization of this attack is the Power Signal Generator (PSG -1) by the YDI. Man-In-The-middle attacks. Combining an RF Jamming attack with the use of a portable computer and necessary software an attacker can easily steal or alter
2 corporate information (Akin, 2003). The adversary will use a denial of service attack to force authorized terminals connected to a corporate Access Point to identify and roam to an access point with better signal that the one already connected to. Using this predetermined behavior the attacker can masquerade his/her laptop as an access point and force all wireless clients to connect to it. By using this technique an adversary can intercept all wireless communications links and read or alter information on them. Fresnel Zone Sniffing. Stealing information from point-to-point wireless links is difficult. The attacker needs to calculate the link path and identify ways to attach its laptop to the link’s Fresnel Zone. Rogue wireless gateways. Rogue wireless gateway is a security vulnerability that is detected in many today’s enterprise networks. A rogue wireless gateway is an unauthorized access point that is installed on an enterprise network. Such access points are usually installed by corporate users, to assist them in the everyday work (i.e. transfer files/emails from a desktop to a laptop computer). Unfortunately enterprise users do not know and understand the security implications of installing a wireless device on a system. Leaving such devices connected to the corporate network, provide an opportunity to adversaries to connect and steal corporate information. AdHoc Networks. The 802.11 protocol specification, allows wireless terminals to interconnect without the use of an Access point. This mode of operation is called AdHoc. Unfortunately many of today’s corporate users enable the ad hoc facility on their laptops and PDA’s either accidentally or deliberately in order to exchange files with other users. Enabling the ad hoc mode without deploying the necessary security procedures (i.e., encryption and authentication) could seriously damage corporate security. Adversaries can search for such unprotected ad hoc networks and connect to those. From there adversaries can either read the locally stored corporate information, or if the user’s device is connected to the corporate networks (i.e., LAN, dialup, and VPN), access the corporate resources (Papadimitratos and Haas, 2002). The previous example attacks emphasize the need for security that result from the use of wireless technology. The problem of security becomes more apparent when the technology of wireless networking is applied in government owned systems. The need for security in those systems is extensive due to the legislations on personal data protection and the human lives factors involved. MAIN THRUST OF THE CHAPTER The last few years the computing and telecommunications community has realized the necessity of deploying security controls on wireless networks. Unfortunately most of today’s wireless security controls have been proven unsafe or managerial infeasible to maintain. The next few paragraphs describe the most common security protocols and techniques as well as their vulnerabilities. Discovering Wireless Networks Many enterprises support their notion of using insecure WiFi networks based on the idea that their small wireless networks are hidden from hackers and adversaries. This notion is called Security through Obscurity, and is something that the IT security community has analyzed and abolished long before the appearance of wireless networks.
3 Modern hackers have invented a number of new techniques collectively known as War Driving or War Chalking, which aim in the discovering of unprotected wireless networks. An adversary uses a laptop computer along with appropriate discovery software (i.e. NetStumbler) and a GPS received to pint point the exact location of Access points on a Map. Today such maps are distributed among the War Driving community. It is not unusual for enterprises to discover their company access points on maps found on War Driving web sites (Figure 1). Figure 1. A War driving result in Los Angeles Many enterprise administrators try to hide their wireless networks, by activating the close system option found on Access Point hardware equipment. This option prohibits the access point from transmitting the network’s beacon information that incorporates the network’s Service Set Identifier (SSID). Unfortunately the SSID is incorporated into almost all network management frames. Software packages like NetStumbler will force the access points in transmitting the SSID by issuing such management frames (i.e. Reassociation Request). The techniques of War Driving and War Chalking is been used today in an extended degree, and adversaries have developed their own marking symbols (Table 1) in order to denote the buildings where wireless networks are discovered. Writing these symbols in various buildings of the city, adversaries mark their potential targets. node symbol open node closed node
4 WEP node Table 1. War Chalking Symbols MAC Access Control Lists To enhance security many corporations develop Media Access Control (MAC) control lists declaring the MAC addresses of wireless terminals that are authorized to access the wired segment a corporate network. Unfortunately the deployment of MAC Access Control Lists increases the management time and difficulty without offering real protection from experienced hackers. Having discovered a wireless network an adversary can eavesdrop on the network and detect authorized MAC addresses that connect to an access point. Having a list of such authorized MAC addresses, the adversary can use MAC spoofing attacks and masquerade his laptop as an authorized client (e.g., using the SMAC software, a snapshot of which is depicted in Figure 2). Figure 2. SMAC Software Screenshot Wired Equivalent Privacy (WEP) The first security protocol developed for wireless networks is the Wired Equivalent Privacy (WEP). WEP uses RC4 PRNG algorithm (LAN MAN, 1999) for the coding of information. The WEP key, with a 24 bit Initializing Vector (IV) are used for the encryption/decryption of wireless data. The protocol works with keys of 64 or the 128 bit (the actual key lengths are 40 and 104 bit but are concatenated with the IV during the encryption phase). In a WEP environment the encryption keys are installed by the administrator of the system in each terminal and access point and, thus, the management of the network becomes more complicated. The WEP does not offer user authentication; therefore, discovering the WEP key allows access to a corporate network (Borisov, Goldberg, and Wagner, 2001). The two authentication models provided by WEP are Open System and the Shared-Key Authentication (Lambrinoudakis and Gritzalis, 2005). The Open system model uses
5 the MAC access control lists discussed in the previous paragraphs. In the Shared Key authentication, WEP uses the encryption key to implement a Challenge-Response authentication scheme. At the same time WEP uses a 32 bit cycle redundancy check algorithm as Integrity Check Value (ICV) in order to ensure the integrity of data. Currently, the CRC algorithm has been already broken by researchers from the University of Berkley (Tyrrell, 2003). The key recovery process in a system that uses WEP can be actually realized in a few hours. This is due to a vulnerability found in the way WEP uses the RC4 algorithm. The weakness of WEP is based on the fact that the IV is only 24 bit and thus, in a busy network the same IV key is used to encrypt different network packets. Having eavesdropped two or more packets encrypted with the same IV an adversary can apply cryptanalysis techniques and recover the WEP key. Today, a number of freeware software packages that can perform a successful WEP attack are available in the internet. Examples of such software artifacts include the WEPCrack, and AIRSnort (Figure 3) Due to the fact that WEP encryption keys are static, the time between the discovering of a compromised key and of updating the whole wireless network infrastructure with a new key is extended. This leaves even more time to adversaries to access and copy confidential corporate information. Figure 3. AirSnort Software Screenshot WiFi Protected Access (WPA) Understanding the problems of WEP, the international community has moved forward in developing a more secure protocol, namely 802.11i (Edney and William, 2003). Due to the delay in the development of the final 802.11i standard, the international community released a pre-802.11i security protocol under the name WiFi Protected Access (WPA) (Edney and William, 2003). The WPA uses algorithm RC 4 (Fluhrer et al., 2001) for the encryption of air data incorporating the Temporal Key Integrity Protocol (TKIP), in order to use dynamic encryption keys. In order to avoid the security vulnerabilities of CRC – 32, WPA utilizes a novel integrity protection algorithm, the Michael Message Integrity Check (MIC) (Cam-Winget et al., 2003), which uses a 64bit key and partitions data into 32bit blocks. TKIP uses an IV of 48 bit offering better security than the 24 bit IV used by WEP. It combines a 128 bit temporary key, which is preinstalled in all wireless terminals, with the MAC address of each terminal, and the 48 bit IV in order to create a new encryption key for each terminal. The protocol changes the encryption key every 10.000 packets that are transmitted. Moreover, WPA employs the 802.1x protocol (port - based access control) to deliver authenticated connections. This protocol allows the usage of a number of
6 authentication methods to be used such as passwords, and digital certificates (Digital Certificates). The user or terminal authentication process is performed by the Extensible Authentication Protocol (EAP). The EAP protocol is usually associated with a Radius server in order to securely authenticate users or devices on a network. Figure 4 displays an example EAP authentication process. Figure 4. 802.1x EAP authentication (EAP Authentication, 2005) Currently, there exist several EAP implementations: EAP –MD 5 (Funk, 2003). It was the first protocol that uses user authentication based on the 802.1x scheme. It provides only one way authentication, ensuring the authenticity of users but not the servers. The protocol is based on the algorithm MD5. However, researches have already proved that this protocol is subject to dictionary and man-in-the-middle attacks (Asokan, Niemi, and Nyberg, 2002). CISCO – LEAP. The lightweight EAP (LEAP) was created by CISCO. This protocol, offers bidirectional authentication. The bidirectional authentication makes the protocol immune to man-in-the-middle attacks, but its challenge handshake authentication protocol (MSCHAP ver.2) is subject to dictionary attacks. Currently, there exist several tools on the Internet, like the asleep, that can perform successful attacks on LEAP. CISCO tries to tackle this disadvantage and at this time, they are developing a new protocol called EAP-FAST. EAP-FAST (Ghosh and Gupta, 2005). The EAP-FAST is developed and market by CISCO. The protocol is though to be as secure as EAP-PEAP, and as easy to deploy as EAP-LEAP. The protocol operates similar with the EAP-PEAP. It uses two distinct phases. In phase 1 a secure tunnel is established using a Protected Access Credential (PAC) shared key. PAC is used in order to avoid deploying digital certificates. After the establishment of the secure tunnel, authentication is performed on phase 2 using the MSCHAP v2 protocol. The PAC secret can either be manually shared to all nodes, or can be automated through an optional Diffie-Hellman process. Unfortunately, using the manual shared key distribution process will make the management of the network an extremely difficult. On the other hand the anonymous Diffie-Hellman process can make the protocol suspected to man-in-the-middle attacks. Along with this during the anonymous Diffie-Helman, the protocol transmits the user name in cleartext (unencrypted) and thus possession of a user name could further lead an attacker in performing social engineering attacks. It is going to be a while before the protocol is
7 thorough tested and used by the international community (Lambrinoudakis and Gritzalis, 2005). EAP – TLS (Aboba and Simon, 1999). The EAP-Transport Layer Security (EAP- TLS) has been developed by Microsoft Corporation. This protocol uses the Transport Layer Security (TLS) protocol with digital certificates for both clients and servers in order to provide bidirectional authentication. The protocol transmits the user name in cleartext. A possible information leakage in this form could provide the basis for further attacks (i.e., social engineering). Along with this, the use of both client and server certificates makes the management of this protocol hassle for large corporate networks. EAP – TTLS (Funk and Blake-Wilson, 2003). The EAP-Tunneled TLS (EAP- TTLS) protocol was created by the companies Funk and Certicom. It is based on the idea of EAP-TLS, but in order to minimize the management process, it uses their digital certificates only for the servers and not for the clients. Clients authenticate servers by using digital certificates; thus, the protocol builds an encrypted tunnel. The encrypted tunnel provides a secure medium on which clients can be authenticated using a challenge response mechanism. Although, currently, there are not known attacks, the protocol is suspected to be vulnerable to man-in-the-middle attacks (Asokan, Niemi, and Nyberg, 2002). EAP – PEAP (Palekar et al., 2003). The Protected EAP (PEAP) protocol is the result of a common effort from different IT companies. The PEAP uses digital certificates for servers. Also, clients authenticate servers. After a successful server authentication, the protocol creates an encrypted tunnel between the client and the server. Inside this secure tunnel the system can use any of the previously described EAP authentication methods in order to enable client authentication. The chosen combination today is to use the EAP-TLS inside the encrypted tunnel in order to provide client authentication (EAP-PEAP/EAP-TLS). Similar to the TTLS protocol, no known attack exist today, but PEAP is suspected to be vulnerable to man-in-the- middle attacks. 802.11i Having discovered the vulnerabilities in WEP, the started producing the specification of a new protocol, the IEEE 802.11i. The 802.11i follows the similar principles with the WPA, and uses 802.1x and EAP protocols for authentication and key management. The 802.11i uses the Counter-Mode/CBC-MAC Protocol (CCMP) protocol with the Advance Encryption Standard (AES) (NIST, 2001) algorithm to provide data encryption and integrity protection. In addition to the previous the 802.11i provides the Robust Security Network (RSN) feature. RSN allows the two ends of a communication link to negotiate the encryption algorithms and protocols to be used. This facility enables updating a wireless network with new algorithms and protocols, in order to protect it from future vulnerabilities. Still, the 802.11i protocol requires special encryption hardware to run the AES algorithm; due to this fact, additional time is needed for the vendors to change their existing hardware to support the 802.11i protocol. To enable the migration of WEP and WPA systems to 802.11i the WiFi Alliance has proposed a new security protocol the WPA2. The new protocol incorporates all 802.11i functionality, but also enables the use of the TKIP protocol, to support devices that do not have the necessary hardware to run the AES algorithm.
8 VPN’s To provide a solution to the problem of security, many companies are extending/developing Virtual Private Networks (VPN’s) (Karygiannis and Owens, 2002). Maintaining a VPN requires the engagement of specialized personnel or the training of existing personnel; in both cases, the costs associated with deploying a wireless infrastructure is highly increased. Along with the cost associated with the deployment of a VPN, VPN’s incorporate a number of operational problems on a system. In networks where the users roam contentiously, a Layer-3 VPN solution will disrupt a user’s connection and may even force the user to re-authenticate. Along with this, applications that run on client terminals and access data stored on the corporate servers may be seriously disrupted from a Layer-3 disconnection. Such disconnections can seriously damage the integrity and availability of corporate information. CONCLUSIONS In this chapter, we have discussed the critical issue of wireless security. We have presented the security vulnerabilities that are frequently inherited in wireless networks. Also, we have described the most common security protocols and techniques used. Moreover, we have provided a description of the current security trends and protocols used to secure such WiFi networks along with the problems from their application. REFERENCES Schneier, B. (2000). Secret and Lies. John Wiley and Sons. 1st Edition. Akin, D. (2003). Certified Wireless Security Professional (CWSP) Official Study Guide. McGraw Hill. ISBN 0-07-223012-6. LAN MAN, Standards Committee of the IEEE Computer Society (1999). Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Standard 802.11, 1999 Edition. Borisov, N., Goldberg, I., Wagner, D. (2001). Intercepting Mobile Communications: The Insecurity of 802.11. Retrieved December 16, 2005, from http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf. Tyrrell, K. (2003). An Overview of Wireless Security Issues. SANS Information Security Reading Room. SANS Institute Edney, J., William, A. (2003). Real 802.11 Security: Wi-Fi Protected Access and 802.11i. Addison-Wesley. Fluhrer, S., Mantin, I., Shamir, A. (2001). Weaknesses in the Key Scheduling Algorithm of RC4. In 8th Annual Workshop on Selected Areas in Cryptography, Springer-Verlag . LNCS 2259. Cam-Winget, N., Housley, H., Wagner, D., Walker, J. (2003). Security Flaws in 802.11 Data Link Protocols. Communications of the ACM, 46(5). Funk, P. (2003). The EAP MD5-Tunneled Authentication Protocol (EAP-MD5- Tunneled). IETF Internet Draft. Asokan, N., Niemi, V., Nyberg, K. (2002). Man-in-the-Middle in Tunnelled Authentication Protocols. Cryptology ePrint Archive. Report 2002/163.
9 Aboba, B., Simon, D. (1999). PPP EAP TLS Authentication Protocol. IETF RFC 2716. Funk, P., Blake-Wilson, S. (2003). EAP Tunneled TLS Authentication Protocol (EAP-TTLS). IETF Internet Draft. Palekar, A., Simon, D., Zorn, G., Salowey, J., Zhou, H., Josefsson, S. (2003). Protected EAP Protocol (PEAP) Version 2. IETF Internet Draft. NIST (2001). Announcing the Advance Encryption Standard (AES). Federal Information Processing Standards Publication 197. Karygiannis, T., Owens, L. (2002). Wireless Network Security. NIST Special Publication 800-48. EAP Authentication (2005). Retrieved December 13, 2005, from http://www.wi-fiplanet.com. Papadimitratos, P., Haas, Z.J. (2002). Secure Routing for Mobile Ad Hoc Networks. Working Session on Security in Wireless Ad Hoc Networks, EPFL. Mobile Computing and Communications Review, 6(4). Lambrinoudakis, C., Gritzalis, S. (2005). Security in IEEE 802.11 WLANS, CRC Press. Ghosh, D., Gupta, A. (2005). Analysis of EAP-FAST Wireless Security Protocol. Retrieved December 15, 2005, from http://wwwcsif.cs.ucdavis.edu/~guptaa/finalreport.pdf TERMS AND DEFINITIONS Wireless Computer Network. Any computer network that uses wireless technologies based on the IEEE 802.11x standards to transmit and received data. Encrypted Tunnel. An encrypted logical (virtual) connection, between two ends. Data traveling inside the tunnel are encrypted with an agreed encryption algorithm. Man-in-the-middle attack. An attack where the adversary succeeds in locating himself in an established connection between two or more authorized nodes. Data traveling between the nodes are always passing from the adversary. VPN. Virtual Private Networks are technologies and protocols that used to establish encrypted tunnels between one or more network nodes. WiFi Alliance. A non profit organization, with more than 200 members, devoted in promoting the use and operation of Wireless networks. Products associated by the WiFi Alliance are able to interoperate. Fresnel Zone. The area around the visual line of sight of a wireless link on which the RF waves are spread. This area must be clear from obstacles otherwise the RF signal is weaken. Reassociation Request Frame. A data packet transmitted in a wireless network. The packet enables a client to re connect to an access points. The packet is transmitted after a client disconnection or when a client roams from one access point to another.

Recommended

Fitsum R. Lakew Wireless Network Security Threat
Fitsum R. Lakew Wireless Network Security ThreatFitsum R. Lakew Wireless Network Security Threat
Fitsum R. Lakew Wireless Network Security ThreatFITSUM RISTU LAKEW
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...CSCJournals
 
Wireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field StudyWireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field StudyIJNSA Journal
 
169
169169
169vivatechijri
 
Co-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPCo-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPIJNSA Journal
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Ivan Carmona
 

Recommended

Fitsum R. Lakew Wireless Network Security Threat
Fitsum R. Lakew Wireless Network Security ThreatFitsum R. Lakew Wireless Network Security Threat
Fitsum R. Lakew Wireless Network Security ThreatFITSUM RISTU LAKEW
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...
Determining an Optimal Number of Access Points Using GPS data to Secure a Wir...CSCJournals
 
Wireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field StudyWireless Networks Security in Jordan: A Field Study
Wireless Networks Security in Jordan: A Field StudyIJNSA Journal
 
169
169169
169vivatechijri
 
Co-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPCo-operative Wireless Intrusion Detection System Using MIBs From SNMP
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPIJNSA Journal
 
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
 
Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Iaona handbook for network security - draft rfc 0.4
Iaona handbook for network security - draft rfc 0.4Ivan Carmona
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
IRJET- Research Paper Firewall- Prevent Unauthorized Users
IRJET- Research Paper Firewall- Prevent Unauthorized UsersIRJET- Research Paper Firewall- Prevent Unauthorized Users
IRJET- Research Paper Firewall- Prevent Unauthorized UsersIRJET Journal
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possibleIJNSA Journal
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET Journal
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...Underwriters Laboratories
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1nicfs
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
7215nsa05
7215nsa057215nsa05
7215nsa05Shivanand Manjaragi
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTDavid Sweigert
 
A Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkA Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkIOSR Journals
 
TACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentTACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentSaikat Chaudhuri
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperAlexander Decker
 
IoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningIoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningCSCJournals
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 
Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxGaytriDhingra1
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesjournalBEEI
 

More Related Content

What's hot

Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Controljwpiccininni
 
IRJET- Research Paper Firewall- Prevent Unauthorized Users
IRJET- Research Paper Firewall- Prevent Unauthorized UsersIRJET- Research Paper Firewall- Prevent Unauthorized Users
IRJET- Research Paper Firewall- Prevent Unauthorized UsersIRJET Journal
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possibleIJNSA Journal
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Securityijtsrd
 
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET Journal
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNishanth Gandhidoss
 
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...Underwriters Laboratories
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1nicfs
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetIvan Carmona
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...Konstantinos Demertzis
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTDavid Sweigert
 
A Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkA Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkIOSR Journals
 
TACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentTACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentSaikat Chaudhuri
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperAlexander Decker
 
IoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningIoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningCSCJournals
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET Journal
 

What's hot (19)

Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 
IRJET- Research Paper Firewall- Prevent Unauthorized Users
IRJET- Research Paper Firewall- Prevent Unauthorized UsersIRJET- Research Paper Firewall- Prevent Unauthorized Users
IRJET- Research Paper Firewall- Prevent Unauthorized Users
 
Comprehensive survey of possible
Comprehensive survey of possibleComprehensive survey of possible
Comprehensive survey of possible
 
Attacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network SecurityAttacks and Risks in Wireless Network Security
Attacks and Risks in Wireless Network Security
 
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
IRJET- Detection and Localization of IDS Spoofing Attack in Wireless Sensor N...
 
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTINGNETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
NETWORK INTRUSION DETECTION AND NODE RECOVERY USING DYNAMIC PATH ROUTING
 
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...
Moving From Contactless to Wireless Technologies in Secure, Over-the-Air Tran...
 
3778975074 january march 2015 1
3778975074 january march 2015 13778975074 january march 2015 1
3778975074 january march 2015 1
 
Sb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinetSb securing-industrial-control-systems-with-fortinet
Sb securing-industrial-control-systems-with-fortinet
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
 
7215nsa05
7215nsa057215nsa05
7215nsa05
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1
 
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...The Next Generation Cognitive Security Operations Center: Network Flow Forens...
The Next Generation Cognitive Security Operations Center: Network Flow Forens...
 
A Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERTA Guide to 802.11 WiFi Security by US-CERT
A Guide to 802.11 WiFi Security by US-CERT
 
A Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkA Modular Approach To Intrusion Detection in Homogenous Wireless Network
A Modular Approach To Intrusion Detection in Homogenous Wireless Network
 
TACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN EnvironmentTACTiCS_WP Security_Addressing Security in SDN Environment
TACTiCS_WP Security_Addressing Security in SDN Environment
 
Ceis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paperCeis 9 padeep kumar_final_paper
Ceis 9 padeep kumar_final_paper
 
IoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine LearningIoT Network Attack Detection using Supervised Machine Learning
IoT Network Attack Detection using Supervised Machine Learning
 
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
IRJET- Local Security Enhancement and Intrusion Prevention in Android Dev...
 

Similar to Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities

Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Ahmed Mohamed Mahmoud
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesjournalBEEI
 
Wireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxWireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxadolphoyonker
 
A Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network SecurityA Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network SecurityUniversitas Pembangunan Panca Budi
 
A Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network SecurityA Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network SecurityDustin Pytko
 
Network security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfNetwork security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfaquazac
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
 
Prevention based mechanism for attacks in Network Security
Prevention based mechanism for attacks in Network SecurityPrevention based mechanism for attacks in Network Security
Prevention based mechanism for attacks in Network SecurityEditor IJMTER
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdfahmed53254
 
A new algorithm to enhance security against cyber threats for internet of thi...
A new algorithm to enhance security against cyber threats for internet of thi...A new algorithm to enhance security against cyber threats for internet of thi...
A new algorithm to enhance security against cyber threats for internet of thi...IJECEIAES
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco
 
Reinforcement learning-based security schema mitigating manin-the-middle atta...
Reinforcement learning-based security schema mitigating manin-the-middle atta...Reinforcement learning-based security schema mitigating manin-the-middle atta...
Reinforcement learning-based security schema mitigating manin-the-middle atta...IJECEIAES
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxwillcoxjanay
 
A survey study of title security and privacy in mobile systems
A survey study of title security and privacy in mobile systemsA survey study of title security and privacy in mobile systems
A survey study of title security and privacy in mobile systemsKavita Rastogi
 

Similar to Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities (20)

Internet of things security "Hardware Security"
Internet of things security "Hardware Security"Internet of things security "Hardware Security"
Internet of things security "Hardware Security"
 
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptxCS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
 
Smart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security IssuesSmart Grid Systems Based Survey on Cyber Security Issues
Smart Grid Systems Based Survey on Cyber Security Issues
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Wireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docxWireless Security and Mobile DevicesChapter 12Princi.docx
Wireless Security and Mobile DevicesChapter 12Princi.docx
 
A Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network SecurityA Review of IP and MAC Address Filtering in Wireless Network Security
A Review of IP and MAC Address Filtering in Wireless Network Security
 
A Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network SecurityA Review Of IP And MAC Address Filtering In Wireless Network Security
A Review Of IP And MAC Address Filtering In Wireless Network Security
 
Network security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdfNetwork security architecture is the planning and design of the camp.pdf
Network security architecture is the planning and design of the camp.pdf
 
B010331019
B010331019B010331019
B010331019
 
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICESURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICE
 
Prevention based mechanism for attacks in Network Security
Prevention based mechanism for attacks in Network SecurityPrevention based mechanism for attacks in Network Security
Prevention based mechanism for attacks in Network Security
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdf
 
A new algorithm to enhance security against cyber threats for internet of thi...
A new algorithm to enhance security against cyber threats for internet of thi...A new algorithm to enhance security against cyber threats for internet of thi...
A new algorithm to enhance security against cyber threats for internet of thi...
 
David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016David Blanco ISHM 8280-2016
David Blanco ISHM 8280-2016
 
Reinforcement learning-based security schema mitigating manin-the-middle atta...
Reinforcement learning-based security schema mitigating manin-the-middle atta...Reinforcement learning-based security schema mitigating manin-the-middle atta...
Reinforcement learning-based security schema mitigating manin-the-middle atta...
 
woot15-paper-novella
woot15-paper-novellawoot15-paper-novella
woot15-paper-novella
 
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docxTypes of Networks Week7 Part4-IS RevisionSu2013 .docx
Types of Networks Week7 Part4-IS RevisionSu2013 .docx
 
A survey study of title security and privacy in mobile systems
A survey study of title security and privacy in mobile systemsA survey study of title security and privacy in mobile systems
A survey study of title security and privacy in mobile systems
 
1678 1683
1678 16831678 1683
1678 1683
 
1678 1683
1678 16831678 1683
1678 1683
 

More from Meletis Belsis MPhil/MRes/BSc

Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis MPhil/MRes/BSc
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis MPhil/MRes/BSc
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis Belsis MPhil/MRes/BSc
 

More from Meletis Belsis MPhil/MRes/BSc (7)

Meletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management ModelMeletis Belsis - Workflow based Incident Management Model
Meletis Belsis - Workflow based Incident Management Model
 
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
Meletis Belsis - THE MULTIMEDIA APPROACH: AN EXTRA LAYER OF DEFENCE IN THE EN...
 
Meletis Belsis -CSIRTs
Meletis Belsis -CSIRTsMeletis Belsis -CSIRTs
Meletis Belsis -CSIRTs
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 
Meletis Belsis - Voip security
Meletis Belsis - Voip securityMeletis Belsis - Voip security
Meletis Belsis - Voip security
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
Meletis Belsis - IMS Security
Meletis Belsis - IMS SecurityMeletis Belsis - IMS Security
Meletis Belsis - IMS Security
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Meletis Belsis - Wireless Security: Common Protocols and Vulnerabilities

  • 1. Wireless Security: Common Protocols and Vulnerabilities Meletis Belsis Phone number: +30-210-6841287 Fax number: +30-210-6841412 Email address: meletis@telecron.com Mail address: Telecron Hellas 32 Kiffisias Ave. Marousi, GR 15125 GREECE Alkis Simitsis (*) Phone number: +30-210-7721402, +30-210-7721602 Fax number: +30-210-7721442 Email address: asimi@dblab.ece.ntua.gr Mail address: Data and Knowledge Base Systems Laboratory Department of Electrical and Computer Engineering National Technical University of Athens 9 Iroon Polytechniou Street Zographou, GR 15780 GREECE Stefanos Gritzalis Phone number: +30-22730-82234, +30-210-6492112 Fax number: +30-22730-82009, +30-210-6492399 Email address: sgritz@aegean.gr Mail address: Lab. of Information and Communication Systems Security Dept. of Information and Communication Systems Engineering University of the Aegean Samos, GR 83200 GREECE (* Corresponding author)
  • 2. 1 Wireless Security: Common Protocols and Vulnerabilities Meletis Belsis, Telecron, Greece Alkis Simitsis, National Technical University of Athens, Greece Stefanos Gritzalis, University of the Aegean, Greece INTRODUCTION The fast growth of the wireless technology has exponentially increased the abilities and possibilities of computing equipment. Corporate users can now move around enterprise buildings with their laptops, PDAs and WiFi, enable VoIP handsets and retain communications with their offices. Business users can work from almost anywhere by attaching their laptop to a WiFi hotspot and connect to their corporate network. However, not many enterprises know and understand the potential security vulnerabilities that are introduced by the use of WiFi technologies. Wireless technologies are insecure by their nature. Anyone with the appropriate hardware can steal information transmitted using the airwaves. This chapter discusses the security vulnerabilities that are inherited in wireless networks. Also, it provides a description of the current security trends and protocols used to secure such WiFi networks along with the problems from their application. BACKGROUND Currently, several enterprises consider information security as a monolithic architecture, in which simply they install a firewall or an intrusion detection system. Unfortunately security is not a single device or software: «In the real world, security involves processes. It involves preventive technologies, but also detection and reaction processes, and an entire forensics system to hunt down and prosecute the guilty. Security is not a product; it itself is a process. … » (Schneier, 2000). The above definition represents the fact that total protection of corporate networks goes beyond a firewall engine. Each appliance that is added and/or changed into a system should incorporate the re-designing of a systems overall security policy and infrastructure. The same principle exists when incorporating wireless devices to extend the overall enterprise architecture. Deploying a wireless network has as consequence the change of the security risks and needs of entire network infrastructure. Nowadays, the techniques that are used for the realization of attacks in wireless connected networks resemble with the ones that are used to target common LANs. In the next paragraphs, we present the major categories of attacks that include techniques that have been successfully used for attacking corporate wireless networks. Denial of Service. In their simplest form, an adversary can continuously transmit association request packets. Such action could render an access point unavailable to authorized users. Adversaries can use a powerful RF transceiver, to transmit amplified signals in all of frequency bands frequencies (channels), creating an interjection which prevents the communication of terminals with the corporate Access Points (RF Jamming). Such an attack could be easily deployed from the outside premises of an enterprise (e.g., parking). An example appliance that can be used for the concretization of this attack is the Power Signal Generator (PSG -1) by the YDI. Man-In-The-middle attacks. Combining an RF Jamming attack with the use of a portable computer and necessary software an attacker can easily steal or alter
  • 3. 2 corporate information (Akin, 2003). The adversary will use a denial of service attack to force authorized terminals connected to a corporate Access Point to identify and roam to an access point with better signal that the one already connected to. Using this predetermined behavior the attacker can masquerade his/her laptop as an access point and force all wireless clients to connect to it. By using this technique an adversary can intercept all wireless communications links and read or alter information on them. Fresnel Zone Sniffing. Stealing information from point-to-point wireless links is difficult. The attacker needs to calculate the link path and identify ways to attach its laptop to the link’s Fresnel Zone. Rogue wireless gateways. Rogue wireless gateway is a security vulnerability that is detected in many today’s enterprise networks. A rogue wireless gateway is an unauthorized access point that is installed on an enterprise network. Such access points are usually installed by corporate users, to assist them in the everyday work (i.e. transfer files/emails from a desktop to a laptop computer). Unfortunately enterprise users do not know and understand the security implications of installing a wireless device on a system. Leaving such devices connected to the corporate network, provide an opportunity to adversaries to connect and steal corporate information. AdHoc Networks. The 802.11 protocol specification, allows wireless terminals to interconnect without the use of an Access point. This mode of operation is called AdHoc. Unfortunately many of today’s corporate users enable the ad hoc facility on their laptops and PDA’s either accidentally or deliberately in order to exchange files with other users. Enabling the ad hoc mode without deploying the necessary security procedures (i.e., encryption and authentication) could seriously damage corporate security. Adversaries can search for such unprotected ad hoc networks and connect to those. From there adversaries can either read the locally stored corporate information, or if the user’s device is connected to the corporate networks (i.e., LAN, dialup, and VPN), access the corporate resources (Papadimitratos and Haas, 2002). The previous example attacks emphasize the need for security that result from the use of wireless technology. The problem of security becomes more apparent when the technology of wireless networking is applied in government owned systems. The need for security in those systems is extensive due to the legislations on personal data protection and the human lives factors involved. MAIN THRUST OF THE CHAPTER The last few years the computing and telecommunications community has realized the necessity of deploying security controls on wireless networks. Unfortunately most of today’s wireless security controls have been proven unsafe or managerial infeasible to maintain. The next few paragraphs describe the most common security protocols and techniques as well as their vulnerabilities. Discovering Wireless Networks Many enterprises support their notion of using insecure WiFi networks based on the idea that their small wireless networks are hidden from hackers and adversaries. This notion is called Security through Obscurity, and is something that the IT security community has analyzed and abolished long before the appearance of wireless networks.
  • 4. 3 Modern hackers have invented a number of new techniques collectively known as War Driving or War Chalking, which aim in the discovering of unprotected wireless networks. An adversary uses a laptop computer along with appropriate discovery software (i.e. NetStumbler) and a GPS received to pint point the exact location of Access points on a Map. Today such maps are distributed among the War Driving community. It is not unusual for enterprises to discover their company access points on maps found on War Driving web sites (Figure 1). Figure 1. A War driving result in Los Angeles Many enterprise administrators try to hide their wireless networks, by activating the close system option found on Access Point hardware equipment. This option prohibits the access point from transmitting the network’s beacon information that incorporates the network’s Service Set Identifier (SSID). Unfortunately the SSID is incorporated into almost all network management frames. Software packages like NetStumbler will force the access points in transmitting the SSID by issuing such management frames (i.e. Reassociation Request). The techniques of War Driving and War Chalking is been used today in an extended degree, and adversaries have developed their own marking symbols (Table 1) in order to denote the buildings where wireless networks are discovered. Writing these symbols in various buildings of the city, adversaries mark their potential targets. node symbol open node closed node
  • 5. 4 WEP node Table 1. War Chalking Symbols MAC Access Control Lists To enhance security many corporations develop Media Access Control (MAC) control lists declaring the MAC addresses of wireless terminals that are authorized to access the wired segment a corporate network. Unfortunately the deployment of MAC Access Control Lists increases the management time and difficulty without offering real protection from experienced hackers. Having discovered a wireless network an adversary can eavesdrop on the network and detect authorized MAC addresses that connect to an access point. Having a list of such authorized MAC addresses, the adversary can use MAC spoofing attacks and masquerade his laptop as an authorized client (e.g., using the SMAC software, a snapshot of which is depicted in Figure 2). Figure 2. SMAC Software Screenshot Wired Equivalent Privacy (WEP) The first security protocol developed for wireless networks is the Wired Equivalent Privacy (WEP). WEP uses RC4 PRNG algorithm (LAN MAN, 1999) for the coding of information. The WEP key, with a 24 bit Initializing Vector (IV) are used for the encryption/decryption of wireless data. The protocol works with keys of 64 or the 128 bit (the actual key lengths are 40 and 104 bit but are concatenated with the IV during the encryption phase). In a WEP environment the encryption keys are installed by the administrator of the system in each terminal and access point and, thus, the management of the network becomes more complicated. The WEP does not offer user authentication; therefore, discovering the WEP key allows access to a corporate network (Borisov, Goldberg, and Wagner, 2001). The two authentication models provided by WEP are Open System and the Shared-Key Authentication (Lambrinoudakis and Gritzalis, 2005). The Open system model uses
  • 6. 5 the MAC access control lists discussed in the previous paragraphs. In the Shared Key authentication, WEP uses the encryption key to implement a Challenge-Response authentication scheme. At the same time WEP uses a 32 bit cycle redundancy check algorithm as Integrity Check Value (ICV) in order to ensure the integrity of data. Currently, the CRC algorithm has been already broken by researchers from the University of Berkley (Tyrrell, 2003). The key recovery process in a system that uses WEP can be actually realized in a few hours. This is due to a vulnerability found in the way WEP uses the RC4 algorithm. The weakness of WEP is based on the fact that the IV is only 24 bit and thus, in a busy network the same IV key is used to encrypt different network packets. Having eavesdropped two or more packets encrypted with the same IV an adversary can apply cryptanalysis techniques and recover the WEP key. Today, a number of freeware software packages that can perform a successful WEP attack are available in the internet. Examples of such software artifacts include the WEPCrack, and AIRSnort (Figure 3) Due to the fact that WEP encryption keys are static, the time between the discovering of a compromised key and of updating the whole wireless network infrastructure with a new key is extended. This leaves even more time to adversaries to access and copy confidential corporate information. Figure 3. AirSnort Software Screenshot WiFi Protected Access (WPA) Understanding the problems of WEP, the international community has moved forward in developing a more secure protocol, namely 802.11i (Edney and William, 2003). Due to the delay in the development of the final 802.11i standard, the international community released a pre-802.11i security protocol under the name WiFi Protected Access (WPA) (Edney and William, 2003). The WPA uses algorithm RC 4 (Fluhrer et al., 2001) for the encryption of air data incorporating the Temporal Key Integrity Protocol (TKIP), in order to use dynamic encryption keys. In order to avoid the security vulnerabilities of CRC – 32, WPA utilizes a novel integrity protection algorithm, the Michael Message Integrity Check (MIC) (Cam-Winget et al., 2003), which uses a 64bit key and partitions data into 32bit blocks. TKIP uses an IV of 48 bit offering better security than the 24 bit IV used by WEP. It combines a 128 bit temporary key, which is preinstalled in all wireless terminals, with the MAC address of each terminal, and the 48 bit IV in order to create a new encryption key for each terminal. The protocol changes the encryption key every 10.000 packets that are transmitted. Moreover, WPA employs the 802.1x protocol (port - based access control) to deliver authenticated connections. This protocol allows the usage of a number of
  • 7. 6 authentication methods to be used such as passwords, and digital certificates (Digital Certificates). The user or terminal authentication process is performed by the Extensible Authentication Protocol (EAP). The EAP protocol is usually associated with a Radius server in order to securely authenticate users or devices on a network. Figure 4 displays an example EAP authentication process. Figure 4. 802.1x EAP authentication (EAP Authentication, 2005) Currently, there exist several EAP implementations: EAP –MD 5 (Funk, 2003). It was the first protocol that uses user authentication based on the 802.1x scheme. It provides only one way authentication, ensuring the authenticity of users but not the servers. The protocol is based on the algorithm MD5. However, researches have already proved that this protocol is subject to dictionary and man-in-the-middle attacks (Asokan, Niemi, and Nyberg, 2002). CISCO – LEAP. The lightweight EAP (LEAP) was created by CISCO. This protocol, offers bidirectional authentication. The bidirectional authentication makes the protocol immune to man-in-the-middle attacks, but its challenge handshake authentication protocol (MSCHAP ver.2) is subject to dictionary attacks. Currently, there exist several tools on the Internet, like the asleep, that can perform successful attacks on LEAP. CISCO tries to tackle this disadvantage and at this time, they are developing a new protocol called EAP-FAST. EAP-FAST (Ghosh and Gupta, 2005). The EAP-FAST is developed and market by CISCO. The protocol is though to be as secure as EAP-PEAP, and as easy to deploy as EAP-LEAP. The protocol operates similar with the EAP-PEAP. It uses two distinct phases. In phase 1 a secure tunnel is established using a Protected Access Credential (PAC) shared key. PAC is used in order to avoid deploying digital certificates. After the establishment of the secure tunnel, authentication is performed on phase 2 using the MSCHAP v2 protocol. The PAC secret can either be manually shared to all nodes, or can be automated through an optional Diffie-Hellman process. Unfortunately, using the manual shared key distribution process will make the management of the network an extremely difficult. On the other hand the anonymous Diffie-Hellman process can make the protocol suspected to man-in-the-middle attacks. Along with this during the anonymous Diffie-Helman, the protocol transmits the user name in cleartext (unencrypted) and thus possession of a user name could further lead an attacker in performing social engineering attacks. It is going to be a while before the protocol is
  • 8. 7 thorough tested and used by the international community (Lambrinoudakis and Gritzalis, 2005). EAP – TLS (Aboba and Simon, 1999). The EAP-Transport Layer Security (EAP- TLS) has been developed by Microsoft Corporation. This protocol uses the Transport Layer Security (TLS) protocol with digital certificates for both clients and servers in order to provide bidirectional authentication. The protocol transmits the user name in cleartext. A possible information leakage in this form could provide the basis for further attacks (i.e., social engineering). Along with this, the use of both client and server certificates makes the management of this protocol hassle for large corporate networks. EAP – TTLS (Funk and Blake-Wilson, 2003). The EAP-Tunneled TLS (EAP- TTLS) protocol was created by the companies Funk and Certicom. It is based on the idea of EAP-TLS, but in order to minimize the management process, it uses their digital certificates only for the servers and not for the clients. Clients authenticate servers by using digital certificates; thus, the protocol builds an encrypted tunnel. The encrypted tunnel provides a secure medium on which clients can be authenticated using a challenge response mechanism. Although, currently, there are not known attacks, the protocol is suspected to be vulnerable to man-in-the-middle attacks (Asokan, Niemi, and Nyberg, 2002). EAP – PEAP (Palekar et al., 2003). The Protected EAP (PEAP) protocol is the result of a common effort from different IT companies. The PEAP uses digital certificates for servers. Also, clients authenticate servers. After a successful server authentication, the protocol creates an encrypted tunnel between the client and the server. Inside this secure tunnel the system can use any of the previously described EAP authentication methods in order to enable client authentication. The chosen combination today is to use the EAP-TLS inside the encrypted tunnel in order to provide client authentication (EAP-PEAP/EAP-TLS). Similar to the TTLS protocol, no known attack exist today, but PEAP is suspected to be vulnerable to man-in-the- middle attacks. 802.11i Having discovered the vulnerabilities in WEP, the started producing the specification of a new protocol, the IEEE 802.11i. The 802.11i follows the similar principles with the WPA, and uses 802.1x and EAP protocols for authentication and key management. The 802.11i uses the Counter-Mode/CBC-MAC Protocol (CCMP) protocol with the Advance Encryption Standard (AES) (NIST, 2001) algorithm to provide data encryption and integrity protection. In addition to the previous the 802.11i provides the Robust Security Network (RSN) feature. RSN allows the two ends of a communication link to negotiate the encryption algorithms and protocols to be used. This facility enables updating a wireless network with new algorithms and protocols, in order to protect it from future vulnerabilities. Still, the 802.11i protocol requires special encryption hardware to run the AES algorithm; due to this fact, additional time is needed for the vendors to change their existing hardware to support the 802.11i protocol. To enable the migration of WEP and WPA systems to 802.11i the WiFi Alliance has proposed a new security protocol the WPA2. The new protocol incorporates all 802.11i functionality, but also enables the use of the TKIP protocol, to support devices that do not have the necessary hardware to run the AES algorithm.
  • 9. 8 VPN’s To provide a solution to the problem of security, many companies are extending/developing Virtual Private Networks (VPN’s) (Karygiannis and Owens, 2002). Maintaining a VPN requires the engagement of specialized personnel or the training of existing personnel; in both cases, the costs associated with deploying a wireless infrastructure is highly increased. Along with the cost associated with the deployment of a VPN, VPN’s incorporate a number of operational problems on a system. In networks where the users roam contentiously, a Layer-3 VPN solution will disrupt a user’s connection and may even force the user to re-authenticate. Along with this, applications that run on client terminals and access data stored on the corporate servers may be seriously disrupted from a Layer-3 disconnection. Such disconnections can seriously damage the integrity and availability of corporate information. CONCLUSIONS In this chapter, we have discussed the critical issue of wireless security. We have presented the security vulnerabilities that are frequently inherited in wireless networks. Also, we have described the most common security protocols and techniques used. Moreover, we have provided a description of the current security trends and protocols used to secure such WiFi networks along with the problems from their application. REFERENCES Schneier, B. (2000). Secret and Lies. John Wiley and Sons. 1st Edition. Akin, D. (2003). Certified Wireless Security Professional (CWSP) Official Study Guide. McGraw Hill. ISBN 0-07-223012-6. LAN MAN, Standards Committee of the IEEE Computer Society (1999). Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Standard 802.11, 1999 Edition. Borisov, N., Goldberg, I., Wagner, D. (2001). Intercepting Mobile Communications: The Insecurity of 802.11. Retrieved December 16, 2005, from http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf. Tyrrell, K. (2003). An Overview of Wireless Security Issues. SANS Information Security Reading Room. SANS Institute Edney, J., William, A. (2003). Real 802.11 Security: Wi-Fi Protected Access and 802.11i. Addison-Wesley. Fluhrer, S., Mantin, I., Shamir, A. (2001). Weaknesses in the Key Scheduling Algorithm of RC4. In 8th Annual Workshop on Selected Areas in Cryptography, Springer-Verlag . LNCS 2259. Cam-Winget, N., Housley, H., Wagner, D., Walker, J. (2003). Security Flaws in 802.11 Data Link Protocols. Communications of the ACM, 46(5). Funk, P. (2003). The EAP MD5-Tunneled Authentication Protocol (EAP-MD5- Tunneled). IETF Internet Draft. Asokan, N., Niemi, V., Nyberg, K. (2002). Man-in-the-Middle in Tunnelled Authentication Protocols. Cryptology ePrint Archive. Report 2002/163.
  • 10. 9 Aboba, B., Simon, D. (1999). PPP EAP TLS Authentication Protocol. IETF RFC 2716. Funk, P., Blake-Wilson, S. (2003). EAP Tunneled TLS Authentication Protocol (EAP-TTLS). IETF Internet Draft. Palekar, A., Simon, D., Zorn, G., Salowey, J., Zhou, H., Josefsson, S. (2003). Protected EAP Protocol (PEAP) Version 2. IETF Internet Draft. NIST (2001). Announcing the Advance Encryption Standard (AES). Federal Information Processing Standards Publication 197. Karygiannis, T., Owens, L. (2002). Wireless Network Security. NIST Special Publication 800-48. EAP Authentication (2005). Retrieved December 13, 2005, from http://www.wi-fiplanet.com. Papadimitratos, P., Haas, Z.J. (2002). Secure Routing for Mobile Ad Hoc Networks. Working Session on Security in Wireless Ad Hoc Networks, EPFL. Mobile Computing and Communications Review, 6(4). Lambrinoudakis, C., Gritzalis, S. (2005). Security in IEEE 802.11 WLANS, CRC Press. Ghosh, D., Gupta, A. (2005). Analysis of EAP-FAST Wireless Security Protocol. Retrieved December 15, 2005, from http://wwwcsif.cs.ucdavis.edu/~guptaa/finalreport.pdf TERMS AND DEFINITIONS Wireless Computer Network. Any computer network that uses wireless technologies based on the IEEE 802.11x standards to transmit and received data. Encrypted Tunnel. An encrypted logical (virtual) connection, between two ends. Data traveling inside the tunnel are encrypted with an agreed encryption algorithm. Man-in-the-middle attack. An attack where the adversary succeeds in locating himself in an established connection between two or more authorized nodes. Data traveling between the nodes are always passing from the adversary. VPN. Virtual Private Networks are technologies and protocols that used to establish encrypted tunnels between one or more network nodes. WiFi Alliance. A non profit organization, with more than 200 members, devoted in promoting the use and operation of Wireless networks. Products associated by the WiFi Alliance are able to interoperate. Fresnel Zone. The area around the visual line of sight of a wireless link on which the RF waves are spread. This area must be clear from obstacles otherwise the RF signal is weaken. Reassociation Request Frame. A data packet transmitted in a wireless network. The packet enables a client to re connect to an access points. The packet is transmitted after a client disconnection or when a client roams from one access point to another.