Like most advances, wireless LAN poses both opportunities and risks. The evolution of wireless networking in recent years has raised many serious security issues. These security issues are of great concern for this technology as it is being subjected to numerous attacks. Because of the free-space radio transmission in wireless networks, eavesdropping becomes easy and consequently a security breach may result in unauthorized access, information theft, interference and service degradation. Virtual Private Networks (VPNs) have emerged as an important solution to security threats surrounding the use of public networks for private communications. While VPNs for wired line networks have matured in both research and commercial environments, the design and deployment of VPNs for WLAN is still an evolving field. This paper presents an approach to secure IEEE 802.11g WLAN using OpenVPN, a transport layer VPN solution and its impact on performance of IEEE 802.11g WLAN.
Throughput Analysis of IEEE WLAN "802.11 ac" Under WEP, WPA, and WPA2 Securit...CSCJournals
WLAN (Wireless Local Area Networks) are gaining their grounds, and widely deployed in organizations, college campuses, public places, and residential areas. This growing popularity of WLAN makes these networks more vulnerable towards attacks and data thefts. Attacker attempts unauthorized access to the network for accessing the sensitive data of the users. Thus, it's necessary to address all the security challenges and its countermeasures using various encryption algorithms to prevent the attacks. However, with the use of security protocols the performance of the WLAN network can be varied. Thus this paper addresses the impact of various security protocols on the WLAN network, keeping throughput as the benchmark for network performance.
IEEE 802.11 ac is the latest wireless standard that operates in 5 Ghz frequency band with higher data rate, compare to its previous standards. This research has also chosen IEEE 802.11 ac standard for investigating the impact of security protocols including WEP (Wired Equivalent Privacy), WPA (WiFi Protected Access), and WPA2 (WiFi Protected Access 2) on throughput of WLAN IEEE 802.11 ac in Windows environment using TCP and UDP traffic for both IP versions (IPv4 & IPv6). The research was launched in a real test-bed setup, with a Client/Server network structure. The results from the experiment showed that the performance of data throughput in the open system were higher comparable to secured systems. However, the results demonstrated that the performance of throughput have different behavior to different security protocols under TCP/UDP traffic with IPV4 & IPV6. A detailed comparison of results in all scenarios is explained in the paper.
Research Inventy : International Journal of Engineering and Scienceinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
Throughput Analysis of IEEE WLAN "802.11 ac" Under WEP, WPA, and WPA2 Securit...CSCJournals
WLAN (Wireless Local Area Networks) are gaining their grounds, and widely deployed in organizations, college campuses, public places, and residential areas. This growing popularity of WLAN makes these networks more vulnerable towards attacks and data thefts. Attacker attempts unauthorized access to the network for accessing the sensitive data of the users. Thus, it's necessary to address all the security challenges and its countermeasures using various encryption algorithms to prevent the attacks. However, with the use of security protocols the performance of the WLAN network can be varied. Thus this paper addresses the impact of various security protocols on the WLAN network, keeping throughput as the benchmark for network performance.
IEEE 802.11 ac is the latest wireless standard that operates in 5 Ghz frequency band with higher data rate, compare to its previous standards. This research has also chosen IEEE 802.11 ac standard for investigating the impact of security protocols including WEP (Wired Equivalent Privacy), WPA (WiFi Protected Access), and WPA2 (WiFi Protected Access 2) on throughput of WLAN IEEE 802.11 ac in Windows environment using TCP and UDP traffic for both IP versions (IPv4 & IPv6). The research was launched in a real test-bed setup, with a Client/Server network structure. The results from the experiment showed that the performance of data throughput in the open system were higher comparable to secured systems. However, the results demonstrated that the performance of throughput have different behavior to different security protocols under TCP/UDP traffic with IPV4 & IPV6. A detailed comparison of results in all scenarios is explained in the paper.
Research Inventy : International Journal of Engineering and Scienceinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
Security Delivery Platform: Best practicesMihajlo Prerad
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
Nowadays Wireless local area networks (WLANs) are growing very rapidly. Due to the popularity of 802.11 networks, possibilities of various attacks to the wireless network have also increased. In this paper, a special type of attack De-Authentication/disassociation attack has been investigated. In a normal scenario, a wireless client or user sends a de-authentication frame when it wants to terminate the connection. These frames are in plain text and are not encrypted. These are not authenticated by the access point. Attackers take advantage of this, and spoof these packets and disable the communication between the connected client and access point. In this paper, an algorithm based on radio-tap header information is suggested to identify whether there is a De-Authentication attack on the client or not.
An open, unencrypted wireless network can 'sniff' or capture and record the traffic, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts.Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security. Wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks.The risks to users of wireless technology have increased as the service has become more popular.As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
When setting up and maintaining Wi-Fi home networks, consider these tips for maximizing the security of the computers and data on these networks.
Securing Wireless Networks by maximizing the security of 802.11 standard and minimizing the Risk on Wireless network
"Security & Privacy in WLAN - A Primer and Case Study"
The objective of this paper is to illustrate a primer on Wireless Local Area Network (WLAN) security issues along with an experiment on WLAN penetration test in a live network.
It is a PPT on Wireless LAN Security,made by ARPIT BHATIA(student of Sri Guru Nanak Public School, Adarsh Nagar) for Informatics Practices project.It has all necessary information with pictures about the wireless LAN. This PPT is made only for Educational Purpose.
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
The growing volume of attacks on the Internet has
increased the demand for more robust systems and
sophisticated tools for vulnerability analysis, intrusion
detection, forensic investigations, and possible responses.
Current hacker tools and technologies warrant reengineering
to address cyber crime and homeland security. The being
aware of the flaws on a network is necessary to secure the
information infrastructure by gathering network topology,
intelligence, internal/external vulnerability analysis, and
penetration testing. This paper has as main objective to
minimize damages and preventing the attackers from
exploiting weaknesses and vulnerabilities in the 4 ways
handshake (WIFI).
We equally present a detail study on various attacks and
some solutions to avoid or prevent such attacks in WLAN.
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
These slides include discussion on important Wi-Fi security issues and the solutions available to address them hack too. Enterprises which need to secure their networks from Wi-Fi threats in order to protect their information assets, prevent unauthorized use of their network, enforce no-Wi-Fi zones, and meet regulatory compliance for themselves and their clients will benefit from this discussion
The IEEE 802.15.4 standard is used in networks that entail wireless technology within short distances and low traffic of exchange messages. This type of network is an approach of the Low Rate Wireless Personal Area Network (LR-WPAN) that provides the description for a physical layer (PHY) and media access control (MAC). There are four security services to protect the exchange of data and control frames in the IEEE 802.15.4. The MAC layer in IEEE 802.15.4 allows association devices to disconnect within the network. It also allows the coordinator PAN to run the disassociation process by imposing the associated device disconnection within the network. However, one of the challenges the disassociation process faces is DoS attacks, which impact the services of the network. Therefore, this paper aims at improving security through a review and analysis of the procedure of the disassociation process and identify the shortcomings of the security. The main result is to identify a new possible attack against the disassociation process. The attacker can impersonate either the coordinator PAN or the associated device to execute this potential attack. The implementation of the potential attack in the Castalia tool using the OMNET++ environment is explained and discussed in the results.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksIJNSA Journal
Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used to find them are mobile and easy to access. Securing wireless networks can be difficult because these networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to compromise it. In recent years, a range of technologies and mechanisms have helped makes networking more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related authentication, confidentiality and integrity problems. It discovered that strength of each solution depends on how well the encryption, authentication and integrity techniques work. The work suggested using a Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth comparative analysis of each of the security mechanisms is driven by review of related work in WLAN security solutions.
Security Delivery Platform: Best practicesMihajlo Prerad
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
A LIGHT WEIGHT SOLUTION FOR DETECTING DE-AUTHENTICATION ATTACK IJNSA Journal
Nowadays Wireless local area networks (WLANs) are growing very rapidly. Due to the popularity of 802.11 networks, possibilities of various attacks to the wireless network have also increased. In this paper, a special type of attack De-Authentication/disassociation attack has been investigated. In a normal scenario, a wireless client or user sends a de-authentication frame when it wants to terminate the connection. These frames are in plain text and are not encrypted. These are not authenticated by the access point. Attackers take advantage of this, and spoof these packets and disable the communication between the connected client and access point. In this paper, an algorithm based on radio-tap header information is suggested to identify whether there is a De-Authentication attack on the client or not.
An open, unencrypted wireless network can 'sniff' or capture and record the traffic, gain unauthorized access to internal network resources as well as to the internet, and then use the information and resources to perform disruptive or illegal acts.Many laptop computers have wireless cards pre-installed. The ability to enter a network while mobile has great benefits. However, wireless networking is prone to some security. Wireless networks relatively easy to break into, and even use wireless technology to hack into wired networks.The risks to users of wireless technology have increased as the service has become more popular.As a result, it is very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.
A presentation which on Wireless Network Security. It contains Introduction to wireless networking, security threats and risks, best practices on using wireless networks.
When setting up and maintaining Wi-Fi home networks, consider these tips for maximizing the security of the computers and data on these networks.
Securing Wireless Networks by maximizing the security of 802.11 standard and minimizing the Risk on Wireless network
"Security & Privacy in WLAN - A Primer and Case Study"
The objective of this paper is to illustrate a primer on Wireless Local Area Network (WLAN) security issues along with an experiment on WLAN penetration test in a live network.
It is a PPT on Wireless LAN Security,made by ARPIT BHATIA(student of Sri Guru Nanak Public School, Adarsh Nagar) for Informatics Practices project.It has all necessary information with pictures about the wireless LAN. This PPT is made only for Educational Purpose.
Solving Downgrade and DoS Attack Due to the Four Ways Handshake Vulnerabiliti...Dr. Amarjeet Singh
The growing volume of attacks on the Internet has
increased the demand for more robust systems and
sophisticated tools for vulnerability analysis, intrusion
detection, forensic investigations, and possible responses.
Current hacker tools and technologies warrant reengineering
to address cyber crime and homeland security. The being
aware of the flaws on a network is necessary to secure the
information infrastructure by gathering network topology,
intelligence, internal/external vulnerability analysis, and
penetration testing. This paper has as main objective to
minimize damages and preventing the attackers from
exploiting weaknesses and vulnerabilities in the 4 ways
handshake (WIFI).
We equally present a detail study on various attacks and
some solutions to avoid or prevent such attacks in WLAN.
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
These slides include discussion on important Wi-Fi security issues and the solutions available to address them hack too. Enterprises which need to secure their networks from Wi-Fi threats in order to protect their information assets, prevent unauthorized use of their network, enforce no-Wi-Fi zones, and meet regulatory compliance for themselves and their clients will benefit from this discussion
The IEEE 802.15.4 standard is used in networks that entail wireless technology within short distances and low traffic of exchange messages. This type of network is an approach of the Low Rate Wireless Personal Area Network (LR-WPAN) that provides the description for a physical layer (PHY) and media access control (MAC). There are four security services to protect the exchange of data and control frames in the IEEE 802.15.4. The MAC layer in IEEE 802.15.4 allows association devices to disconnect within the network. It also allows the coordinator PAN to run the disassociation process by imposing the associated device disconnection within the network. However, one of the challenges the disassociation process faces is DoS attacks, which impact the services of the network. Therefore, this paper aims at improving security through a review and analysis of the procedure of the disassociation process and identify the shortcomings of the security. The main result is to identify a new possible attack against the disassociation process. The attacker can impersonate either the coordinator PAN or the associated device to execute this potential attack. The implementation of the potential attack in the Castalia tool using the OMNET++ environment is explained and discussed in the results.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
Evaluation of Enhanced Security Solutions in 802.11-Based NetworksIJNSA Journal
Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used to find them are mobile and easy to access. Securing wireless networks can be difficult because these networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to compromise it. In recent years, a range of technologies and mechanisms have helped makes networking more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related authentication, confidentiality and integrity problems. It discovered that strength of each solution depends on how well the encryption, authentication and integrity techniques work. The work suggested using a Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth comparative analysis of each of the security mechanisms is driven by review of related work in WLAN security solutions.
Evaluation of enhanced security solutions inIJNSA Journal
Traditionally, 802.11-based networks that relied on wired equivalent protocol (WEP) were especially
vulnerable to packet sniffing. Today, wireless networks are more prolific, and the monitoring devices used
to find them are mobile and easy to access. Securing wireless networks can be difficult because these
networks consist of radio transmitters and receivers, and anybody can listen, capture data and attempt to
compromise it. In recent years, a range of technologies and mechanisms have helped makes networking
more secure. This paper holistically evaluated various enhanced protocols proposed to solve WEP related
authentication, confidentiality and integrity problems. It discovered that strength of each solution depends
on how well the encryption, authentication and integrity techniques work. The work suggested using a
Defence-in-Depth Strategy and integration of biometric solution in 802.11i. Comprehensive in-depth
comparative analysis of each of the security mechanisms is driven by review of related work in WLAN
security solutions.
Wireless networks are accessible to anyone within the router’s transmission radius. This makes them vulnerable to attacks. Hotspots are available in public places such as airports, restaurants, parks, etc.
In this module, we will introduce you to common techniques used to exploit weaknesses in wireless network security implementations. We will also look at some of the countermeasures you can put in place to protect against such attacks.
an overview of wireless local area networks and security systemIJAEMSJORNAL
Wireless Communication is one of the fastest growing technologies in the world which is an application of technology and science in the modern life. Radio and telephone to current devices such as mobile phone, laptops, television broadcasting are the most essential part of our life. Wireless LAN, Cellular Telephony and Satellite based communication networks are the several parts of the wireless communication industry. In this paper, we have emphasized on a study of Wireless LAN technologies and its concerned issues: Wireless Networking, What WLANs are, History of WLAN, Need of WLAN, Types of WLAN, Advantages of WLAN, IEEE 802.11 Standards, Network Security.
1
Table of Contents
Wireless Network Security3
Introduction3
Overview of Wireless Technologies4
Standards of Wireless Specification:6
Security Features6
Wireless Threats7
Wireless Networks Attacks8
Conclusion9
References10
Wireless Network SecurityIntroduction
The wireless technology has been under threat in terms of security because of hacking aspect, the wireless technology has been under threat as the same as the wired network, but on the other hand they are vulnerable to additional risk( Silva, Santos & Nogueira,2015). The wireless network usually transmits data via the radio frequencies that enhance the possibility of tapping the information by threaten invaders if it is not properly protected. The threaten invaders have founded a way to get the access to the wireless system to steal or destroy the original information, the attackers launch strikes which are related to network bandwidth and prevent the authorized users to use their desired services, and they also keep an eye on the conversations that are taking place. For instance, the hackers or threaten invaders successfully get into wireless systems to have access to important information. The project mainly focuses on the IEEE802.11 and IEEE802.16 which are group of standards for wireless local area networks (WLANs) and metropolitan area networks (WMANs) respectively.Overview of Wireless Technologies
The wireless technologies make the gadgets to have communication without any connection physically, implying that they do not need peripheral or network cabling. The wireless range from the complicated environments, for instance mobile networks that includes 3G mobile phones and local area networks, to less complicated gadgets such as microphones without wire, earphones and other gadgets which will not save or process data and usually used for small range procedures like infrared or communications via Bluetooth (BT) (Egners, Herrmann & Meyer,2015).
Typical IP network wireless devices or infrastructure
Access points or base stations
· Station wireless
· Router wireless
Retransmission devices (Sun, Yan, Zhang & Rong, 2015).
· Repeater wireless
· Network bridge wireless
End points
· Cards or adapters wireless
· Laptops
· PDAs
· Mobile telephones
Infrared devices, such as cordless computer keyboards, remote controls and mice all needs a direct line of sight between the receiver and transmitter to complete the link. Even though the infrared communication replaced by BT technology in most of the gadgets, some legacy standard gadgets still use IR for short range communication (Illiano, & Lupu, 2015).
Network classification of wireless networks
Wireless networks act as date transmitter mechanism between other wireless communications and the traditional wired networks. Wireless network can be structured in different ways but they are frequently categorized into 4 main categories based on their coverage range.
· Wireless wide area network (WWAN)
Which invol ...
Wireless Security – From A to Z – Types, Threats, To How to Secure.pdfSeanHussey8
The introduction of Wi-Fi has created a plethora of chances for thieves.
Wireless security is the deterrence of unauthorized users from accessing and stealing data from your wireless network. To be more specific, wireless security protects a Wi-Fi network from unwanted access.
Only a minor flaw in your home Wi-Fi network can provide criminal access to nearly all devices that use that Wi-Fi. Access might cause issues with bank accounts, credit card information, kid safety, and a variety of other concerns.
Within this article are pertinent recommendations to assist you in protecting your home Wi-Fi network from illegal access.
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FIIJNSA Journal
This paper is mainly based on providing security to the wireless networks through which devices like
Bluetooth gets connected. The Wi-Fi connections are also prone to various attacks these days. The
protocols that are required to provide security to wireless networks can be implemented by creating a
wireless scenario using the software Network Simulator. This paper illustrates a scenario to check the
security protocol. As NS2 mainly has the implementation of routing protocols, a new protocol should be
designed especially for security purpose. This is done by following many tutorials to get a minimum basic
knowledge of NS2, C/C++ coding. The security feature followed in the paper is encryption/decryption of
the data that is being exchanged. Data should be ensured as and then there will be a perfect
implementation of the protocol. So, the paper throughout concentrates on adding a new security protocol to
NS2 and implementation of that protocol by providing a wireless scenario.
IMPLEMENTATION OF A SECURITY PROTOCOL FOR BLUETOOTH AND WI-FI IJNSA Journal
This paper is mainly based on providing security to the wireless networks through which devices like Bluetooth gets connected. The Wi-Fi connections are also prone to various attacks these days. The protocols that are required to provide security to wireless networks can be implemented by creating a wireless scenario using the software Network Simulator. This paper illustrates a scenario to check the security protocol. As NS2 mainly has the implementation of routing protocols, a new protocol should be designed especially for security purpose. This is done by following many tutorials to get a minimum basic
knowledge of NS2, C/C++ coding. The security feature followed in the paper is encryption/decryption of the data that is being exchanged. Data should be ensured as and then there will be a perfect implementation of the protocol. So, the paper throughout concentrates on adding a new security protocol to NS2 and implementation of that protocol by providing a wireless scenario.
Attacks and Risks in Wireless Network Securityijtsrd
Wireless networks are mostly common and are the part of every organisation or an individual. In this article we look into the technology of wireless network and security features of WLANs, delinquent and attacks in IEEE 802.11 WLANs. There are variety of attack methods that can be used against the uses of wireless networks. Modern wireless data network use a variety of techniques to provide obstacles to such attacks. This article also discuss the risks of wireless security in an enterprise. We conclude that combined effort of users, employers and system administrator is required to fight against such malevolent activities. A. C. Sounthararaj | B. VeeraPandiyan "Attacks and Risks in Wireless Network Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-2 | Issue-6 , October 2018, URL: http://www.ijtsrd.com/papers/ijtsrd18625.pdf
Living in the Jungle: Legitimate users in Legitimate Insecure Wireless NetworksChema Alonso
Trabajo realizado para la medición del grado de inseguridad de una red WiFi a la que se conecta un equipo. En él se analizan las medidas de seguridad, el riesgo y los motivos por los que existen las redes WiFi inseguras
Composition Assistance - Topic Gun ControlAssignment 2 Your R.docxdonnajames55
Composition Assistance - Topic Gun Control
Assignment 2: Your Research Paper's Annotated Bibliography
Revisit the topic that you listed in your research proposal from Module 1, and do some research. If you have some trouble, you may need to narrow it a bit to find appropriate academic source material. Your selected topic will be the topic for your final paper in this class.
For this assignment, you need to complete an annotated bibliography of the sources you are finding for your research paper. As you continue to work on your project, add to your list, so that when you are ready for your final draft you can remove the unused citations and all annotations. After these things are removed, and your page is re-titled “References,” it will be ready to submit as part of the final paper. Here are the things you should look for in a good annotated bibliography:
· You use at least three university-level resources that are authoritative, correct, unbiased, current, and coherent.
· Your title is “References,” not “Bibliography.” Your authors are listed in alphabetical order, and there is a short explanation after every citation.
· Your citations are APA formatted (with hanging indent) and each needed block of annotation text is in the appropriate order.
· The work is formatted in 12 point, Times New Roman font, with one inch margins all around.
· You offer a description of the source’s usefulness: statistics, clever quote, graph, table, fact, or other relevant information. If a source is not useful, you note that it is not going to be used in your paper.
5
Table of Contents
Wireless Network Security 3
Introduction 3
Overview of Wireless Technologies 4
Standards of Wireless Specification: 6
Security Features 6
Wireless Threats 7
Wireless Networks Attacks 8
Conclusion 9
References 10
Wireless Network SecurityIntroduction
The wireless technology has been under threat in terms of security because of hacking aspect, the wireless technology has been under threat as the same as the wired network, but on the other hand they are vulnerable to additional risk( Silva, Santos & Nogueira,2015). The wireless network usually transmits data via the radio frequencies that enhance the possibility of tapping the information by threaten invaders if it is not properly protected. The threaten invaders have founded a way to get the access to the wireless system to steal or destroy the original information, the attackers launch strikes which are related to network bandwidth and prevent the authorized users to use their desired services, and they also keep an eye on the conversations that are taking place. For instance, the hackers or threaten invaders successfully get into wireless systems to have access to important information. The project mainly focuses on the IEEE802.11 and IEEE802.16 which are group of standards for wireless local area networks (WLANs) and metropolitan area networks (WMANs) respectively.Overview of Wireless Technologi.
A comparitive analysis of wireless security protocols (wep and wpa2)pijans
Wireless local area networks (WLANs) are become popular as they are fast, cost effective, flexible and easy
to use. There are some challenges of security and for IT administrators the choice of security protocol is a
critical issue. The main motive of this paper is to make the non-specialist reader knowledgeable about
threats in the wireless security and make them aware about the disadvantages of wireless security
protocols. WEP (Wired Equivalent privacy), WPA (Wi-Fi Protected Access) and RSN (Robust Security
Network) security protocols are defined and examined here. This security protocols are compared with the
common.
This paper is a comparative analysis of WEP, WPA and WPA2. We have tried to perform and check
authentication of all 3 protocols by implying the legendary attack vector scripts i.e. Air crack set of tools.
The test was conducted on Back Track operating system which is considered as dedicated pentesting
operating system. In the test result, we found out that WEP is the weakest, to which WPA was a temporary
solution and WPA2 is a very solid and long term solution.
This paper is a mixture of wireless security weaknesses and counter measures to the problems faced until
recently. After reading this paper the non specialist reader will have complete review and awareness about
the wireless security and vulnerabilities involved with it.
Seminar Paper on Security Issues of 802.11b based on IEEE Whitepaper by Boland, H. and Mousavi, H., Carleton University, Ottawa, Ont., Canada, IEEE Canadian Conference on Electrical and Computer Engineering, 2-5 May 2004
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfKamal Acharya
The College Bus Management system is completely developed by Visual Basic .NET Version. The application is connect with most secured database language MS SQL Server. The application is develop by using best combination of front-end and back-end languages. The application is totally design like flat user interface. This flat user interface is more attractive user interface in 2017. The application is gives more important to the system functionality. The application is to manage the student’s details, driver’s details, bus details, bus route details, bus fees details and more. The application has only one unit for admin. The admin can manage the entire application. The admin can login into the application by using username and password of the admin. The application is develop for big and small colleges. It is more user friendly for non-computer person. Even they can easily learn how to manage the application within hours. The application is more secure by the admin. The system will give an effective output for the VB.Net and SQL Server given as input to the system. The compiled java program given as input to the system, after scanning the program will generate different reports. The application generates the report for users. The admin can view and download the report of the data. The application deliver the excel format reports. Because, excel formatted reports is very easy to understand the income and expense of the college bus. This application is mainly develop for windows operating system users. In 2017, 73% of people enterprises are using windows operating system. So the application will easily install for all the windows operating system users. The application-developed size is very low. The application consumes very low space in disk. Therefore, the user can allocate very minimum local disk space for this application.
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Cosmetic shop management system project report.pdfKamal Acharya
Buying new cosmetic products is difficult. It can even be scary for those who have sensitive skin and are prone to skin trouble. The information needed to alleviate this problem is on the back of each product, but it's thought to interpret those ingredient lists unless you have a background in chemistry.
Instead of buying and hoping for the best, we can use data science to help us predict which products may be good fits for us. It includes various function programs to do the above mentioned tasks.
Data file handling has been effectively used in the program.
The automated cosmetic shop management system should deal with the automation of general workflow and administration process of the shop. The main processes of the system focus on customer's request where the system is able to search the most appropriate products and deliver it to the customers. It should help the employees to quickly identify the list of cosmetic product that have reached the minimum quantity and also keep a track of expired date for each cosmetic product. It should help the employees to find the rack number in which the product is placed.It is also Faster and more efficient way.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Event Management System Vb Net Project Report.pdfKamal Acharya
In present era, the scopes of information technology growing with a very fast .We do not see any are untouched from this industry. The scope of information technology has become wider includes: Business and industry. Household Business, Communication, Education, Entertainment, Science, Medicine, Engineering, Distance Learning, Weather Forecasting. Carrier Searching and so on.
My project named “Event Management System” is software that store and maintained all events coordinated in college. It also helpful to print related reports. My project will help to record the events coordinated by faculties with their Name, Event subject, date & details in an efficient & effective ways.
In my system we have to make a system by which a user can record all events coordinated by a particular faculty. In our proposed system some more featured are added which differs it from the existing system such as security.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSEDuvanRamosGarzon1
AIRCRAFT GENERAL
The Single Aisle is the most advanced family aircraft in service today, with fly-by-wire flight controls.
The A318, A319, A320 and A321 are twin-engine subsonic medium range aircraft.
The family offers a choice of engines
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSIS
1. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
DOI : 10.5121/ijnsa.2011.3607 97
SECURING IEEE 802.11G WLAN USING OPENVPN
AND ITS IMPACT ANALYSIS
Praveen Likhar, Ravi Shankar Yadav and Keshava Rao M
Centre for Artificial Intelligence and Robotics (CAIR)
Defence Research and Development Organisation (DRDO)
Bangalore-93, India
{praveen.likhar,ravi.yadav,keshava}@cair.drdo.in
ABSTRACT
Like most advances, wireless LAN poses both opportunities and risks. The evolution of wireless
networking in recent years has raised many serious security issues. These security issues are of great
concern for this technology as it is being subjected to numerous attacks. Because of the free-space radio
transmission in wireless networks, eavesdropping becomes easy and consequently a security breach may
result in unauthorized access, information theft, interference and service degradation. Virtual Private
Networks (VPNs) have emerged as an important solution to security threats surrounding the use of public
networks for private communications. While VPNs for wired line networks have matured in both research
and commercial environments, the design and deployment of VPNs for WLAN is still an evolving field.
This paper presents an approach to secure IEEE 802.11g WLAN using OpenVPN, a transport layer VPN
solution and its impact on performance of IEEE 802.11g WLAN.
KEYWORDS
WLAN, IEEE 802.11g, VPN, Performance evaluation, Security.
1. INTRODUCTION
Among the various wireless technologies, Wireless LAN (WLAN) comes out as a popular local
solution because of its features like mobility, easy to setup, low cost and handiness. WLAN
offers wireless Internet and Intranet access to users in various restricted geographical places
known as hotspots such as airports, hotels, Internet cafes and college campuses. IEEE 802.11 a,
b and g are the well known and established standards for WLAN. The IEEE 802.11g WLAN
technology is one of the fastest growing segment of the communications market today. It
provides always-on network connectivity without, of course, requiring a network cable. Home
or remote workers can set up networks without worrying about how to run wires through houses
that never were designed to support network infrastructure. WLAN components plug into the
existing infrastructure as simply as extending a phone line with a wireless phone. By removing
the need to wire a network in the home, the cost of adoption and benefit of mobility within the
home and the low cost of components make wireless networking a low-cost and efficient way to
install a home network. But many users of WLAN technology are not aware or concerned about
the security implications associated with wireless networks. On the other hand, wireless
adoption within the corporate and medium-sized businesses has been severely inhibited by
security concerns associated with sending sensitive corporate data over the air. Unlike its wired
network counterpart, where the data remains in the cables, the wireless network uses open air as
a medium. This broadcast nature of WLAN introduces a greater risk from intruders.
In particular, with the evolution of wireless networking in recent years has raised the serious
security issues [1], [2]. These security issues are of great concern for this technology as it is
being subjected to numerous attacks [3], [4], and [5]. The most common attacks on wireless
LANs are unwanted or automatic connection to the wrong network, man-in-the-middle attack
2. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
98
with a fake Access Point (AP), theft of information by illegal tapping of the network, intrusion
from open air, scrambling of the WLAN and consumption of device batteries.
The Wired Equivalent Privacy (WEP) is a standard security mechanism for IEEE 802.11g
WLAN. When it was introduced, it was considered as a secured algorithm. But later it was
found that it can be cracked easily [3], [6], [7], and [8]. VPN technology has been used
successfully to securely transmit data in wired networks especially when using Internet as the
medium. This success of VPN in wired networks and the inherent security limitations of
wireless networks have prompted developers and administrators to deploy it in case of wireless
networks. A VPN works by creating a tunnel, on top of a protocol such as IP. In this paper we
evaluated the impact of OpenVPN [9], transport layer VPN solution, on performance of IEEE
802.11g WLAN.
This work is extension of our previous work [10]. The paper is organized in eight sections.
Following this introductory section we give a brief description of WLAN standards. In the third
section we explain the WEP weakness and vulnerabilities. The fourth section gives overview of
VPN technology and its need for WLAN. In the fifth section we explain OpenVPN its working
and comparison with WEP. The sixth section describes experimental details. The seventh
section presents the experimental results and their analysis. The eighth section concludes the
paper.
2. WIRELESS LAN STANDARDS
The IEEE 802.11 is a set of standards for wireless local area network (WLAN) computer
communications in the 2.4, 3.6 and 5 GHz frequency bands [11]. The 802.11a, b, and g
standards are the most common for home wireless access points and large business wireless
systems.
The 802.11a is faster than 802.11b with a data transfer rates up to 54Mbps. As compare to
802.11b it can support more simultaneous connections and suffers less interference as it
operates in 5GHz frequency band. However, among the three standards 802.11a has shortest
range.
The 802.11b works in 2.4 GHz frequency band and support maximum transfer rate of 11Mbps.
As compare to 802.11a it uses less expensive hardware and better in penetrating physical
barriers. It is more susceptible to interference as its working frequency is used by many
electronic appliances.
The 802.11g operates in 2.4GHz frequency band with maximum transfer rate of 54Mbps and
have backward compatibility with 802.11b. Being operated in the 2.4GHz it also susceptible to
interference. In practical scenario distance coverage by 802.11g is better than 802.11a but
slightly less than 802.11b.
These WLAN standards are summarised in the Table 1.
Table 1. IEEE 802.11 WLAN Standards.
Parameter 802.11a 802.11b 802.11g
Maximum operating
speed
54 Mbps 11Mbps 54Mbps
Working frequency
band
5 GHz 2.4 GHz 2.4 GHz
Modulation
technique
OFDM DSSS OFDM
3. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
99
Maximum indoor
distance coverage
18 mts 30 mts 30 mts
Maximum outdoor
distance coverage
30 mts 120 mts 120 mts
Remarks No interference ; less
distance due to high
frequencies
Interference from RF
sources like cordless
phones
Interference,
backwards
compatible with
802.11b
3. WIRED EQUIVALENT PRIVACY (WEP)
The WEP is a privacy protocol specified in IEEE 802.11 to protect the link data transmitted in
WLAN. It refers to the intent to provide a privacy service to wireless LAN users similar to that
provided by the physical security inherent in a wired LAN. The WEP encryption uses the RC4
symmetric stream cipher with 40-bit and 104-bit encryption keys. Although 104-bit encryption
keys are not specified in the 802.11 standard, many wireless AP vendors support them.
3.1. Security Issues with WEP
Security researchers have discovered potential attacks that let malicious users compromise the
security of WLAN that use WEP [5], [7]. The following is a list of such attacks:
• Passive attacks to decrypt traffic, based on statistical analysis.
• Active attacks to inject new traffic from unauthorized mobile stations, based on known
plaintext.
• Active attacks to decrypt traffic, based on tricking the access point.
• Dictionary-building attacks, after analyzing enough traffic on a busy network.
WEP has been widely criticized for a number of weaknesses [6], [8]:
• WEP is vulnerable because of relatively short IVs and keys.
• Authentication messages can be easily forged.
• IV Reuse Problem: Stream ciphers are vulnerable to analysis when the keystream is
reused.
• Integrity Check value Insecurity: WEP uses a CRC for the integrity check. Although the
value of the integrity check is encrypted by the RC4 keystream, CRCs are not
cryptographically secure. Use of a weak integrity check does not prevent determined
attackers from transparently modifying frames.
• Key Management: The WEP standard does not define any key-management protocol
and presumes that secret keys are distributed to the wireless nodes by an external key-
management service.
3.2. Tools available for attacking WLAN
The various popular tools for attacking the WLAN are listed in Table 2.
4. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
100
Table 2. Tools for Attacking WLAN.
Tool Operating
System
Description
Aircrack [13] Linux /
Windows
It is a WEP key cracking program for use on 802.11
networks. The primary purpose for the program is to
recover the unknown WEP key once enough data is
captured.
Airpwn [14] Linux It is a tool for generic packet injection on an 802.11
network.
Airsnarf [15] Linux It is a simple rogue wireless access point setup utility to
steal usernames and passwords from public Wi-Fi
hotspots.
BSD-Airtools [16] Linux It contains a bsd-based wep cracking application, called
dweputils. It also contains a AP detection application
similar to netstumbler (dstumbler) that can be used to
detect wireless access points and connected nodes, view
signal to noise graphs etc.
Dsniff [17] Linux It is counterpart of NetStumbler
Dstumbler [18] FreeBSD It is counterpart of NetStumbler
Fake AP [19] Linux It generates thousands of counterfeit WLAN access
points.
KisMAC [20] MacOS It is a free stumbler application for MacOS X. It puts
network card into the monitor mode, completely
invisible and send no probe requests.
Kismet [21] Linux It passively monitors wireless traffic and dissects frames
to identify SSIDs, MAC addresses, channels and
connection speeds.
MacIdChanger
[22]
Windows It is a MAC address spoofing tool. This is generally
used to conceal the unique MAC id that is on every
network adapter.
MacStumbler [23] MacOS It is a utility to display information about nearby
802.11b and 802.11g wireless access points.
Netstumbler [24] Windows It is a wireless access point identifier running on
Windows.
Wep0ff [25] Linux /
Windows
It is a tool to crack WEP-key without access to AP by
mount fake access point attack against WEP-based
wireless clients.
WEPCrack [26] Linux It is a tool that cracks 802.11 WEP encryption keys by
exploiting the weaknesses of RC4 key scheduling.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
101
WEPWedgie [27] Linux It is a toolkit for determining 802.11 WEP keystreams
and injecting traffic with known keystreams. The toolkit
also includes logic for firewall rule mapping, ping
scanning, and port scanning via the injection channel
and a cellular modem.
Wifitap [28] Linux It allows users to connect to wifi networks using traffic
injection.
4. VIRTUAL PRIVATE NETWORK (VPN)
VPN technology provides the means to securely transmit data between two network devices
over an insecure data transport medium.VPN technology has been used successfully in wired
networks especially when using Internet as the medium. This success of VPN in wired networks
and the inherent security limitations of wireless networks have prompted developers and
administrators to deploy it in case of wireless networks. A VPN works by creating a tunnel, on
top of a protocol such as IP. VPN technology provides three levels of security:
• Confidentiality: To provide the security against the loss of confidentiality, VPN
provides a secure tunnel on top of inherently un-secure medium like the Internet. The
data is encrypted before passing through the tunnel which provides another level of data
confidentiality. If an attacker manages to get into the tunnel and intercepts the data, that
attacker will only get encrypted data.
• Integrity: VPN uses integrity check mechanism such as hashing, message
authentication code or digital signature to protect against the modification of data. It
guarantees that all traffic is from authenticated devices thus implying data integrity.
• Origin Authentication: VPN provides mechanism for origin authentication by using
cryptographic mechanism such as message authentication code or digital signature.
• Replay Protection: VPN also provides security against replay attack by using sliding
window mechanism.
4.1. Need for VPN in Wireless Networks
The WLAN did not focus on security as a primary requirement. Generally the main focuses
were on connectivity, throughput and other architectural and functional issues. As compared to
wired networking the wireless networking is inherently more prone to attacks and less secure.
Physical boundary for a wireless network cannot be confined. Although WEP is an existing
security mechanism for WLAN, researchers have found many vulnerabilities in it. The WEP is
also subjected to numerous attacks. These security issues of WLAN, lead the researchers,
vendors and analysts to look for a solution to prevent these attacks.
The tunnelling of data using VPN technology is a widely agreed robust protection against many
threats and attacks.
5. OPENVPN
The OpenVPN is free and open source user space VPN solution which tunnels the traffic
through transport layer using TCP or UDP protocol for encapsulation and transfer of data. It
uses virtual network interface (VNI) for capturing incoming traffic before encryption and
sending outgoing traffic after decryption. Security in OpenVPN is handled by the OpenSSL [12]
cryptographic library which provides strong security over Secure Socket Layer (SSL) using
standard algorithms such as Advanced Encryption Standard (AES), Blowfish, or Triple DES
6. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
102
(3DES). The OpenVPN uses a mode called Cipher Block Chaining (CBC) which makes the
cipher text of the current block dependent on the cipher text of the previous block. This prevents
an attacker from seeing patterns between blocks with identical plaintext messages and
manipulating one or more of these blocks.
The VNI appears as actual network interface to all applications and users. Packets of incoming
traffic sent via a VNI are delivered to a user-space program attached to the VNI. A user-space
program may also pass packets into a VNI. In this case the VNI injects these packets to the
operating system network stack to sends it to the location mentioned in destination address field
of the packets. The TUN and TAP are open source VNI. The TAP simulates an Ethernet device
and it operates with layer 2 packets such as Ethernet frames. The TUN simulates a network
layer device and it operates with layer 3 packets such as IP packets [29, 30].
In Figure 1, the working of OpenVPN is explained and in Figure 2, the data flow in OpenVPN
environment is shown.
Figure 1. OpenVPN Tunnel between two end points
Figure 2. OpenVPN – Data Flow
The OpenVPN performs the following to secure the communications:
• Receives the packets of outgoing plain traffic from user space program by using the
VNI.
• After receiving the packets, it compresses the received packets using Lempel-Ziv-
Oberhumer (LZO) compression.
• After compression, it encrypts the packets using OpenSSL cryptographic library. For
our experimentation we are using AES-128.
• OpenVPN also applies sliding window method to provide replay protection.
7. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
103
• Then it tunnels the packet using UDP or TCP protocol to the other end.
• On receiving the encrypted traffic at other end, the OpenVPN performs the reverse of
cryptographic operations to verify integrity, authenticity etc.
• After successful completion of reverse cryptographic operations, it decompresses the
packet.
• The decompressed packet is then passed via VNI to the user space program.
5.1. OpenVPN Cryptographic Operation
• OpenVPN uses a security model designed to protect against both passive and active
attacks.
• OpenVPN security model is based on using SSL/TLS for session authentication and the
IPSec ESP protocol for secure tunnel transport over UDP.
• OpenVPN uses the X509 PKI (public key infrastructure) for session authentication.
• OpenVPN uses TLS protocol for cryptographic key exchange.
• OpenVPN uses two factor authentication for authenticate the clients.
• OpenVPN uses OpenSSL cipher-independent EVP, an OpenSSL API that provides
high-level interface to cryptographic functions, for encrypting tunnel data.
• OpenVPN uses HMAC-SHA1 algorithm for authenticating tunnel data.
5.2. Overcoming WEP vulnerabilities
In Table 3 shows how OpenVPN overcomes the WEP vulnerabilities by comparing it with WEP
on various parameters.
Table 3. OpenVPN Comparison with WEP.
Parameter WEP OpenVPN Remark
Initialisation
Vector (IV)
24 bit
(Too small)
Cipher –dependent and
equal to cipher block
size.
OpenVPN solves the IV
reuse problem of WEP.
Encryption
Algorithm
RC4 stream
cipher
All Block Cipher
supported by
OpenSSL. Ex. AES,
Blowfish, DES etc.
Encryption is fast and more
secure in OpenVPN.
CBC Mode Not supported Supported OpenVPN protects against
know plain text attack.
Authentication Open system
and shared
secret
authentication
TLS based two factor
authentication
OpenVPN authentication is
strong than WEP.
Data
Authentication
and Integrity
check
By using
Cyclic
Redundancy
Check (CRC)
All OpenSSL
authentication
mechanism like
HMAC-SHA1, MD5
etc.
OpenVPN provides better
data authentication and
integrity check.
8. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
104
Key
Management
No key
management
PKI X509 and pre
shared secret
OpenVPN supports two
established key
management.
Replay
Protection
No Yes OpenVPN uses sliding
window mechanism to
provide replay protection.
Attacks: Bit
flipping,
dictionary-
building, FMS,
etc.
Vulnerable to
these attacks
[5], [7], [8]
Secure against these
attacks
OpenVPN provide security
against well known WEP
attacks.
6. EXPERIMENT SETUP FOR PERFORMANCE MEASUREMENT
For analyzing the impact of OpenVPN on performance of IEEE 802.11g WLAN we created two
experiment scenarios. First was for measuring the throughput under normal conditions and the
second was to analyze the variation of traffic throughputs over an IEEE 802.11g WLAN when
OpenVPN is implemented in WLAN. The following parameters were used as metrics for
performance measurement during our experiments:
• Throughput is the rate at which bulk of data transfers can be transmitted from one host
to another over a sufficiently long period of time.
• Latency is the total time required for a packet to travel from one host to another,
generally from a transmitter through a network to a receiver.
• Frame loss is measured as the frames transmitted but not received at the destination
compared to the total number or frames transmitted.
• IP Packet delay variation is measured for packets belonging to the same packet stream
and shows the difference in the one-way delay that packets experience in the network.
6.1. Standard followed for performance measurement
We followed the IP Performance Metrics (IPPM) RFC 4148 [31], to measure the performance.
The following is the list of metrics we have used along with the standard followed to measure
these metrics.
• Maximum throughput achieved as per RFC 2544 [32],
• One-way Delay as per RFC 2679 [33],
• One-way Packet Loss as per RFC 2680 [34],
• IP Packet Delay Variation Metric as per RFC 3393 [35].
6.2. Requirements for Experimentation
The following is a list of the general Software and Hardware requirements for our experiments:
• Two laptops loaded with Red Hat Enterprise Linux 5,
• Ethernet Cables,
• TL-WA601G 108M TP-Link Wireless Access point,
• SPT-2000A Spirent test center.
9. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
105
6.3. Experiment Setup
In our experiment setup two laptops are connected using TP-Link Access point. The distance
between the AP and the laptops is set to 4 meters to keep the signal strength high. Port-1 of
Spirent test center is connected to laptop-1 and port-2 of Spirent is connected to laptop-2 using
Ethernet cables of length 3 meters. These ports act as clients for laptops. These ports are used
for traffic generation and analysis purpose. Port-1 of Spirent test center is used to generate the
desired traffic for various data rates, frame sizes etc. Port-2 receives the traffic and analyses it.
The analysis includes max throughput achieved, latency and packet delay variation with respect
to various frame sizes. The 802.11g WLAN standard does not have inbuilt compression feature.
OpenVPN supports both modes without compression and with compression, in our study we
experimented both modes.
6.3.1. Performance without OpenVPN
The experiment setup for this is shown in Figure 3. We carried out this experiment for
measuring the baseline performance of IEEE 802.11g WLAN.
Figure 3. Experiment setup without OpenVPN
This experiment comprises of two steps. The first step measures the throughput with respect to
UDP traffic, while the second step measures the throughput with respect to TCP traffic. In the
first step, port-1 of Spirent test center sends UDP traffic of different frame sizes to laptop-1,
which is connected to laptop-2 through wireless link using an Access Point (AP). Laptop-1
forwards this data to laptop-2 through AP and then laptop-2 send this data to port-2 of the
Spirent test center. The second step of the experiment was conducted using the same
environment variables described above, but this time TCP traffic was generated using port-1 to
send traffic with different frame sizes from laptop1 to laptop2. We varied the size of the frame
from 512 bytes to 1518 bytes.
6.3.2. Performance with OpenVPN
Now our next aim is to analyze the impact of applying OpenVPN security solution to 802.11g
WLAN. In this scenario first we have to run our OpenVPN solution on both the laptops.
OpenVPN configuration files [36] for both laptops are given below in Table 4.
10. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
106
Table 4. OpenVPN configuration files.
Configuration file – Laptop-1 Configuration file – Laptop-2
Port 5002
Proto udp
Dev tun0
Remote 192.168.1.102
Ifconfig 20.20.20.1 20.20.20.2
Cipher AES-128-CBC
Secret static.key
Comp-lzo
Keepalive 5 20
Persist-tun
Port 5002
Proto udp
Dev tun0
Remote 192.168.1.100
Ifconfig 20.20.20.2 20.20.20.1
Cipher AES-128-CBC
Secret static.key
Comp-lzo
Keepalive 5 20
Persist-tun
The setup for this experiment is shown in Figure 4. To analyze the impact of applying
OpenVPN security to 802.11g WLAN on the throughput of UDP and TCP traffic in IEEE
802.11g WLAN, we performed the experiments in two steps. In first step we measured the
impact on UDP traffic over IEEE 802.11g and in second step we measured the impact on TCP
traffic over IEEE 802.11g. Experimentation was carried out in the same manner as for baseline
performance measurement.
Figure 4. Experiment setup with OpenVPN
7. EXPERIMENT RESULT AND ANALYSIS
The results for all test scenarios of our experiment were collected from the test bed illustrated in
the experiment setup section. Each experiment was repeated for twenty iterations to find the
average performance values.
7.1. Throughput
The UDP and TCP throughput are measured as per RFC 2544 standards for different frame
sizes. The results of these experiments for UDP are presented in Table 5 and in Figure 5. The
results of these experiments for TCP are presented in Table 6 and in Figure 6.
11. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
107
Table 5. UDP throughput results.
Frame
Size
(bytes)
UDP Average Throughput (Mbps)
Without
OpenVPN
With OpenVPN
Without compression With compression
512 3.847 3.627 5.429
1024 5.429 4.574 11.238
1280 6.062 5.389 13.915
1518 6.906 6.062 16.09
Table 6. TCP throughput results.
Frame
Size
(bytes)
TCP Average Throughput (Mbps)
Without
OpenVPN
With OpenVPN
Without compression With compression
512 3.135 2.601 4.796
1024 4.796 4.065 10.929
1280 5.429 4.961 12.936
1518 6.062 5.62 16.09
Figure 5 and Figure 6 indicates that the throughput increases for both UDP and TCP traffic with
increased frame size. Throughput increases because when the data transmitted using large
frames the total overhead for transmitting the data due to frame headers will be less as compare
to when the data is transmitted using small frames. The throughput is decreased slightly when
OpenVPN is applied because of the increased overhead which is due to encapsulation and
cryptographic operations used by OpenVPN. When compression is used with OpenVPN
throughput increases since compression reduces the packet size in physical interface.
Throughput in this case is better than the throughput in normal case i.e. without OpenVPN
because IEEE 802.11g does not has inbuilt compression and after compression packet size
reduces considerably if data is not randomly distributed which is true most of the time.
Figure 5. UDP throughput according to frame size.
12. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
108
Figure 6. TCP throughput according to frame size.
As mentioned above, throughput of WLAN decreases slightly for both UDP and TCP traffic
after applying OpenVPN security. Table 7 lists the decrease in throughput corresponding to
each frame size and for UDP and TCP traffic. From the table it is clear that maximum decrease
in throughput is 15.84% (0.86 Mbps) in case of UDP traffic. In case of TCP traffic the
maximum decrease in throughput is 16.91% (0.53Mbps).
Table 7. Loss in throughput after applying OpenVPN without compression
Frame Size
(bytes)
UDP TCP
Loss (Mbps) Loss % Loss (Mbps) Loss %
512 0.22 5.72 0.53 16.91
1024 0.86 15.84 0.73 15.22
1280 0.67 11.05 0.47 8.66
1518 0.84 12.16 0.44 7.26
7.2. Average latency
We measured the average latency as per RFC 2679 standards for both UDP and TCP traffic
with various frame size. Figure 7 and Figure 8 shows the experimental result for average
latency. The figures clearly indicate that the latency increases for both UDP and TCP traffic as
we increase the frame size. This is due to the fact that round trip time is proportional to the size
of frame. From these figures it is also clear that latency is less for normal case as compare to the
two cases of OpenVPN mode because in OpenVPN mode additional processing is required for
performing cryptographic operation, compression and encapsulation. From the experiment
results we also analyzed that the latency in case of OpenVPN without compression is more than
in case of OpenVPN with compression. Even though compression takes some processing time it
reduces the frame size which results in decreased transmission time as compare to the
transmission time when frame is not compressed.
13. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
109
Figure 7. UDP Average Latency according to frame size.
Figure 8. TCP Average Latency according to frame size.
7.3. Frame Loss Percentage
Frame Loss Percentage is measured as per RFC 2680 standards for UDP and TCP traffic with
different loads. The results of these experiments are presented in Figure 9 and Figure 10. These
figures indicate that as we increase the load the Frame Loss Percentage increases for both UDP
and TCP traffic. The frame loss percentage increases exponentially as the load crosses the
throughput value corresponding to particular frame size.
14. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
110
Figure 9. UDP Frame Loss Percentage according to frame size.
Figure 10. TCP Frame Loss Percentage according to frame size.
7.4. IP Packet Delay Variation
The IP Packet delay variation is measured as per RFC 3393 standards for UDP traffic for
different frame size with different transmission rates. The result of this experiment is presented
in Figure 11. This figure indicates that as we increase the load the IP Packet delay variation
increases. From the above figures we observe that with the use of compression with OpenVPN,
15. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
111
the IP Packet delay variation decreased as compared to normal case because compression
reduces the payload size of packet.
Figure 11. TCP Frame Loss Percentage according to frame size.
8. CONCLUSIONS
The benefit of wireless networks is driving the explosive growth of the WLAN market, where
security has been the single largest concern for wireless network deployment. Through this
paper we discuss why security is a major concern for WLAN. We have investigated and listed
security vulnerabilities and attacks on the standard security mechanism for WLAN called WEP.
We also explained how VPN can be used as a security solution for WLAN. In this work a
transport layer tunneling based VPN solution named OpenVPN was adopted and implemented
for 802.11g WLAN. To show how OpenVPN overcomes the weaknesses of WEP, we have
compared OpenVPN with WEP based on various security parameters. The performance analysis
was carried out with respect to throughput, latency, frame loss and IP packet delay variation. To
measure these performance matrices we have followed RFC4148, RFC 2544, RFC 2679, RFC
2680 and RFC 3393. Experimentation was carried out for both UDP and TCP traffic with
respect to various data rates and frame sizes using Spirent test center to analyse the impact of
OpenVPN on performance of 802.11g WLAN. From the experimental results we can conclude
that there is slight decrease in performance of 802.11g WLAN with the implementation of
OpenVPN. But there is an increase in the performance of 802.11g WLAN with the use of
compression in OpenVPN.
ACKNOWLEDGEMENTS
We would like to thank Director CAIR for supporting us to work in this area. We would also
like to thank Dr. G. Athithan for his help and constructive suggestions throughout.
REFERENCES
[1] T. Karygiannis & L. Owens, (2002) “Wireless Network Security 802.11, Bluetooth and
Handheld Devices”, National Institute of technology, Special Publication, pp 800–848.
16. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
112
[2] Y. Zahur & T. A. Yang, (2004) “Wireless LAN Security and Laboratory Designs”, Journal of
Computing Sciences in Colleges, vol. 19, pp 44– 60.
[3] N. Borisov, I. Goldberg & D. Wagner, (2001) “Intercepting Mobile Communications: The
Insecurity of 802.11”, Proceedings of the Seventh Annual International Conference on Mobile
Computing and Networking.
[4] D. B. Faria & D. R. Cheriton, (2002) “DoS and Authentication in Wireless Public Access
Networks”, Proceedings of ACM Workshop on Wireless Security, pp 47–56.
[5] W. A. Arbaugh, N. Shankar, J. Wang & K. Zhang, (2002) “Your 802.11 network has no
clothes”, IEEE Wireless Communications Magazine.
[6] S.R. Fluhrer, I. Mantin & A. Shamir, (2001) “Weaknesses in the Key Scheduling Algorithm of
RC4”, Selected Areas in Cryptography, pp 1–24.
[7] Adam Stubblefield, John Ioannidis & Aviel D. Rubin, (2001) “Using the Fluhrer, Mantin, and
Shamir Attack to Break WEP”, AT&T Labs Technical Report TD-4ZCPZZ.
[8] Jumnit hong & Raid Lemachheche, (2003) “WEP protocol Weaknesses and Vulnerabilities”,
ECE 578 Computer Networks and Security.
[9] OpenVPN, http://openvpn.net/
[10] Praveen Likhar, Ravi Shankar Yadav & Keshava Rao M, (2011) “Performance Evaluation of
Transport Layer VPN on IEEE 802.11g WLAN”, Communications in Computer and information
science, Springer-Verlag, vol. 197, pp 407– 415.
[11] IEEE Std 802.11™-2007 (Revision of IEEE Std 802.11-199)
[12] OpenSSL-The Open Source toolkit for SSL/TLS, http://www.openssl.org
[13] Aircrack, http://www.aircrack-ng.org/
[14] Airpwn, http://sourceforge.net/projects/airpwn
[15] Airsnarf, http://airsnarf.shmoo.com/
[16] BSD-Airtools, http://www.dachb0den.com/projects/bsd-airtools.html
[17] Dsniff, http://monkey.org/~dugsong/dsniff/
[18] Dstumbler, http://www.dachb0den.com/projects/dstumbler.html
[19] Fake AP, http://www.blackalchemy.to/project/fakeap/
[20] KisMAC, http://binaervarianz.de/projekte/programmieren/kismac/
[21] Kismet, http://www.kismetwireless.net/
[22] MacIdChanger, http://www.codeproject.com/KB/applications/MacIdChanger.aspx
[23] MacStumbler, http://www.macstumbler.com/
[24] Netstumbler, http://www.netstumbler.com/
[25] Wep0ff, http://www.ptsecurity.com/
[26] WEPCrack, http://sourceforge.net/projects/wepcrack
[27] WEPWedgie, http://sourceforge.net/projects/wepwedgie/
[28] Wifitap, http://sid.rstack.org/static/articles/w/i/f/Wifitap_EN_9613.html
[29] TUN-TAP, http://en.wikipedia.org/wiki/TUN/TAP
[30] TUN-TAP FAQ, http://vtun.sourceforge.net/tun/faq.html
[31] E. Stephan, (2005) “IP Performance Metrics (IIPM) Metrics Registry”, RFC 4148.
[32] S. Bradner & J. McQuaid, (2005) “Benchmarking Methodology for Network Interconnect
Devices”, RFC 2544.
17. International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011
113
[33] G. Almes, S. Kalidindi, & M. Zekauskas (1999) “A One-way Delay Metric for IPPM”, RFC
2679.
[34] G. Almes, S. Kalidindi, & M. Zekauskas (1999) “One Way Packet Loss Metric for IPPM”, RFC
2680.
[35] C. Demichelis & P. Chimento, (2002) “IP Packet Delay Variation”, RFC 3393.
[36] M. Feilner (2006) OpenVPN: Building and Integrating Virtual Private Networks, Packt
Publishing.
Authors
Praveen Likhar, obtained bachelor’s degree from Maulana Azad National
Institute of Technology, Bhopal. He is working as a scientist with
Centre for Artificial Intelligence and Robotics (CAIR), Defence
Research and Development Organisation (DRDO), Bangalore. His
research spans computer network security, communication security
and wireless LAN security.
Ravi Shankar Yadav, obtained master’s degree from Indian Institute of
Science (IISc), Bangalore and his bachelor’s degree from Motilal
Nehru National Institute of Technology, Allahabad. He received
“BEL R&D Excellence Award” in the year 2006 and also awarded
with “Lab Group Technology Award” in the year 2007. He is
working as a scientist with Centre for Artificial Intelligence and
Robotics (CAIR), Defence Research and Development Organisation
(DRDO), Bangalore. His research interests are cyber security,
information security and computer networks.
Keshava Rao M, obtained Master’s degree from BITS, Pilani. He received
BEL R&D excellence award in the year 2006 and currently he is
working as a scientist with Centre for Artificial Intelligence and
Robotics (CAIR), Defence Research and Development
Organisation (DRDO), Bangalore. He is having more than 10 year
working experience in the area of information security.