Vulnerability in Wireless SecurityAppendix: Annotated BibliographyVulnerability in Wireless SecurityIntroduction: In just a few years of revolution from wired networking a majority of Internet users started using wireless connectivity usually away their homes and offices in daily basis due to several good reasons that make lives easier for them; these good reasons include simplicity of installation, convenience to use, cost of equipment, and popularity in our society. However, most wireless users may overlook the security flaws in the current wireless standards, which is the hidden cost behind all the good reasons. This is one of several incidents that new technologies did not provide complete solutions our society. From the user’s side, installing a Wireless Local Area Network (WLAN) card, AKA Wireless Network Interface Card (WNIC), is almost free of configuration under Microsoft Windows 2000 or XP since all features have been set to default for the majority of users. From the server’s side, only base station AKA access point (AP) is needed and can be placed anywhereeither inside or outside a building since it has a range of several hundred feet. In contrast, wired Local Area Network (LAN) must deploy wires all over the building, even though wires can be hidden over the ceiling, inside the wall, or under the carpet, which is very expensive in terms of the cost of labors and cables. With Wi-Fi, users can connect to Internet or Virtual Private Network (VPN) with their notebook computers at coffee’s shops, parks, hotels, airports, and any public places with AP available; on the other hand, comparing with the traditional LAN, users must seat in the dedicated area to compromise the limitation of wires and jacks. Moreover, In themost popular wireless standard of IEEE 802.11b, the cost of wireless equipment is pretty affordable even for students. An Wireless Network Interface Card (WNIC) for each computercosts about $40 dollars, and an Access Point (AP) for each station costs around $50 now down from one thousand dollars on 1999. Most new laptop computers come with built in 802.11b networking capabilities today. Along with all these good reasons, no wonder why our society rapidly accepts this type of new technology. Indeed, two names appear in public in associate withthis type of wireless networking: hotpots where you can get wireless connection and Wi-Fi whichstandards for Wireless Fidelity. Nevertheless, those users who do not relate to computer technology with their professions may not aware of the security flaws in Wi-Fi. In fact, vulnerableness exists in every layer of current standards including IEEE 802.11a, IEEE 802.11b, and IEEE802.11g, which may cost Wi-Fi users much more than the price of wireless network interface card and an access point. An IEEE 802.11 WLAN consists of several popular security mechanisms such as authentication and encryption; however, these mechanisms as well as the encryption algorithms behind them apply in an inappropriate way. Fundamentally, there are two types of WLAN: ad hoc and infrastructure. Ad hoc WLAN is for a group of wireless users in conference or meeting to communicate with each other without accessing to an external network (infrastructure), which is not the consideration in this paper. An infrastructure-based WLAN consists of a base station and multi clients. The based station AKA access point has two main functions: connecting to the external network and broadcasting wireless data to its clients (Wi-Fi users at this case). In order to receive and send data, clients must have proper equipment as well as the secret shard key if required by the network as an option in Windows XP and 2000. Based on Wired Equivalent Privacy (WEP) protocol, WLANs were supposed to provide as the same kind of security level as that of LANs. Unfortunately, the security mechanisms of WLAN were broken obviously; it does not meet the original goal of design.The current IEEE 802.11 standard supports two types of authentications: open and shared key. With open mode, anyone can access the base station and connect to Infrastructure such as Internet, which is the default setting. With shared key mode, which is optional in Windows XP and 2000, only allow specific users to access the base station restricted by the shared secret key, which is either 40 bits or 104 bits under the specification of WEP. Nonetheless,this protocol fails to perform its duty for authentication since WEP protocol is based on a common stream cipher, RC4, but applied in a non-standard way. In the protocol with the shared key mode, which uses four messages with a challenge and a response, a user initials with AP first, then AP identifies the user with its MAC address and sends a random number (Nonce and 128 bytes typically) to the user. The user encrypts this random number with the shared key by applying the RC4 encryption algorithm, and returns back to the AP. The AP decrypts the messagewith the shared key and the same RC4 encryption algorithm to check if the decrypted value matches the random value. If so, the user is authenticated. From the cryptanalysis point of view, an attacker eavesdropping in the whole process can collect both plaintext and ciphertext since all the message broadcasts on air; this would provides sufficient data for the attacker to search for the shared key, which can be classified as known plaintext attack. Moreover, identify is a critical element in security systems; still, the current IEEE 802.11 family does not offer any reliable architecture for identity. The only form of identity in WLAN isbased on Media Access Control (MAC) address, which is mostly supplied by vendor, as a way ofaccess control. However, the MAC-address-based access control fails since users could change their MAC address via open source device drivers, and the MAC address was sent in clear. As the result, attack can sniff the wireless network and identify those MAC addresses permitted bythe Access Control List, then wait and target one inactive MAC address to get in the Wireless network by modifying his/her MAC address to match the inactive MAC address. Other than authentication and access control, in practice the critical weakness of WEP is the encryption part. Even though after authentication, the Initialization Vector (IV) employed by WEP was sent in clear. Consequently, it is possible to attack WEP based on this flaw. In
View Full Document
Unlocking...