Wireless networks: Security

Published Date: 23 Mar 2015 Last Modified: 25 Apr 2017

WIRELESS networks ,due to ease of installation ,cost benefits and the capability of connectivity , hence communication anywhere ,has made it the most popular way of network setup in this 21st century. With increase in the need of mobile systems, the current electronic market has also been flooding with laptops, pdas, RFID devices, healthcare devices and wireless VOIP (Voice over IP) which are WIFI (Wireless Fidelity) enabled. With the 3G (Third Generation) and 4G (Fourth Generation) cellular wireless standards, mobiles phones are also WIFI enabled with very high speed being provided for data upload and download .Nowadays a malls and public areas not mention even cities are WIFI capable, enabling a person to access the internet or even contact a remote server in his office from anywhere in that city or even from his mobile phone while just strolling down the road.

But as every good technology has its own drawbacks so does the wireless networks .Just as in the case of wired networks they are also prone to intruder attacks or more commonly known as Wireless hacking thus compromising the networks , security, integrity and privacy. The basic reason for this is when the wireless network was first introduced, it was considered to have security and privacy built into the system while transmitting data. This misconception had basically arisen because wireless system transmitters and receivers used spread spectrum systems which have signals in the wide transmission band. Since the RF(Radio Frequency ) receivers which at that time could only intercept signal in the narrow transmission band these wireless signals were potentially considered in the safe zone .But it did not take long to invent devices that could intercept these wireless signals as well .Hence the integrity of data send over wireless networks could be easily compromised .With the development of technology so has the methods and ways in which a network can be attacked become more vicious .

Fig-1: WLAN (Wireless Local Area Network)

Security of wireless networks against such vicious attacks is hence the become the priority for the network industry. This is because not all networks are equally secure .The security depends on where this network is used. For example, if the requirement of the wireless is to provide a wireless hotspot in a shopping mall then then the security of this is never concerned with but if it's for a corporate they have their own security authentication and user access control implemented in the network.

II. WHY WIRELESS networks are prone to attacks?

There are number of reasons why wireless networks are prone to malicious attacks .These are the most challenging aspects to eb considered when a secure wireless network has to be established.

a) Wireless network are open networks: The reason for this is that there is no physical media protecting these networks .Any packet transmitted and received can be intercepted if the receiver has the same frequency as the transmitter receiver used by h wireless network .There is also a common misconception that if the authentication and encryption are properly used the network will not be compromised .But what about the messages send back and forth before the authentication and encryption comes into play ?

b) Distance and Location: The attacker can attack from any distance and location and is only limited by the power of the transmitter .Special devices have been designed which can attack even short distance networks such the Bluetooth

c) Identity of the Attacker: Attacker can always remain unidentified because he uses a series of antennas or other compromised networks before reaching the actual target. This makes wireless network attackers very difficult to track.

Some of the reasons why such attacks are so common is because of the easy availability of information from none other than the Internet, easy to use cheap technology and of course the motivation to hack .

III. wireless hacking - step by step

To understand the security protocols for wireless networks currently in use, first it is important to understand the methods through which a weak network is attacked by a hacker .These are also known as wireless intrusion methods .

A. Enumeration:

Also know as network Enumeration, the first and foremost step to hacking which is finding the wireless network. The wireless network could be any specific target or even a random weak network which can be compromised and used to attack other end systems or networks .This feat is achieved by using a network discovery software which are now a day's available online in plenty, to name a few are Kismet and Network stumbler .

In order to have more information about the network, the packets that are send and received by the network can sniffed using network analyzers also known as sniffers .A large number of information can be obtained by using this including IP address, SSID numbers even sensitive information such as MAC address , type of information and also the other networks that this compromised end system.

Yet another problem faced is the use of network mappers which can be used to find he servers that run these compromised networks hence also attacking these servers which could then affect proper functioning and information transfer between these servers and to other networks connected to it .

B. Vulnerability Assesment:

This is mainly done by the hacker y using a vulnerability scanner .After the hacker has found the network he want to attack he uses this program in order to detect the weakness of the computer , computer systems networks or even applications. After this the intruder decided on the most possible means of entry into the network.

C. Means of Entry:

IV. TYPES OF THREATS & ATTACKS

A. Eaves Dropping and Traffic Analysis:

This is the form of attack that makes use of the weak encryption of the network .This always compromises the integrity and security of the network .All attacks such as war driving , war chalking ,packet sniffing traffic analysis all fall under this category

 

B. Message Modification:

These attacks are mainly used to modify the data that is send across a network .The modification might be giving wrong information or also adding malicious content to the data packet send form one station to another .This compromises the integrity and privacy of the Data .

C. Rogue Devices:

Theses could be devices such as APS , application software programs which has been compromised by the intruder and made to function according to him/her. Such devices can compromise the integrity of the network as well as the data send across it .These devices can also launch reply attacks and also make the network associated to malicious content websites or information.

D. Session Hijacking:

This attack occurs after a valid session has been established between two nodes to through the AP.In the attacker poses as a valid AP to the node trying to establish connection and a valid node to the AP .The attacker can then send malicious or false information to the node that the connection has already been established with .The legitimate node believe that the AP has terminated he connection with it . The hacker can then use this connection to get sensitive information from the network or the node .

E. Man In the Middle Attacks:

This is similar to that of a session hijacking attack but in this case it is a rogue AP that acts as valid client to the legitimate AP and valid AP to the legitimate client .Once this has been established the rogue AP can access all information from the , intercept communication , send malicious information to other clients through this .

These are just few of the security threats and attacks in wireless environments .With the advancing technologies there many more possible security threats that can be faced by these networks in the future.

V. BASIC REQUIREMENTS IN WIRELESS NETWORK SECURITY

With the vulnerability of wireless networks ,security and countering o such malicious attacks have become one of the top priorities addressed by enterprises ,corporate as well as research fields in IT .There are many pints to be considered when the security of a network is concerned the most important f which are : authentication, accountability and encryption .

A. Authentication:

This is very familiar to anyone using a network in his or her work place or even accessing he email on the internet and the very first step in promoting a secure wireless network . .There many different ways of authentication and many different tools and methods have been used over the years in order.. make the primary process, more reliable and fool prof.Some of the most widely used methods are :

a) User name and Password combinations generally defined as something that a person knows.

b) Smart Card, RFIDs and Token technologies also known as something that a person has

c) Biometric Solutions such as finger printing , retina scanning which can be generally defined as something that a person is or are.

Now the reliability of each one of these methods can vary depending on the level on which it has been implemented .In the case very low level authentication s only one kind of method I used to secure the network .One of the weakest forms of authentication can be considered as the use of only ID card or token technologies as if a person looses this , he can compromise the security of the network .Even in the case of username and password the strength of the authentication is only as good as the complexity of the information used as username or even password .People generally prefer to use passwords that are easy to remember but also known to many other people in that organization or even outside One of the much better ways of securing a network through authentication is to use biometric solutions such as fingerprinting or retina scanning .But of course technology has advanced to the extend that even fingerprints or even retinas can be forged .Nowadays a number of methods of combinational methods are used as authentication with high security premises or networks guarded by more than two or three kinds of authentications .

B. Accountability

After a user has been authenticated to use the network it is important to have t able to track the computer usage of each person using the network so that incase of any foul play the person responsible can be held responsible .When the networks were very small it was very easy f a network administrator to track the usage of each person on a network .But with huge networks, remote access facilities and of course the wireless networks it has become quite a difficult task .AS mentioned earlier , there are many ways in which a hacker can make himself difficult to track down .Many software's and firmware's have been created which is used in conjecture with the authentication protocols inoder to make the wireless network more secure and robust .

C. Encryption:

This is the most important step in building and securing a strong wireless network infrastructure .he steps generally followed for this are :

a) Methods based on public key infrastructure (PKI)

b) Using high bit encryption scheme

c) Algorithm used for encryption must be well known and proven to be very unbreakable.

Current wireless network security solutions can be classified into three broad categories:

a) unencrypted solutions

b)encrypted solutions

c) combination.

In this paper with emphasis as explained in the abstract will eb on encrypted solutions for wireless security. A brief discussion on the unencrypted methods has still been given for basic understanding.

I n the case of encryption based security protocols ,a details description is given about the ones that are commonly used in wireless LANS in this paper .After which the latest and developing technologies will be discussed .The three major generations of security as existing today and also cited in many papers ,journals and magazines are as follows :

1) WEP (Wired Equivalent Privacy)

2) WPA (Wi-Fi Protected Access)

3) WPA2

The image below shows the layer in which the wireless network security protocols come into play which is of course the link layer:

Fig-1: 802.11 AND OSI MODEL

VI. WIRELESS SECURITY - UNENCRYPTED

A. MAC Registration:

This is one of the weakest methods network security..MAC registration was basically used to secure university residential networks as college apartments or dorm rooms. The basic way of doing this is to configure DHCP (Dynamic Host Configuration Protocol) to lease IP address to only a know set of MAC address which can be obtained manually by running automated scripts on a network server so basically any person with a valid registration can enter into the network .Session logs also cannot be generated because of which accounting of the logs become impossible. Last but not the least since this method of securing was basically used for switched and wired networks encryption was never included.

B. Firewalls:

In this method, network authentication is one through either HTTP( Hyper text Transfer Protocol),HTTPS or telnet .When an authentication requirement is received by the network it is directed to the authentication server .On validating the authentication the firewalls add rules to the IP address provided to that user , This IP address also has timer attached to it in order to indicate the rule time out of this IP address. When executed through HTTPS it is basically a session based as well as a secure process .But any other process which is adapted from a switched wired network firewalls does not provided encryption.

C. Wireless Firewall Gateways :

One of the most latest as well as considerably fool proof method in unencrypted solutions in Wireless Firewall Gateways or WFGs.This is a single wireless gate way is integrated with firewall, router, web server and DHCP server and it's because of all these being in one system that makes WFGS a very secure wireless security solution. When a user connects to the WFG, he/she receives a IP address form the DHCP serve .Then the web server ( HTTPS) asks for a user name and password and this is executed by the PHP ( Hypertext Preprocessor).Address spoofing and unauthorized networks are avoided by PHP as the DHCP logs are constantly compare with the current updated ARP(Address Resolution Protocol).This verifies that the computer that is connect to the network is using he the IP address that has been leased to it by the DHCP server .Then this information is passed on to the authentication server which in turn adds rules to this IP address .Up ne the expiration of the DHCP lease the sessions are terminated . The WFGS hence make the authentication and accountably pat f the network more reliable ,But as this is also an unencrypted method it lacks the most important accept of security.

VII. WEP-WIRED EQUIVALENT PRIVACY

This protocol was written in accordance with the security requirements required for IEE 802.11 wireless LAN protocol .IT is adapted from the wired LAN system and hence the security and privacy provided by it is also equivalent to the security and privacy provided a wired LAN. Through it's an optional part of wireless network security, it will give a considerably secure networking environment.

The algorithm used in WEP is known as the RC4(Rivest Cipher 4) .In this method a pseudo random number is generated using encryption keys of random lengths .This is then bound with the data bits using a OR(XOR) functionality in order t generate an encrypted data that is then send .Too look at in more in detail :

A. Sender Side:

The pseudo random number is generated using the 24 bit IV(initialization Vector ) given by the administrator network and also a 40 r 104 bit secret key or WEP key given by the wireless device itself. Which is then added together and passed on to theWEP PRNG (Pseudo Random Number Generator).At the same time the plain text along with an integrity algorithms combined together to form ICV (integrity check value) .The pseudo number and the ICV are then combined together to form a cipher text by sending them through an RC4.This cipher text is then again combined with IV to form the final encrypted message which is then send.

Fig-2: WEP SENDER SIDE

B. Receiver Side:

In the receiver side the message is decrypted in five steps .Firs the preshared key and the encrypted message are added together .The result is then passed through yet another PRNG .The resulting number is passed through an CR4 algorithm and this resulting in retrieving the plain text .This again combines with another integrity algorithm to form a new ICV which is then compared with the previous ICV t check for integrity.

Fig-3: WEP RECIEVER SIDE

C. Brief Descriptions:

a) Initialization Vector : are basically random bit the size f which is generally 24 bits but it also depends on the encryption algorithm .This IV is also send to the receiver side as it is required for decrypting the data send .

b) Preshared Key: is more or less like a password .This is basically provided by the network administrator and is shared between the access point and all network users

c) Pseudo Random Number Generator: This basically creating a unique secret key for each packet sends through the network. This is done by using some 5 to at most 13 characters in preshared key and also by using randomly taken characters from IV.

d) ICV and Integrated Algorithm: This is used to encrypt the plain text or data and also to create a check value which can be then compared y the receiver side when it generates its own ICV .This is done using CRC (Cyclic Redundancy Code) technique to create a checksum .For WEP, the CRC-32 of the CRC family is used.

D. RC4 Algorithm:

RC$ algorithm is not only proprietary to WEP .IT can also be called a random generator, stream cipher etc .Developed in RSA laboratories in 1987 , this algorithm uses logical functions to be specific XOR to add the key to the data .

Figure 5: RC4 Algorithm

E. Drawbacks of WEP:

There are many drawbacks associated with the WEP encryptions. There are also programs now available in the market which can easily hack through these encryption leaving the network using WEP vulnerable to malicious attacks:

Some of the problems faced by WEP:

• WEP does not prevent forgery of packets.
• WEP does not prevent replay attacks. An attacker cans simply record and replay packets as desired and they will be accepted as legitimate
• WEP uses RC4 improperly. The keys used are very weak, and can be brute-forced on standard computers in hours to minutes, using freely available software.
• WEP reuses initialization vectors. A variety of available

Cryptanalytic methods can decrypt data without knowing the encryption key

• WEP allows an attacker to undetectably modify a message without knowing the encryption key.
• Key management is lack and updating is poor
• Problem in the RC-4 algorithm.
• Easy forging of authentication messages.

VIII. WPA -WIFI PROTECTED ACCESS

WPA was developed by the WI-FI alliance to overcome most of the disadvantages of WEP. The advantage for the use is that they do not have t change the hardware when making the change from WEP to WPA.

WPA protocol gives a more complex encryption when compared to TKIP and also with the MC in this it also helps to counter against bit flipping which are used by hackers in WEP by using a method known as hashing .The figure below shows the method WPA encryption.

Figure 6: WAP Encryption Algorithm (TKIP)

As seen it is almost as same as the WEP technique which has been enhanced by using TKIP but a hash is also added before using the RC4 algorithm to generate the PRNG. This duplicates the IV and a copy this is send to the next step .Also the copy is added with the base key in order to generate another special key .This along with the hashed IV is used to generate the sequential key by the RC4.Then this also added to the data or plan text by using the XOR functionality .Then the final message is send and it is decrypted by using the inverse of this process.

A. TKIP (Temporal Key Integrity Protocol):

The confidentiality and integrity of the network is maintained in WPA by using improved data encryption using TKIP. This is achieved by using a hashing function algorithm and also an additional integrity feature to make sure that the message has not been tampered with

The TKIP has about four new algorithms that do various security functions:

a) MIC or Micheal: This is a coding system which improves the integrity of the data transfer via WPA .MIC integrity code is basically 64bits long but is divided into 32 bits of little Endean words or least significant bits for example let it be (K0 , K1) .This method is basically used to make that the data does not get forged .

b) Countering Replay: There is one particular kind of forgery that cannot me detected by MIC and this is called a replayed packet .Hackers do this by forging a particular packet and then sending it back at another instance of time .In this method each packet send by the network or system will have a sequence number attached to it .This is achieved by reusing the IV field .If the packet received at the receiver has an out of order or a smaller sequencing number as the packet received before this , it is considered as a reply and the packet is hence discarded by the system .

c) Key mixing: In WEP a secure key is generated by connecting end to end the base layer which is a 40 bit or 104 bit sequence obtained for the wireless device with the 24 bit IV number obtained from the administrator or the network. In the case of TKIP, the 24 bit base key is replaced by a temporary key which has a limited life time .It changes from one destination to another. This is can be explained in Phase one of the two phases in key mixing.

In Phase I, the MAC address of the end system or the wireless router is mixed with the temporary base key .The temporary key hence keeps changing as the packet moves from one destination to another as MAC address for any router gateway or destination will be unique.

In Phase II, the per packet sequence key is also encrypted by adding a small cipher using RC4 to it. This keeps the hacker from deciphering the IV or the per packet sequence number.

d) Countering Key Collision Attacks or Rekeying : This is basically providing fresh sequence of keys which can then be used by the TKIP algorithm .Temporal keys have already been mentioned which has a limited life time .The other two types f keys provided are the encryption keys and the master keys .The temporal keys are the ones which are used by the TKIP privacy and authentication algorithms .

B. Advantages of WPA:

The advantage of WPA over WEP can be clearly understood from the above descriptions .Summarising a few:

a) Forgeries to the data are avoided by using MIC

b) WPA can actively avoid packet replay by the hacker by providing unique sequence number to each packets.

c) Key mixing which generates temporal keys that change at every station and also per packet sequence key encryption.

d) Rekeying which provides unique keys for that consumed by the various TKIP algorithms.

IX. WPA2-WIFI PROTECTED ACCESS 2

WPA 2 is the as the name suggests is a modified version of WPA in which Micheal has be replaced with AES based algorithm known as CCMP instead of TKIP .WPA" can operate in two modes: one is the home mode and he enterprise mode .In the home mode all he users are requires to use a 64 bit pass phrase when accessing the network. This is the sort encryption used in wireless routers used at home or even in very small offices. The home version has the same problems which are faced by users of WEP and the original WPA security protocol.

The enterprise version is of course for used by larger organisation where security of the network is too valuable to be compromised .This is based on 802.1X wireless architecture , authentication framework know as RADIUS and the another authentication protocol from the EAP ( Extensible Authentication Protocol ) Family which is EAP-TLS and also a secure key .

A. 802.1X:

Figure 7: 802.1X Authentication Protocol

In order to understand the security protocols used in WPA2 it is important know a little bit about the 802.1X architecture for authentication. This was developed in order to overcome many security issues in 802.11b protocol. It provides much better security for transmission of data and its key strength is of course authentication There are three important entities in 802.1x protocol which is the client, authenticator and authentication.

a) Client : is the STA(station) in a wireless area network which is trying to access the network ,This station could be fixed , portable or even mobile. It of course requires client software which helps it connect to the network.

b) Authenticator: This is yet another name given to an AP (Access Point).This AP receives the signal from the client and send it over to the network which the client requires connection from There are two parts to the AP i.e. the non control port and the control port which is more of a logical partitioning than an actual partition..The non control port receives the signal and check its authentication to see if the particular client is allowed to connect to the network .If the authentication is approved the control port of the AP is opened for the client to connect with the network.

c) Authentication: RADIUS (Remote Authentication Dial in User Service) server .This has its own user database table which gives the user that has access to the he network, this makes it easier for the APs as user information database need not be stored in the AP .The authentication in RADIUS is more user based than device based .RADIUS makes the security system more scalable and manageable.

Figure 8: EAP/RADIUS Message Exchange

B. EAP (Extended Authentication Protocol):

The key management protocol used in WAP2 is the EAP (Extended Authentication Protocol).It can also be called as EAPOW (EAP over wireless).Since there are many versions of this protocols in the EAP family it will advisable to choose the EAP protocol which is very best suited for that particular network .The diagram and the steps following it will describe how a suitable EAP can be selected for that network :

a) Step1: By checking the previous communication records of the node using a network analyser program, it can be easily detected if any malicious or considerably compromising packets has been send to other nodes or received from to her nodes to this node .

b) Step 2: By checking the previous logs for the authentication protocols used, the most commonly used authentication protocol used and the most successful authentication protocol can be understood.

Figure 9: EAP Authentication with Method Selection Mechanism

c) Step 3: The specifications of the node itself have to be understood such as the operating system used the hardware software even the certificate availability of the node.

After all this has been examined the following steps can be run in order to determine and execute the most suitable EAP authentication protocol:

1. Start

2. if (communication_record available) then

read communication_record;

if(any_suspicious_packets_from_the_other_node) then

abort authentication;

go to 5;

else

if (authentication record available) then

read authentication record;

if (successful authentication available) then

read current_node_resources;

if (current_node_resources comply with

last_successful_method) then

method = last_successful_method;

go to 4;

else

if (current_node_resources comply with

most_successful_method) then

method = most_successful_method;

go to 4;

else

go to 3;

else

go to 3;

else

go to 3;

else

go to 3;

3. read current_node_resources;

execute method_selection(current_node_resources);

4. execute authentication_process;

5.End

X. RSN-ROBUST SECURITY NETWORKS

RSN was developed with reference to IEEE 802.11i wireless protocol .This connection can provide security from very moderate level to high level encryption schemes .The main entities of a 802.11i is same as that of 802.1x protocol which is the STA (Client), AP and the AS (authentication server).RSN uses TKIP or CCMP is used for confidentiality and integrity protection of the data while EAP is used as the authentication protocol.

RSN is a link layer security i.e it provides encryption from one wireless station to its AP to from one wireless station to another..It does not provided end to end security IT can only be used for wireless networks and in the case of hybrid networks only the wireless part of the network .

The following are the features of secure network that are supported by RSN ( WRITE REFERENCE NUMBER HERE) :

a) Enhanced user authentication mechanisms

b) Cryptographic key management

c) Data Confidentiality

d) Data Origin and Authentication Integrity

e) Replay Protection.

A. Phases of RSN:

RSN protocol functioning can be divided in the five distinct phases .The figure as well as the steps will describe the phases in brief:

a) Discovery Phase: This can also be called as Network and Security Capability discovery of the AP.In this phase the AP advertises that it uses IEE 802.11i security policy .An STA which wishes to communicate to a WLAN using this protocol will up n receiving this advertisement communicate with the AP .The AP gives an option to the STA on the cipher suite and authentication mechanism it wishes to use during the communication with the wireless network.

Figure 9: Security States of RSN

b) Authentication Phase: Also known as Authentication and Association Phase .In the authentication phase, the AP uses its non control part to check the authentication proved by the STA with the AS .Any other data other than the authentication data is blocked by the AP until the AS return with the message that the authentication provided by the STA is valid .During this phase the client has no direct connection with the RADIUS server .

c) Key Generation and Distribution: During this phase cryptographic keys are generated by both the AP and the STA. Communication only takes place between the AP and STA during this phase.

d) Protected Data Transfer Phase: This phase as the name suggest is during which data is transferred through and from the STA that initiated .the connection through the AP to the STA on the other end of the network.

e) Connection Termination Phase: Again as the name suggests the data exchanged is purely between the AP and the STA to tear down the connection established been them.

Figure 9: RSN Association

The Supplicant, the authenticator and the authentication server are the three entities that take part in an RSN authentication process at the end which the authenticator and the supplicant would have successfully verified each others identity. This is done with the help of a 4 Way Handshaking process.

B. Preliminary Authentications:

The preliminary authentications require number handshake between the STA and the AP, the AP and the AS and last but not the least STA and the AS. After all these handshakes a MSK (Master Session Key) is generates which is secret key shared by the three parties .MSK is used by STA to derive the PMK (Pairwise Master key ) most of the time using the EAP process .In the server side the AAA(Authentication, Accounting and Authorization Key ) is used to derive the same PMK by the AS .Sometimes the AS and the STA can use a Pre shared key as PMK..After all this a 4 Way handshaking is done to successfully setting up the RSN.

C. 4-Way Handshaking:

The 4 Way handshaking process only begins after a common PMK has been selected by the STA and the AS .This PMK is used to derive a PTK ( Pairwise transient key).A new PTK is generated for each session between the STA and the AS thus ensuring very successful secure communication at almost all times .

D. CCMP Protocol:

CCMP (Counter Mode with Cipher Block Chaining MAC Protocol) is one of the types of confidentiality and integrity protocols used by RSN .The other one as mentioned earlier is the TKIP protocol .CCMP uses AES as its cipher method just like WEP and WPA uses RC4 .The mode of operation used by CCMP is known as the CCM mode which in turn uses CTR for confidentiality and CBC-MAC (Cipher Block Chaining MAC) for authentication and integrity.

XI. SECURITY FOR WHN (WIRLESS HOME NETWORK)

The use of wireless devices at residences are a quiet a common practice .With more and more equipments becoming WI-FI equipped its possible to connect almost all electronic equipments to a wireless AP which can be purchased at quiet reasonable prices from the market today .All a person needs to setup WHN (Wireless Home Network) is a wireless Access point such as a wireless router or a gateway and of course wireless network adaptor in each device.

But with such ease of setup and functionality the security of these networks are sometimes compromised with the houses becoming the victim of a malicious attack by an intruder .There many ways in which the security of a home network can be compromised such as eavesdropping on confidential files belonging to the family, communication disruption , using the wireless network by controlling it to perform Denial of Service (DOS) attacks on some other network or server.

Security for WHN is much more complex task because of the variety of devices that are or could be connected to the network Because of this inconsistency the level of securities required by each of this devices could be form very low level requirements t very high level requirements. So instead of using a single Standard a framework is more important for WHN which consists of various algorithms which is provided to the device depending n its storage , power requirements and of course computational capability.

A. Types of Attacks on WHN:

a) This is attack is the simplest form of a WHN where a person sitting very close to the broadcast diameter of the wireless AP can pick up signals by using passive APs that cannot be detected. If this information is not encrypted then it compromises the confidentiality of the networks also the privacy of the home .This form of attack is known as Eavesdropping

b) The information received thought eavesdropping can be modified by the hacker and send back to the receiving parties hence compromising the integrity of the data .This is called Tampering.

c) The information received while eavesdropping can be stored by the hacker and at a later time resend to any f the receiving parties or even the sender called Replaying

d) A hacker can obtain total control over the wireless network which will enable him steal or even destroy important information on that network. He can also send wrong or even dangerous information to receivers which are connected to other networks which then compromise the confidentially, integrity and privacy of the networks also. This attack imposes high security risks and is known as Impersonating or Masquerade Attacks

e) The hacker floods the wireless network with packets or even connection request at such a fast rate that the network cannot process this .Due to this the owner of the network also ill not be able to access any information or v=even communicate with anyone else using the network .

B. Steps to follow to Ensure WHN Security:

a) Step 1: Obtaining Trust and Giving Authorization: When a new devise is purchased by the own , its important to establish a trustworthy relationship with the device .This functionality is does by the AS .In the case of devices which low security level authorization the MAC address of the system will suffice as each device has its own unique MAC address .But in the case of high security requirement devices such a laptop , PC etc .it important t have a much a stronger authorization mechanism .

The Resurrecting Duckling is a type of trust relation establishment where the new device will only answer to the owner that firs to provided it with is secure key .This is known as imprinting the devices .Now until the device is rest to its factory settings the device will only answer to this particular owner .

The trust relationship can be established between the newly purchased device and the AS by manually injecting the secure key into the device. After this relationship has been establish , the access control is provided to this device by providing he access control list on AS .

b) Step2: Providing Authentication and Key Management: As the home network is divided into low level and high level security devices there are different methods for each one of these to achieve authentication from the server .

In the case of a low security requirement device , the AS simply looks up id the MAC address of the devices requesting connection r service is it the MAC ACL and if found the device is authenticated .

But for high security requirement devices this is not the case .First and foremost a the AS provides to each high security device connected to the network with a secret key more commonly known as a password which can be changed periodically to ensure more stronger security .So when a device wants to contact a network or request service from a server it provides the AS through the AP with it s secret key .The AS on approving this key gives authentication to the device and also provide the communicating parties with a session key which can be use for secure data transfer by the two devices .

c) Step3: Avoiding DOS by secure Routing: DOS attacks are not quite common in WHN as they are in other more crucial networks such a s corporate healthcare or battlefield networks .But just in case, DOS can be avoided by making sure that all the devices or node in the home network passing information through each other has a group key which can be used to recognize each other, encrypt the outgoing information and also check the integrity of the incoming information . .

d) Step 4: Confidentiality, Integrity and Freshness for Communication Protection: After the two devices have been authenticated and connected securely a secret session key provided by the AS can be used to endure secure communication between the communicating parties.

C. SDS (Security Delegation service ):

In a WHN , thre are quiet a number od devices that would not have very high computational capabitlities.In this case it wile b difficult for these deivces to establishs end to end secure connections using IPSEC or TLS protocols . The SDS protocols thus helps these devices to establish secre connection by delegating the handshaking protocol work to devices that high computational capabilities .

The wireless device requiring to make a connection first contacts the SDS server using LLS SA ( Link Layer Security Security Association ) Thisis form packet encrypton provided at the link layer of the wireless home network .The for amt f the link layer packet is as shown below :

Figure 10: Link Layer Security Association Format

After this connection has been establishe the SA inturn makes connection with the remote server using IPSEC/TLS handshaking protocols thus establishing connection with the remote server .The SDS server then informs the wireless device that the connection ahs been establish.Upone receiving this information, the wireless devices transfers information through the SDS server to the remote server .

Figure 11: Secure Communication Path with SDS Server

The SDS hence allows interoperability between devices ,availability of devices , reduces of implementing comples security techniques hence reducing he cost considerably .

XII. SECURITY FOR BLUETOOTH NETWORKS

Bluetooth was mainly developed for the purpose f short range wireless communications and also because of he exponentital increase in may mobile an d handheld wireless devices .It works at afrquence of 2.4Ghz ISM(Industrial Scientific and Medical Band).Bluthooht is highly popular communication meehtod because eof its low per consumption , good rate of data transfer at aclose promities and alsofree data transfer beween devices .

A. Security Features Applied By BLuetooth:

Blutooth tehcnoloy was developed with aspect of security in mind .There are many feature implement in bluetoht which makes it an almost secure platform for communication and information transfer :

a) Stealth: This is the most important feature of Blutooht Networks.Its a simple mechanism , where a device can accept or refuse connection when in dicoerable and in connectable mode .In the Diecverale mode , the deve can be seen by other bluetoth devices but other devices can only cnnect to it if it authenticates the request form the othe blutooth device .In Non Discoverable mode , the bluetooht device does nto even bradcast its presnence in the network .In Connectible mde, the bluetoth device is now specifically listening for connection from other devices while in Non Connectible mode it refuses every sort of connection that is requested to it .This four procedures are now a adyas a part of evry mobile phone or portable hand held device .

b) Freqeuncy Hopping : Bluetht broadcasts beween the range of RF ( radio frequencies ) which are 2.4000 and 2.4835 GHz.79 differnet channel are hence available for frequency hpping which is done about 1600 times in a second based on a timing sequence .This helps to prevent signal jamming alos monitor of traffic by third parties

c) Security Modes :There are four different security modes whhch ae used by Bluetooth .Three of which are used by legacy devices .IT will be explained in detail further int eh paper .

B. Bluetooth Parameters :

a) BD_ADDR( Bluetooth Device Address ) is a unique 48 bit address

b) The device name is user friendly and can be up to248 bytes in length .This can be set by the user .

c) PIN(Pass key ) is the key used t authenticate tw Bluetooth devices .This can hae diffenet values at different levels .

d) Blass of blue tooth devices ( bit field ) is used to identify the type of device and the services it provides

C. Security Architecture :

The Security Manger is the mst important enitiy in the security architecture ofa blue tooth device .The architecture layout is as shown below :

Figure 12: Blue Tooth Security Architecture

Security manager performs the following functionality :

a) Storing of secutiy related information of all the services (Service database) and the devices in the range (Device Database )

b) Accpets or denies acces requests to the Bluetooth device .

c) Makes sure that aitehntication /encruption of data has been completed befre the connection has been established .

d) Setups trusted relationship between ESCE(ExternalSecurity cOntrol Entity) by prcessing the inputs of the user

e) Pin querying and pairing of twhich the PN entry can be made by ESCE or an application .

D. Key Paring And Authentication :

When two bleutooth devices come in range with each other and I th are required to connect to each other the Bluetooth key paring procees is intiated .n tshi process each devices selects a randonw numer and comnines it with its MAC address .After using the XOR functionality of this numer the the initialization key it, the randm number is sendo of the toeh the other unit .Not the two unit comn the two random number together using modulo 2 adtion to create acombinationkey wchih is know now to botht devies ,There is a mutual authentication process done by the communication devices to check if nbt the keys ae he same .

INSERT PICTURE HERE

For authentication of BLye Tooth devices unders ommuncaitin a challenge response schemi used .In this shceme the two devices communicating with each other ae the claimant and the verifier .Claimant I the deice which is reqeustng connection and hence attempting to prove its identity while the verifier is the device checking he identity of the device tryyin to make a connection ,In cahlenge response scheme, the claimant sends a authentication request frame to the verifier inorder to establish connection .The verifier then sends ca challenge frame back to the claimant . Both of them then performa predefined algorithm after which the claimant sends its results back to the verifier which inturn acceps or enies he connection .

E. Device Trust Levels:

There are three different trust level whicha re constantly maintained by Bluetooth devices .A device which is cnnecte t bluetooht wll fall in these categories :

a) Trusted Devices: This is a device which has previously established connection with the blutooth devie a.The link key ahs beeb stored and also has been already been provided to this device and it has been marked as a trusted device .

b) Untrusted Device :This deice has also been provided with the link keu and also the link has been stored but it has noe been marked as a trusted device .

c) Unknown Device:This could be a deive which has neve established any connection with the blue tooth device previously .Needless to sya theereis nothing known about this device and it si considered as an untrusted device .

F. Service Security Modes:

The legacy service security modes:

a) Security Mode1: No authentication is required by the user and no security procedures are performed

b) Security Mode 2:Security procedure are processed only after the channel esablisment authentication has been received .This is basically application based security in which case different application may use different levels of security .This is also known as service level security

c) Security Mode 3: I this mode the security prcdures are completed before the channel ahs been established for communication.This is known as link level security .

The legacy devices use PIN (Personal Identificatin Numebr Pairing ) for suthentication .This is 16 bti string which is agreed up on byt eh devices which is als used for encryption during communication between these devices .

d) Security Mode 4: This methos uses SSP (Secure Simple Plannin) which is similar to service leel security used in sEcurit Mode 2.In this methos however instrad of using ht ePIN number a pass key entry pin is required to be typed in by the user before establishing connection .This pi number is provided by the Slave device itself .This is not used for encryption of communication data .

XIII. FUTURE OF WIRELESS SECURITY

A. WIMAX Security:

IEEE 802.16 or WIMAX (World wide interopearabilty for microwave access ) is ne of the latest wireless procols n the wireless networks scenario .This provides high bandwidth and more wider area coverage as compared to ath ealready exiting wireless networks .When Wimax has been deployed there will be hot zones in the city as compared to the hot spots available in the city which is litmited to a very small area .

Figure 12: WIMAX Security

Wimax security architecture and security mechanisms are quiet varied from that of WEP ,WPA and other exiting security protocols .Below gives brief description of Wimax security architecture :

a) A secure communication is established between the BS( base sation) and SS ( subscriber station) by using the secure information provided by the SA .

b) The data between the BS and SS is encrypted by using Encapsualtion protocol which first determisn the cryptogrhic suites which are supported by the SS .

c) Last but not the least the privacy key managemtn protocol which proved secure key to nly those services he SS is suthorised to have from the base station .

Security Mechanisms used in Wimax :

a) The first step is providing authotrisa to the communicating SS.This is done in fosu steps.First the SS requests connection with the BS by snd its request along with its authentication information.Upon receiving the informations, the BS sends back an authorization request messee asking he BS for th Authorisation Key which is secrest key shred bewenn SS and BS.The SS is then autrized using the certificate which is provided by the BS .After Authorisation of he SS, BS activates the Authorisation key and then autorisaion reply messge which consists of a few encrypted messes for the SS to calculate its other temporal keys which are requird during data transfer .

b) Int eh second step TEKs are exchanged between SS and BS which are required for encryption of data .

c) The last step is to encrypt the data passing between the SS and BS by using he TEK key which are kwnon to both the SS and BS .

B. Zigbee Technology:

Zigbee is the latest wirless network technology based on wireless mesh networks . This is used for short range communications .The wirless mesh networks known for its high relaibilty and more wider area coverage comes into good use in Zigbee Technolgy .It also is very popular because of the low cost of setup as well as low power requirements .Some fo he impeortan areas where Zigbee has been put into use are :

1) Telecommunications Applications

2) Building and Home Automation

3) Personal Home and office care

The Zigbee Security architecture consists of a security protocol at each layer of its protocol which is MAC Layer, Network layer and Application Layer

 

a) MAC Layer Security :

The security at this layer is done through AES encryption .A message integrity code is calculated t the MAC layer using the payload and data header which could be 4,8 or 16 bytes long .There is also a frame number provided for each frame to understand the sequence of the frame .This helps in knowing when the frame is missing and or even when the frame is replayed in the case of foul play .The key establishment and he choice of safety t be used is done by a higher layer .

b) Network Layer Security:

Network layer in Zigbee uses its own secure network key while transmitting frames and also has keys to access incoming packages .The incoming packages are scanned in order to check the authenticity of the packets .

c) Application Layer Security:

The main functionality of application level security s to prvde key establishment , transportation of keys an deen device management .TI takes care of the outging frames that require safety incoming frames that need to be checked as well as steps that required to manage and compute a key safely.

XIV. CONCLUSION

[1] (Patent style)," U.S. Patent 3 624 12, July 16, 1990.

[2] IEEE Criteria for Class IE Electric Systems (Standards style), IEEE Standard 308, 1969.

[3] Letter Symbols for Quantities, ANSI Standard Y10.5-1968.

[4] R. E. Haskell and C. T. Case, "Transient signal propagation in lossless isotropic plasmas (Report style)," USAF Cambridge Res. Lab., Cambridge, MA Rep. ARCRL-66-234 (II), 1994, vol. 2.

[5] E. E. Reber, R. L. Michell, and C. J. Carter, "Oxygen absorption in the Earth's atmosphere," Aerospace Corp., Los Angeles, CA, Tech. Rep. TR-0200 (420-46)-3, Nov. 1988.

[6] (Handbook style) Transmission Systems for Communications, 3rd ed., Western Electric Co., Winston-Salem, NC, 1985, pp. 44-60.

[7] Motorola Semiconductor Data Manual, Motorola Semiconductor Products Inc., Phoenix, AZ, 1989.

[8] (Basic Book/Monograph Online Sources) J. K. Author. (year, month, day). Title (edition) [Type of medium]. Volume (issue). Available: http://www.(URL)

[9] J. Jones. (1991, May 10). Networks (2nd ed.) [Online]. Available: http://www.atm.com

[10] (Journal Online Sources style) K. Author. (year, month). Title. Journal [Type of medium]. Volume(issue), paging if given. Available: http://www.(URL)

[11] R. J. Vidmar. (1992, August). On the use of atmospheric plasmas as electromagnetic reflectors. IEEE Trans. Plasma Sci. [Online]. 21(3). pp. 876-880. Available: http://www.halcyon.com/pub/journals/21ps03-vidmar

[12] http://en.wikipedia.org/wiki/File:8021X-Overview.png

[13] http://www.foundrynet.com/pdf/wp-ieee-802.1x-enhance-network.pdf

[14] http://www.cs.utk.edu/~dasgupta/bluetooth/bluesecurityarch.htm

[15] http://www.palowireless.com/bluearticles/cc1_security1_files/security_architecture.gif

[16] http://www.tkt.cs.tut.fi/research/daci/pictures/802_11i_states.png

[17] http://en.wikipedia.org/wiki/ZigBee

[18] http://www.wireless-net.org/Wiley-Caution.Wireless.Network/9543final/images/0403_0.jpg

[19] http://docs.hp.com/en/T1428-90017/img/gfx1.gif

[20] http://www.interlinknetworks.com/images/Man-in-the-middle_attack.jpg

First A. Author (M'76-SM'81-F'87) and the other authors may include biographies at the end of regular papers. Biographies are often not included in conference-related papers. This author became a Member (M) of IEEE in 1976, a Senior Member (SM) in 1981, and a Fellow (F) in 1987. The first paragraph may contain a place and/or date of birth (list place, then date). Next, the author's educational background is listed. The degrees should be listed with type of degree in what field, which institution, city, state, and country, and year degree was earned. The author's major field of study should be lower-cased.

The second paragraph uses the pronoun of the person (he or she) and not the author's last name. It lists military and work experience, including summer and fellowship jobs. Job titles are capitalized. The current job must have a location; previous positions may be listed without one. Information concerning previous publications may be included. Try not to list more than three books or published articles. The format for listing publishers of a book within the biography is: title of book (city, state: publisher name, year) similar to a reference. Current and previous research interests end the paragraph.

The third paragraph begins with the author's title and last name (e.g., Dr. Smith, Prof. Jones, Mr. Kajor, Ms. Hunter). List any memberships in professional societies other than the IEEE. Finally, list any awards and work for IEEE committees and publications. If a photograph is provided, the biography will be indented around it. The photograph is placed at the top left of the biography. Personal hobbies will be deleted from the biography.