Abstract
With the rising of wireless technologies, a lot ofwireless devices have started to reach the domestic domain.Most of them are intended to simplify common tasks avoidingthe use of cables. Home users buy wireless devices because oftheir simplicity and because they are way more practical. Butfew people think of their data privacy and security. They feelsave behind their home walls without knowing that anyonewill be able to listen to their wireless traffic without notice. Isour privacy compromised? Are our home connectionssecured? How can we ensure nobody is hacking our traffic?This and other several related questions are beginning toconcern the home users. In an effort to put everythingtogether, this document is intended to show the wirelesstechnologies that coexist nowadays in the domestic domain,and how they affect the home privacy and security. Thus, themain output of this paper is to explore the lines to follow in away to build a much secure environment, through thedefinition of a framework for a protocol mixing system.Keywords- WLAN, Wireless hacking, Information security
I. INTRODUCTION
ONG time ago when the first Wi-Fi standardsappeared, nobody would preview such a developmentof this technology. It was 1999, the 802.11a/b standard wasapproved and the first Wi-Fi products begin to reach themarket at speeds up to 11Mbps [1]. However two years laterin 2001, a security flaw was discovered in the WEPencryption method used by both standards [2, 3]. The noticewas a bad hit for the industry because it came just when thetechnology was reaching the domestic ambit along with theintegration of DSL lines.These facts lead to develop of a new security protocol toovercome the issues caused by the weakness of the WEP. Itwas called WPA (Wi-Fi Protected Access) and it wasconsidered a temporary encryption protocol while the802.11i standard was finally prepared. Meanwhile the firstreliable Bluetooth standard 802.15.1 was released in 2002,allowing the creation of the first Bluetooth devices usingthe 1.1 definition.Later in 2004 the final revision of 802.11i was approved,allowing the creation of the new WPA2. This protocolprovided better security than the older WPA because it usedthe AES encryption system rather than the more vulnerableRC4 TKIP system. Although the improvement in securityterms, the old pre-2004 equipment was incompatible withthe new standard and users were forced to upgrade theirdevices which in most cases was not possible.In the middle of this cross-over technology a new securityflaws were discovered inside the Bluetooth standard [9].The Blue Bug was the most famous of them, and allowed anattacker to access any Bluetooth device without permission.Thousands of products were affected by these issues,compromising once again the home privacy. All themanufacturers were aware that users wouldn’t be willing tochange their recently bought equipment, so that gave timeto develop a new revision.But the Wi-Fi privacy didn’t last that longer. In the late2005 a security flaw was discovered in the WPA protocolthat enabled an attacker to use a dictionary or brute forceattack to retrieve the password used to access the Wi-Finetwork [8]. Although it was only practical with short orwell known passwords, the impact in home wirelesssecurity was enormous. The new equipments implementingWPA2 were still beginning to reach the market, and withthe Bluetooth still in danger, and the WPA almost broken,the home privacy was in great compromise.Fortunately in late 2007 the 2.1 Bluetooth standard cameto solve the problems of previous definitions. Minorsecurity bugs were still practical to explode but in factBluetooth seemed to be secured for the moment. However,Wi-Fi was still vulnerable and in 2008 investigations finallyproved the weakness of the WPA-TKIP protocol by usingseveral attacks not based on dictionary or brute force attack[4]. This kind of attacks are currently under improvementor development as on 2009, and all home users are stronglyrecommended to switch to WPA2-AES protocol [13, 14],which for now, is the most secure protocol implemented inthe domestic devices. But AES design requires specific andmore powerful hardware which means more expensiveequipment, and many home users don’t want to update theirold equipment.The content of the present paper is organized as follows.Sections II, III describe the present status of the homewireless security; Sections IV and V focus the problems


Download full report
http://doi.ieeecomputersociety10.1109/AICT.2010.23