01-04-2011, 03:12 PM
Presented By
MINSALA GOWTHAMI
[attachment=11505]
ABSTRACT
Wireless local area networks (WLAN) are expected to be a major growth factor for communication networks in the up-coming years. They are expected to provide a transparent connection for mobile hosts to communicate with other mobile hosts, and wired hosts on the wired LAN and broadband networks. Recently there have been two WLAN projects undergo standardization process: the IEEE 802.11 and the ETSI HIPERLAN. Most of the existing study of the two MAC protocols focused on simulation results, and none of them has formally analyzed the hidden-terminal effect, which is both crucial and unavoidable in wireless/mobile environment. In the first part of this paper, we formally analyze the hidden-terminal effect on HIPERLAN. Through mathematical analysis, we formulate network throughput under hidden-terminal influence in terms of the original (clear-channel) throughput, hidden-terminal probability, and other protocol parameters. We show that when hidden probability is greater than zero, the achievable throughput is reduced by more than the percentage of hidden probability. In the second part of the paper, we evaluate and compare the two WLAN MAC protocols by simulation on the effect of hidden terminals on (1) network throughput, (2) real-time voice delay, and (3) number of voice and data stations supported while guaranteeing delay for voice. We also evaluate how well the two MAC protocols support real-time traffic while considering the effects of frame size and other network parameters, and measure (1) the distribution of voice delay and (2) number of voice and data stations supported while guaranteeing their quality of service. We found that, comparing with IEEE 802.11, HIPERLAN provides real-time packet voice traffic with shorter delay, and at the same time provides the non-real-time packet data with higher bandwidth. Wireless LANs have become popular in the home due to ease of installation, and the increasing popularity of laptop computers. Public businesses such as coffee shops and malls have begun to offer wireless access to their customers; sometimes for free. Large wireless network projects are being put up in many major cities: New York City, for instance, has begun a pilot program to cover all five boroughs of the city with wireless Internet access
Definition
A wireless local area network (WLAN) links two or more devices using some wireless distribution method (typically spread-spectrum or OFDM radio), and usually providing a connection through an access point to the wider internet. This gives users the mobility to move around within a local coverage area and still be connected to the network
1. Introduction
Wireless LANs are a boon for organizations that don't have time to setup wired LANs, make Networked temporary offices a reality and remove the wire work that goes on in setting LANs.They are reported to reduce setting up costs by 15%. But, with these benefits come the Security concerns. One doesn't need to have physical access to your wires to get into your LANs now. Any attacker, even though sitting in your parking lot, or in your neighboring building, can make a mockery of the security mechanisms of your WLAN.If you don't care about security, then go ahead; buy those WLAN cards/ Access Points. But, if you do, watch out for the developments on the security front of 802.11.As this report and many such others tell, contrary to 802.11’s claims, WLANs have very little security. An attacker can listen to you, take control of your laptops/desktops and forge him to be you. He can cancel your orders, make changes into your databases, or empty your credit Cards.
So, what is the remedy?
Don't trust anybody!!!
Think like an attacker and take proper countermeasures. Have dynamic system administrators. Those attackers won't be lucky every time! The key is, be informed!
2. About Wireless LAN
Wireless LANs
A wireless local area network (WLAN) is a local area network (LAN) that doesn't rely on wired Ethernet connections. A WLAN can be either an extension to a current wired network or an alternative to it. Use of a WLAN adds flexibility to networking. A WLAN allows users to move around while keeping their computers connected.WLANs has data transfer speeds ranging from 1 to 54Mbps, with some manufacturers offering proprietary 108Mbps solutions. The 802.11n standard can reach 300 to 600Mbps.Because the wireless signal is broadcast so everybody nearby can share it, several security precautions are necessary to ensure only authorized users can access your WLAN.A WLAN signal can be broadcast to cover an area ranging in size from a small office to a large campus. Most commonly, a WLAN access point provides access within a radius of 65 to 300 feet.
3. WLAN types
3.1 The private home or small business WLAN
Commonly, a home or business WLAN employs one or two access points to broadcast a signal around a 100- to 200-foot radius. You can find equipment for installing a home WLAN in retail stores like Office Max, Radio Shack, Target, and Wal-Mart, among others.
With few exceptions, hardware in this category subscribes to the 802.11a, b, or g standards (also known as Wi-Fi). Home and office WLANs adhering to the new 802.11n standard are appearing. Also, because of security concerns, many home and office WLANs adhere to the Wi-Fi Protected Access 2 (WPA2) standard.
3.2 The enterprise class WLAN
This type employs a large number of individual access points to broadcast the signal to a wide area. The access points have more features than equipment for home or small office WLANs, such as better security, authentication, remote management, and tools to help integrate with existing networks. These access points have a larger coverage area than home or small office equipment, and are designed to work together to cover a much larger area. Such equipment adheres to the 802.11a, b, g, or n standard, though it's becoming common that equipment subscribes to security-refining standards, such as 802.1x and WPA2
3.3 Wireless WAN (wide area network)
Although a WAN by definition is the exact opposite of a LAN, wireless WANs (WWANs) deserve brief mention here, especially because the distinction is becoming less and less obvious to end users.
WANs used to exist in order to connect LANs in different geographical areas (see What is the difference between a LAN, a MAN, and a WAN, and what is a LAN connection?). Until recently, this was also the case for WWANs. Now, cellular phone companies, such as Verizon (Broadband Access) and AT&T (Broadband Connect), offer WWAN technology that the end user can access directly.
The cellular WWANs use cellular data technology to cover extremely wide areas. Cellular WWAN data transfer rates are considerably slower than wireless LANs, with most advertising between 50Kbps to 2Mbps (compare this to dial-up speeds, which are around 56Kbps). Cellular WWANs rely on coverage by the cellular network provider, so coverage areas for wireless Internet access are more or less the same as they are for cellular phones. There are many different standards for this type of network. Most of them are mobile data standards that previously were used only on cell phones, but are increasingly offered for computing. Some manufacturers offer "mobile broadband" add-ons to their portable computers using the Sprint Broadband Direct, Verizon Broadband Access, and AT&T Broadband Connect networks.
4.0 WLAN standards
Several standards for WLAN hardware exist:
802.11a, b, and g
The 802.11a, b, and g standards are the most common for home wireless access points and large business wireless systems. The differences are:
4.1 802.11a: With data transfer rates up to 54Mbps, it is faster than 802.11b and can support more simultaneous connections. Because it operates in a more regulated frequency, it gets less signal interference from other devices and is considered to be better at maintaining connections. In areas with major radio interference (e.g., airports, business call centers), 802.11a will outperform 802.11b. It has the shortest range of the three standards (generally around 60 to 100 feet), broadcasts in the 5GHz frequency, and is less able to penetrate physical barriers, such as walls
4.2 802.11b: It supports data transfer speeds up to 11Mbps. It's better than 802.11a at penetrating physical barriers, but doesn't support as many simultaneous connections. It has better range than 802.11a (up to 300 feet in ideal circumstances; tests by independent reviewers commonly achieve between 70 and 150 feet), and uses hardware that tends to be less expensive. It's more susceptible to interference, because it operates on the same frequency (2.4GHz) as many cordless phones and other appliances. Therefore, it's not considered a good technology for applications that require absolutely reliable connections, such as live video streaming.
4.3 802.11g: It's faster than 802.11b, supporting data transfer rates up to 54Mbps. It has a slightly shorter range than 802.11b, but still better than 802.11a. Most independent reviews report around 65 to 120 feet in real-world situations. It is backward-compatible with 802.11b products, but will run only at 802.11b speeds when operating with them. It uses the 2.4GHz frequency, so it has the same problems with interference as 802.11b.
4.4 802.11n
The Institute of Electrical and Electronics Engineers (IEEE) has not yet ratified the 802.11.n standard. Because of this, some manufacturers advertise their 802.11n equipment as "draft" devices.
Though specifications may change once the standard is finalized, it is expected to allow data transfer rates up to 600Mbps. Product manufacturers are advertising ranges twice as large as those of as 802.11b/g devices, but as with any wireless devices, range ultimately depends more on the manufacturer and the environment than the standard.
Security standards
The 802.11x standards provide some basic security, but they're becoming less adequate as use of wireless networking spreads. Security standards exist that extend or replace the basic standard:
WEP (Wired Equivalent Privacy)
One of the earliest security schemas, WEP was originally created for 802.11b, but migrated to 802.11a as well. It encrypts data traffic between the wireless access point and the client computer, but doesn't actually secure either end of the transmission. Also, WEP's encryption level is relatively weak (only 40 to 128 bits). Many analysts consider WEP security to be weak and easy to crack.
WPA (Wi-Fi Protected Access)
WPA implements higher security and addresses the flaws in WEP, but is intended to be only an intermediate measure until further 802.11i security measures are developed.
4.5 802.1x
This standard is part of a full WPA security standard. WPA consists of a pair of smaller standards that address different aspects of security:
• TKIP (Temporal Key Integrity Protocol encryption), which encrypts the wireless signal
• 802.1x, which handles the authentication of users to the network
Commonly, wireless systems have you log into individual wireless access points or let you access the wireless network, but then keep you from accessing network data until you provide further authentication (e.g., VPN).
802.1x makes you authenticate to the wireless network itself, not an individual access point, and not to some other level, such as VPN. This boosts security, because unauthorized traffic can be denied right at the wireless access point.
WPA2/802.11i
The Wi-Fi Alliance has coined the term "WPA2", for easy use by manufacturers, technicians, and end users. However, the IEEE name of the standard itself is 802.11i. The encryption level is so high that it requires dedicated chips on the hardware to handle it. In practical use; WPA2 devices have interoperability with WPA devices. When not interfacing with older WPA hardware, WPA2 devices will run strictly by the 802.11i specifications.
WPA2 consists of a pair of smaller standards that address different aspects of security:
• WPA2-Personal, which uses a pre-shared key (similar to a single password available to groups of users, instead of a single individual); the pre-shared key is stored on the access point and the end user's computer
• WPA2-Enterprise, which authenticates users against a centralized authentication service
5.0 Future of Wireless LAN Security
Advanced encryption Standard (AES)
Advanced Encryption Standard is gaining acceptance as appropriate replacement for RC4 algorithm in WEP. AES uses the Rijandale Algorithm and supports the following key lengths
128 bit
192 bit
256 bit
AES is considered to be un-crack able by most Cryptographers. NIST has chosen AES for Federal Information Processing Standard (FIPS). In order to improve wireless LAN security the 802.11i is considering inclusion of AES in WEPv2.
Temporal Key Integrity Protocol (TKIP)
The temporal key integrity protocol (TKIP), initially referred to as WEP2, is an interim solution that fixes the key reuse problem of WEP, that is, periodically using the same key to encrypt data. The TKIP process begins with a 128-bit "temporal key" shared among clients and access points. TKIP combines the temporal key with the client's MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data. TKIP also prevents the passive snooping attack by hashing the IV. TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network. An advantage of using TKIP is that companies having existing WEP-based access points and radio NICs can upgrade to TKIP through relatively simple firmware patches. In addition, Weaponry equipment will still interoperate with TKIP-enabled devices using WEP. TKIP is a temporary solution, and most experts believe that stronger encryption is still needed
5.1 802.1X and Extensible Authentication Protocol
Combined with an authentication protocol, such as EAP-TLS, LEAP, or EAP-TTLS, IEEE 802.1X provides port-based access control and mutual authentication between clients and access points via an authentication server. The use of digital certificates makes this process very effective. 802.1X also provides a method for distributing encryption keys dynamically to wireless LAN devices, which solves the key reuse problem found in the current version of
802.11. Initial 802.1X communications begins with an unauthenticated supplicant (i.e., client device) attempting to connect with an authenticator (i.e., 802.11 access point). The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (e.g., RADIUS). Once authenticated, the access point opens the client's port for other types of traffic.
MINSALA GOWTHAMI
[attachment=11505]
ABSTRACT
Wireless local area networks (WLAN) are expected to be a major growth factor for communication networks in the up-coming years. They are expected to provide a transparent connection for mobile hosts to communicate with other mobile hosts, and wired hosts on the wired LAN and broadband networks. Recently there have been two WLAN projects undergo standardization process: the IEEE 802.11 and the ETSI HIPERLAN. Most of the existing study of the two MAC protocols focused on simulation results, and none of them has formally analyzed the hidden-terminal effect, which is both crucial and unavoidable in wireless/mobile environment. In the first part of this paper, we formally analyze the hidden-terminal effect on HIPERLAN. Through mathematical analysis, we formulate network throughput under hidden-terminal influence in terms of the original (clear-channel) throughput, hidden-terminal probability, and other protocol parameters. We show that when hidden probability is greater than zero, the achievable throughput is reduced by more than the percentage of hidden probability. In the second part of the paper, we evaluate and compare the two WLAN MAC protocols by simulation on the effect of hidden terminals on (1) network throughput, (2) real-time voice delay, and (3) number of voice and data stations supported while guaranteeing delay for voice. We also evaluate how well the two MAC protocols support real-time traffic while considering the effects of frame size and other network parameters, and measure (1) the distribution of voice delay and (2) number of voice and data stations supported while guaranteeing their quality of service. We found that, comparing with IEEE 802.11, HIPERLAN provides real-time packet voice traffic with shorter delay, and at the same time provides the non-real-time packet data with higher bandwidth. Wireless LANs have become popular in the home due to ease of installation, and the increasing popularity of laptop computers. Public businesses such as coffee shops and malls have begun to offer wireless access to their customers; sometimes for free. Large wireless network projects are being put up in many major cities: New York City, for instance, has begun a pilot program to cover all five boroughs of the city with wireless Internet access
Definition
A wireless local area network (WLAN) links two or more devices using some wireless distribution method (typically spread-spectrum or OFDM radio), and usually providing a connection through an access point to the wider internet. This gives users the mobility to move around within a local coverage area and still be connected to the network
1. Introduction
Wireless LANs are a boon for organizations that don't have time to setup wired LANs, make Networked temporary offices a reality and remove the wire work that goes on in setting LANs.They are reported to reduce setting up costs by 15%. But, with these benefits come the Security concerns. One doesn't need to have physical access to your wires to get into your LANs now. Any attacker, even though sitting in your parking lot, or in your neighboring building, can make a mockery of the security mechanisms of your WLAN.If you don't care about security, then go ahead; buy those WLAN cards/ Access Points. But, if you do, watch out for the developments on the security front of 802.11.As this report and many such others tell, contrary to 802.11’s claims, WLANs have very little security. An attacker can listen to you, take control of your laptops/desktops and forge him to be you. He can cancel your orders, make changes into your databases, or empty your credit Cards.
So, what is the remedy?
Don't trust anybody!!!
Think like an attacker and take proper countermeasures. Have dynamic system administrators. Those attackers won't be lucky every time! The key is, be informed!
2. About Wireless LAN
Wireless LANs
A wireless local area network (WLAN) is a local area network (LAN) that doesn't rely on wired Ethernet connections. A WLAN can be either an extension to a current wired network or an alternative to it. Use of a WLAN adds flexibility to networking. A WLAN allows users to move around while keeping their computers connected.WLANs has data transfer speeds ranging from 1 to 54Mbps, with some manufacturers offering proprietary 108Mbps solutions. The 802.11n standard can reach 300 to 600Mbps.Because the wireless signal is broadcast so everybody nearby can share it, several security precautions are necessary to ensure only authorized users can access your WLAN.A WLAN signal can be broadcast to cover an area ranging in size from a small office to a large campus. Most commonly, a WLAN access point provides access within a radius of 65 to 300 feet.
3. WLAN types
3.1 The private home or small business WLAN
Commonly, a home or business WLAN employs one or two access points to broadcast a signal around a 100- to 200-foot radius. You can find equipment for installing a home WLAN in retail stores like Office Max, Radio Shack, Target, and Wal-Mart, among others.
With few exceptions, hardware in this category subscribes to the 802.11a, b, or g standards (also known as Wi-Fi). Home and office WLANs adhering to the new 802.11n standard are appearing. Also, because of security concerns, many home and office WLANs adhere to the Wi-Fi Protected Access 2 (WPA2) standard.
3.2 The enterprise class WLAN
This type employs a large number of individual access points to broadcast the signal to a wide area. The access points have more features than equipment for home or small office WLANs, such as better security, authentication, remote management, and tools to help integrate with existing networks. These access points have a larger coverage area than home or small office equipment, and are designed to work together to cover a much larger area. Such equipment adheres to the 802.11a, b, g, or n standard, though it's becoming common that equipment subscribes to security-refining standards, such as 802.1x and WPA2
3.3 Wireless WAN (wide area network)
Although a WAN by definition is the exact opposite of a LAN, wireless WANs (WWANs) deserve brief mention here, especially because the distinction is becoming less and less obvious to end users.
WANs used to exist in order to connect LANs in different geographical areas (see What is the difference between a LAN, a MAN, and a WAN, and what is a LAN connection?). Until recently, this was also the case for WWANs. Now, cellular phone companies, such as Verizon (Broadband Access) and AT&T (Broadband Connect), offer WWAN technology that the end user can access directly.
The cellular WWANs use cellular data technology to cover extremely wide areas. Cellular WWAN data transfer rates are considerably slower than wireless LANs, with most advertising between 50Kbps to 2Mbps (compare this to dial-up speeds, which are around 56Kbps). Cellular WWANs rely on coverage by the cellular network provider, so coverage areas for wireless Internet access are more or less the same as they are for cellular phones. There are many different standards for this type of network. Most of them are mobile data standards that previously were used only on cell phones, but are increasingly offered for computing. Some manufacturers offer "mobile broadband" add-ons to their portable computers using the Sprint Broadband Direct, Verizon Broadband Access, and AT&T Broadband Connect networks.
4.0 WLAN standards
Several standards for WLAN hardware exist:
802.11a, b, and g
The 802.11a, b, and g standards are the most common for home wireless access points and large business wireless systems. The differences are:
4.1 802.11a: With data transfer rates up to 54Mbps, it is faster than 802.11b and can support more simultaneous connections. Because it operates in a more regulated frequency, it gets less signal interference from other devices and is considered to be better at maintaining connections. In areas with major radio interference (e.g., airports, business call centers), 802.11a will outperform 802.11b. It has the shortest range of the three standards (generally around 60 to 100 feet), broadcasts in the 5GHz frequency, and is less able to penetrate physical barriers, such as walls
4.2 802.11b: It supports data transfer speeds up to 11Mbps. It's better than 802.11a at penetrating physical barriers, but doesn't support as many simultaneous connections. It has better range than 802.11a (up to 300 feet in ideal circumstances; tests by independent reviewers commonly achieve between 70 and 150 feet), and uses hardware that tends to be less expensive. It's more susceptible to interference, because it operates on the same frequency (2.4GHz) as many cordless phones and other appliances. Therefore, it's not considered a good technology for applications that require absolutely reliable connections, such as live video streaming.
4.3 802.11g: It's faster than 802.11b, supporting data transfer rates up to 54Mbps. It has a slightly shorter range than 802.11b, but still better than 802.11a. Most independent reviews report around 65 to 120 feet in real-world situations. It is backward-compatible with 802.11b products, but will run only at 802.11b speeds when operating with them. It uses the 2.4GHz frequency, so it has the same problems with interference as 802.11b.
4.4 802.11n
The Institute of Electrical and Electronics Engineers (IEEE) has not yet ratified the 802.11.n standard. Because of this, some manufacturers advertise their 802.11n equipment as "draft" devices.
Though specifications may change once the standard is finalized, it is expected to allow data transfer rates up to 600Mbps. Product manufacturers are advertising ranges twice as large as those of as 802.11b/g devices, but as with any wireless devices, range ultimately depends more on the manufacturer and the environment than the standard.
Security standards
The 802.11x standards provide some basic security, but they're becoming less adequate as use of wireless networking spreads. Security standards exist that extend or replace the basic standard:
WEP (Wired Equivalent Privacy)
One of the earliest security schemas, WEP was originally created for 802.11b, but migrated to 802.11a as well. It encrypts data traffic between the wireless access point and the client computer, but doesn't actually secure either end of the transmission. Also, WEP's encryption level is relatively weak (only 40 to 128 bits). Many analysts consider WEP security to be weak and easy to crack.
WPA (Wi-Fi Protected Access)
WPA implements higher security and addresses the flaws in WEP, but is intended to be only an intermediate measure until further 802.11i security measures are developed.
4.5 802.1x
This standard is part of a full WPA security standard. WPA consists of a pair of smaller standards that address different aspects of security:
• TKIP (Temporal Key Integrity Protocol encryption), which encrypts the wireless signal
• 802.1x, which handles the authentication of users to the network
Commonly, wireless systems have you log into individual wireless access points or let you access the wireless network, but then keep you from accessing network data until you provide further authentication (e.g., VPN).
802.1x makes you authenticate to the wireless network itself, not an individual access point, and not to some other level, such as VPN. This boosts security, because unauthorized traffic can be denied right at the wireless access point.
WPA2/802.11i
The Wi-Fi Alliance has coined the term "WPA2", for easy use by manufacturers, technicians, and end users. However, the IEEE name of the standard itself is 802.11i. The encryption level is so high that it requires dedicated chips on the hardware to handle it. In practical use; WPA2 devices have interoperability with WPA devices. When not interfacing with older WPA hardware, WPA2 devices will run strictly by the 802.11i specifications.
WPA2 consists of a pair of smaller standards that address different aspects of security:
• WPA2-Personal, which uses a pre-shared key (similar to a single password available to groups of users, instead of a single individual); the pre-shared key is stored on the access point and the end user's computer
• WPA2-Enterprise, which authenticates users against a centralized authentication service
5.0 Future of Wireless LAN Security
Advanced encryption Standard (AES)
Advanced Encryption Standard is gaining acceptance as appropriate replacement for RC4 algorithm in WEP. AES uses the Rijandale Algorithm and supports the following key lengths
128 bit
192 bit
256 bit
AES is considered to be un-crack able by most Cryptographers. NIST has chosen AES for Federal Information Processing Standard (FIPS). In order to improve wireless LAN security the 802.11i is considering inclusion of AES in WEPv2.
Temporal Key Integrity Protocol (TKIP)
The temporal key integrity protocol (TKIP), initially referred to as WEP2, is an interim solution that fixes the key reuse problem of WEP, that is, periodically using the same key to encrypt data. The TKIP process begins with a 128-bit "temporal key" shared among clients and access points. TKIP combines the temporal key with the client's MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data. TKIP also prevents the passive snooping attack by hashing the IV. TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network. An advantage of using TKIP is that companies having existing WEP-based access points and radio NICs can upgrade to TKIP through relatively simple firmware patches. In addition, Weaponry equipment will still interoperate with TKIP-enabled devices using WEP. TKIP is a temporary solution, and most experts believe that stronger encryption is still needed
5.1 802.1X and Extensible Authentication Protocol
Combined with an authentication protocol, such as EAP-TLS, LEAP, or EAP-TTLS, IEEE 802.1X provides port-based access control and mutual authentication between clients and access points via an authentication server. The use of digital certificates makes this process very effective. 802.1X also provides a method for distributing encryption keys dynamically to wireless LAN devices, which solves the key reuse problem found in the current version of
802.11. Initial 802.1X communications begins with an unauthenticated supplicant (i.e., client device) attempting to connect with an authenticator (i.e., 802.11 access point). The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point. The access point blocks all other traffic, such as HTTP, DHCP, and POP3 packets, until the access point can verify the client's identity using an authentication server (e.g., RADIUS). Once authenticated, the access point opens the client's port for other types of traffic.
