Introduction to Mobile Computing

1
Introduction to Mobile Computing - Wireless Local
Area Networks - Part 2
2
Overview

• Usage of WLANs
• WLAN Security
• WLAN Authentication
• WLAN Air Interface Issues

3
Usage of WLANs

• WLANs are becoming more and more popular within
  corporate and home networks because of the
  benefits they provide
• Provides flexibility in setting up networks
• fast setup times
• reduced cabling cost
• This has lead to changes in what WLANs are being
  used for and subsequently the requirements for
  WLANs in general
• This is similar compared to the evolution of
  other technologies such as Ethernet networks that
  developed through a change of user requirements

4
Usage of WLANs

• The changed user requirements have resulted in a
  change for WLAN technology through the IEEE
• To support users the following extensions were
  added to the original WLAN standard
• 802.11e
• Enhancements QOS, including packet bursting
• 802.11f
• Inter-Access Point Protocol (IAPP)
• 802.11h
• 5 GHz spectrum, Dynamic Channel/Frequency
  Selection (DCS/DFS) and Transmit Power Control
  (TPC) for European compatibility
• 802.11i
• Enhanced security
• 802.11n
• Higher throughput improvements, stream
  multiplexing
• 802.11s
• Mesh Networks

5
Usage of WLANs

• Some of those changes resulted from the way
  Wireless LANs work
• WLANs are based on radio technology to allow
  communication between the network devices to take
  place
• Radio signals can only travel for a certain
  distance which is influenced by the surrounding
  environment
• Due to this network devices have a limited range
• This range can be defined by a bubble around the
  device
• To allow communication of WLAN devices these need
  to be within each others range
• For full network connectivity the WLAN user
  device needs to be within the range of an Access
  Point

6
WLAN Security

• Any information sent out through the air
  interface will also be picked up by other devices
  within that range that may not be part of the
  original conversation

7
WLAN Security

• when WLANs were developed Security was not a
  primary concern
• the need for security developed with time
• similar to wired LANs WLANS have security issues
  that have to be addressed in order to ensure the
  integrity of the wireless network
• most security considerations for WLANs are the
  same as for wired networks
• however due to the wireless nature of this
  technology there is special issues that arise
  which are specific to this technology

8
WLAN Security

• Traditional LAN security issues are
• Hacking an attacker trying to gain access to a
  system they do not have authorisation for
• Address Spoofing attacker fakes their IP address
  so the receiver thinks it is sent from a location
  that it is not actually from with the aim to hide
  the actual origin of the transmission
• Eavesdropping intercepting and secretly
  listening to information transitted over a
  network

9
WLAN Security

• WLANs do not require a mobile device to be
  physically connected in order to communicate with
  the network
• Due to the wireless element of this technology
  WLANs are more vulnerable to attacks from outside
  than wired networks
• In order to ensure the integrity of the network
  appropriate security measures need to be
  installed/configured
• WLAN vulnerabilities
• Authentication procedure
• Securing of transmitted data

10
WLAN Security

• Transmitted data can easily be received by any
  wireless interface in the vicinity of the sender
• This can be done for the purpose of analying
  network communications for improving network
  efficiency
• However this can also be used to listen into
  network communicatios for eavesdropping in case
  transmitted information is not secured
• Unless an Access Point is sufficienlty secured
  unauthorised devices can connect to network and
  use its services
• Owner of network connections is responsible for
  any illegal use of network connection/services
  that may occur as a result
• This can not only affect companies but also home
  users

11
WLAN Security - SSID

• To allow communication of a user device with an
  access point and the attached network a network
  device must use a so-called Service Set
  Identifier (SSID)
• The SSID is a unique identifier that can be any
  alphanumeric entry up to a maximum of 32
  characters
• Each Basis Service Set (BSS) is assigned such a
  identifier for the purpose of authentication
• In case an Extended Service Set (ESS) is used the
  identifier assigned is referred to as an Extended
  Service Set Identifier (ESSID)
• This restricts access to the network to
  authorised users and provides a low level of
  security for the WLAN

12
WLAN Security Filtering

• Further options to provide security for a WLAN
  are those used in a wired network
• As every device has been assigned a unique 48 bit
  identifier this can be used to implement
  filtering
• This is similar to MAC address filtering on wired
  networks and requires the network administrator
  to configure all WLAN devices that give access to
  then network to be configured accordingly
• Altough this will restrict access to the network
  the risk of eavesdropping on transmitted
  information remains
• In case a higher level of security is required to
  protect sensitive data encryption algorithms can
  be used

13
WLAN Security Encryption

• Wired Equivalent Privacy WEP
• WEP is aimed at providing security for the
  wireless links between the clients and access
  points, which are susceptible to eavesdropping
• This is achieved by encryptiong data to be
  transmitted using the encryption type Rivest
  Cipher 4 (RC4) with a so-called WEP key
• The WEP-key is a 40-bit key but can be extended
  to 128 bits depending on the level of security
  required
• The encryption key is defined by the user on
  device
• To allow encryption to work the key defined on
  the AP has to be identical with this

14
WLAN Security - Encryption

• Wi-Fi Protected Access WPA
• Encryption technique that builds upon the
  weaknesses of WEP
• Allows for more complex encryption of data as
  well as authentication at the same time
• WPA uses the Temporal Key Integrity Protocol
  (TKIP)
• Authentication method used is based on 802.X and
  the Extensible Authentication Protocol (EAP)
• Requires an authentication server
• Due to the improved level of security this type
  of encryption is suitable for the enterprise
  environment

15
WLAN Security - Encryption

• WAP2
• WPA2 is also known as IEEE 802.11i
• Can be considered to be the second Generation of
  WPA
• Supports a special encryption protocol that has
  been designed for wireless networks and is based
  on the Advanced Encryption Standard (AES)
  national standard cipher in combination with
  further encryption techniques
• Algorithms used by WPA2 are very computational
  intense and require special hardware to utilise
  this security standard
• Does support roaming of devices

16
WLAN Security Authentication

• to be able to communicate in WLANs user devices
  have to attach to an Access Point
• For security purposes the 802.11 standard also
  provides authentication for WLANs
• The authentication process consists of three
  stages probe, authentication and association
• The 802.11 standard provides two methods of
  authentication for user devices and access points
• Open Authentication
• Shared Key Authentication

17
WLAN Security Authentication

• Open Authentication
• Open Authentication is a very basic
  authentication procedure that uses clear text
  transmission
• method does not verify the machine or user
• Allows guest machines to attach to Access Points
• Open authentication method usually involves a WEP
  key
• Only provides a low level of security

18
WLAN Security Authentication

• Open Authentication

19
WLAN Security Authentication

• Shared Key Authentication
• Shared key authentication uses a WEP key for the
  authentication process
• For the authentication process to be successful
  both sides need to know the correct key
• Provides a higher level of security than Open
  Authentication method

20
WLAN Security Authentication

• Shared Key Authentication

21
WLAN Air Interface Issues

• The defined frequency ranges for the different
  WLAN standards are not licensed and can be used
  by anybody
• Frequency range assigned for WLANs has a limited
  range
• This range is shared by all users that are
  concurrently accessing it which results in
  collisions between different devices trying to
  transmit at the same time
• Unless access to the air interface is regulated
  by the network through some mechanism little or
  no communication would take place
• Another problem is the hidden terminal problem

22
WLAN Air Interface Issues

• Hidden Terminal Problem
• Device B is able to hear both devices A and C
• However devices C and A are not aware of each
  other

A
B
C
23
WLAN Air Interface Issues

• The currently used technique to address this
  issue is referred to as Carrier Sense Multiple
  Access with Collision Avoidance (CSMA/CA)

Silence
CSMA
Access Point
RTS
RTS Request to Send
CTS
CTS Clear to Send
ACK Acknowledgment
Data
ACK
24
IMWT WLANs Part 2
Questions ...?