Security Issues in Wireless Networks - Article Example

An Evaluation of the Recent IEEE 802.11ac Wireless Protocol Tommie Bell Nova Southeastern MCIS 650 IEEE 802.11ac, is one of thelatest Wi-Fi standards that have been established upon 802.11n, and the objective of this paper is to view its performance on how it can be used as a security enhancing platform. It also views at how it can be improved on the rates of data, the robustness of the network, how reliable it can be and its efficiency. It will also be viewed on its differences with the older protocol 802.11n on how it can influence security. Its function on security will be tested by the proposed algorithm tests. The tests that will be used for determining the efficiency will be the NS-2 simulator. These tests will be done basing on a coding that was made using the MIMO technology. Key Words: WPA; A-MPDU; PHY; MIMO Table of Contents 1 Introduction: 4 2 Problem Statement: 4 3 Prior Research 5 Authentication Enhancement 7 Key Management and Establishment 7 Encryption Enhancement 9 The Multiple input and Multiple Outputs Technology (MIMO) 12 Categories of MIMO as used in Wireless Communication 13 1 Pre-coding 13 2System Throughput (Channel Capacity) 14 3Spatial multiplexing 14 4 Diversity Coding 14 The Network Simulator NS-2 15 SSCH Slotted Seeded Channel Hopping 16 References 19 Adya, P., Bahl, J., Padhye, A., Wolman & Zhou, L. (2004). A Multi-Radio Unification Protocol for IEEE 802.11 Wireless Networks. In IEEE International Conference on Broadband Networks (Broadnets). 19 Ong H.E. Kneckt, J. & Chang Z. (2011). “IEEE 802.11ac: Enhancements for very high 19 throughput WLANs”, IEEE, 849-853. 19 IEEE 802.11ac Wireless Protocol 1 Introduction: Regardless of the significance steps in technology, the wireless used today, LAN cannot present a sustained bandwidth of the same level with those of other wireless technologies. Therefore it was seen necessary to design another technology that was to be improved on its speed and efficiency. The main objective of the IEEE and the other organizations that are involved in drafting standards. Its aim in expanding the capabilities of 802.11n so that the speed for Wi-Fi can be improved according to the demands of those who use Wi-Fi. To improve the Wi-Fi efficiency it is proposed that the best way will be to break the barrier of the 1GB, which will be seen as the greatest achievement. For the many technologies that have come up to improve the Wi-Fi efficiency, 802.11ac is one of them and it is being adopted as the best in the consumer space. The suggested improvements that are to be made on the 802.11ac will enable it to have multiple streams of high-definition video on the Wi-Fi networks that are used at home. Other devices that will use the Wi-Fi for high resolution videos are the smart phones that are increasingly being put on the market and the new design of tablets. This article also discusses the security matters of using the wireless techniques. It views the : Authentication enhancement Key management and establishment Encryption enhancement 2 Problem Statement: IEEE 802.11ac is one of the wireless networks that need to be approved by the international standard for it to start offering the wireless network services. This network is expected to take over the existing 802.11n. as it is planned, 802.11n is supposed to support the operations in the 2.4 GHz band. Using the network system is both advantageous and disadvantageous. The advantage is that it is fast and can be used anywhere there is the network, but the disadvantage is that the personal information is not guaranteed security and most of the time information is leaked or tapped by malicious people. Therefore the main concern of the wireless networking systems, both the LAN and the WLAN is to device ways that can be used to install highest security to the networks and curb the malicious technologies that have been set to tamper with the information. There are ways of enabling security by enabling the public key authentication and encryption between the access points. This article therefore describes the possible methods that can be applied to the IEEE 802.11ac for security that is still underway. 3 Prior Research There has been a definition of security framework for 802.11 WLAN that has been done by the 802.11ac. the security classes are two: 1. RSN Security: this is where a station is only capable to associate with RSNA with its RSN equipments. 2. Pre-RSN Security: this is a security that allows pre-RSNA associations between the stations. The pre-RSN security has two security subsystems that are used to define it. The IEEE 802 11 entity authentication: this is the type of security that has two types of authentications: I. An open system authentication: in this type of system there is no authentication algorithm. The station used in this system is authenticated basing on its identity. This type of authentication permits a station to be authenticated by with no a correct WEP key. In this system there is an exchange of two messages from the mobile station who is also the supplicant to the authenticator (AP) which is used to describe the personality of the station. With the authenticator having the personality of the station, the result of the question can now be sent back from the authenticator to the station. With this type of system, there is no authentication algorithm. II. Shared key authentication: this type of system has the stations authenticated using a personalized key that only the authentication requestor and the responder are familiar with it. In this type of authentication, there are four messages that are exchanged. The first message is sent to the authenticator from the station so that it can be identified. The reply to this message from the authenticator is a challenge that the station is supposed to encrypt using the WEP key and then send it back to the authenticator. The station will only be able to encrypt the challenge correctly if the WEP key used will be correct. If the station is authenticated successfully, the authenticator will send the fourth message to the station. After the station has successfully been authenticated, it is now able to proceed to the 802.11ac association. At this stage, the station should again be able to pass an Association Request to the Authenticator protocol which wills the send a response from the Association to the station. WEP (Wired Equivalence Privacy) Authentication Enhancement According to the original standards of 802.11, a station should be able to first associate with an 802.11 AP. After it has met this requirement it will now be able to have an access to the services offered by WLAN.In an RSN, there should be an EAP that will be able to support the mutual authentication. The requestor and the responder of the authentication should be in a position to authenticate each other any time without the strain of security concerns. An example that is not able to meet this requirement of authentication is the EAP-MD5. Like it has been discussed earlier, there are two types of authentication systems, the open and the shared key authentication, each of the system has been discussed in detail how it operates to ensure security (Fang, Tan, Zhang, Chen, Zhang & Tan, 2012). Key Management and Establishment There are two ways to support the key distribution in the 802.11i which are introduced. These include: the manual: this type of management needs the administrator to configure the key that will be used for security manually the automatic key management: this type of management only exists in the RSNA and mainly relies on 802.1X to support the services offered by the key management. In this section, there are two methods that have been discussed into detail: 1. Four-way handshake As it has been put by the RSNA, the four-way handshake is supposed to perform various functions like: Confirming that the communication stations are live. Giving a guarantee to how fresh a session key is Installation of the cryptographic key Confirming that the cryptographic key has been installed The four-way handshake has its own security standards that it desires and they have been identified by the standard, they include: 1. To confirm if there is any, Pair-wise Master Key (PMK) at the peer 2. Make sure that the security association key, Pair-wise Temporary Key (PTK) that is being used is fresh and has not been repeated 3. Synchronize the installation of session keys that are to be used by the supplicant and the authenticator into the MAC 4. Transfer the Group Temporal Key (GTK) from the authenticator to the supplicant 5. Confirm the selection that has been made of the cipher suites. In a four-way handshake the AP (authenticator), first sends a message to the station (applicant). The message that is sent by the authenticator has key information and an anonce (key material or a random value) that has been formulated by the authenticator. The RSN is sure about the anonce because it cannot be reused which guarantees its safety from replay back from other malicious technologies that are constantly being invented. When the station receives the message from the authenticator, they then confirm the message from the replay Counter field in the message. A Replay Counter is a succession figure , which shall be incremented by each EAPOL-Key message. If the Replay Counter happens to be less or equal to the value that has been kept in the supplicant, the supplicant rejects the message. If not, the applicant creates an Snonce which is a new nonce, and hence will have an Anonce, Snonce, PMK, and other information as inputs and creates another key called the pair wise transient key (PTK). The message is then sent to the authenticator . again the authenticator validates the message by checking it through the Replay Counter. After the verification process and seen that the message is valid, a third message is sent to the supplicant, the message contains Anonce, Message Integrity Code (MIC), and the RSN IE of the authenticator, again the supplicant verifies the message and if the RSN IE are different, the supplicant is free to disassociate with the authenticator. If not, a fourth message is sent to the authenticator to acknowledge the authenticator that the supplicant has installed the PTK. 2. Group key handshake The RSNA describes a group key handshake that makes it possible for the authenticator to deliver a group transient key (GTK) to the supplicant to ensure that the supplicant is able to receive broadcast messages. The messages to be exchanged between the authenticator and the supplicant are also use EAPOL-Key format. The first message is from the authenticator to the supplicant and it contains key information, MIC and GTK. When the supplicant receives the message, he then verifies it and sends back the message just as it is done in the four-way handshake. Encryption Enhancement To ensure the confidentiality of each individual using the network, it is advisable to encrypt the information. In the enhancement of encryption, there are two cryptographic algorithms that are developed. These include: i. Counter-Mode Protocol (CCMP) ii. Temporal Key Integrity Protocol (TKIP) In the RSN security system, the counter mode protocol is compulsory while the Temporary Key Integrity Protocol is optional is only recommended in the pre-RSNA security system. The WEP algorithm is used to prevent information from being read by unauthorized persons, therefore it is able to ensure that the confidentiality and integrity of each user is enhanced. It bases its reliability on the secret word that is only known to the station and the authenticator (AP). Though WEP has been used for encryption, it has been simplified and now it is not as reliable as before because it has been made vulnerable. To counter the disadvantages of WEP, 802.11i has designed an improved algorithm. (TKIP) as an interim standard. It is designed to check the weaknesses of WEP. It describes a temporal key (TK), a 128-bitsecret key shared between the encryptor and the decryptor. Though the key can be shared by many parties, each of the party should guarantee that that no IV value is used severally with the current operating TK. The IV value is extended to a 48-bit counter and it should be ensured that it starts with a zero for it to be valid in the system. The in charge should also make sure that the TK is updated on time before the full bit 48 IV space is completely finished. TKIP uses the same RC4 encryption just as the one used by WEP, which makes it to be termed a short term solution that has been offered to the WLAN security. Though 802.11i describes CCMP as a long term solution to encryption, because it uses a stronger encryption from an Advanced encryption Algorithm (AES), which also employs CCM mode (IETF RFC 3610) with a 128-bit information key and a 128-bit block size of operation. The CCM mode has the ability of combining counter-mode (CTR) and cipher block chaining message authentication code (CBC-MAC). CTR is the mode that is placed to encrypt the information and MIC is used to enhance confidentiality. CBC-MAC now computes the MIC so that it can be able to give the authentication and integrity. The TK of a CCM needs to be refreshed every session and when the packet number (PN) is repeated. Though CCMP has been seen to provide a stronger security compared to WEP, it needs hardware (co-processor) to advance the presentation of the encryption. So CCMP is compulsory in the 802.11ac. 4 Views on Prior Research IEEE 802.11ac is a wireless network that is supposed to deliver very high through put for streaming the different multimedia devices that are already on the market today, improve on the wireless systems that are already functioning, expand on the system capacity to make it more efficient and the network should be resilient to the interference that may be caused. To ensure that all these factors are met efficiently is to make sure that there is well established security that will bar unwanted information from outside to get into the network system and alter its normal functioning. As it has been seen on the security that is put on the IEEE 802.11i, it can be seen that there is necessary research that will be used to counter the schemes that are used to distort the information or eavesdrop other users’ information on the wireless network. Today there are different uses of the WLAN devices that are being brought on market and the number of users has risen over the years. The proposed IEEE 802.11ac will have to borrow some of the security measures that have been put for the IEEE 802.11i in order to secure its users identity and integrity. Further improvements can be done as the new wireless network will be in use as the challenges arise. The developers of the 802.11ac should be encouraged to use the current methods that are used to produce fine output and the access to its users. 5 Methodology: The performance of the IEEE 802.11ac protocol will be checked using various pre-coding techniques. These techniques will be supposed to determine the improvements that will have been made after applying the practical conditions of the channels. To compare the through put of IEEE 802.11ac to the already existing IEEE 802.11a standard the multiple inputs and multiple outputs (MIMO) will be employed. The linear detection algorithm has been simulated in this article using the simulator NS-2. The Multiple input and Multiple Outputs Technology (MIMO) Multiple Input and Multiple Output (MIMO) technology is a wireless technology that employs the use of several transmitters and receivers to successfully transfer more data at the same time. It uses the idea of radio-waves that is called the multipath where the information that is being transmitted bounces off on walls, ceilings and other objects that it may reach on its way to the antenna. This bouncing on objects makes the information reaches the receiving antenna many times within different angles but almost at the same time. This technology is the application of several antennas that are placed both at the transmitter and the receiver of the information on a wireless network. This transmission is mainly for the performance of communication (Chung, Chung, Kang & Kim, 2013). The MIMO technology has been ranked among the best several forms that are of the smart antenna technology. In the wireless communication[n industry, MIMO technology is one of the technologies that has taken the attention of many developers, the main reason for this is that it presents large increase in data throughput and link range not including any added bandwidth or any form of transmit power. The method to which MIMO technology uses to achieve this objective is it spreads the same amount of power that is transmitted to over the antennas so that it can be able to get an array gain that will be able to develop the spectral efficiency. The method will also help it get a diversity gain that will develop the link reliability. These major properties have made MIMO technology to be to be an important part and to serve a major role in the modern day wireless communication standards with IEEE 802.11 (Wi-Fi) being one of them. Categories of MIMO as used in Wireless Communication 1 Pre-coding The Multiple Inputs and Multiple Outputs technology can be used in the pre-coding of the IEEE 802.11ac. this can be done through: single-stream beam forming: in this type of pre-coding, there is a single signal that is emitted from each of the transmit antennas that have been put on the wireless system with the suitable phase and increase weighting so that the signal power that has been put can be increased to the maximum at the receiver input. The objective of this beam forming is to add the received signal gain. This is made possible by making the signals that have been emitted to combine beneficially and decrease the outcome of multipath fading. When the receiver of the beams has several antennas, the transmit beam forming will not be able to simultaneously increase the signal level at all of the receive antennas. multi-stream beam forming: this is the method pf pre-coding that is always beneficial it is also important to have the knowledge of Channel State Information (CSI) at both the transmitter and the receiver for one to be able to carry out the pre-coding exercise. 2 System Throughput (Channel Capacity) The channel capacity of a Multiple Input and Multiple Output system is increased proportionally by the increase of the number of antennas. Thus it is clear that if there are fewer antennas the throughput will be less too. This situation is what is commonly referred to as the multiplexing gain. This is one of the properties that can be proved through any physical propagation model and then it can also be proved by a practical hardware that is open to transreceiver impairments (Banerji & Choudhury, 2013). 3 Spatial multiplexing These techniques make the receivers more complicated, so they are put together with either Orthogonal Frequency-division Multiplexing (OFDM) or Orthogonal Frequency Division Multiple Access (OFDMA) modulation. These are the places where the problems that have been brought about by the multipath channel are handled efficiently without disturbing the entire wireless system. MIMO has been used previously in other IEEE 802. Systems, in the IEEE 802.16e the standards incorporate the use of MIMO-OFDMA, and in the standard that was released in October 2009 for IEEE 802.11n, it recommends the use of MIMO-OFDM. 4 Diversity Coding These techniques are employed when there is no knowledge of the channel at the transmitter. In this method the single stream is transmitted but the signal that has been sent will be coded using the space-time coding techniques. The signal is then emitted from each of the antennas with either full or orthogonal coding. Diversity coding is used to exploit the independent fading that is placed in the multiple antenna links, this will be able to improve the diversity of the signal. Though in this diversity coding there will be no beam forming because it lacks the channel knowledge, but when there occurs to be channel knowledge at the transmitter, then the diversity coding can be put together with the spatial multiplexing. The Network Simulator NS-2 NS-2 is a continuous event that is focused on at the research for networking. It focuses on modeling network protocols: wireless, wired, satellite TCP, UDP, multicast, unicast web, telnet, ftp ad hoc routing over both the wired and the wireless (Local and Satellite) networks. NS has been evolving over the years and today it is supported through DARPA with SAMAN and through NSF with CONSER, the two are in collaboration with other known researchers as well as ACIRI. The main objective for NS-2 is to develop an open simulation environment for networking research that will be preferred by the networking industry, including the research for IEEE 802.11ac. NS-2 ensures that the wireless network that needs to be approved has the following features: The wireless network should be in line with the simulation requirements of the modern networking research. It should be open to the contribution of the users, reviews from other critics, and the validation of the software. The activities that are done by NS-2 are turned into events and then the events are later queued and processed following the order to which they have been scheduled on how they occurred. During processing, there is a lot of time that progresses by. The software structure of NS-2 C++ and Otcl uses only two languages, the C++ that is used to refer to packet-processing fast to run and detailed. Complete Control Otcl is used to refer to control simulation setup, configuration, and occasional actions fast to write and change (Chandra, Bahl, & Bahl, 2004). Although recently, NS-2 has been criticized because it has the modeling nature which is very complicated and it is also a time consuming task to work with it because it does not have the GUI, and besides this, a user has to have the knowledge of the scripting language, the queuing theory and other techniques that are employed in modeling. Its users too have complained of the inconsistency of the outcomes and have blamed the incessant changes in the code base, besides these disadvantages it is also noted that there are certain protocols that are replete with bugs. SSCH Slotted Seeded Channel Hopping One of the major challenges that are faced in wireless networking is the improvement on capacity. The link layer protocol called the Slotted Seeded Channel Hopping (SSCH) was therefore developed so that it can be used to increase capacity of the IEEE 802.11 network by making use of the frequency diversity. In the IEEE 802.11 standards, Channelization was also added to it so that the companies that run networks could be able to improve on their capacity. The SSCH does not operate in software but can be implemented into one in an IEEE 802.11- compliant wireless Network Interface Card (NIC). The SSCH has the main aim of handling three factors involved in channel hopping: implementing the channel hoping schedule that have been placed for the nodes , and the scheduling packets that are in every channel. Passing the channel hopping schedule to the nodes that are nearby and updating the channel hopping schedules for the nodes so that they can adapt to the changing patterns of the traffic. The results produced from the simulation show that SSCH produces a major capacity improvement in ad-hoc wireless networks that have the single-hop and multi-hop occurrences. SSCH contributes majorly on the control of traffic over all the wireless networks and channels. This new protocol will be used to benefit the channelization to ad-hoc networks. This protocol adheres to the standards that have been put by the IEEE 802.11. SSCH is able to meet this objective because it uses a simple approach known as optimistic synchronization. These settings are also expected to be valuable to other settings that do not necessarily mean channel hopping. SSCH is also under development process and it can still be explored in detail using an execution over definite hardware (Adya, Bahl, Padhye, Wolman & Zhou, 2004). 6 Conclusion Basing on the manner of which the wireless media has risen in use today, unauthorized persons have become more powerful in accessing other people’s information compared to the wired networks. However much IEEE 802.11 is said to be insecure, it is still very highly used by many people. Therefore it is wise to search for the necessary measures to ensure that the users are comfortable that there information is secure on the network. As the implementation of 802.11ac is still under check, this article helps site the possible security measures that can be employed. It presents mainly security movements in encryption, authentication that was developed by IEEE 802.11i. RSN that has broadly been discussed, is expected to check several security concerns that are brought by malicious technologies. although IEEE 802.11i standards that have been set could help better the security on the wireless network and the services offered by IEEE 802.11 wireless LAN, there is still more research that is needed to improve the state of security for the WLAN users and win their confidence in using the IEEE 802.11ac wireless system. References Adya, P., Bahl, J., Padhye, A., Wolman & Zhou, L. (2004). A Multi-Radio Unification Protocol for IEEE 802.11 Wireless Networks. In IEEE International Conference on Broadband Networks (Broadnets). Banerji, S. & Choudhury, S.R. (2013). “RECENT DEVELOPMENTS IN IEEE 802.11: WLAN TECHNOLOGY”, International Journal of Mechatronics, Electrical and Computer Technology, Vol 3(9). 1001-1013. Chandra, P. R., Bahl, & Bahl, P. (2004). MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card. InIEEE Infocom Chung C. Chung T. Kang B. & Kim, J. (2013). “A-MPDU using Fragmented MPDUs For IEEE 802.11ac MU-MIMO WLANs”, IEEE. Fang, J. Tan K. Zhang, Y. Chen S. Shi L. Zhang J. & Tan Z. (2012). “Fine-Grained Channel Access in Wireless LAN”, IEEE. Herzel, G. F. & Gustat, H. (2003). An Integrated CMOS RF Synthesizer for 802.11a Wireless LAN. IEEE Journal of Solid-state Circuits, 18(10), October 2003. Nguyan, K.D. Lanan, L. & Ochi H. (2013). “High Throughput– Resource Saving Hardware Implementation of AES-CCM for Robust Security Network”, Journal of Automation and Control Engineering Vol. 1, No. 3, 250-254. Ong H.E. Kneckt, J. & Chang Z. (2011). “IEEE 802.11ac: Enhancements for very high throughput WLANs”, IEEE, 849-853. Read More