Wireless Security - Essay Example

Running head: WIRELESS SECURITY Wireless Security Goes Here al Affiliation Goes Here Wireless Security Introduction A wireless LAN (wireless network) is a network without wires. Wireless network's use radio frequencies as their transmission media, sending network traffic sailing over the air. It is a flexible data network system applied as an extension to, or as an alternative for a wired LAN. The wireless network market is a high-growth area with businesses eagerly wanting all the benefits that wireless can offer. Wireless networking is fast becoming a viable alternative for entities that can utilize the advantages it provides. Bluetooth and Wi-Fi--two of the hottest wireless technologies--can provide businesses with enhanced connectivity and flexibility. For companies seeking to expand a computer network or make their employees more mobile, Bluetooth and Wi-Fi can provide a cost-effective way to maximize access to shared data and resources. Major technology companies are behind both standards, and the price and choice of products should only improve. By its nature, wireless access opens up the potential for wireless eavesdropping and data theft. (Johansson et al., 2007)Wi-Fi networks have to be carefully encrypted to prevent unauthorized use. For example, people committing fraud or dealing in illegal materials via the Internet would find advantages in hacking a Wi-Fi network for Internet access that couldn't be traced to the hacker. Meanwhile, hackers have been known to monitor Wi-Fi networks in order to steal financial data and account information. Discussion and Analysis The answer to Wi-Fi security may lie in "centralized" switches. Originally, Wi-Fi antennas were complex systems that might include networking and security in the same box with the antenna. This means that if a hacker could penetrate one box, entry might be gained to the entire network. (Broch et al., 2007) This is extremely difficult to monitor and prevent in a corporation's building-wide system that might contain hundreds of antennas. Centralized Wi-Fi systems, being sold with great success by relatively new firms such as Aruba Networks, Inc. and competitors Trapeze Networks, Inc. and HP ProCurve (formerly Colubris Networks), use networks of simpler antennas, each containing a minimum of software and circuitry, all controlled from a sophisticated, very secure central switch. This concept greatly enhances security and eases maintenance and monitoring compared to previous generations of Wi-Fi antenna. (Larsson and Hedman, 2006) As in virtually all wireless technologies, the popular Bluetooth also has security issues to consider. Hackers practicing "bluesnarfing" or "bluebugging" may be able to locate and gather data from Bluetooth-enabled devices. (Perrig & Tygar , 2002)However, the latest models of cell phones from makers such as Nokia have enhanced security measures in place, and software upgrades are often available for older devices in order to enhance security. Nonetheless, additional security concerns surfaced in U.S. news stories claiming that hackers with specially crafted receivers are able to eavesdrop on cell phone conversations on Bluetooth-wireless headsets, or to capture data being transmitted by a Bluetooth-enabled laptop. (Chin, et al., 2002) The Bluetooth Special Interest Group is strongly recommending 16-digit alphanumeric security codes to be set by individual users; such lengthy codes would be much harder to crack than the short codes used by many devices today. (Perrig & Tygar , 2002) In Japan, a number of wireless companies are offering cell phone models equipped with cutting-edge biometric security devices. Fujitsu Ltd. makes a chip that is now embedded in DoCoMo phones that identifies a user's fingerprint. If the print does not match, the phone doesn't work. Other companies, including Matsushita Electric Industrial Co., NEC Corp. and Sharp Corp. use facial-recognition technology that uses a camera to measure the distance between a user's eyes, nose and mouth. (Haas et al., 2005) These devices add to the cost of the phone and are not without problems (the fingerprint recognition technology, for example, is hampered when fingers are dirty), but sales are brisk. It is logical that biometric security is being pioneered in Japan, since Japanese consumers are at the forefront of using cell phones as payment devices and financial account tools. (Larsson and Hedman, 2006) To discuss the security issues and their resolutions of wireless technology, we must first consider the various types of wireless network standards and the commonly used wireless technologies. (Levine, 2004) Many new hardware and software products, produced by many technology companies, are equipped for use with Bluetooth and Wi-Fi. The Bluetooth Special Interest Group (SIG; www.bluetooth.com) and the Wi-Fi Alliance (www.weca.net) are groups formed to help effectively develop, integrate, and implement these wireless technologies globally. (Perrig & Tygar , 2002) These two groups have created global standards for each technology, which must be met by any company producing hardware or software claiming to operate with Bluetooth or Wi-Fi. (Haas et al., 2005) Options for wireless network topologies: Ad-hoc (peer-to-peer) This is a basic system where the WLAN has a number of computers each with a wireless networking interface card (NIC). Each wireless enabled computer can communicate directly with all the others, sharing resources. They are unable to access wired LAN resources, unless one of the computers acts as a bridge to the wired LAN using special software. Utilizing an access point or base station bridges the wireless LAN to a wired LAN providing connectivity for the wireless enabled computers. This can be done by utilising dedicated hardware access points (HAP) or software access points which run on a computer situated on the wired LAN but is also equipped with a wireless and thereby bridging the two. (Chin, et al., 2002) Multi Access points can be used with roaming which allows the users to move around the within the facility whilst retaining connectivity. Access points are required to have overlapping wireless areas to achieve the seamless roaming from one access point to another. The software and hardware of the computer maintains a steady network connection by monitoring the signal strength from in-range access points and locking on to the one with the best quality. The user will be oblivious that a different access points are being used. (Perrig & Tygar , 2002) Satellite This works by transmissions from microwave (5.925- 6.425 GHz) from stations to and from a satellite orbiting above the earth. The satellites orbit at a fixed altitude and must remain in contact with their partner satellites and stations. Satellite operates at very high bandwidths but is extremely costly and complicated. Infrared This is used for short-distance networks that are in direct line of sight. This medium can be operated at speeds of 4 Mbps or less. And Used in point 2 point and multipoint applications within a confined area e.g. a single room. IrDA (Infrared Data Association) is the standard for devices to communicate using infrared light pulses. (Haas et al., 2005) Microwave This (2- 40 GHz) has minimal effects on humans and can transmit through thin walls. Its bandwidth can be split into a number of sub-channels for speed. Used for telecommunications, television transmission, and also for short point to point links between buildings. The microwave is difficult to deploy and requires a license. Spread spectrum radio This uses wireless networking communications technology first developed by the military for secure and noise-immune communications. (Barrett et al., 2002) Only recently become viable for commercial use, with smaller, faster and cheaper products. Data is sent in small pieces over a number of frequencies available for use at any time in the specified range. This can be done in 1 of 2 ways: Frequency-hopping spread spectrum (FHSS) - sends a short burst of data, changes frequencies and then sends another short burst to increase the probability of successful data transmission. (Chin, et al., 2002) A number of independent FHSS networks can exist in the same physical area without interfering with each other because the FHSS devices agree on which frequencies to hop to, and use each frequency for less than 400 milliseconds before hopping. FHSS only uses 1 MHz or less of the available bandwidth. This is the method that has been adopted by Shared Wireless Access Protocol (SWAP) networks. (Broch et al., 2007) Direct-sequence spread spectrum (DSSS)- communicate by each byte of data is split into several parts and sent simultaneously on different frequencies to ensure the document is received. This uses a lot of the available bandwidth, about 22 MHz. DSSS products capable of data rates of 6 Mbps, (4-6 times faster than currently available FHSS products), and approaching that of 10 Base-T wired hubs. FHSS devices are less prone to interference than DSSS devices because they use any given frequency for such a short time. Bluetooth Bluetooth is a radio frequency specification for short-range data transfer. Any device containing Bluetooth technology, whether it be a handheld PC, cell phone, laptop, or standard PC, receives the signal broadcast by the network. Over 2,000 companies, including 3Com, Agere, Ericsson, IBM, Intel, Microsoft, Motorola, Nokia, and Toshiba, are members of the Bluetooth SIG. The Bluetooth-specified standard is intended to ensure that all devices supporting Bluetooth are able to communicate with each other regardless of the device. This is a huge step toward full integration. Using Bluetooth can also give a business more options in terms of purchasing new hardware and upgrades in the future. Because all Bluetooth devices are interoperable, businesses are not forced to go back to the same manufacturer. They can look for the best prices among alternative devices that support Bluetooth. (Elliott & Heile, 2000) The current Bluetooth standard calls for the support of several elements. There must be general access among devices: they must be able to link, synchronize, and communicate with each other. Cordless telephony must be supported. (Broch et al., 2007) This means that cellphones with Bluetooth must be able to operate as cordless phones when they are in proximity to their base station. For example, a cellphone would act as a cordless phone with a laptop or desktop as its base station. The serial ports on Bluetooth devices act much like wired serial ports. Each device would also be able to receive and transmit voice data, as well as send faxes. Dial-up networking between a cellphone and a laptop computer is also part of the standard. (Chin, et al., 2002) Bluetooth provides a 10-meter personal bubble when a 0 dBm radio is used. Using a +20 dBm radio, the link range can be increased to up to 100 meters. It supports the simultaneous transmission of information and voice data. (Johansson et al., 2007) A network of Bluetooth devices is called a piconet. (Levine, 2004) Each piconet can support a maximum of eight devices. Each piconet has a master unit and slave units. The master unit synchronizes all of the other units, the slaves. Therefore, the master device of a piconet can also be a slave in a scatternet. The gross data transfer of Bluetooth devices is 1 megabyte per second, whereas the actual data rate is 432 kilobytes per second. Bluetooth technology is as secure as 128-bit public/private key authentication, and it supports good encryption. (Barrett et al., 2002) The most attractive feature of Bluetooth is that all products containing this technology will work together. All manufacturers implementing Bluetooth into their products must get them tested and certified, to ensure interoperability. (Broch et al., 2007) For businesses, this allows information to be shared across all the computer hardware integrated in the network. Users will be able to synchronize their mobile computer with their desktop simply by placing the mobile computer near the desktop. Mobile workers can use Bluetooth to make a cellphone in their pocket serve as a wireless modem for their laptop. (Elliott & Heile, 2000) The best part is that this synchronization will be unconscious and automatic when the devices are within a certain range of each other. (Heidemann et al., 2000) Currently, Bluetooth's most practical uses are its abilities to wirelessly synchronize devices and to serve as small networks. Its range limits its ability to serve the needs of large networks. For small businesses or sole practitioners which require smaller networks, Bluetooth may be more appropriate. Users can coordinate each device on the network to work more efficiently. (Barrett et al., 2002) Standards The Industry standard for wireless network technology is 802.11 governed by The Institute of Electrical and Electronic Engineers (IEEE). 802.11 defines the standard for wireless LANs encompassing three incompatible (non-interoperable) technologies: Frequency Hopping Spread Spectrum, Direct Sequence Spread Spectrum and Infrared. Many wireless network technologies have focused on DSSS specification because of the higher data rate it can attain. Incompatibility issues have arisen due to different interpretations of the standards. To counteract this an industry group the Wi-Fi Alliance has arisen. It certifies its members equipment as conforming to the 802.11a and b standards. (Elliott & Heile, 2000)The Wi-Fi mark guarantees intercompatibility between vendors and devices. In early October 2002, the group modified the Wi-Fi mark to indicate both a and b standards by noting 2.4 or 5 GHz band compatibility. 802.11b Although 802.11a and 802.11b standards were established at the same time 802.11b was the first wireless network to appear on the market place in 1999 (ratified in 1997 by IEEE) due to simpler technical implementation. 802.11b radios broadcasted at 2.4 GHz and propel data equal to a maximum of 11 Mbps utilizing direct sequence spread spectrum modulation. (Walery, 2005) It is a half duplex protocol (can send OR receive, but not both at the same time) which operates on 11 channels, all of which overlap except 3 which are clear. In a typical office range is about 400 ft. The most widely available and implemented wireless LANs today comply with the 802.11b standard, it has become the only standard deployed for public short-range networks 802.11a 802.11a transmits at 5 GHz and send data up to 54 Mbps using OFDM (Orthogonal Frequency Division Multiplexing). 802.11a has 12 channels, which do not overlap, allowing denser data transmissions. Its range is less, but it transmits at higher speeds at similar distances compared to 802.11b, and can carry up to 5 times the data over the air. The different radio frequency and modulation types of 802.11a and 802.11b causes them to not interoperate 802.11g 802.11g standard is the most commonly used wireless standards which offers speeds of upto 54Mbps and was introduced to merge the advantages of both 802.11a/b and minimize their disadvantages. However, 802.11g is now being superseded by the latest IEEE standard 802.11n, which offers a theoretical maximum speed of 100Mbps. (Larsson and Hedman, 2006) Wi-Fi Wi-Fi, also known as 802.11b, a, or g, has a longer range and greater bandwidth capacity than Bluetooth (the a, b, and g varieties of Bluetooth operate at different speeds and are not necessarily compatible). Wireless networks may be accessed remotely from workers' homes or other offices. Wi-Fi is also used to bridge the information flow between offices in different buildings. Wi-Fi networks are increasingly found in public places such as hotels, airports, libraries, and even coffee shops. When in an area that supports Wi-Fi, a Wi-Fi certified product is automatically linked to the network. Wi-Fi is ideal for mid- and large-sized companies. It enables businesses to boost productivity and efficiency through constant, real-time information flow, sharing of data, and uninterrupted communication. (Levine, 2004) Users can work on projects or prepare for meetings in the airport while they are waiting to board their flight. With wireless technologies such as Wi-Fi, companies can keep their employees, in or out of the office, up to date at all times. Members of the Wi-Fi Alliance plan to bring Wi-Fi to urban areas, central cities, and even major highways. (Johansson et al., 2007) Another major benefit of Wi-Fi is the ease with which new computers can be added to existing networks. To add another wireless computer to a Wi-Fi network, all that is needed is to equip it with a Wi-Fi card. (Elliott & Heile, 2000) Furthermore, if a company needs to move, it will not have to abandon its network infrastructure or rewire its new office location. All that needs to be done is to simply unplug the base stations at the old office and install them at the new office. (Walery, 2005) Security in Wireless Networks Wireless networks have built in security. (DSSS) was originally formulated for security by the military. DSSS transmission encrypt and decrypt all data sent this technique is used in most 802.11 systems. In frequency hopping networks the rapid changing of frequencies means that transmissions are very difficult to interpret and track. In 802.11 wireless communications a form of encryption called WEP (Wired Equivalent Privacy) is used. It prevents the unauthorized eavesdropping of data transmitted over the airwaves, provides access control and ensures data integrity this can be hacked though by using specialist equipment so precautions must be taken with sensitive data. Precautions such as implementing keys, access control lists (each client is authenticated by the Ethernet MAC address), implementing it outside the firewall and by using an application gateway. (Johansson et al., 2007) 802.11b transfers data at 11 MB per second. 802.11g, however, operates at speeds almost five times faster than that and is compatible with 802.11b products. As devices move farther away from the base station, data transfer rates decline significantly. Speeds at the maximum 802.11b range (about 1 MB/second), however, are still faster than most DSL and cable connections. This makes it more than adequate for receiving e-mail and browsing the Internet. (Walery, 2005) A standard Wi-Fi antenna broadcasts from 750 to 1,000 feet outdoors in open spaces. In an office or indoor setting, the standard antenna range drops to 150-350 feet. (Disabato, 2003) Dense materials, such as metals, bricks, or stone, may affect the transmission of radio waves, and therefore affect a Wi-Fi broadcast. If the walls in an office are heavily reinforced, Wi-Fi devices may have difficulty transmitting from one room to another. (Larsson and Hedman, 2006) Wired Equivalent Privacy (WEP) is 802.11's encryption standard. WEP works by encrypting the data transferred between the Wi-Fi device and the Wi-Fi access point. A Wi-Fi access point is hardware or software that acts as a communication hub for wireless devices to connect to a wired local area network (LAN). (Levine, 2004) They provide wireless security, while extending the accessible service range. In order for data that reaches the access point from the Internet to be protected, it must be encrypted by WEP before it is transferred to a Wi-Fi. (Heidemann et al., 2000) There have been several security problems with WEP, so the Wi-Fi Alliance is planning on implementing a new security standard named Wi-Fi Protected Access (WPA). WPA implements IEE 802.1X, a new standard being developed with better security. Many corporations use Virtual Private Networks (VPN) to protect remote access to their wireless LANs. A VPN creates a secure virtual tunnel between individual workstations and the company's servers. This means that a secure connection is established from a Wi-Fi device, through the Wi-Fi access point, over the public Internet, through the company's access point, and to the company's hardware. Existing systems can be modified to use VPNs to support a Wi-Fi network. A VPN encrypts any data transferred to company computers from outside the company network. VPN software also operates on remote computers and laptops. A VPN can give a company a lot of mobility. With VPNs, individuals can access information in company networks from anywhere. (Walery, 2005) Companies can expand their networks to the homes of their employees. Employees can also access the network from places such as airports and hotels, enabling them to stay abreast of developing situations while out of the office. In addition to a VPN, wireless networks have a standard technology called Remote Access Dial-Up User Service (Radius), used to protect access to wireless networks. In order for someone to access the network, she must input a valid user name and password. A key feature of Radius is that it may be used to provide different types of access levels. (Heidemann et al., 2000) A company may use one Radius server to provide access to the Internet, another for network databases, and another for access to e-mail. Microsoft provides a basic Radius server with its server systems. Radius server software and hardware can be expensive. (Disabato, 2003) One of the most formidable lines of system defense is the firewall. Firewalls work by blocking unauthorized users from accessing a company's internal network. Many Wi-Fi access points have built-in firewalls. In addition, all Wi-Fis include a network capability enabling a group of devices to share one Internet provider (IP) address, regardless of the Internet connection. This capability, called network address translation, creates new IP addresses for each computer in a group. These IP addresses are invisible to Internet users because they function separately under the cover of the original one. (Disabato, 2003) The major problem with wireless technology is its price tag. The components for wired networks are still cheaper than wireless network components. Access points can cost up to $1,000 each. The cost of hardware that supports wireless connections can be easily two to four times more expensive than that of wired network components. (Levine, 2004) The argument for going wireless, however, is that this higher cost for hardware is offset by the ease of installation and maintenance. (Walery, 2005) Accordingly, long-term costs to maintain the equipment are lower. There will be no expenditures to replace old wires. A wireless network can also serve as an expansion of a pre-existing wired network. Companies using wireless do not have to hire electricians to run electrical wiring or install new outlets, nor contractors to drill holes through floors and ceilings. If the company is wireless, new hardware needs only to be turned on and it is instantly networked. A company has more flexibility in expanding the network. Adding new access points can be expensive, but should be necessary only for significant expansion efforts. (Heidemann et al., 2000) Another point to keep in mind is that wireless technology has not truly caught on yet. As more and more hardware is produced to support wireless, broader adoption of Wi-Fi is likely. Demand will grow, and prices of equipment will decline. Conclusion This paper has shown the various wireless security protocols and standards and their advantages and drawbacks. However, as technology is a security is an ever improving domain, these standards and protocols are bound to be obsolete in the coming years. Wireless systems have the features needed to alter the way in which people work. Through remote access, more can be done from the home and the road. Important information can be received in real time, virtually anywhere. Small and medium-sized businesses can now have the same--and many times better--technology as their larger competition. Real-time wireless data sharing is a realistic possibility for many different types of companies, including professional firms. The best part is that a small business can often install the wireless network itself; outside help for installation will rarely be needed. References Barrett C. et al., (2002)"Characterizing the Interaction Between Routing and MAC Protocols in Ad-hoc Networks," Proc. MobiHoc, pp. 92-103 Broch J. et al., (2007) "A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols," Proc. Mobicom '. Chin, et al., (2002) "Implementation Experience with MANET Routing Protocols," ACM SIGCOMM Computer Communications Review, Nov., pp. 49-59. Disabato C. Michael (2003). Re-thinking wireless network Designs: Wireless LANs Are Poised to Make the Transition from Toys to Tools. to Do This, a New Approach Is Needed in Design and Implementation. Business Communications Review, Vol. 33, December 2003. Elliott C. and Heile B.,(2000) "Self-Organizing, Self-Healing Wireless Networks," Proc. 2000 IEEE Int'l Conf. on Personal Wireless Comm., pp. 355-362. Haas, Z. J. et al., eds., (2005) Special Issue on Wireless Ad Hoc Networks, IEEE J. on Selected Areas in Communications, Vol. 17, No. 8 (August 2005). Heidemann J. et al., (2000) "Effects of Detail in Wireless Simulation," SCS Communication Networks and Distributed Modeling and Simulation Conference, September 2000 Johansson et al., (2007) "Scenario-based Performance Analysis of Routing Protocols for Mobile Ad-hoc Networks," Proc. Mobicom '99, pp. 195-206. Larsson T. and Hedman N.,(2006) "Routing Protocols in Wireless Ad-hoc Networks--A Simulation Study," master's thesis at Lulea University of Technology, Stockholm. Levine, Marc H. Joel G. Siegel, Roberta M. Siegel (2004); Security Safeguards over Wireless Networks. The CPA Journal, Vol. 74, 2004. Perrig, Adrian & J. D. Tygar (2002). Secure Broadcast Communication: In Wired and Wireless Networks; Network Security Journal Walery, Darrell (2005). Tips for Implementing a Wireless Network. T H E Journal, Vol. 32, 2005. Read More