Partha Dasgupta and Tom Boyd
Dept. of Computer Science and Engineering Fulton School of Engineering Arizona State University firstname.lastname@example.org, email@example.com Abstract Wireless networking is inherently insecure. From jamming to eavesdropping, from man-inthe middle to spoofing, there are a variety of attack methods that can be used against the users of wireless networks. Modern wireless data networks use a variety of cryptographic techniques such as encryption and authentication to provide barriers to such infiltrations. However, much of the commonly used security precautions are woefully inadequate. They seem to detract the casual sniffer, but are unable to stop the powerful adversary. In this article, we look into the technology and the security schemes in IEEE 802.11, cellular and Bluetooth wireless transport protocols. We conclude that the only reliable security measure for such networks is one hat is based on application level security such as using a VPN.
1. Introduction The use of wireless communication for data networking has been around since the early 1990’s, mostly using proprietary technologies. The Aloha network in Hawaii (circa 1970) was one of the first data communication networks without wires. The emergence and acceptance of standards around 2000 has exploded the use of wireless access and currently (2004) several forms of wireless communication is widely used by the mainstream computing community. These forms include, amongst others, the IEEE 802.11 series of wireless products, various forms of data access provided by cellular providers and an emerging technology for short-range communication called Bluetooth. The barriers to wireless communication in the early 1990’s were many. Spectrum was in short supply, which was later resolved by the FCC opening up several large bands in the 2GHz and 5GHz ranges for unlicensed use. The price of producing hardware that operates at the multi gigahertz range fell sharply due to advances in miniaturization and innovative production techniques. Even with falling prices and availability of spectrum the barrier was interoperability, that is signaling protocols and frequencies used by a manufacturer of wireless hardware was not compatible with those used by another vendor, causing customers to get “locked-in” to a particular provider. This was enough of a customer disincentive to stifle the wireless market. Several simultaneous occurrences finally pushed wireless access to the foreground of consumer products in the 2003 time frame. These are the decline in price of laptop computers and PDAs (personal digital assistants), the perceived need and allure of untethered Internet access and the emergence of standards notably IEEE 802.11b and which allowed products from any vendor to seamlessly interact with products of other vendors. Along with the emergence of almost ubiquitous low-cost wireless access, we are now saddled with risks, vulnerabilities and a general lack of security at the network level when wireless communications are used. This paper discusses the vulnerabilities of wireless access and presents the industry standard solutions that can in some cases correct, mitigate or at least provide some level of confidence in wireless communication. 2. Vulnerabilities A vulnerability is a flaw in any hardware or software system, that is the result of either oversight or poor design, or even the basic nature of the system that can be exploited to disrupt the intended operation of the
system. The disruption may be in the form of the introduction of a malfunction or the gaining of unauthorized access as well as the theft of some or part of the information stored or in transit in the system. A complete description of vulnerabilities in computer systems and network systems is not within the scope of this article. Until around the early 1990’s vulnerabilities in computing and networking systems were not well understood and were generally ignored. There...