Analysis of Wireless Security Vulnerabilities, Attacks, and Methods of Protection
Abstract - The rapid adoption and highly distributed nature of wireless networks has made it vulnerable to attacks and calls for innovative strategies of defense for network security. The lack of cables and transfer of information over airwaves makes data exchange more susceptible to interception. Furthermore, it is difficult to implement effective methods of security without sacrificing the quality and speed of network operations. For the previous reasons, wireless security has become a common topic of interest in research projects and will be the basis of discussion for this paper.
The rapid adoption and highly distributed nature of wireless networks has made it vulnerable to attacks and calls for innovative strategies of defense for network security. The lack of cables and transfer of information over airwaves makes data exchange very susceptible to interception. Furthermore, it is difficult to implement effective methods of security without sacrificing the quality and speed of network operations. For these reasons, wireless security is a topic of much interest and will be the basis of discussion for this paper. For the sake of cohesion, we will specifically discuss wireless security on the wireless network protocol IEEE 802.11 (or Wi-Fi) and its use in managed networks (or Infra-structured) though many of the topics discussed apply to other protocols as well. In our discussions, we will conduct a survey of both encryption based and non-encryption based attacks. 1.1 Overview of Wireless Security
Through the evolution of wireless networks, IEEE 802.11 (or Wi-Fi) has gained popularity as a low cost networking alternative to cabling both in households and offices for setting up Local Area Networks 2 (LANs). The protocol’s popularity and ease of use comes at a cost, however, as attackers have dedicated many resources to discovering and exploiting its vulnerabilities. Because communication in wireless networks occurs “over the airwaves” through radio frequencies, it is usually not difficult for an attacker to position himself in a physical location where he can intercept messages that are being transmitted between Wireless Access Points (WAPs) and the wireless network clients. Obviously, plain-text communication in such an environment would be void of confidentiality and an attacker could easily sniff packets for as banking passwords, credit card numbers, and other personal information. Thus, a first step toward security is encryption. A number of encryption techniques have been proposed, and some of the more mainstream algorithms and their weaknesses will be discussed in more detail in section 2.1. Despite attempts to ensure that communication across Wi-Fi is performed securely, there still remain other aspects of the network that an attacker may target, such as its availability and integrity. A large problem in Wi-Fi networks is the blind trust of a sender’s Ethernet address (or MAC address) in the Wi-Fi Data Link Layer (OSI Layer 2). This blind trust opens the door to attackers performing Denial of Service (DOS) attacks, hindering a network’s availability as well as compromising its integrity. By spoofing their Ethernet address to be identical to one in use by one of the client computers, an attacker can issue management frames (control frames handled in the Data Link Layer) to de-associate the computer from the wireless network - thus disrupting service between the authentic client and the network. These availability and integrity attacks will be discussed in more detail in section 2.2.
1.2 Motivation for the research
In an era when wireless networks are rapidly being deployed in just about every location possible, it is critical that security remain a focal point of research. Not only are wireless networks becoming common in households around the world, but they are occurring in greater densities, where,...
Please join StudyMode to read the full document