Since the introduction of WIFI networks, they have become most popular amongst the home users, however in recent years there has been an increase in the number of organisations implementing the use of this technology, however in some cases without proper authorisation. Nowadays it would be hard to find a computer that does not have WIFI capability, but just like their wired counterparts, wireless LANS are prone to a host of security vulnerabilities. One of the only exceptions being Denial Of Service (DoS) for which there is no solution so far, but it is possible to reduce the likelihood of this affecting your LAN by using a combination of precautions, which should theoretically help, but may not solve the problem as a whole. In this thesis, I will identify the existent security threats a wireless network faces, the security services required to be achieved and the countermeasures for attacks in each layer.
There is a great deal of vulnerabilities that exist for home wireless LAN systems, also known as small office/home office (SOHO) LAN systems, as well as for enterprise LAN systems. Both of these LAN types are susceptible to the same kinds of attacks and errors, but this places the emphasis on details of the larger more complex wireless LANS. This report will describe where the vulnerabilities reside, along with methods that can be used to detect them, and how to secure them. Discussion of hacker tools, 802.11 security standards and points to consider in planning a wireless LAN are also included in this report because of its importance when attempting to secure a wireless LAN. Although the main focus of this report is on identifying wireless security vulnerabilities, some other important information such as current and future trends in this technology will also be included. Hopefully this report will conclude that wireless LANs can be used safely, if relevant measures are taken to secure them.
In a simpler form, wireless LANs can be thought of as two or more unwired computers using the airwaves for typical computer purposes, with the help of an access point. In the case of a home computer system, one computer is usually wired while the others are not, hence the wireless concept. The unwired computer uses a Wireless Access Point (WAP) to network the two computers, thereby allowing both machines to use the same internet access, printer, scanner and other peripherals. This is contrast to previous configurations that required that some form of cable be run to each computer on the network. In the case of an enterprise, a wireless LAN can consist of several computers, usually laptops because of the mobility factor, using wireless access points to connect to a larger, more complex enterprise system with large amounts of data transactions occurring over radio frequencies.Background
Now-a-days a wireless networks are one of the most recent technologies and has received major attention because of its ability to self-configure and self-maintain itself. Whilst early research held a friendly and cooperative environment and focused on a variety of problems such as wireless channel access, security has grown to be a key concern in order to provide secure communication between nodes in a potential hostile environment. Recent wireless research indicates that the wireless Networks present large security problems than its peers more conventional wired networks.
Although wireless networks have several advantages over the traditional wired networks, on the other side they have a unique set of challenges. Firstly, wireless network faces in secure communication. For example the resource constraints on nodes in wireless networks sometimes limit the cryptographic (encryption) measures that are used for secure messages. Thus making it susceptible to link attacks raging in from passive eavesdropping to cryptographic encryption key breaking. Secondly, wireless networks without adequate protection are easy to compromise. An attacker can listen, modify and attempt to masquerade all the traffic on the wireless communications channel as one legitimate node in the network. Thirdly, static configurations may not be adequate for the dynamically changing topologies in terms of a valid security solution. Various attacks like DoS (denial of Service) can easily be launched and flood the network with ambiguous routing messages through a malicious node that gives incorrect updating information by pretending to be a legitimate change of routing information. Finally, lack of cooperation and constrained capability is common in wireless networks, which makes abnormalities hard to distinguish.Related Work
A number of researches are done on security challenges and solutions in wireless networks. Zhou and Haas have proposed using cryptography for providing security to the network. Kong et al have planned a secure routing protocol based on secret sharing, unfortunately, this protocol is based on erroneous assumptions, e.g. that each node cannot impersonate the MAC address of multiple other nodes (MAC Address Filtering). Deug, et al have focused on the routing issues in wireless routers and have described a solution of the 'black hole' problem. Sanzgiri el al, have proposed a secure routing protocol which is based on certificates and successfully defeats all identified attacks
The RSA, The Security Division of EMC, has initiated its campaign in promoting and improving best practices in wireless network security. As from a recent survey back in 2008, London contains the most amount of access points (wireless routers) in Europe at around 12,276, however after being diagnosed most of these access points belong to businesses within central London. Most significantly after thorough analysis the security level of these wireless networks were appalling, as from the survey results only 8% of them were actually protected by some sort of encryption.Research Goals
In this theory, we focus on the overall security threats and challenges in Wireless Networks (Wi-Fi). The security issues are analysed from individual layers mainly application layer, transport layer, network layer, link layer and physical layer. This modularity extends the clarity and depicts the original scenario in each layer. The solutions of the current problems are also reported here so that one may get direction. This study should theoretically provide a good understanding of the current security challenges and solutions of Wireless Networks. In general the following questions are addresses in our theory:
- What are the vulnerabilities and security threats in Wireless Networks? Which level is most vulnerable to attacks
- How the security services like confidentiality, integrity and authentication can be achieved from Wireless Networks? What steps should be taken?
- What are the countermeasures? How the security of the entire system is ensured?
- What are the potential dangers that maybe crucial in future?
The thesis is organised as follows. Chapter 2 is an overview of the security goals that must be archived to ensure secure communication in Wireless Networks. Chapter 3 presents the security exploits possible in Wi-Fi networks. Chapter 4 emphasises on threats imposed in Physical later. Chapters 5, 6, 7 and 8 presents the security challenges in Link layer, Network Layer, Transport Layer and Application layer respectively. Chapter 9 focuses on the solutions of the problems described in previous sections. Now finally Chapter 10 offers the concluding remarks and future works. The following two tables, precisely table 1.1 summarises the attacks Table 1.2 represents the solutions in each layer in Wireless Networks.