Chapter 18: Security in Wireless Networks and Devices Guide to Computer Network Security

Kizza - Guide to Computer Network Security Wireless technology is a new technology that started in the early 1970s. The rapid technological developments of the last twenty years have seen wireless technology as one of the fastest developing technologies of the communication industry. Because of its ability and potential to make us perform tasks while on the go and bring communication in areas where it would be impossible with the traditional wired communication, wireless technology has been embraced by millions. It is based on wireless networking technology that includes WLAN, Wireless WAN, Web and an industry of wireless communication devices. Kizza - Guide to Computer Network Security

Cellular Wireless Communication Network Infrastructure The wireless infrastructure, because of distance problems, is in most parts supported and complemented by other wired and other communication technologies such as satellite, infrared, microwave, and radio. In its simplest form, wireless technology is based on a concept of a cell. That is why wireless communication is sometimes referred to as cellular communication. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security The cell concept is based on the current cellular technology that transmits analog voice on dedicated bandwidth. This bandwidth is split into several segments permanently assigned to small geographical regions called cells. This has led to the tiling of the whole communication landscape with small cells of roughly ten square miles or less depending on the density of cellular phones in the geographical cell. Each cell has, at its center, a communication tower called the base station (BS) which the communication devices use to send and receive data. The BS receives and sends data usually via a satellite. Each BS operates two types of channels: The control channel which is used in the exchange when setting up and maintaining calls The traffic channel to carry voice/data. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security The satellite routes the data signal to a second communication unit, the Mobile Telephone Switching Office (MTSO). The MTSO, usually some distance off the origination cell, may connect to a land-based wired communication infrastructure for the wired receiver or to another MTSO or to a nearest BS for the wireless device receiver. An enabled wireless device such as a cellular phone must be constantly in contact with the provider. This continuous contact with the provider is done through the cell device constantly listening to its provider’s unique System Identification Code (SID) via the cell base stations. If the device moves from one cell to another, the current tower must hand over the device to the next tower and so on so the continuous listening continues unabated. As long as the moving device is able to listen to the SID, it is in the provider’s service area and it can, therefore, originate and transmit calls. In order to do this, however, the moving device must identify itself to the provider. This is done through its own unique SID assigned to the device by the provider. Every call originating from the mobile device must be checked against a database of valid device SIDs to make sure that the transmitting device is a legitimate device for the provider. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security The mobile unit, usually a cellphone, may originate a call by selecting the strongest setup idle frequency channel from among its surrounding cells by examining information in the channel from the selected BS. Using the reverse of this frequency channel, it sends the called number to the BS. The BS then sends the signal to the MTSO. The MTSO attempts to complete the connection by sending the signal, called a page call, to a select number of BSs via a land-based wired MTSO or another wireless MTSO, depending on the called number. The receiving BS broadcasts the page call on all its assigned channels. The receiving unit, if active, recognizes its number on the setup channel being monitored and responds to the nearest BS which sends the signal to its MTSO. The MTSO may backtrack the routes or select new ones to the call initiating MTSO which selects a channel and notifies the BS which notifies its calling unit. See Figure 17.2 for details of this exchange. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security During the call period, several things may happen including: Call block which happens when channel capacity is low due to high unit density in the cell. This means that at this moment all traffic channels are being used Call termination when one of two users hangs up Call drop which happens when there is high interference in the communication channel or weak signals in the area of the mobile unit. Handoff when a BS changes assignment of a unit to another BS. This happens when the mobile unit is in motion such as in a moving car and the car moves from one cell unit to another adjacent cell unit. Kizza - Guide to Computer Network Security

Limited and Fixed Wireless Communication Networks This is a limited area wireless, known mainly as cordless wireless, that is commonly found in homes and offices. Cordless telephones were developed for the purpose of providing users with mobility. Cordless has been popular in homes with a single base station that provides voice and data support to enable in-house and a small perimeter around the house or office communication. However, in office, this can be extended, if there is a need, especially in a big busy office, to multiple BSs connected to a single public branch exchange (PBX) of a local land telephone provider. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security Cordless wireless is limited in several areas including: The range of the handset is limited to an average radius of around 200 m from the BS Frequency flexibility is limited since one or a few users own the BS and handset and, therefore, do not need a range of choices they are not likely to use. A wireless loop (WLL) provides services using one or a few cells, where each cell has a BS antenna mounted on something like a tall building or a tall mast. Then each subscriber reaches the BS via a fixed antenna mounted on one’s building with an unobstructed line of sight to the BS. The last link between the BS and the provider switching center can be of wireless or fixed technology. WLL offers several advantages including: It is less expensive after the start up costs. It is easy to install after obtaining a usable frequency band. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security The FCC has allocated several frequency bands for fixed wireless communication because it is becoming very popular. Two popular technologies of WLL are: local multipoint distribution service (LMDS) – delivers TV signals and two-way broadband communications with relatively high data rates and provides video, telephone, and data for low cost multi-channel multipoint distribution service (MMDS) - competes with cable TV services and provides services to rural areas not reached by TV broadcast or cable. Kizza - Guide to Computer Network Security

Wireless LAN (WLAN) or Wireless Fidelity (Wi-Fi) Wireless LAN (WLAN) or just Wi-Fi, as it is commonly known in industry, is becoming common in industry and for individuals. A wireless LAN offers many advantages to a business to supplement the traditional LAN. It is cheap to install; it is fast, it is flexible to cover traditionally unreachable areas. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security A wireless LAN have applications in four areas: LAN extension, cross-building interconnection, nomadic access, and ad hoc networks: LAN extensions are wireless LANs (WLANs) linked to wired backbone networks as extensions to them. The existing LAN may be an Ethernet LAN, for example. The WLAN is interfaced to a wired LAN using a control module that includes either a bridge or a router. Cross-building interconnection WLANs are connected to nearby or adjacent backbone fixed LANs in the building by either bridges or routers. Nomadic access is a wireless link that connects a fixed LAN to a mobile IP device such as a laptop. Most wireless communication security problems are found in this configuration. Ad Hoc Networking involves a peer-to-peer network temporarily and quickly set up to meet an urgent need. Kizza - Guide to Computer Network Security

WLAN (Wi-Fi) Technology WLAN technology falls in three types based on the type of transmission used by the LAN: Infrared (IR) LANs are LANs in which cells are formed by areas, without obstructing objects between network elements, that the network is in. This is necessitated by the fact that infrared light does not go through objects. Spread spectrum LANs use spread spectrum transmission technology. If the transmission band is kept within a certain frequency range then no FCC licensing is required. This means they can be used in a relatively larger area than a single room. Narrowband microwave LANS operate at microwave frequencies, which means that they operate in large areas and, therefore, require FCC licensing. Kizza - Guide to Computer Network Security

Mobile IP and Wireless Application Protocol (WAP) The growth in popularity of WLANs has been fueled by the growing number of portable communication devices whose prices are plummeting. In response new technologies such as Mobile IP and WAP, and standards such as the IEEE 803.11 ( as we will shortly see) have been developed. IN a fixed network, datagrams are moved from clients to servers and from server to server using the source and destination addresses (the IP addresses) in the datagram header. While this is not a problem in fixed networks, in wireless networks with a moving transmitting and receiving element, keeping connectivity in a dynamically changing IP addressing situation is a challenge. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security A mobile node has a home IP address ( in the fixed LAN) and it is considered static. For this mobile unit to move from this home base and still communicate with it while in motion, the following protocol handshake must be done. Once the mobile unit moves, it seeks a new attachment to a new network; this new network is called a foreign network. The mobile unit must make its presence known to the new network by registering with a new network node on the foreign network, usually a router, known as a foreign agent. The mobile unit must then choose another node from the home network, the home agent, and give that node a care-of address. This address is its current location in the foreign network. With this in place, communication between the mobile unit and the home network can begin. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security IN this environments packets are moved from the home network to the mobile unit as: A datagram with a mobile unit’s IP address as its destination address is forwarded to the unit’s home network. The incoming datagram is intercepted by the designated home agent who encapsulate the datagram into a new datagram with the mobile unit’s care-of address as the destination address in its IP header. This process is called tunneling. Upon receipt of the new tunneled datagram, the foreign agent opens the datagram to reveal the inside old datagram with the mobile unit’s original IP address. It then delivers the datagram to the mobile unit. The process is reversed for the return trip. Kizza - Guide to Computer Network Security

Wireless Application Protocol (WAP) Just as the Mobile IP wireless technology was dictated by the mobility of customers, WAP technology was also dictated by the mobility of users and their need to have access to information services including the Internet and the Web. See WAP Protocol stack – page 478 Kizza - Guide to Computer Network Security

Standards for Wireless Networks While protocols spell out the “how to” framework for the two or more communicating devices, standards govern the physical, electrical, and procedural characteristics of the communicating entities. There has been a rapid development of wireless standards – so rapid that some people have called the many standards – a children alphabet. We discuss two: IEEE 802.11 and Bluetooth. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security The IEEE 802.11 Developed by the IEEE 802.11 working group, IEEE 802.11 or more commonly 802.11, is the most well known and most widely used and most prominent wireless LAN specification standard. It is a shared, wireless local area network (LAN) standard. It is based on the OSI layering model of the fixed LAN including a similar physical layer In fact the IEEE 802.11 is an umbrella standard of many different standards varying in speed, range, security, and management capabilities as shown in Table 17.2. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security Bluetooth (See Figure 17.9) Bluetooth was developed in 1994 by Ericsson, a Swedish mobile-phone company, to let small mobile devices such as a laptop make calls over a mobile phone. It is a short-range always-on radio hookup embedded on a microchip. It uses a low-power 2.4 GHz band, which is available globally without a license, to enable two Bluetooth devices within a small limited area of about 5 m radius to share up to 720 kbps of data. Bluetooth has a wide range of potential applications and gives users a low-power, cheap, untethered, and confined ability to: Create wireless connections among computers, printers, keyboards, and the mouse Wirelessly use MP3 players with computers to download and play music Remotely and wirelessly monitor devices in a home including remotely turning on home devices from a remote location outside the home. Kizza - Guide to Computer Network Security

Security in Wireless Networks Wireless networks are inherently insecure. This problem is compounded by the untraceable hackers who use invisible links to victimize WLANs and the increasing number of fusions between LANs and WLANs, thus adding more access points (the weak points) to the perimeters of secure networks. WLANs need to not only provide users with the freedom and mobility which is so crucial for their popularity but also the privacy and security of all users and the information on these networks. Several security mechanisms required in WLANS include confidentiality, authentication, and access control. The “wired equivalent” concept for the IEEE 802.11 WLAN standard was to define authentication and encryption based on the Wired Equivalent Privacy (WEP) algorithm. This WEP algorithm defines the use of a 40-bit secret key for authentication and encryption. But all these mechanisms failed to work fully as intended. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security WLAN found itself facing severe privacy and security problems including the following: Identity in WLANs - WALN protocol contains a media access control (MAC) protocol layer in its protocol stack which the WLAN standard uses as its form of identity for both devices and users. However, in the newer open source device drivers, this MAC is changeable, creating a situation for malicious intruders to masquerade as valid users. In addition, WLAN uses a Service Set Identifier (SSID) as a device identifier (name) in a network. It allows clients to communicate with the appropriate BS. Each BS comes with a default SSID, but attackers can use these SSIDs to penetrate a BS. As we will see later, turning off SSID broadcasts cannot stop hackers from getting to these SSIDs. Kizza - Guide to Computer Network Security

Kizza - Guide to Computer Network Security Other weaknesses include: Lack of Access Control Mechanism Lack of Authentication Mechanism in 802.11 Lack of a WEP Key Management Protocol Kizza - Guide to Computer Network Security