Wireless networks Essay
- II. WHY WIRELESS webs are prone to onslaughts?
- III. radio choping – measure by measure
- A. Enumeration:
- B. Vulnerability Assesment:
- C. Means of Entry:
- IV. TYPES OF THREATS & A ; ATTACKS
- A. Eavess Droping and Traffic Analysis:
- B. Message Alteration:
- C. Rogue Devicess:
- D. Session Hijacking:
- E. Man In the Middle Attacks:
- V. BASIC REQUIREMENTS IN WIRELESS NETWORK SECURITY
- A. Authentication:
- B. Accountability
- C. Encoding:
- VI. WIRELESS SECURITY – UNENCRYPTED
- A. MAC Registration:
- B. Firewalls:
- C. Wireless Firewall Gateways:
- VII. WEP-WIRED EQUIVALENT PRIVACY
- A. Sender Side:
- B. Receiver Side:
- C. Brief Descriptions:
- D. RC4 Algorithm:
- E. Drawbacks of WEP:
- VIII. WPA -WIFI PROTECTED ACCESS
- A. TKIP ( Temporal Key Integrity Protocol ) :
- B. Advantages of WPA:
- IX. WPA2-WIFI PROTECTED ACCESS 2
- A. 802.1X:
- B. EAP ( Extended Authentication Protocol ) :
- X. RSN-ROBUST SECURITY NETWORKS
- A. Phases of RSN:
- B. Preliminary Authentications:
- C. 4-Way Handshake:
- D. CCMP Protocol:
- Eleven. SECURITY FOR WHN ( WIRLESS HOME NETWORK )
- A. Types of Attacks on WHN:
- B. Stairss to follow to Ensure WHN Security:
- C. SDS ( Security Delegation service ) :
- Twelve. SECURITY FOR BLUETOOTH NETWORKS
- A. Security Features Applied By BLuetooth:
- B. Bluetooth Parameters:
- C. Security Architecture:
- D. Key Paring And Authentication:
- E. Device Trust Degrees:
- F. Service Security Modes:
- Thirteen. FUTURE OF WIRELESS SECURITY
- A. WIMAX Security:
- B. Zigbee Technology:
- Fourteen. Decision
WIRELESS webs, due to ease of installing, cost benefits and the capableness of connectivity, hence communicationA anyplace, has made it the most popular manner of web apparatus in this twenty-first century. With addition in the demand of nomadic systems, the current electronic market has besides been deluging with laptops, personal digital assistants, RFID devices, health care devices and radio VOIP ( Voice over IP ) which are WIFI ( Wireless Fidelity ) enabled. With the 3G ( Third Generation ) and 4G ( Fourth Generation ) cellular radio criterions, Mobiles phones are besides WIFI enabled with really high velocity being provided for informations upload and download.Nowadays a promenades and public countries non advert even metropoliss are WIFI capable, enabling a individual to entree the cyberspace or even reach a distant waiter in his office from anyplace in that metropolis or even from his nomadic phone while merely sauntering down the route.
But as every good engineering has its ain drawbacks so does the radio networks.Just as in the instance of wired webs they are besides prone to intruder onslaughts or more normally known asTungstenireless hackingA therefore compromising the webs, security, unity and privateness. The basic ground for this is when the radio web was foremost introduced, it was considered to hold security and privateness built into the system while conveying informations. This misconception had fundamentally arisen because radio system senders and receiving systems used dispersed spectrum systems which have signals in the broad transmittal set. Since the RF ( Radio Frequency ) receiving systems which at that clip could merely stop signal in the narrow transmittal band these wireless signals were potentially considered in the safe zone.But it did non take long to contrive devices that could stop these wireless signals every bit good.Hence the unity of informations send over radio webs could be easy compromised.With the development of engineering so has the methods and ways in which a web can be attacked become more barbarous.
Fig-1: WLAN ( Wireless Local Area Network )
Security of radio webs against such barbarous onslaughts is therefore the become the precedence for the web industry. This is because non all webs are every bit unafraid.The security depends on where this web is used. For illustration, if the demand of the radio is to supply a radio hot spot in a shopping promenade so so the security of this is ne’er concerned with but if it ‘s for a corporate they have their ain security hallmark and user entree control implemented in the web.
II. WHY WIRELESS webs are prone to onslaughts?
There are figure of grounds why radio webs are prone to malicious onslaughts.These are the most ambitious facets to eb considered when a secure radio web has to be established.
a ) Wireless web are unfastened webs: The ground for this is that there is no physical media protecting these webs.Any package transmitted and received can be intercepted if the receiving system has the same frequence as the sender receiving system used by H radio web.There is besides a common misconception that if theA hallmark and encoding are decently used the web will non be compromised.But what about the messages send back and Forth before the hallmark and encoding comes into drama?
B ) Distance and Location: The aggressor can assail from any distance and location and is merely limited by the power of the sender.Special devices have been designed which can assail even short distance webs such the Bluetooth
degree Celsius ) Identity of the Attacker: Attacker can ever stay unidentified because he uses a series of aerials or other compromised webs before making the existent mark. This makes radio web aggressors really hard to track.
Some of the grounds why such onslaughts are so common is because of the easy handiness of information from none other than the Internet, easy to utilize inexpensive engineering and of class the motive to chop.
III. radio choping – measure by measure
To understand the security protocols for wireless webs presently in usage, first it is of import to understand the methods through which a weak web is attacked by a hacker.These are besides known as wireless invasion methods.
Besides know as web Enumeration, the first and first measure to choping which is happening the radio web. The radio web could be any specific mark or even a random weak web which can be compromised and used to assail other terminal systems or webs.This effort is achieved by utilizing a web find package which are now a twenty-four hours ‘s available online in plentifulness, to call a few are Kismet and Network tripper.
In order to hold more information about the web, the packages that are send and received by the web can whiff utilizing web analysers besides known as sniffers.A big figure of information can be obtained by utilizing this including IP reference, SSID numbersA even sensitive information such as MAC reference, type of information and besides the other webs that this compromised terminal system.
Yet another job faced is the usage of web plotters which can be used to happen he servers that run these compromised webs therefore besides assailing these waiters which could so impact proper working and information transportation between these waiters and to other webs connected to it.
B. Vulnerability Assesment:
This is chiefly done by the hacker Y utilizing a exposure scanner.After the hacker has found the web he want to assail he uses this plan in order to observe the failing of the computing machine, computing machine systems webs or even applications. After this the interloper decided on the most possible agencies of entry into the web.
C. Means of Entry:
IV. TYPES OF THREATS & A ; ATTACKS
A. Eavess Droping and Traffic Analysis:
This is the signifier of onslaught that makes usage of the weak encoding of the web.This ever compromises the unity and security of the web.All onslaughts such as war drive, war chalking, package sniffingA traffic analysis all autumn under this class
B. Message Alteration:
These onslaughts are chiefly used to modify the information that is send across a web.The alteration might be giving incorrect information or besides adding malicious content to the information package direct signifier one station to another.This compromises the unity and privateness of the Data.
C. Rogue Devicess:
Thesiss could be devices such as APS, application package plans which has been compromised by the interloper and made to work harmonizing to him/her. Such devices can compromise the unity of the web every bit good as the informations send across it.These devices can besides establish answer onslaughts and besides make the web associated to malicious content websites or information.
D. Session Hijacking:
This onslaught occurs after a valid session has been established between two nodes to through the AP.In the aggressor poses as a valid AP to the node seeking to set up connexion and a valid node to the AP.The aggressor can so direct malicious or false information to the node that the connexion has already been established with.The legitimate node believe that the AP has terminated he connexion with it. The hacker can so utilize this connexion to acquire sensitive information from the web or the node.
E. Man In the Middle Attacks:
This is similar to that of a session commandeering onslaught but in this instance it is a knave AP that actsA asA valid client to the legitimate AP and valid AP to the legitimate client.Once this has been established the knave AP can entree all information from the, intercept communicating, send malicious information to other clients through this.
These are merely few of the security menaces and onslaughts in radio environments.With the progressing engineerings at that place many more possible security menaces that can be faced by these webs in the hereafter.
V. BASIC REQUIREMENTS IN WIRELESS NETWORK SECURITY
With the exposure of radio webs, security and countering Os such malicious onslaughts have become one of the top precedences addressed by endeavors, corporate as good asA research Fieldss in IT.There are many pints to be considered when the security of a web is concernedA the most of import degree Fahrenheit which are: hallmark, answerability and encoding.
This is really familiar to anyone utilizing a web in his or her work topographic point or even accessing he e-mail on the cyberspace and the really first measure in advancing a secure radio web. .There many different ways of hallmark and many different tools and methods have been used over the old ages in order.. make the primary procedure, more dependable and fool prof.Some of the most widely used methods are:
a ) User name and Password combinations by and large defined as something that a individual knows.
B ) Smart Card, RFIDs and Token engineerings besides known as something that a individual has
degree Celsius ) Biometric Solutions such as finger printing, retina scanning which can be by and large defined as something that a individual is or are.
Now the dependability of each one of these methods can change depending on the degree on which it has been implemented.In the instance really low degree hallmark s merely one sort of method I used to procure the web.One of the weakest signifiers of hallmark can be considered as the usage of merely ID card or token technologiesA as if a individual looses this, he can compromise the security of the web.Even in the instance of username and password the strength of the hallmark is merely every bit good as the complexness of the information used as username or even password.People by and large prefer to utilize watchwords that are easy to retrieve but besides known to many other people in that organisation or even outside One of the much better ways of procuring a web through hallmark is to utilize biometric solutionsA such as fingerprinting or retina scanning.But of class engineering has advanced to the extend that even fingerprints or even retinas can be forged.Nowadays a figure of methods of combinable methods are used as hallmark with high security premises or webs guarded by more than two or three sorts of hallmarks.
AfterA a user has been authenticated to utilize the web it is of import to hold t able to track the computing machine use of each individual utilizing the web so that incase of any disgusting drama the individual responsible can be held responsible.When the webs were really little it was really easy degree Fahrenheit a web decision maker to trackA the use of each individual on a web.But with immense webs, distant entree installations and of class the radio webs it has become rather a hard undertaking.AS mentioned earlier, there are many ways in whichA a hacker can do himself hard to track down.Many package ‘s and microcode ‘s have been created which is used in speculation with the hallmark protocols inoder to do the radio web more secure and robust.
This is the most of import measure in edifice and procuring a strong radio web substructure.he steps by and large followed for this are:
a ) Methods based on public cardinal substructure ( PKI )
B ) Using high spot encryption strategy
degree Celsius ) Algorithm used for encoding must be good known and proven to be really unbreakable.
Current radio web security solutions can be classified into three wide classs:
a ) unencrypted solutions
B ) encrypted solutions
degree Celsius ) combination.
In this paper with accent as explained in the abstract will eb on encrypted solutions for wireless security. A brief treatment on the unencrypted methods has still been given for basic apprehension.
I n the instance of encoding based security protocols, a inside informations description is given about the 1s that are normally used in wireless LANS in this paper.After which the latest and developing engineerings will be discussed.The three major coevalss of security as bing today and besides cited in many documents, diaries and magazines are as follows:
1 ) WEP ( Wired Equivalent Privacy )
2 ) WPA ( Wi-Fi Protected Access )
3 ) WPA2
The image below shows the bed in which the radio web security protocols come into drama which is of class the nexus bed:
Fig-1: 802.11 AND OSI MODEL
VI. WIRELESS SECURITY – UNENCRYPTED
A. MAC Registration:
This is one of the weakest methods web security..MAC enrollment was fundamentally used to procure university residential webs as college flats or residence hall suites. The basic manner of making this is to configure DHCP ( Dynamic Host Configuration Protocol ) to rent IP reference to merely a know set of MAC reference which can be obtained manually by running automated books on a web waiter so fundamentally any individual with a valid enrollment can come in into the web.Session logs besides can non be generated because of which accounting of the logs become impossible. Last but non the least since this method of securing was fundamentally used for switched and wired webs encoding was ne’er included.
In this method, web hallmark is one through either HTTP ( Hyper text Transfer Protocol ) , HTTPSA or telnet.When an hallmark demand is received by the web it is directed to the hallmark waiter.On formalizing the authenticationA A the firewalls add regulations to the IP addressA provided to that user, This IP reference besides has timer attached to it in order to bespeak the regulation clip out of this IP reference. When executed through HTTPS it is fundamentally a session based every bit good as a secure procedure.But any other procedure which is adapted from a switched wired web firewalls does non provided encoding.
C. Wireless Firewall Gateways:
One of the mostA latest every bit good as well sap cogent evidence method in unencrypted solutions in Wireless Firewall Gateways or WFGs.This is a individual radio gate manner is integrated with firewall, router, web waiter and DHCP serverA and it ‘s because of all these being in one system that makes WFGS a really unafraid radio security solution. When a user connectsA to the WFG, he/she receives a IP reference signifier the DHCP service.Then the web waiter ( HTTPS ) asks for a user name and watchword and this is executed by the PHP ( Hypertext Preprocessor ) .Address burlesquing and unauthorised webs are avoided by PHP as theA DHCP logs are invariably compare with the current updated ARP ( Address Resolution Protocol ) .This verifies that the computing machine that is connect to the web is utilizing he the IP reference that has been leased to it by the DHCP waiter.Then this information is passed on to the hallmark serverA which in bend adds regulations to this IP reference.Up ne the termination of the DHCP lease the Sessionss are terminated. The WFGS hence make the hallmark and accountably chuck degree Fahrenheit the web more dependable, But as this is besides an unencrypted methodA it lacks the most of import accept of security.
VII. WEP-WIRED EQUIVALENT PRIVACY
This protocol was written in conformity with the security demands required for IEE 802.11 radio LAN protocol.IT is adapted from the wired LAN system and therefore the security and privateness provided by it is besides tantamount to the security and privateness provided a wired LAN. Through it ‘s an optional portion of radio web security, it will give a well secure networking environment.
The algorithm used in WEP is known as the RC4 ( Rivest Cipher 4 ) .In this method a pseudo random figure is generated utilizing encoding keys of random lengths.This is so bound with the informations bitsA utilizing a OR ( XOR ) functionality in order T generate an encrypted information that is so direct.Too expression at in more in item:
A. Sender Side:
The imposter random figure is generated utilizing the 24 spot IV ( low-level formatting Vector ) given by the decision maker web and besides a 40 R 104 spot secret key or WEP cardinal given by the radio device itself. Which is so added together and passed on to theWEP PRNG ( Pseudo Random Number Generator ) .At the same clip the field text along with an unity algorithms combined together to organize ICV ( unity look into value ) .The pseudo figure and the ICV are so combined together to organize a cypher text by directing them through an RC4.This cypher text is so once more combined with IV to organize the concluding encrypted message which is so send.
Fig-2: WEP SENDER SIDE
B. Receiver Side:
In the receiving system side the message is decrypted in five stairss.Firs the preshared key and the encrypted message are added together.The consequence is so passed through yet another PRNG.The ensuing figure is passed through an CR4 algorithm and this ensuing in recovering the field text.This once more combines with another unity algorithm to organize a new ICV which is so compared with the old ICV T cheque for unity.
Fig-3: WEP RECIEVER SIDE
C. Brief Descriptions:
a ) Low-level formatting Vector: are fundamentally random bit the size degree Fahrenheit which is by and large 24 spots but it besides depends on the encoding algorithm.This IV is besides send to the receiver side as it is required for decoding the informations send.
B ) Preshared Key: is more or less like a watchword.This is fundamentally provided by the web decision maker and is shared between the entree point and all web users
degree Celsius ) Pseudo Random Number Generator: This fundamentally making a alone secret key for each package sends through the web. This is done by utilizing some 5 to at most 13 characters in preshared key and besides by utilizing indiscriminately taken characters from IV.
vitamin D ) ICV and Integrated Algorithm: This is used to code the field text or informations and besides to make a cheque value which can be so compared y the receiving system side when it generates its ain ICV.This isA done utilizing CRC ( Cyclic Redundancy Code ) technique to make a checksum.For WEP, the CRC-32 of the CRC household is used.
D. RC4 Algorithm:
RC $ algorithm is non merely proprietary to WEP.IT can besides be called a random generator, watercourse cypher etc.Developed in RSA research labs in 1987, this algorithm uses logical maps to be specific XOR to add the key to the informations.
Figure 5: RC4 Algorithm
E. Drawbacks of WEP:
There are many drawbacks associated with the WEP encodings. There are besides plans now available in the market which can easy chop through these encoding go forthing the web utilizing WEP vulnerable to malicious onslaughts:
Some of the jobs faced by WEP:
- WEP does non forestall counterfeit of packages.
- WEP does non forestall rematch onslaughts. An aggressor cans merely record and replay packages as desired and they will be accepted as legitimate
- WEP uses RC4 improperly. The keys used are really weak, and can be brute-forced on standard computing machines in hours to proceedingss, utilizing freely available package.
- WEP reuses low-level formatting vectors. A assortment of available
Cryptanalytic methods can decode informations without cognizing the encoding key
- WEP allows an aggressor to undetectably modify a message without cognizing the encoding key.
- Key direction is lack and updating is hapless
- Problem in the RC-4 algorithm.
- Easy forging of hallmark messages.
VIII. WPA -WIFI PROTECTED ACCESS
WPA was developed by the WI-FI confederation to get the better of most of the disadvantages of WEP. The advantage for the usage is that they do non hold Ts alter the hardware when doing the alteration from WEP to WPA.
WPA protocol gives a more complex encoding when compared to TKIP and besides with the MC in this it besides helps to counter against spot flipping which are used by hackers in WEP by utilizing a method known as hashing.The figure below shows the method WPA encoding.
Figure 6: WAP Encryption Algorithm ( TKIP )
As seen it is about every bit same as the WEP technique which has been enhanced by utilizing TKIP but a hash is besides added before utilizing the RC4 algorithm to bring forth the PRNG. This duplicates the IV and a transcript this is send to the following measure.Also the transcript is added with the base key in order to bring forth another particular key.This along with the hashed IV is used to bring forth the consecutive key by the RC4.Then this besides added to the informations or program text by utilizing the XOR functionality.Then the concluding message is send and it is decrypted by utilizing the opposite of this procedure.
A. TKIP ( Temporal Key Integrity Protocol ) :
The confidentiality and unity of the web is maintained in WPA by utilizing improved informations encoding utilizing TKIP. This is achieved by utilizing a hashing map algorithm and besides an extra unity characteristic to do certain that the message has non been tampered with The confidentiality and unity of the web is maintained in WPA by utilizing improved informations encoding utilizing TKIP. This is achieved by utilizing a hashing map algorithm and besides an extra unity characteristic to do certain that the message has non been tampered with
The TKIP has approximately four new algorithms that do assorted security maps:
a ) MIC or Micheal: This is a cryptography system which improves the unity of the informations transportation via WPA.MIC unity codification is fundamentally 64bits long but is divided into 32 spots of small Endean wordsA or least important spots for illustration Lashkar-e-Taiba it be ( K0, K1 ) .This method is fundamentally used to do that the information does non acquire forged.
B ) Countering Replay: There is one peculiar sort of counterfeit that can non me detected by MIC and this is called a replayed package.Hackers do this by hammering a peculiar package and so directing it back at another case of clip.In this method each package send by theA web or system will hold a sequence figure attached to it.This is achieved by recycling the IV field.If the package received at the receiving system has an out of order or a smaller sequencing figure as the package received before this, it is considered as a answer and the package is therefore discarded by the system.
degree Celsius ) Key commixture: In WEP a secure key is generated by linking terminal to stop the base bed which is a 40 spot or 104 spot sequence obtained for the wireless device with the 24 spot IV figure obtained from the decision maker or the web. In the instance of TKIP, the 24 spot basal key is replaced by a impermanent key which has a limited life clip.It alterations from one finish to another. This is can be explained in Phase one of the two stages in cardinal commixture.
In Phase I, the MAC reference of the terminal system or the wireless router is assorted with the impermanent base key.The impermanent key hence keeps altering as the package moves from one finish to another as MAC reference for any router gateway or finish will be alone.
In Phase II, the per package sequence key is besides encrypted by adding a little cypher utilizing RC4 to it. This keeps the hacker from decoding the IV or the per package sequence figure.
vitamin D ) Countering Key Collision Attacks or Rekeying: This is fundamentally supplying fresh sequence of keys which can so be used by the TKIP algorithm.Temporal keys have already been mentioned which has a limited life clip.The other two types f keys provided are the encoding keys and the maestro keys.The temporal keys are the 1s which are usedA by the TKIP privateness and hallmark algorithms.
B. Advantages of WPA:
The advantage of WPA over WEP can be clearly understood from the above descriptions.Summarising a few:
a ) Forgeries to the informations are avoided by utilizing MIC
B ) WPA can actively avoid package rematch by the hacker by supplying alone sequence figure to each packages.
degree Celsius ) Key blending which generates temporal keys that change at every station and besides per package sequence cardinal encoding.
vitamin D ) Rekeying which provides alone keys for that consumed by the assorted TKIP algorithms.
IX. WPA2-WIFI PROTECTED ACCESS 2
WPA 2 is the as the name suggests is a modified version of WPA in which Micheal has be replaced with AES based algorithm known as CCMP alternatively of TKIP.WPA ” can run in two manners: one is the place manner and he enterprise mode.In the place manner all he users are requires to utilize a 64 spot pass phrase when accessing the web. This is the kind encoding used in radio routers used at place or even in really little offices. The place version has the same jobs which are faced by users of WEP and the original WPA security protocol.
The endeavor version is of class for used byA larger administration where security of the web is excessively valuable to be compromised.This is based on 802.1X wireless architecture, hallmark model know as RADIUS and the another hallmark protocol from the EAP ( Extensile Authentication Protocol ) Family which is EAP-TLS and besides a secure key.
Figure 7: 802.1X Authentication Protocol
In order to understand the security protocols used in WPA2 it is of import cognize a small spot about the 802.1X architecture for hallmark. This was developed in order to get the better of many security issues in 802.11b protocol. It provides much better security for transmittal of informations and its cardinal strength is of class hallmark There are three of import entities in 802.1x protocol which is the client, appraiser and hallmark.
a ) Client: is the STA ( station ) in a wireless country web which is seeking to entree the web, This stationA could be fixed, portable or evenA Mobile. It of class requires client package which helps it link to the web.
B ) Appraiser: This is yet another name given to an AP ( Access Point ) .This AP receives the signal from the client and direct it over to the web which the client requires connexion from There are two parts to the AP i.e. the non control port and the control port which is more of a logical breakdown than an existent partition..The non control port receives the signal and look into its hallmark to see if the peculiar client is allowed to link to the web.If the hallmark is approved the control port of the AP is opened for the client to link with the web.
degree Celsius ) Authentication: RADIUS ( Remote Authentication Dial in User Service ) waiter.This has its ain user database tabular array which gives the user that has entree to the he web, this makes it easier for the APs as user information database demand non be stored in the AP.The hallmark in RADIUS is more user based than device based.RADIUS makes the security system more scalable and manageable.
Figure 8: EAP/RADIUS Message Exchange
B. EAP ( Extended Authentication Protocol ) :
The cardinal direction protocol used in WAP2 is the EAP ( Extended Authentication Protocol ) .It can besides be called as EAPOW ( EAP over radio ) .Since there are many versions ofA this protocols in the EAP household it will advisable to take the EAP protocol which is really best suited for that peculiar web.The diagram and the stairss following it will depict how a suited EAP can be selected for that web:
a ) Step1: By look intoing the old communicating records of the node utilizing a web analyzer plan, it can be easy detected if any malicious or well compromising packages has been send to other nodes or received from to her nodes to this node.
B ) Measure 2: By look intoing the old logs for the hallmark protocols used, the most normally used hallmark protocol used and the most successful hallmark protocol can be understood.
Figure 9: EAP Authentication with Method Selection Mechanism
degree Celsius ) Measure 3: The specifications of the node itself have to be understood such as the operating system used the hardware package even the certification handiness of the node.
After all this has been examined the undermentioned stairss can be run in order to find and put to death the most suited EAP hallmark protocol:
1. Get down
2. if ( communication_record available ) so
A A A A A A A A A read communication_record ;
A A A A A A A A A A if ( any_suspicious_packets_from_the_other_node ) so
A A A A A A A A A A A abort hallmark ;
A A A A A A A A A A A A go to 5 ;
A A else
A A if ( hallmark record available ) so
A A A A A A A A A A A read hallmark record ;
A A A A A A A A A A A if ( successful hallmark available ) so
A A A A A A A A A A A read current_node_resources ;
A if ( current_node_resources comply with
A A last_successful_method ) so
A A A A A method = last_successful_method ;
A A A A A go to 4 ;
if ( current_node_resources comply with
most_successful_method ) so
A A A A A A method = most_successful_method ;
A A A A A A go to 4 ;
A A A A A A else
A A A A A A A go to 3 ;
A A A A A A else
A A A A A A go to 3 ;
A A A A A A else
A A A A A A go to 3 ;
A A A A A A else
A A A A A A go to 3 ;
3. read current_node_resources ;
A A A A execute method_selection ( current_node_resources ) ;
4. execute authentication_process ;
X. RSN-ROBUST SECURITY NETWORKS
RSN was developed with mention to IEEE 802.11i radio protocol.This connexion can supply security from really moderate degree to high degree encoding schemes.The chief entities of a 802.11i is same as that of 802.1x protocol which is the STA ( Client ) , AP and the AS ( hallmark waiter ) .RSN uses TKIP or CCMP is used for confidentiality and unity protection of the informations while EAP is used as the hallmark protocol.
RSN is a nexus bed security i.e it provides encoding from one radio station to its AP to from one radio station to another..It does non provided terminal to stop security IT can merely be used for wireless webs and in the instance of intercrossed webs merely the wireless portion of the web.
The followers are the characteristics of secure web that are supported by RSN ( WRITE REFERENCE NUMBER HERE ) :
a ) Enhanced user hallmark mechanisms
B ) Cryptographic cardinal direction
degree Celsius ) Data Confidentiality
vitamin D ) Data Origin and Authentication Integrity
vitamin E ) Replay Protection.
A. Phases of RSN:
RSN protocol operation can be divided in the five distinguishable stages.The figure every bit good as the stairss will depict the stages in brief:
a ) Discovery Phase: This can besides be called as Network and Security Capability find of the AP.In this stage the AP advertises that it uses IEE 802.11i security policy.An STA which wishes to pass on to a WLAN utilizing this protocol will up n having this advertizement communicate with the AP.The AP gives an option to the STA on the cypher suite and hallmark mechanism it wishes to utilize during the communicating with the radio web.
Figure 9: Security States of RSN
B ) Authentication Phase: Besides known as Authentication and Association Phase.In the hallmark stage, the AP uses its non control portion to look into the hallmark proved by the STA with the AS.Any other informations other than the hallmark informations is blocked by the AP until the AS return with the message that the hallmark provided by the STA is valid.During this stage the client has no direct connexion with the RADIUS waiter.
degree Celsius ) Key Generation and Distribution: During this stage cryptanalytic keys are generated by both the AP and the STA. Communication merely takes topographic point between the AP and STA during this stage.
vitamin D ) Protected Data Transfer Phase: This stage as the name suggest is during which information is transferred through and from the STA that initiated.the connexion through the AP to the STA on the other terminal of the web.
vitamin E ) Connection Termination Phase: Again as the name suggests the informations exchanged is strictly between the AP and the STA to rupture down the connexion established been them.
Figure 9: RSN Association
The Supplicant, the appraiser and the hallmark waiter are the three entities that take portion in an RSN hallmark procedure at the terminal which the appraiser and the prayer would hold successfully verified each others individuality. This is done with the aid of a 4 Way Handshaking procedure.
B. Preliminary Authentications:
The preliminary hallmarks require figure handshaking between the STA and the AP, the AP and the AS and last but non the least STA and the AS. After all these handshakings a MSK ( Master Session Key ) is generates which is secret key shared by the three parties.MSK is used by STA to deduce the PMK ( Pairwise MasterA key ) most of the clip utilizing the EAP procedure.In the server side the AAA ( Authentication, Accounting and Authorization Key ) is used to deduce the same PMK by the AS.Sometimes the AS and the STA can utilize a Pre shared key as PMK..After all this a 4 Way handshake is done to successfully puting up the RSN.
C. 4-Way Handshake:
The 4 Way handshaking procedure merely begins after a common PMK has been selected by the STA and the AS.This PMK is used to deduce a PTK ( Pairwise transient key ) .A new PTK is generated for each sessionA between the STA and the AS therefore guaranting really successfulA secure communicating at about all times.
D. CCMP Protocol:
CCMP ( Counter Mode with Cipher Block Chaining MAC Protocol ) is one of the types of confidentiality and unity protocols used by RSN.The other one as mentioned earlier is the TKIP protocol.CCMP uses AES as its cypher method merely like WEP and WPA uses RC4.The manner of operation used by CCMP is known as the CCM manner which in bend utilizations CTR for confidentiality and CBC-MAC ( Cipher Block Chaining MAC ) for hallmark and unity.
Eleven. SECURITY FOR WHN ( WIRLESS HOME NETWORK )
The usage of radio devices at abodes are a quiet a common pattern.With more and more equipments going WI-FI equipped its possible to link about all electronic equipments to a radio AP which can be purchased at quiet sensible monetary values from the market today.All a individual needs to setup WHN ( Wireless Home Network ) is a wireless Access point such as a radio router or a gateway and of class radio web adapter in each device.
But with such easiness of apparatus and functionality the security of these webs are sometimes compromised with the houses going the victim of a malicious onslaught by an interloper.There many ways in which the security of a place web can be compromised such as listen ining on confidential files belonging to the household, communicating break, utilizing the radio web by commanding it to execute Denial of Service ( DOS ) onslaughts on some other web or waiter.
Security for WHN is much more complex undertaking because of the assortment of devices that are or could be connected to the web Because of this incompatibility the degree of securities required by each of this devices could be form really low degree demands t really high degree demands. So alternatively of utilizing a singleA Standard a model is more of import for WHN which consists of assorted algorithms which is provided to the device depending n its storage, power demands and of class computational capableness.
A. Types of Attacks on WHN:
a ) This is onslaught is the simplest signifier of a WHN where a individual sitting really near to the broadcast diameter of the radio AP can pick up signals by utilizing inactive APs that can non be detected. If this information is non encrypted so it compromises the confidentiality of the webs besides the privateness of the place.This signifier of onslaught is known as Eavesdropping
B ) The information received thought eavesdropping can be modified by the hacker and direct back to the having parties therefore compromising the unity of the information.This is called Tampering.
degree Celsius ) The information received while listen ining can be stored by the hacker and at a ulterior clip resend to any f the receiving parties or even the transmitter called Play backing
vitamin D ) A hacker can obtain entire control over the radio web which will enable him steal or even destruct of import information on that web. He can besides direct incorrect or even unsafe information to receiving systems which are connected to other webs which so compromise the confidentially, unity and privateness of the webs besides. This onslaught imposes high security hazards and is known as Impersonating or Masquerade Attacks
vitamin E ) The hacker floods the radio web with packages or even connexion petition at such a fast rate that the web can non treat this.Due to this the proprietor of the web besides ill non be able to entree any information or v=even communicate with anyone else utilizing the web.
B. Stairss to follow to Ensure WHN Security:
a ) Measure 1: Obtaining Trust and Giving Authorization: When a new devise is purchased by the ain, its of import to set up a trusty relationship with the device.This functionality is does by the AS.In the instance of devices which low security degree mandate the MAC reference of the system will do as each device has its ain alone MAC reference.But in the instance of high security demand devices such a laptop, Personal computer etc.it of import Ts have a much a stronger mandate mechanism.
The Resurrecting Duckling is a type of trust relation constitution where the new device will merely reply to the proprietor that firs to supply it with is unafraid cardinal.This is known as forming the devices.Now until the device is rest to its mill scenes the device will merely reply to this peculiar proprietor.
The trust relationship can be established between the freshly purchased device and the AS by manually shooting the secure key into the device. After this relationship has been set up, the entree control is provided to this device by supplying he entree control list onA AS.
B ) Step2: Supplying Authentication and Key Management: As the place web is divided into low degree and high degree security devices there are different methods for each one of these to accomplish hallmark from the waiter.
In the instance of a low security demand device, the AS merely looks up id the MAC reference of the devices bespeaking connexion R service is it the MAC ACL and if found the device is authenticated.
But for high security demand devices this is non the instance.First and foremost a the AS provides to each high security device connected to the web with a secret key more normally known as a watchword which can be changed sporadically to guarantee more stronger security.So when a device wants to reach a web or petition service from a waiter it provides the AS through the AP with it s secret key.The AS on O.K.ing this cardinal gives hallmark to the device and besides provide the communication parties with a session key which can be usage for secure informations transportation by the two devices.
degree Celsius ) Step3: Avoiding DOS by secure Routing: Department of state onslaughts are non rather common in WHN as they are in other more important webs such a s corporate health care or battleground webs.But merely in instance, DOS can be avoided by doing certain that all the devices or node in the place web go throughing information through each other has a group key which can be used to acknowledge each other, code the outgoing information and besides look into the unity of the incoming information. .
vitamin D ) Measure 4: Confidentiality, Integrity and Freshness for Communication Protection: After the two devices have been authenticated and connected firmly a secret session key provided by the AS can be used to digest unafraid communicating between the communication parties.
C. SDS ( Security Delegation service ) :
In a WHN, thre are quiet a figure od devices that would non hold really high computational capabitlities.In this instance it wile B hard for these deivces to set up terminal to stop secure connexions utilizing IPSEC or TLS protocols. The SDS protocols therefore helps these devices to set up secre connexion by deputing the handshakingA protocol work to devices that high computational capablenesss.
The radio device necessitating to do a connexion foremost contacts the SDS waiter utilizing LLS SA ( Link LayerA Security Security Association ) Thisis signifier package encrypton provided at the nexus bed of the radio place web.The for amt f the nexus bed package is as shown below:
Figure 10: Link Layer Security Association Format
After this connexion has been establishe the SA inturn makesA connexion with the distant waiter utilizing IPSEC/TLS handshake protocols therefore set uping connexion with the distant waiter.The SDS waiter so informs the radio device that the connexion ahs been establish.Upone having this information, the radio devices transportations information through the SDS waiter to the distant waiter.
Figure 11: Secure Communication Path with SDS Server
The SDS hence allows interoperability between devices, handiness of devices, reduces of implementing comples security techniques therefore cut downing he cost well.
Twelve. SECURITY FOR BLUETOOTH NETWORKS
Bluetooth was chiefly developed for the intent degree Fahrenheit short scope radio communicationsA and besides because of he exponentital addition in may mobile an 500 handheld radio devices.It works atA afrquence of 2.4Ghz ISM ( Industrial Scientific and Medical Band ) .Bluthooht is extremely popular communicating meehtod because eof its low per ingestion, good rate of informations transportation at aclose promities and alsofree informations transportation beween devices.
A. Security Features Applied By BLuetooth:
Blutooth tehcnoloy was developed with facet of security in head.There are many feature implement in bluetoht which makes itA an about secure platform for communicating and information transportation:
a ) Stealth: This is the most of import characteristic of Blutooht Networks.Its a simple mechanism, where a device can accept or decline connexion when in dicoerable and in connectable manner.In the Diecverale manner, the deve can be seen by other bluetoth devices but other devices can merely cnnect to it if it authenticates the petition signifier the othe blutooth device.In Non Discoverable manner, the bluetooht device does nto even bradcast its presnence in the web.In Connectible mde, the bluetoth device is now specifically listening for connexion from other devices while in Non Connectible manner it refuses every kind of connexion that is requested to it.This four processs are now a adyas a portion of evry nomadic phone or portable manus held device.
B ) Freqeuncy Hoping: Bluetht broadcasts beween the scope ofA RF ( wireless frequences ) which are 2.4000 and 2.4835 GHz.79 differnet channel are therefore available for frequence hpping which is done about 1600 times in a 2nd based on a timing sequence.This helps to forestall signal jamming alos proctor of traffic by 3rd parties
degree Celsiuss ) Security Modes: There are four different security manners whhch ae used by Bluetooth.Three of which are used by bequest devices.IT will be explained in item farther int eh paper.
B. Bluetooth Parameters:
a ) BD_ADDR ( Bluetooth Device Address ) is a alone 48 spot reference
B ) The device name is user friendly and can be up to248 bytes in length.This can be set by the user.
degree Celsius ) PIN ( Pass key ) is the key used t authenticate tw Bluetooth devices.This can hae diffenet values at different degrees.
vitamin D ) Blass of bluish tooth devices ( bit field ) is used to place the type of device and the services it provides
C. Security Architecture:
The Security Manger is the Mountain Time of import enitiy in the security architecture ofa bluish tooth device.The architecture layout is as shown below:
Figure 12: Blue Tooth Security Architecture
Security director performs the undermentioned functionality:
a ) Storing of secutiy related information of all the services ( Service database ) and the devicesA in the scope ( Device Database )
B ) Accpets or denies acces petitions to the Bluetooth device.
degree Celsius ) Makes sure that aitehntication /encruption of information has been completed befre the connexion has been established.
vitamin D ) Setups trusted relationship between ESCE ( ExternalSecurity cOntrol Entity ) by prcessing the inputs of the user
vitamin E ) Pin questioning and pairingA of twhich the PN entry can be made by ESCE or an application.
D. Key Paring And Authentication:
When two bleutooth devices come in scope with each other and I th are required to link to each other the Bluetooth cardinal paring procees is intiated.n tshi procedure each devices selects a randonw numer and comnines it with its MAC reference.After utilizing the XOR functionality of this numer the the low-level formatting key it, the randm figure is sendo of the toeh the other unit.Not the two unit comn the two random figure together utilizing modulo 2 adtion to make acombinationkey wchih is know now to botht devies, There is a common hallmark procedure done by the communicating devices to look into if nbt the keys ae he same.
INSERT PICTURE HERE
For hallmark of BLye Tooth devices unders ommuncaitin a challenge response schemi used.In this shceme the two devices pass oning with each other ae the claimant and the voucher.Claimant I the deice which is reqeustng connexion and hence trying to turn out its individuality while the voucher is the device look intoing he individuality of the device tryyin to do a connexion, In cahlenge response strategy, the claimant sends a hallmark petition frame to the voucher inorder to set up connexion.The voucher so sends ca dispute frame back to the claimant. Both of them so performaA predefined algorithm after which the claimant sends its consequences back to the voucher which inturn acceps or enies he connexion.
E. Device Trust Degrees:
There are three different trust degree whicha rhenium invariably maintained by Bluetooth devices.A device which is cnnecte t bluetooht wll autumn in these classs:
a ) Trusted Devices: This is a device which has antecedently established connexion with the blutooth devie a.The linkA cardinal ahs beeb storedA and besides has been already been provided to this device and it has been markedA as a sure device.
B ) Untrusted Device: This deice has besides been provided with the nexus keu and besides the nexus has been stored but it has noe been marked as a sure device.
degree Celsius ) Unknown Device: This could be a deive which has neve established any connexion with the bluish tooth device antecedently.Needless to sya theereis nil known about this deviceA and it si considered as an untrusted device.
F. Service Security Modes:
The bequest service security manners:
a ) Security Mode1: No hallmark is required by the user and no security processs are performed
B ) Security Mode 2: Security process are processed merely after the channel esablisment authenticationA has been received.This is fundamentally application based security in which instance different application may utilize different degrees of security.This is besides known as service degree security
degree Celsiuss ) Security Mode 3: I this mode the security prcdures are completed before the channel ahs been established for communication.ThisA is known as nexus degree security.
The bequest devices use PIN ( Personal Identificatin Numebr Pairing ) for suthentication.This is 16 bti twine which is agreed up onA byt eh devices which is ALSs used for encoding during communicating between these devices.
vitamin D ) Security Mode 4: This methos uses SSP ( Secure Simple Plannin ) A which is similar to serve leel security used in sEcurit Mode 2.In this methos nevertheless instrad of utilizing ht ePIN figure a base on balls cardinal entry pin is required to be typed in by the user before set uping connexion.This pi figure is provided by the Slave device itself.This is non used for encoding of communicating informations.
Thirteen. FUTURE OF WIRELESS SECURITY
A. WIMAX Security:
IEEE 802.16 or WIMAX ( World broad interopearabilty for microwave entree ) is ne of the latest radio procols n the radio webs scenario.This provides high bandwidth and more broad country coverage as compared to ath ealready go outing radio webs.When Wimax has been deployed thereA will be hot zones in the metropolis every bit compared to the hot musca volitanss available in the metropolis which is litmited to a really little country.
Figure 12: WIMAX Security
Wimax security architectureA and security mechanisms are quiet varied from that of WEP, WPA and other go outing security protocols.Below gives brief description ofA Wimax security architecture:
a ) A unafraid communicating is established between the BS ( basal sation ) and SS ( subscriber station ) by utilizing the secure information provided by the SA.
B ) The information between the BS and SS is encrypted by utilizing Encapsualtion protocol whichA foremost determisn the cryptogrhic suites which are supported by the SS.
degree Celsius ) Last but non the least the privateness cardinal managemtn protocol which proved secure key to nly those services he SS is suthorised to hold from the base station.
Security Mechanisms used in Wimax:
a ) The first measure is supplying authotrisa to the pass oning SS.This is done in fosu steps.First the SS petitions connexion with the BS by snd its petition along with its hallmark information.Upon having the informations, the BS sends back an mandate petition messee inquiring he BS for th Authorisation Key which is secrest key shred bewenn SS and BS.The SS is so autrized utilizing the certification which is provided by the BS.After Authorisation of he SS, BS activates the Authorisation key and so autorisaion answer messge which consists of a few encrypted musss for the SS to cipher its other temporal keys which are requird during informations transportation.
B ) Int eh 2nd measure TEKs are exchanged between SS and BS which are required for encoding of informations.
degree Celsius ) The last measure is to code the informations passing between the SS and BS by utilizing he TEK key which are kwnon to both the SS and BS.
B. Zigbee Technology:
Zigbee is the latestA wirless web engineering based on radio mesh webs. This is used for short scope communications.The wirless mesh webs known for its high relaibiltyA and more broad country coverage comes into good usage inA Zigbee Technolgy.It besides is really popular because of the low cost of apparatus every bit good as low power demands.Some field-grade officer he impeortan countries where Zigbee has been put into usage are:
1 ) Telecommunications Applications
2 ) Building and Home Automation
3 ) Personal Home and office attention
The Zigbee Security architecture consists of a security protocol at each bed of its protocol which is MAC Layer, Network layerA andA Application Layer
a ) MAC Layer Security:
The security at this bed is done through AES encoding.A message unity codification is calculated t the MAC bed utilizing the warhead andA A informations headerA which could be 4,8 or 16 bytes long.There is besides a frame figure provided for each frame to understand the sequence of the frame.This helps in cognizing when the frame is losing and or even when the frame is replayed in the instance of disgusting drama.The cardinal constitution and he pick of safety T be used is done by a higher bed.
B ) Network Layer Security:
Network bed in Zigbee uses its ain secure web key while conveying frames and besides has keys to entree incoming packagesA .The entrance bundles are scanned in order to look into the genuineness of the packages.
degree Celsius ) Application Layer Security:
The chief functionality of application degree security s to prvde cardinal constitution, transit of keys an deen device direction.TI takes attention of the outging frames that require safety entrance frames that need to be checked every bit good as stairss that required to pull off and calculate a cardinal safely.
[ 1 ] ( Patent manner ) , ” U.S. Patent 3 624 12, July 16, 1990.
[ 2 ] IEEE Criteria for Class IE Electric Systems ( Standards manner ) , IEEE Standard 308, 1969.
[ 3 ] Letter Symbols for Quantities, ANSI Standard Y10.5-1968.
[ 4 ] R. E. Haskell and C. T. Case, “ Transient signal extension in lossless isotropic plasmas ( Report manner ) , ” USAF Cambridge Res. Lab. , Cambridge, MA Rep. ARCRL-66-234 ( II ) , 1994, vol. 2.
[ 5 ] E. E. Reber, R. L. Michell, and C. J. Carter, “ Oxygen soaking up in the Earth ‘s ambiance, ” Aerospace Corp. , Los Angeles, CA, Tech. Rep. TR-0200 ( 420-46 ) -3, Nov. 1988.
[ 6 ] ( Handbook manner ) Transmission Systems for Communications, 3rd ed. , Western Electric Co. , Winston-Salem, NC, 1985, pp. 44-60.
[ 7 ] Motorola Semiconductor Data Manual, Motorola Semiconductor Products Inc. , Phoenix, AZ, 1989.
[ 8 ] ( Basic Book/Monograph Online Sources ) J. K. Author. ( twelvemonth, month, twenty-four hours ) . Title ( edition ) [ Type of medium ] . Volume ( issue ) .A A A A A A A A A A A A A Available: hypertext transfer protocol: //www. ( URL )
[ 9 ] J. Jones. ( 1991, May 10 ) . Networks ( 2nd ed. ) [ Online ] . Available: hypertext transfer protocol: //www.atm.com
[ 10 ] ( Journal Online Sources manner ) K. Author. ( twelvemonth, month ) . Title. Journal [ Type of medium ] . Volume ( issue ) , paging if given.A A A A A A A A A A A A A A Available: hypertext transfer protocol: //www. ( URL )
[ 11 ] R. J. Vidmar. ( 1992, August ) . On the usage of atmospheric plasmas as electromagnetic reflectors. IEEE Trans. Plasma Sci. [ Online ] . 21 ( 3 ) . pp. 876-880.A A Available: hypertext transfer protocol: //www.halcyon.com/pub/journals/21ps03-vidmar
[ 12 ] hypertext transfer protocol: //en.wikipedia.org/wiki/File:8021X-Overview.png
[ 13 ] hypertext transfer protocol: //www.foundrynet.com/pdf/wp-ieee-802.1x-enhance-network.pdf
[ 14 ] hypertext transfer protocol: //www.cs.utk.edu/~dasgupta/bluetooth/bluesecurityarch.htm
[ 15 ] hypertext transfer protocol: //www.palowireless.com/bluearticles/cc1_security1_files/security_architecture.gif
[ 16 ] hypertext transfer protocol: //www.tkt.cs.tut.fi/research/daci/pictures/802_11i_states.png
[ 17 ] hypertext transfer protocol: //en.wikipedia.org/wiki/ZigBee
[ 18 ] hypertext transfer protocol: //www.wireless-net.org/Wiley-Caution.Wireless.Network/9543final/images/0403_0.jpg
[ 19 ] hypertext transfer protocol: //docs.hp.com/en/T1428-90017/img/gfx1.gif
[ 20 ] hypertext transfer protocol: //www.interlinknetworks.com/images/Man-in-the-middle_attack.jpg
First A. Writer ( M’76-SM’81-F’87 ) and the other writers may include lifes at the terminal of regular documents. Biographies are frequently non included in conference-related documents. This writer became a Member ( M ) of IEEE in 1976, a Senior Member ( SM ) in 1981, and a Fellow ( F ) in 1987.A The first paragraph may incorporate a topographic point and/or day of the month of birth ( list topographic point, so day of the month ) . Following, the writer ‘s educational background is listed. The grades should be listed with type of grade in what field, which establishment, metropolis, province, and state, and twelvemonth grade was earned. The writer ‘s major field of survey should be lower-cased.
The 2nd paragraph uses the pronoun of the individual ( he or she ) and non the writer ‘s last name. It lists military and work experience, including summer and family occupations. Job rubrics are capitalized. The current occupation must hold a location ; old places may be listed without one. Information refering old publications may be included. Try non to name more than three books or published articles. The format for naming publishing houses of a book within the life is: rubric of book ( metropolis, province: publishing house name, twelvemonth ) similar to a mention. Current and old research involvements end the paragraph.
The 3rd paragraph begins with the writer ‘s rubric and last name ( e.g. , Dr. Smith, Prof. Jones, Mr. Kajor, Ms. Hunter ) . List any ranks in professional societies other than the IEEE. Finally, list any awards and work for IEEE commissions and publications.A If a exposure is provided, the life will be indented around it. The exposure is placed at the top left of the life. Personal avocations will be deleted from the life.