WiFi Security

Wi-Fi Security (Electronics & Communication Engineering) SAL Institute of Technology & Engineering Research, Ahmedabad Tamanna Goware tsgoware@gmail.com Abstract Technology is making rapid progress and making things easier. As innovative thinking is increasing day by day, new methods for Wi-Fi networking and security have evolved out of which Meta paper is the latest which is my paper presentation topic. In last decade wireless networks gained a substantial momentum. One of the most beneficial features of wireless networks is that they support user mobility in a convenient way. The downside is that wireless networks are more susceptible to attacks than their wired counterparts. This increased vulnerability mainly stems from the lack of physical connections and the broadcast nature of the radio communication. It is therefore important to provide appropriate security measures for Wi-Fi networks, which ensure robustness of their operation even in case of malicious attack. In this paper I’m focusing on security of Wi-Fi networks. The paper is organized as follows: 1. 2. Background: -What is Wi-Fi? -Connectivity -Purpose Why security is needed? Types of security: -Industrial installations 3. 4. -Home (Domestic) installation Latest Technology in Wi-Fi network security Conclusion 1. Introduction Wi-Fi (802.11b) or wireless fidelity is a standard technology for wireless access to local networks. Principle: To establish quick radio links between terminals connected to broadband networks. Wi-Fi is a wireless (radio) access technology, which is used for the interconnection of terminals or devices such as laptops, PDA’s, etc. The user connects to the internet or to his company’s intranet and has access to numerous applications based on data transfer. This technology thus enjoys a true complementaritiy with ADSL networks and corporate LAN’s. Wi-Fi operates at 11Mbps range in theory and operates in an unlicensed range of 2.4 GHz. A Wi-Fi terminal has a range of around 100 meters and provides access to a rather wide perimeter. The maximum number of users is 32 per access point. Wi-Fi is standardized internationally. This technology makes it possible for equipment to interoperate completely, whatever brand or type of terminal. Products conforming on Wi-Fi standard have been on the market since three years now and there are nearly 30million devices in use world wide. 3. Modes of Operation: There are mainly two modes of operation of: 1. Infrastructure Mode: In this mode there are two entities that communicate Access point and Clients. 2. Ad-hoc mode: In this mode all the entities are independent of each other and are called clients. Ad-hoc networks Ad-hoc networks can pose a security threat. Ad-hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point in between them. While these types of networks usually have little protection, encryption methods can be used to provide security. Figure 1- Block diagram of Wi-Fi network 2. Hotspots Airports, stations, café’s, offices, conference centers, shopping malls, etc are heavily frequented places also called hotspots. They welcome users whose need for broadband access is becoming more and more important. With the installation of Wi-Fi terminals in these heavily traveled areas, these people on the move can access to their messaging center, to internet sites or to all shared applications of their company from their portable PC’s or with their PDA’s with same agronomy as in the office. The security hole provided by Ad-hoc networking is not the Ad-hoc network itself but the bridge it provides into other networks, usually in the corporate environment, and the unfortunate default settings in most versions of Microsoft Windows to have this feature turned on unless explicitly disabled. Thus the user may not even know they have an unsecured Ad-hoc network in operation on their computer. If they are also using a wired or wireless infrastructure network at the same time, they are providing a bridge to the secured organizational network through the unsecured Ad-hoc connection. Bridging is in two forms. A direct bridge, which requires the user actually configure a bridge between the two connections and is thus unlikely to be initiated unless explicitly desired, and an indirect bridge which is the shared resources on the user computer. The indirect bridge provides two security hazards. The first is that critical organizational data obtained via the secured network may be on the user's end node computer drive and thus exposed to discovery via the unsecured Ad-hoc network. The second is that a computer virus or otherwise undesirable code may be placed on the user's computer via the unsecured Ad-hoc connection and thus has a route to the organizational secured network. In this case, the person placing the malicious code need not "crack" the passwords to the organizational network; the legitimate user has provided access via a normal and routine log-in. The mal factor simply needs to place the malicious code on the unsuspecting user's end node system via the open (unsecured) Ad-hoc networks. The use of Wi-Fi on industrial as well as domestic scale has increased rapidly in last couple of years. These networks have thus given hackers opportunities to gain unauthorized access to corporate computer system and their data. Wireless hackers pose a security threat because the encryption mechanism originally developed for Wi-Fi networks, known as wired Equivalent Privacy has been broken. Wi-Fi depends on cryptographic methods to enable security; mainly WEP and WPA (Wi-Fi Protected Access). Two terms Privacy and Authentication are very important to understand the security. Privacy: Data transmitted in the network should not be readable by other except those communicating. Authentication: Only clients who know a shared secret may connect to the network. WEP was the first cryptographic protocol developed for Wi-Fi to enable privacy and authentication. WEP was not secure after all. To rectify security issues with WEP, the Wi-Fi Alliance shifted to a new cryptographic protocol, WPA. Since then a common practice of securing a WPA enabled network with passwords has been discovered to be vulnerable to an offline dictionary attack. Even though WPA itself is thought to be secure, apart from dictionary attack it was a quick fix to the problems in WEP. WPA is a subset of Robust Security Network (RNS) which was introduced in an early draft of a security standard developed by Institute of Electrical & Electronics Engineers (IEEE) denoted 802.11b. 4. Importance of Security Wireless networks are forcing organizations to completely rethink how they secure their networks and devices to prevent attacks and misuse that expose critical assets and confidential data. By their very nature, wireless networks are difficult to roll out, secure and manage, even for the most savvy network administrators. Wireless networks offer great potential for exploitation for two reasons; they use the airwaves for communication, and wireless-enabled laptops are ubiquitous. To make the most of their security planning, enterprises need to focus on threats that pose the greatest risk. Wireless networks are vulnerable in a myriad of ways, some of the most likely problems being rogue access points (APs) and employee use of mobile devices without appropriate security precautions, but malicious hacking attempts and denial-of-service (DoS) attacks are certainly possible as well. Unlike traditional wired networks in which communications travel along a shielded copper wire pair or optical cable, wireless radio frequency (RF) signals literally traverse the open air. As a result, RF signals are completely exposed to anybody within range and subject to fluctuating environmental factors that can degrade performance and make management an administrative nightmare. Whether authorized or not, wireless access points and their users are subject to malicious activity and employee misuse. Additional wireless access security challenges come through the use of wireless-enabled devices by employees, the growing amount of confidential data residing on those devices, and the ease with which end users can engage in risky wireless behavior. The value of connectivity typically outweighs concerns about security, as users need to get work done while at home or while traveling. Survey data from the leading research group, Gartner, shows that at least 25 percent of business travelers connect to hotspots, many of which are insecure, while traveling. Furthermore, about two-thirds of those who use hotspots connect to online services via Wi-Fi at least once a day highlighting the need for extending wireless security outside of the enterprise. To ensure effective, automated wireless threat protection, companies and government organizations should implement a complete wireless security solution covering assets across the enterprise that enables them to discover vulnerabilities, assess threats, prevent attacks, and ensure ongoing compliance - in the most secure, easy-to-use and cost-effective manner available. IT departments must have a pre-emptive plan of action to prevent malicious attacks and employee misuse which compromise an organization's data privacy and enforce security policies for wireless use - both inside and outside their facilities. Whether or not a company has authorized the use of wireless or has a 'no wireless' policy, their networks, data, devices and users are exposed and at risk. 5. Securing a Wi-Fi Connection: Wi-Fi networks allow people to wirelessly connect devices to the internet such as smart phones, gaming consoles, tablets and laptops. Because Wi-Fi networks are simple to setup, many people install their own Wi-Fi at home. However many home Wi-Fi networks are configured insecurely allowing strangers or unauthorized people to easily access home network or anonymously abuse the internet connection. To ensure a safe and secure home Wi-Fi network, following are the few simple steps: 1. Administration: Wi-Fi network is controlled by something called an Access point. This is a physical device can be bought from local electronics store or can be built in internet router. The Access point is what wirelessly connects devices to internet. One of the first steps of securing Wi-Fi network is limiting who can administer access point and how it can accessed. For many Wi-Fi networks the default administration login and password is well known. In fact, these default accounts can often be found listed on the internet. So, be sure to change the default administration login and password to something that is known. For administrative access to Wi-Fi access point, it is recommended to disable wireless access and instead require a physical network connection, such as using Ethernet cable. If it is must have wireless administrative access then disable HTTP access and enable the required HTTPS access which supports encryption. 2. Setting Wi-Fi Network Name: Another option need to configure is the name of Wi-Fi network (Often called SSID). This is the name, devices will see when it search for local Wi-Fi networks. It is recommended to change default WiFi network name. Give network a unique name so that it can be easily identified and distinguished, but make sure it does not contain any personal information. Also, there is a little value in configuring Wi-Fi network as hidden. Today most WiFi scanning tools or any skilled attacker can easily discover all the details of a hidden network. 3. Encryption & Authentication: The next step is to ensure that only known people and trusted people can connect to and uses Wi-Fi network and that those connections are encrypted. We need to be sure that neighbors or nearby strangers cannot connect to or monitor Wi-Fi network. Fortunately these dangers are easily mitigated by simply enabling strong security on Wi-Fi access point. Currently the best option is to use the security mechanism WPA2. By simply enabling this require a password for people to connect to Wi-Fi network, and once authenticated those connections are encrypted. Be sure not to use older outdated methods, such as WEP, or no security at all, which is called an open Wi-Fi network. An open Wi-Fi network allows anyone to connect to Wi-Fi network without any authentication. The recommended encryption method for WPA2 is AES only, versus other options such as TKIP or TKIP+AES. When configuring the password people will try to connect to Wi-Fi network, make sure it is different from the administrator password and the password cannot be guessed easily, it is recommended that it should be at least 20 characters long. Remember that anyone having the password will have access to Wi-Fi network, so from time to time it is required to be changed. Finally it is recommended to turn off or disable WPS (Wi-Fi Protected Setup). WPS is a specification designed to ease the process of securely setting up Wi-Fi access point. 4. Open DNS: Once Wi-Fi connection is configured, one of the last steps recommended is to configuring network to use Open DNS as DNS server. When type a name to a browser, DNS is how browser knows which server on the internet to connect to. Open DNS is a free service that helps ensuring to connect only to safe websites. In addition open DNS gives the ability to manage where the websites family can connect to. It is possible to filter and block objectionable material, this is a great resource. The Open DNS website walks through step by step how to configure Wi-Fi access point to use Open DNS. 6. RF shielding Another method of shielding or protecting the Wi-Fi network is through Meta paper, which is the latest technology in which cellulose papers are used for blocking electromagnetic waves. This technology is also referred to as RF shielding. It’s practical in some cases to apply specialized wall paint and window film to a room or building to significantly attenuate wireless signals, which keeps the signals from propagating outside a facility. This can significantly improve wireless security because it’s difficult for hackers to receive the signals beyond the controlled area of an enterprise. Indoor wireless LANs transmit radio frequency (RF) signals that often propagate outside the physically controlled area of a building (a security risk), and RF signals originating from outside the facility penetrate the walls and interfere with the operation of the wireless LAN (resulting in performance reduction). As a result, the idea of applying a RF shield around the perimeter of the building is a worth considering. a. Basic shielding concepts A RF shield highly attenuates RF signals going out of and coming into the building, resulting in significant improvements to security and performance. Shielding in test labs: Serious wireless product developers have been shielding rooms to provide a “quiet” chamber (Faraday cage) for testing wireless products in the absence of external RF signals. The implementation of a Faraday cage requires specialized construction of the walls of a room, which makes the approach not feasible for general operation of wireless LANs. It’s rarely cost-effective, obviously, to rebuild the walls to enclose the entire building in a Faraday cage. Shielding for general spaces: The use of special RF shielding paint and window film is a good alternative for protecting larger rooms and even buildings. There are several varieties of paint and window film available, with attenuation ranging from 40dB to 80dB for the frequencies that wireless LANs use. You simply paint the walls and apply film to the windows, and the additional attenuation does a good job of shielding the building. b. Advantages of shielding An attenuation of 80dB substantially reduces the possibility that someone outside the shielded area can connect to or even detect the wireless network located inside the facility. If a wireless LAN exist inside your building with an access point near an exterior wall, in this situation (with no RF shielding applied), the signal levels propagating just outside the building near the access point will likely be around -50dBm, which is plenty high enough for a client device located outside the building to detect and connect to the wireless network. As with most indoor wireless LANs, this poses a security risk because an unauthorized person sitting in the parking lot can easily “see” the network. This opens the door to various security attacks. With application of 80dB wall paint in this scenario, the signals measured from the same outside location will drop to approximately -130dBm, which is well below the receive sensitivity of an 802.11/Wi-Fi client device radio. The outcome is that the client device outside the facility will not be able to detect or connect to the network. Thus, the application of shielding gives your building “skin” that offers a layer of security on top of existing security mechanisms, such as encryption and authentication. A similar improvement occurs regarding the reduction in RF interference. Imagine, for instance, that a neighbor has a wireless LAN. The signal level of the neighboring wireless LAN measured inside your facility may be as high as 40dBm (assuming their access point is really close). With 80dB wall paint applied, the signal levels from the neighboring wireless LAN will drop to approximately -120dBm which is also below the receive sensitivity of 802.11/Wi-Fi client devices. Consequently, the shielding eliminates typical RF interference originating from outside the building, which allows your wireless LAN to operate at higher performance levels. In addition, the attenuation of external signals helps preclude the origination of denial-ofservice (DoS) attacks from outside the building. c. Implementing shielding Following points requires attention while shielding a room or building for improving wireless LAN security and performance. 1. Define security requirements. The application of RF shielding paint can be fairly costly, so seriously think about why you need it. Determine the level of risk if someone from outside the building is able to detect and possibly connect to your wireless LAN. Certainly encryption and authentication go a long way in providing sounds security, but you’d be surprised by how well seasoned hackers can outsmart even the better security mechanisms. You should perform a security assessment with emphasis on penetration testing to determine whether a security risk from outside the building exists. 2. Determine impacts of RF interference. If your wireless LAN must provide optimum performance, then the reduction of external RF interference through shielding may be valuable. Assess existing RF interference through the use of a spectrum analyzer, and identify the magnitude of signals originating from outside the facility. It gets a bit tricky to predict the real impacts of this interference on performance, so you’ll probably need to do some capacity testing using the actual network with and without the anticipated levels of external interference. Keep in mind that you’ll likely not benefit from reducing external interference if there are substantial sources of RF interference originating from inside the building (unless you isolate the interference by shielding interior walls). If you can’t bear a DoS attack on the wireless LAN, then shielding may be a good solution regardless of the existing interference. 3. Consider the cost of applying the shielding. A RF shielding paint cost about 20 times the cost of standard wall paint. Based on security requirements and the impacts of existing RF interference, you must determine if the cost of re-painting the perimeter of the building (or room for smaller applications) is worthwhile. As with standard paints, a gallon of RF shielding paint will cover about 600 square feet. Multiple coats may be necessary, however, to achieve maximum attenuation. 4. Apply the shielding. You can easily apply shielding paint and window film. Paint application is completed with standard rollers and brushes, and clean up is often done with just water. Window film is generally a peel-andstick application. Be certain to follow the manufacturer’s instructions to ensure proper use. After implementing the shielding, perform testing inside and outside of the building to confirm signal attenuation results. This may also be a good time to re-run penetration tests to ensure that your facility is “bullet proof.” 7. Conclusion: Thus it could be conclude that with the increase in use of Wi-Fi technology in near past the security of networks of domestic as well as enterprises has gain importance. The Wi-Fi security depends upon cryptographic methods based on robust security network (RSN) which include WEP and WPA based on 802.11b. Out of this WEP has become out dated as its encryption code could be easily cracked by any scanning tools and by skillful hacker whereas WPA (Wi-Fi Protected Access) is the newer version, with strong encryption and authentication. WPA2 with AES is the latest trend in the security of Wi-Fi access point for Domestic use. For the industrial Wi-Fi security the spaces are to be secured for not allowing external access in case authentication is leaked by the user to unauthorized person. The RF Shielding method is used to attenuate the Electromagnetic waves so that access would not be available outside the facility areas. It is based on principle of Faraday’s Cage. Various paints and films made of lead and silver commercially called Meta paper could be applied on the walls and windows for RF shielding. This is the latest technology which is quite economical for bulk use. References: 1. www.ehow.com 2. www.wikipedia.com 3. www.itblog.com 4. www.fadooengineers.com 5. Monthly newsletter for computer users January 2012 6. Report on Wi-Fi security by Kjell. J.Hole (University of Bergen) 7. Report on Wi-Fi adoption and security June 2012 Acknowledgement: I wish to express sincere thanks to my father Mr. Satyen Goware, Assistant Engineer Doordarshan Kendra Ahemedabad. I also extend my heartfelt thanks to Ms Chaitalee Patel, SAL Institute of Technology and Engineering Research Ahmedabad & Ms Preeti Kshatriya, Assistant Professor, SAL Institute of Technology and Engineering Research Ahmedabad. Apart from this I’m thankful to the latest technology that gives quick access to data whenever and wherever required.