SECURE WIRELESS COMMUNICATION BETWEEN PC AND ANDROID MOBILE DEVICE
MUHAMAD HAFEZE BIN MUHAMAD HASANI
BORANG PENGESAHAN STATUS TESIS*
JUDUL: SECURE WIRELESS COMMUNICATION BETWEEN PC AND ANDROID MOBILE DEVICE
SESI PENGAJIAN:
Saya MUHAMAD HAFEZE BIN MUHAMAD HASANI, mengaku membenarkan tesis (PSM) ini disimpan di Perpustakaan Fakulti Teknologi Maklumat dan
Komunikasi dengan syarat-syarat kegunaan seperti berikut:
1. Tesis dan projek adalah hakmilik Universiti Teknikal Malaysia Melaka. 2. Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan
membuat salinan untuk tujuan pengajian sahaja.
3. Perpustakaan Fakulti Teknologi Maklumat dan Komunikasi dibenarkan membuat salinan tesis ini sebagai bahan pertukaran antara institusi pengajian tinggi.
4. ** Sila tandakan (/)
SULIT (Mengandungi maklumat yang berdarjah keselamatan atau kepentingan Malaysia seperti yang termaktub di dalam AKTA RAHSIA RASMI 1972)
/ TERHAD (Mengandungi maklumat TERHAD yang telah ditentukan oleh organisasi/badan di mana penyelidikan dijalankan)
TIDAK TERHAD
. .
(TANDATANGAN PENULIS) (TANDATANGAN PENYELIA)
Alamat tetap: Lot 2819, Bt 2 ½ DR.MOHD FAIZAL ABDOLLAH Jln Belimbing, Meru, 42200 Klang, Nama Penyelia
Selangor Darul Ehsan.
Tarikh: . Tarikh: . CATATAN:
SECURE WIRELESS COMMUNICATION BETWEEN PC AND ANDROID MOBILE DEVICE
MUHAMAD HAFEZE BIN MUHAMAD HASANI
This report is submitted in partial fulfilment of the requirements for the Bachelor of Computer Science (Networking)
FACULTY OF INFORMATION AND COMMUNICATION TECHNOLOGY UNIVERSITI TEKNIKAL MALAYSIA MELAKA
DECLARATION
I hereby declare that this project report entitled
SECURE WIRELESS COMMUNICATION BETWEEN PC AND ANDROID MOBILE DEVICE
is written by me and is my own effort and that no part has been plagiarized without citations.
STUDENT: Date: . (MUHAMAD HAFEZE BIN MUHAMAD HASANI)
DEDICATION
Alhamdulillah, praise to Allah…
Tuan Haji Muhamad Hasani Bin Ahmad and Puan Haji Norzita Binti Taip, I’m glad to be your son and I’m very thankful to Allah to have father and mother
like you. Thanks for giving me support to further my study... I hope that I’m able to payback all sacrifice that you have made...
Awie, Faiz, Wawa and all my friends that together in completing this fyp also was giving me help and support, thank you guys...
Prof. Madya Dr. Mohd Faizal Bin Abdollah,
Many thanks for your guidance, advice and consideration that you have been given to me in completing this fyp...
To UTeM librarians, thank you for helping me in process of borrowing books. To UTeM guards and FTMK staff such as lecturers, staff offices, and cleaner, thanks a
lot for the help and provides a comfortable place for me to do my fyp...
ACKNOWLEDGEMENTS
In the name of Allah, the most gracious and the most merciful…
ABSTRACT
ABSTRACT
TABLE OF CONTENTS
CHAPTER SUBJECT PAGE
DECLARATION i
DEDICATION ii
ACKNOWLEDGEMENTS iii
ABSTRACT iv
ABSTRAK v
TABLE OF CONTENTS vi
LISTS OF TABLES x
LISTS OF FIGURES xi
LISTS OF ABBREVIATIONS xiv CHAPTER 1 INTRODUCTION
1.1. Introduction 1
1.2. Project Background 2
1.3. Problem Statement 3
1.4. Project Questions 3
1.5. Project Objectives 4
1.6. Project Contribution 4
1.7. Project Scope 4
1.8. Project Significant 5
1.9. Project Output 5
1.10. Report Organization 5
CHAPTER 2 LITERATURE REVIEWS
2.1. Introduction 7
2.2. Previous Research and Current Problem
Analysis 7
2.3. Wireless Communication 8
2.4. Android Framework 9
2.4.1. Android History 9
2.4.2. Android Architecture 10
2.5. Virtual Private Network (VPN) 11
2.5.1. Point-to-Point Tunneling (PPTP) 12 2.5.2. Internet Protocol Security (IPSec) 12 2.5.3. Transport Layer Security (SSL/TLS) 12 2.6. Internet Protocol Security (IPSec) 12 2.6.1. IPSec Advantages and Disadvantages 13
2.6.1.1.Advantages 13
2.6.1.2.Disadvantages 13
2.6.2. IPSec Architecture 14
2.6.2.1.IP Security Modes 15
2.6.2.2.Security Protocol 16
2.6.2.3.Authentication and Encryption
Algorithm 18
2.6.2.4.Security Association (SA) and
Key Management 18
2.7. Openswan 18
2.7.1. Authentication Types 19
2.7.1.1.Pre Shared Key (PSK) 19
2.7.1.2.X.509 Certificate 19
2.7.1.3.RSA Keys 20
2.8. RADIUS 20
2.8.1. Authentication Protocols 20
2.9. Layer 2 Tunneling Protocol (L2TP) with
Internet Protocol Security (IPSec) 21
2.11. Conclusion 22 CHAPTER 3 METHADOLOGY
3.1. Introduction 23
3.2. Planning 23
3.3. Requirement Analysis 24
3.4. Network Design 24
3.5. Implementation 25
3.6. Testing 25
3.7. Documentation 25
3.8. Milestone 26
3.9. Gantt chart 26
3.10. Conclusion 27
CHAPTER 4 DESIGN
4.1. Introduction 28
4.2. Network Design 28
4.2.1. Network Diagram 28
4.2.2. Logical Design 29
4.2.3. Network Architecture 30
4.3. Project Flowchart 31
4.4. Conclusion 32
CHAPTER 5 IMPLEMENTATION
5.1. Introduction 33
5.2. Requirement Analysis 33
5.2.1. Hardware Requirements 34
5.2.2. Software Requirements 35
5.3. Server Site Implementation 38
5.3.1. Server Configurations 38
5.3.2. Openswan Configuration 40
5.3.3. Xl2tpd Configuration 43
5.3.4. PPP Configuration 44
5.3.5. FreeRADIUS Configuration 46
5.5. Conclusion 50 CHAPTER 6 TESTING AND ANALYSIS
6.1. Introduction 51
6.2. Network Connectivity Testing 51
6.3. Openswan Testing 54
6.4. Xl2tpd Testing 55
6.5. FreeRADIUS Testing 56
6.6. Integration Testing 56
6.7. Security Testing 60
6.8. Conclusion 60
CHAPTER 7 CONCLUSION
7.1. Introduction 61
7.2. Project Summarization 61
7.3. Project Limitation 62
7.4. Project Contribution 62
7.5. Future Works 63
7.6. Conclusion 63
REFERENCES 64
LIST OF TABLES
TABLE TITLE PAGE
1.1 Summary of Problem Statement 3
1.2 Summary of Project Question 3
LIST OF FIGURES
FIGURE TITLE PAGE
2.1 Android Architecture 10
2.2 IPSec Architecture 14
2.3 Original Packet Data without IPSec 15
2.4 Packet Data in Transport Mode IPSec 15
2.5 Packet Data in Tunnel Mode IPSec 15
2.6 AH Protocol in Transport Mode 16
2.7 AH Protocol in Tunnel Mode 16
2.8 ESP Protocol in Transport Mode 17
2.9 ESP Protocol in Tunnel Mode 17
2.10 Proposed Solution Diagram 22
3.1 SDLC Phases 23
3.2 Milestone 26
3.3 Gantt chart 27
4.1 Network Diagram 29
4.2 Logical Design 29
4.3 Network Architecture 30
4.4 Project Flowchart 31
5.1 Samsung RV411 Laptop 34
5.2 Samsung Galaxy Wonder 34
5.3 Prolink WGR1004 35
5.4 VMware Workstation 10.0.2 36
5.5 Linux Ubuntu 12.04.3 Environment 36
5.6 Main Interface of Wireshark 38
5.8 Command to Flush All Chains in Iptables Rules 39
5.9 Command to Edit Sysctl.conf 39
5.10 Sysctl.conf Configuration File 40
5.11 Sysctl.conf Verification 40
5.12 Command to Edit Ipsec.conf 40
5.13 Ipsec.conf Configuration File 41
5.14 Ipsec.conf Configuration File Cont. 42
5.15 Command to Edit Ipsec.secrets 42
5.16 Ipsec.secrets Configuration File 42
5.17 Command to Edit Xl2tpd.conf 43
5.18 Xl2tpd.conf Configuration File 43
5.19 Xl2tpd.conf Configuration File Cont. 44
5.20 Command to Edit Options.xl2tpd 44
5.21 Options.xl2tpd Configuration File 45
5.22 Command to Edit Chap-secrets 45
5.23 Chap-secrets Configuration File 45
5.24 Command to Install FreeRADIUS 46
5.25 Command to Edit Options.xl2tpd 46
5.26 Options.xl2tpd Configuration File 46
5.27 Command to Add FreeRADIUS User 47
5.28 Users Configuration File 47
5.29 Command to Install Radiusclient1 47
5.30 Android Connection with the AP 48
5.31 VPN Settings 48
5.32 Pre-shared Key Based L2TP/IPSec VPN 49
5.33 VPN Configuration 49
5.34 Connection to VPN 50
5.35 VPN Connection Status 50
6.1 IP Address for Ubuntu Server 52
6.2 Ping 10.50.0.2 – Replied (Succeed) 52
6.3 Ping 192.168.0.1 – Blocked by the AP (Succeed) 53
6.4 IP address for Windows 7 (Web server) 53
6.5 Ping 10.50.0.1 – Replied (Succeed) 53
6.7 Ping 192.168.0.1 – Blocked by the AP (Succeed) 54
6.8 IPSec Verification 55
6.9 Xl2tpd Debug 55
6.10 FreeRADIUS Debug 56
6.11 IPSec Log 57
6.12 Xl2tpd Connection Established 57
6.13 FreeRADIUS Localhost Testing 58
6.14 FreeRADIUS Localhost Testing Result 58
6.15 FreeRADIUS Localhost Testing Result Cont. 59
6.16 Web Page of Web Server 59
LIST OF ABBREVIATONS
PC Personal Computer IP Internet Protocol
AAA Authentication, Authorization, and Accounting AH Authentication Header
AP Access Point
API Application Programming Interface CA Certificate Authority
CHAP Challenge-Handshake Authentication Protocol EAP Extensible Authentication Protocol
ESP Encapsulating Security Payload ICMP Internet Control Message Protocol IETF Internet Engineering Task Force IKE Internet Key Exchange
IKE Internet Key Exchange
IMEI International Mobile Station Equipment Identity IMS Internet Protocol Multimedia Subsystem
IPSec Internet Protocol Security
ISAKMP Internet Security Association and Key Management Protocol ISP Internet Service Provider
ITU-T ITU Telecommunication Standardization Sector L2TP Layer 2 Tunneling Protocol
LAN Local Area Network
MSCHAP Microsoft Challenge-Handshake Authentication Protocol NAT Network Address Translation
OHA Open Handset Alliance OS Operating System
PAP Password Authentication Protocol PGP Pretty Good Privacy
PKI Public Key Infrastructure
PMI Privilege Management Infrastructure PPP Point-to-Point
PPTP Point-to-Point Tunnelling Protocol PSK Pre-Shared Key
RADIUS Remote Authentication Dial in User Service RFC Request for Comments
RSA Rivest, Shamir and Adleman SA Security Association
SDLC System Development Life Cycle SPI Security Parameter Index
SQL Structured Query Language SSH Secure Shell
SSL Secure Sockets Layer
TCP Transmission Control Protocol TLS Transport Layer Security UDP User Datagram Protocol VM Virtual Machine
VPN Virtual Private Network WEP Wired Equivalent Privacy WLAN Wireless Local Area Network WPA Wi-Fi Protected Access
CHAPTER 1
INTRODUCTION
1.1 Introduction
Communication between two various devices via wireless connection has been used widely. There are many advantages and disadvantages of using this technology. Lack of security of the packet data that travels through this medium are one of the disadvantages of it. Even so, there are many security mechanisms can be used to secure the connections. Android by Google are one of the OS that use wireless as their medium of communication to communicate with another wireless devices.
1.2 Project Background
IP packets doesn't have any security features, making each of it transmitted through network medium are easy to sniffed by eavesdropping technique. Hence, there is no guarantee that each of it is from the claimed sender, was not sniffed during transit, or contains the original data without being changed. IPSec is a security mechanism that provides a protection to IP datagram by defining a method for specifying the traffic to protect, how the traffic will be protected, and also to whom the traffic is being sent. IPSec covers IPv4 and IPv6 with offering two types of protocols; AH and ESP [Craig Shue et al, 2005].
RADIUS is a popular security protocol that act as a gatekeeper for ISPs. Even so, it is capable of so much more than that. There are a lot of types of RADIUS servers as well as a lot of ways to configuring it [Brien Posey, 2006]. With the increasing of remote users try to access the network, RADIUS is widely used to control it. It manages and secures the WLAN, remote VPN, and wired access. Users are authenticated by the RADIUS server against a central database [Daniel Szilagyi et al, 2009].
Android OS developed by Google Inc. has become a very popular as one of the OS for mobile devices such as smartphones and tablets. Some of the features is it provides a short transport technology via wireless but in the same time, many threats linked with this platform such as malware also increasing. There is a study on security matters with Android devices. In that study, an implementation of a security channel of communication with VPN had been done [Angel Alonso‐Parrizas, 2011]. In the case of users connected to other Android using Wi-Fi need to be discuss how to ensure the security of communication between the host and client.
1.3 Problem Statement
An important thing in sharing files is the security of the file to be shared. There are many hackers out there who will take advantage of the file that is in the process of file sharing to exploit for personal gain. The Problem Statement (PS) is summarized into Table 1.1:
Table 1.1: Summary of Problem Statement No Problem Statement
PS1 There is a lack of relevant safety issues in sharing files using wireless connection between two devices; PC to Android mobile device for example.
1.4 Project Questions
[image:21.595.109.525.545.703.2]The security matters in exchanging of data through wireless connection between PC and Android device cannot be guaranteed. So that, it needed to be figured out what is the definition of secure wireless communication. In which way to secure the connection and how to implement the solution need to be done. The summarizations of the Project Questions (PQ) are shown in the Table 1.2:
Table 1.2: Summary of Project Question PS PQ Project Questions
PS1
PQ1 What is a secure wireless communication between PC and Android mobile device?
PQ2 How a secure wireless communication between PC and Android mobile device can be established?
1.5 Project Objectives
[image:22.595.110.528.189.370.2]Based on the project questions formulated in previous section, appropriate Project Objectives (PO) is developed as in Table 1.3:
Table 1.3: Summary of Project Objectives PS PQ PO Project Objectives
PS1
PQ1 PO1 To study how to secure wireless communication between PC and Android mobile device.
PQ2 PO2
To establish a secure wireless communication that allows PC and Android mobile device sharing data without being tracked or sniffed.
PQ3 PO3 To test and validate a secure wireless communication that has been established
1.6 Project Contribution
Since security matters in exchanging data between PC and Android device became an issue, developing a secure wireless communication will help the community to address the problem thus provides a medium for them to exchange data securely.
1.7 Project Scope
The project will be focused on: • Linux Ubuntu OS 12.04.3 • Android OS (2.3.6 GingerBread) • Openswan IPSec VPN
1.8 Project Significant
This secure wireless communication will hopefully help user especially Android phone user to share their data such as documents, pictures and other data with other connected PC user through wireless connection in secure line.
1.9 Project Output
At the end of this project, a secured wireless communication between PC and Android mobile device will be demonstrated and using Wireshark application, the packet data will be analysed to confirm it is securely transferred.
1.10 Report Organization
This report consist of six chapter namely Chapter 1: Introduction, Chapter 2: Literature Review, Chapter 3: Methodology, Chapter 4: Design and Implementation, Chapter 5: Testing and Result Analysis and Chapter 6: Conclusion.
Chapter 1: Introduction
This chapter will discuss about introduction, project background, research problem, research objective, scope, project significant and report organization.
Chapter 2: Literature Review
This chapter will explain related work of this project of android application language and tools.
Chapter 3: Methodology
This chapter will explain the method used and organise the sequence of project work in phase by phase.
This chapter will introduce the software and hardware use in this project, environment setup, implementation of android application as well as the data collected.
Chapter 5: Testing and Result Analysis
This chapter will analyse the collected data and carry out the scripting proposed to support the evidence.
Chapter 6: Conclusion
This chapter will concludes and discussed the finding, limitations, contribution and the future work of the project.
1.11 Conclusion
Wireless communication is widely used nowadays. In line with the increase, many security threats exist. Thus, a secure wireless connection need to be implemented to assure the originality, confidentiality and availability for each packet of data that being transmitted is safe.