STUDY OF VARIOUS WIRELESS NETWORK SECURITY ISSUES: A REVIEW

33 | P a g e

STUDY OF VARIOUS WIRELESS NETWORK SECURITY

ISSUES: A REVIEW

Jyoti1, Mrs. Sonal Beniwal2

1

M.Tech Scholar BPSMV, Khanpur, Sonepat 2

Assistant Professor, BPSMV, Khanpur, Sonepat

Abstract: Wireless security is the prevention of unauthorized access or damage to computers using wireless networks. The most common types of wireless security are Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). The secure use of wireless networks is based on users connecting to the network via predetermined access points using protocols in order to access the network securely. In this paper, we explore recent advances in wireless security and identify open security issues associated with proper security techniques. And also we discuss the wireless sensor network and its routing protocols in wireless network.

Keywords: WEP, WPA, WSN, AODV.

I. INRODUCTION

The growth in the variety and usage of wireless networks has greatly increased the urgency to identify security approaches. These problems, whose solutions are different in nature and scale from their companions in wired networks, must be solved in order to fully exploit the potential of wireless networking. This will enable further growth and investment in wireless networking technology and applications. Wireless communication is the transfer of information between two or more points that are not connected by an electrical conductor. Wireless networking refers to technology that enables two or more computers to communicate using standard network protocols, but without network cabling. If a user, application or company wishes to make data portable, mobile and accessible then wireless networking is the answer. A wireless networking system would rid of the downtime you would normally have in a wired network due to cable problems. It would also save time and money due to the fact that you would spare the expense of installing a lot of cables. Also, if a client computer needs to relocate to another part of the office then all you need to do is move the machine with the wireless network card [1].

Wireless networks are frequently categorized into three groups based on their coverage range [2]:

 Wireless Wide Area Network (WWAN)  Wireless Local Area Network (WLAN)  Wireless Personal Area Network (WPAN)  Wireless Sensor Network (WSN)

Wireless Local Area Network (WLAN) is the wireless implementation of local area networks (LANs). Data is transmitted between computers by using radio waves sent across areas like

34 | P a g e

large homes, office areas or schools. The wireless LAN protocols are standardized under the IEEE 802.11 series. Wi-Fi, a standard for “Wireless Fidelity” is widely used for networking personal computers and the Internet. The Fi technology brand, which is owned by the Wi-Fi Alliance, is used to certify products to establish interoperability between the products using IEEE 802.11 standards.

Wireless Sensor Networks (WSN) relies on collaborative work of large number of sensors. For this reason, they are deployed densely throughout the area where they monitor specific phenomena and communicate with each other and with one or more sink nodes that interact with a remote user. The user can inject commands into the sensor network via the sink to assign data collection; data processing and data transfer tasks to the sensors in order to receive the data sensed by the network. However, due to the lack of tamper-resistant packaging and the insecure nature of wireless communication channels, these networks are vulnerable to internal and external attacks. The existing protocols are the wired equivalent privacy protocol (WEP) and the wireless fidelity (Wi-Fi) Protected Access Protocols (WPA or WPA2).

II. WIRELESS SECURITY PROTOCOLS

Wired Equivalent Privacy Protocol

Wired Equivalent Privacy (WEP) Protocol is a basic security feature in the IEEE 802.11 standard, intended to provide confidentiality over a wireless network by encrypting information sent over the network [2]. A key-scheduling flaw has been discovered in WEP, so it is now considered as unsecured because a WEP key can be cracked in a few minutes with the aid of automated tools. Therefore, WEP should not be used unless a more secure method is not available.

Wi-Fi Protected Access And Wi-Fi Protected Access 2

Wi-Fi Protected Access (WPA) is a wireless security protocol designed to address and fix the known security issues in WEP. WPA provides users with a higher level of assurance that their data will remain protected by using Temporal Key Integrity Protocol (TKIP) for data encryption. 802.1x authentication has been introduced in this protocol to improve user authentication [2].

Wi-Fi Protected Access 2 (WPA2), based on IEEE 802.11i, is a new wireless security protocol in which only authorized users can access a wireless device, with features supporting stronger cryptography (e.g. Advanced Encryption Standard or AES), stronger authentication control (e.g. Extensible Authentication Protocol or EAP), key management, replay attack protection and data integrity.

III. WLAN Network Topologies

Each 802.11 WLAN comprises of multiple network components which can be arranged in few different network topologies. The IEEE 802.11 WLANs consist of four fundamental architectural components namely:

Wireless Medium (WM) - The medium used to transfer 802.11 WLAN frames between

35 | P a g e

Distribution System (DS) - The logical component used to forward frames to their

destination. It is usually implemented as a wired network, such as an Ethernet backbone.

Wireless Station (STA) - Any device that accesses the wireless medium is essentially an

STA. Usually this term is used to refer to endpoint devices such as laptops, desktops, mobile phones and other consumer electronics with 802.11 capabilities.

Access Point (AP) - An AP is a specialized STA that provides connectivity between the

various STAs and between the STAs and the distribution system (DS), which is usually a wired network. For simplicity, throughout the dissertation, the term STA is used to refer to a non-AP device. The term WLAN node is used whenever referring to both APs and pure STAs.

IV. Security Issues in Wireless Networks

Security Goals for Wireless Networks

The security goals encompass both those of the traditional networks and goals suited to the unique constraints of sensor networks. The four security goals for sensor networks are[4]:  Confidentiality: The ability to conceal messages from a passive attacker so that any message

communicated via the sensor network remains confidential. The standard approach for keeping sensitive data secret is to encrypt the data with a secret key that only intended receivers possess, thus achieving confidentiality.

 Integrity: It ensures the reliability of the data and refers to the ability to confirm that a message has not been tampered with, altered or changed while on the network. Even if the network has confidentiality measures in place, there is still a possibility that the data’s integrity has been compromised by alterations.

 Authentication: It ensures the reliability of the message by identifying its origin. Attacks in sensor networks do not just involve the alteration of packets; adversaries can also inject additional bogus packets. Therefore, the receiving node needs to be able to confirm that a packet received does in fact stem from the node claiming to have sent it. Data authentication verifies the identity of senders. Data authentication is achieved through symmetric or asymmetric mechanisms where sending and receiving nodes share secret keys to compute the Message Authentication Code (MAC).

 Availability: The ability to use the resources and whether the network is available for the messages to communicate.

Security Challenges:

Wireless Network have many characteristics that make them very vulnerable to malicious attacks. Some of these are:

 A wireless channel is open to everyone. With a radio interface configured at the same frequency band, anyone can monitor or participate in communications. This provides a convenient way for attackers to break into WSNs.

 Due to standard activity, Most routing protocols for WSNs are known publicly and do not include potential security considerations at the design stage. Therefore, attackers can easily launch attacks by exploiting security holes in those protocols.

 Due to the complexity of the algorithms, the constrained resources make it very difficult to implement strong security algorithms on a sensor platform. To design such security protocols is not an easy task. A stronger security protocol costs more resources on sensor nodes, which

36 | P a g e

can lead to the performance degradation of applications. In most cases, a trade-off must be made between security and performance. However, attackers can break weak security protocols easily.

 A WSN is usually deployed in hostile areas without any fixed infrastructure. It is difficult to perform continuous surveillance after network deployment.

Threats in wireless network:

 External threats versus internal threats: An external threat occurs from outside the sensor network and may amount to mere passive eavesdropping on data transmissions.. An internal threat occurs from compromised nodes running malicious data or from attackers who have stolen the cryptographic contents from legitimate nodes.

 Mote-class attacker versus laptop-class attacker: A mote-class attacker has access to a few motes with the same capabilities as other motes in the network. However a laptop-class attacker has access to more powerful devices, such as laptops.

 Insider attack versus outsider attack: An outside attacker has no special access to the sensor network, such as passive eavesdropping. On the other hand an inside attacker has access to the encryption keys or other codes used by the network.

 Passive attacker versus active attacker: Passive attackers are only interested in collecting sensitive data from the sensor network, which compromises the privacy and confidentiality requirements. An example of passive attack is – Eavesdropping. The active attackers’ goal is to disrupt the function of the network and degrade its performance. An example of active attack can be - Man-in-the-middle attack.

V. Wireless Sensor Network(WSN)

Wireless Sensor Network (WSN) can be defined as the network of autonomous sensors which cooperatively monitor physical or environmental conditions such as temperature, pressure, sound or vibration [10]. In other words, wireless sensor network is composed by a large number of nodes with processing, sensing and radio communication capabilities, scattered throughout a certain geographical region where the sensory data is routed in a multi hop ad hoc fashion from the originator sensor node to a remote control station. WSN are the subclass of ad hoc network wherein group of sensors capable of making measurements exchange information with each other.

Wireless Sensor Network Model:

Unlike their ancestor ad-hoc networks, WSNs are resource limited, they are deployed densely, they are prone to failures, the number of nodes in WSNs is several orders higher than that of ad hoc networks, WSN network topology is constantly changing, WSNs use broadcast communication mediums and finally sensor nodes don’t have a global identification tags [11]. The major components of a typical sensor network are:

37 | P a g e

Fig. Components of Wireless Sensor Networks

 Sensor Field: A sensor field can be considered as the area in which the nodes are placed.  Sensor Nodes: Sensors nodes are the heart of the network. They are in charge of collecting

data and routing this information back to a sink.

 Sink: A sink is a sensor node with the specific task of receiving, processing and storing data from the other sensor nodes. They serve to reduce the total number of messages that need to be sent, hence reducing the overall energy requirements of the network. The network usually assigns such points dynamically..

Task Manager: The task manager also known as base station is a centralized point of control

within the network, which extracts information from the network and disseminates control information back into the network. It also serves as a gateway to other networks, a powerful data processing and storage centre and an access point for a human interface. The base station is either a laptop or a workstation. Data is streamed to these workstations either via the internet, wireless channels, satellite etc. The transmission range of the nodes varies according to the communication protocol is use.

VI.

Routing Protocol

Routing is a process of determining a path between source and destination upon request of data transmission. In WSNs the network layer is mostly used to implement the routing of the incoming data. It is known that generally in multi-hop networks the source node cannot reach the sink directly [10]. So, intermediate sensor nodes have to relay their packets.

Ad-hoc On-demand Distance Vector (AODV):

AODV [13] is the simplest and widely used algorithm either for wired or wireless networks. It is one of the most efficient routing protocols in terms of establishing the shortest path and lowest power consumption. It is an algorithm use for finding a route for

peer-to-peer connection between sensors. It is mainly used for ad-hoc networks but also in wireless sensor networks.

Source destination

38 | P a g e

RREP

TX

Fig. AODV; (a) Timing diagram, (b) Broadcasts a HELLO packet to the neighbor

AODV does not depend on network-wide periodic advertisements of identification messages t o other nodes in the network. It p e r i o d i c a l l y b r o a d c a s t s “ HELLO” messages t o the neighbouring nodes. It t h e n uses these neighbours in routing. Whenever any node needs to send a message to some node that is not its neighbour, the source node initiates a Path Discovery, by sending a Route REQuest (RREQ) message to its neighbors. Nodes receiving the RREQ update their information about the source.

Authenticated Source Route for Mobile Ad hoc Networks:

A Mobile Ad Hoc Network (MANET) is a self organizing, infrastructure less, multi-hop network [8]. The wireless and distributed nature of MANETs poses a great challenge to system security designers. Key management is crucial part of security, this issue is even bigger in MANETs. The distribution of encryption keys in an authenticated manner is a difficult task. Because of dynamic nature of MANETs, when a node leaves or joins it need to generate new session key to maintain forward and backward secrecy. In this paper [7] ,we divide the network into clusters. This paper proposes a new cluster based tree (CBT) algorithm for secure multicast key distribution, in which source node uses Destination Sequenced Distance Vector (DSDV) routing protocol to collects its 1 hop neighbors to form cluster. CASR is robust against attackers from outside of the network and even it prevents compromised nodes from tampering with uncompromised routes consisting of uncompromised nodes. Because of using symmetric cryptography in its structure, CASR is robust against large number of types of Denial-of-Service attacks [13]. However, due to the applying of the random key pre distributions method to the routing process our proposed scheme reaches a trade-off between the degree of security and complexity.

References:

[1] Introduction “Windows Networking”

http://www.windowsnetworking.com/articles_tutorials/introduction-wireless-networking-part1.htm

[2] Stubblefield, A; et al. (2004) ‘A Key Recovery Attack on the 802.11b Wired Equivalent Privacy Protocol (WEP)’ in ACM Transactions on Information and System Security, Vol. 7, No. 2, May 2004, pg 319–332.

[3] J. Zheng and Myung J. Lee(2006). A comprehensive performance study of IEEE 802.15.4

– Sensor Network Operations: Wiley Interscience. IEEE Press Chapter 4. 218-237.

[4] Nilufar Baghaei, “IEEE 802.1 Wireless LAN Security Performance Using Multiple Clients”, Honors Project Report, 2003.

[5] Chris Townsend and Steven Arms, “Wireless Sensor Networks: Principles and Applications” chapter-22, MicroStrain Inc., pp. 439-449, 2004

39 | P a g e

communication paradigm for sensor networks”, in Proceedings of the Sixth Annual International Conference on Mobile Computing and Networks (MobiCOM ’00),

August 2000.

[7] Elizabeth M. Royer, Charles E.Perkins, “An Implementation of the AODV Routing

Protocols”.

[8] Ad hoc on-demand distance vector (aodv) routing. [Online]. Available: http://www.ietf.org/rfc/rfc3561.txt. J. Macker and S. C. (chairmen). MANET (Mobile Ad Hoc Networking) working group of the IETF.

[9] Chris Townsend and Steven Arms, “Wireless Sensor Networks: Principles and Applications” chapter-22, MicroStrain Inc., pp. 439-449, 2004.

[10] Lewis, F.L., “Wireless Sensor Networks,” Smart Environments: Technologies, Protocols, and Applications, ed. D.J. Cook and S.K.

[11] Christoyannis, Costas, http://www.hack.gr/users/dij/crypto/”

[12] Karp and H. T. Kung, “GPSR: greedy perimeter stateless routing for wireless networks”, in Mobile Computing and Networking, 2000, pp. 243–254.

[13] Intanagonwiwat, R. Govindan, and D. Estrin, “Directed diffusion: A scalable and robust

communication paradigm for sensor networks”, in Proceedings of the Sixth Annual International Conference on Mobile Computing and Networks (MobiCOM ’00),