1

A SEMINAR REPORT
ON

WIRELESS LAN SECURITY

B.TECH- IV (ELECTRONICS & COMMUNICATION)
SUBMITTED BY:
RAVI PANCHAL

(Roll No.: U11EC044)

GUIDED BY:
Ms. JIGISHA N. PATEL

ECED, SVNIT

DEPARTMENT OF ELECTRONICS ENGINEERING

Year: 2014-15
SARDAR VALLABHBHAI NATIONAL INSTITUTE OF TECHNOLOGY
(SVNIT)
SURAT-395007

Acknowledgements

I am extremely grateful to Ms. U.D. Dalal , Head of Department, Department of electronics, and
SVNIT for providing all the required resources for my dissertation.
My heartfelt gratitude to my internal guide Mrs. Jigisha N. Patel, Associate professor, for his
valuable suggestions and guidance in the preparation of the dissertation seminar report.
We will be failing in duty if we do not acknowledge with grateful thanks to the author of
references and other literatures referred to in this report.
I express my thank to Mr. Z.M. Patel Project and seminar in-charge for UG and all staff
members and my friends for all the help and co-ordination extended in bringing out this report
successfully in time.
I am very much thankful to our parents who guided us in every step which we took. Finally, I
must thank GOD for giving me the environment to study, people to help, opportunities to enact
and potential to succeed.

RAVI PANCHAL (U11EC044 )

Sardar Vallabhbhai National Institute of Technology, Surat
November 2014

Wireless LAN Security

ABSTRACT
As the virtues of flexible wireless anywhere computing begin to be understood-there is a
growi`ng interest in wireless local area networking technologies .Because of mobility it is better
than wired Network Unlike their wide area cellular or PCS-based counterparts, wireless
LAN offers significantly higher speeds and the cost-effectiveness of low power transmission in
the unlicensed spectrum .On the Basis on Network topology it is divided into two type Ad-hoc
and Access Point.
Another thing is the security Problem because of Air Interface. There has been a serious problem
with security issue since the inception of Wireless LAN, wireless local area network faces some
of the major security issue, and describes the solution. In recent years with the popularity of a
variety of wireless devices and wireless local area network with its easy access ,flexible network
with its easy access, flexible networking, mobile data transmission has a unique advantage and
so can develop rapidly.
There are many wireless LAN security vulnerabilities threats to people information security
anytime anywhere. There is no absolute security technology .To protect important information
stolen, we should develop good surfing habits. On the other hand we have to rely on security
technology development.

Sardar Vallabhbhai National Institute of Technology, Surat-07

Electronics Engineering Department

CERTIFICATE
This is to certify that candidate Mr. Ravi Panchal bearing Roll No: U11EC044 of B.TECH IV,
7TH Semester has successfully and satisfactorily presented seminar & submitted the Report on
the topic entitled Wireless Lan Security for the partial fulfillment of the degree of Bachelor
of Technology (B.Tech) in Nov. 2014.

Guide: _____________

Examiner 1 Sign: ______________ Name: ______________

Examiner 2 Sign: ______________ Name: ______________
Examiner 3 Sign: ______________ Name: ______________

Head,
ECED, SVNIT.
(Seal of the Department)

INDEX
Chapter No.

Topic Name

Page No.

1.

INTRODUCTION

2.

WIRELESS LAN COMPONENTS

3.

NEED OF WIRELESS LAN SECURITY

10

4.

SECURING THE WLAN

5.

CONCLUSION

6.

REFRENCES

14
31
32

1.INTRODUCTION
In todays society, Information is increasingly important to our lives from the things of
Individuals to the national Security. has mastered the accurate information, which will be able to
occupy the dominant

position of competition? Today, there are more than 20 million Internet

users worldwide, a large part of them have internet access through wireless router termination
such as WIFI. Wireless LAN security is becoming a social problem. Before discussing the
wireless network security issues, you must know a fact that more than 70% of the network
security issue is caused due to human factors, such as information theft by acquaintances or
colleagues etc. There are not technical problems, and we discuss only the remaining 30% of
network security and technology-related issues.

Now a days Use of Internet is increasing exponentially with a lot of additive facilities like low
cost higher Bandwidth high speed data n now a days one more n best Advantage is there that is
Mobility . In earlier days If someone want to use Internet then he/she must connect it Device to
the Cable or wire in order to get permission and Connection But Now a days wireless
Connection is available in which no need to attach a cable , wire to its device just enable the
function and according to the internet facility and security one can access it. This is Called
Wireless Technology

Wireless lan overview

Wireless LAN and Ethernet are not the same as the traditional, mainly reflected in two aspects
first different data transmission media, Traditional Ethernet using copper wire and other physical
media for data transmission, The wireless LAN uses radio waves and radio frequency technology

for data transmission as the different in layout, Ethernet due to the need for access in every place
wiring, need larger quantities, because the spread of wireless LAN features the use of space to
complete the formation of the network need only a wireless signal transmitter. Second, users
access the network in different ways. Users accessing to the traditional needs physical Ethernet
cable, fixed location, and it is not flexible, users access the wireless local area need only be
within wireless signal range, you can move freely, very flexible.

2 .Wireless Lan Components

One of the important advantages of WLAN is its installation quite simple. It is very easy and
can eliminate the needs to all cable through walls and ceiling to install a wireless LAN system,
because the architecture of WLAN is quite simple.

On the Basis of Network Topology WLAN is divided into Two Category : one is access point
(APs)and the other is Ad-hoc

2.1 Access Points

Access Points is truly a LAN hub which belongs to the wireless equivalent. It is normally
connected to the wired backbone with a standard Ethernet Cable and exchange information with
other wireless decides by the means of antenna AP uses 802.11 standard specified modulation
techniques and works with in specific frequency spectrum It techniques and works with specific
clients of its authenticates availability and associates wireless clients to the wireless network. In
Basic network AP as a central site for all the communication relay, AP only guarantee with the
Stations wireless communication between and also responsible for the equipment and wired
network bridge, any station cannot and station direct communication.

2.2 Ad-hoc
In Ad-hoc mode there is no need of Centralized access point for connecting each device to it like
in Infrastructure mode. Ad-hoc mode is like peer to peer mode . Devices directly connect with
each other in this mode packet transmit directly without going to Access point (Wireless Router).

2.3 Diff. between Ad-hoc-Infrastructures

In Ad-hoc mode Access point is not requires so there is no need to use Wireless Router and
in Infrastructure ode we require wireless router as a centralized access point . In Ad-hoc
mode devices directly communicate with each other and in Infrastructure mode devices

communicate with access points that ever device is connected with access point . For small n
temporary connection Ad-hoc is used but for Large area n more permanent network
infrastructure mode is used.

An Ad-hoc Wireless Network is comprised of a group of computers that communicate

directly with each other on a peer-to-peer basis without the use of a Wireless Access Point.
Each of the computers must be equipped with a Wireless Adapter. For instance, as two
computers are within the range required for 802.11b Wireless Networking, they could be set
to Ad-hoc mode and thus can instantly create a peer-to-peer network. Ad-hoc mode may also
be referred to as Independent Basic Service Set (IBSS) or as peer-to-peer mode.

In an Infrastructure Network, a set of Wireless Adapter equipped computers are able to

communicate with each other as well as a wired network by going through a Wireless Access
Point. The Access Points negotiates all wireless traffic as well as any traffic that between the
wireless and the wired network. The computers do not communicate directly in a peer-topeer fashion as in the Ad-hoc mode. A Wireless Network working in Infrastructure Mode
and connected to a wired network can also be referred to as a Basic Service Set (BSS). A set
of two or more Basic Service Sets in a single network is referred to as an Extended Service
Set (ESS).

10

3. NEED OF WIRELESS LAN SECURITY

To maintain the privacy and security to data base of organization, company from others
security must there. Many hackers n organization try to get the data of other organization
without their permission . Even they try to Break the Security of the System , Based on the
type of security It depend whether it is easy to break or impossible to break .

Wireless security is the prevention of unauthorized access or damage to computers

using wireless networks. Many laptop computers have wireless cards pre-installed. The ability to
enter a network while mobile has great benefits. However, wireless networking is prone to some
security issues.] Hackers have found wireless networks relatively easy to break into, and even use
wireless technology to hack into wired networks.[ As a result, it is very important that enterprises
define effective wireless security policies that guard against unauthorized access to important
resources. Wireless

Intrusion Prevention System (WIPS) or Wireless

Intrusion detection

System (WIDS) are commonly used to enforce wireless security policies.

The risks to users of wireless technology have increased as the service has become more popular.
There were relatively few dangers when wireless technology was first introduced. Hackers had
not yet had time to latch on to the new technology and wireless was not commonly found in the
work place. However, there are a great number of security risks associated with the current
wireless protocols and encryption methods, and in the carelessness and ignorance that exists at
the user and corporate IT level. Hacking methods have become much more sophisticated and
innovative with wireless. Hacking has also become much easier and more accessible with easyto-use Windows or Linux -based tools being made available on the web at no charge.

11

3.1

Wireless lan Security Problems

3.1.1 Unauthorized Users access

An Attacker tries to connect a wireless client typically a laptop of PDA to as access point
without authorization. Access point can be configured to require a password for a client access.
If there is no password an intruder can connect to the internal network simply by enabling a
wireless client to communicate with the access point . Note however that some access points use
the same password for all the client access requiring all users to adopt a new password every
time the password needs to be changed.

3.1.2 Jamming
Denial of service attacks are also easily applied to wireless networks, where legitimate
traffic cannot reach clients or the access points because traffic overwhelms the
frequencies. An attacker with proper equipment and tools can easily flood the 2.4 GHz
frequencies

,corrupting the signal until the wireless network ceases to function. In

addition, cordless phones, Baby monitors and other devices that operate on 2.4 GHz band
can disrupt a wireless network using this frequency. These denials of service can
originate from outside the work area serviced by the access point, or can inadvertently
arrive from other installed on other work area that degrade the overall signal.

3.1.3 Client to Client Attack

Two wireless clients can talk directly to reach other bypassing the access point . Users
therefore need to defends clients not just against an external threat but also against each other.

12

File sharing and other TCP/IP service Attacks

Wireless Clients

running TCP/IP services such as a Web server or file sharing are open to the same
exploits and misconfigurations as any user on a wired Network.

DOS(Denial of Service)- . DOS attacks can also be lucrative for criminals, some
of whom use these attacks to shake down businesses for anywhere from thousands to
millions of dollars. A wireless device floods other wireless client with bogus packets,
creating a denial of service attack. In addition duplicate IP or MAC address , both
intentional and accidental can cause disruption on the network.

3.1.4 .Brute Force Attacks Against Access Points Passwords

Most access points use a single key or passwords that is shared with all connecting
wireless

clients .Brute force dictionary attacks attempt to compromise this key by

methodically testing every possible password. The intruder gains access to the access
point once the password is guessed.

In addition passwords can be compromised through less aggressive means. A

compromised client can expose the access point Not changing the keys on a frequent
basis or when employees

leave the organization also opens the access point to attack.

Managing a large number of access points and clients only complicate this issue,
encouraging lax security practices.

3.1.5 Man-in-the-middle attacks

A man-in-the-middle attacker entices computers to log into a computer which is set up as a soft
AP (Access Point) . Once this is done, the hacker connects to a real access point through another
wireless card offering a steady flow of traffic through the transparent hacking computer to the

13

real network. The hacker can then sniff the traffic. One type of man-in-the-middle attack relies
on security faults in challenge and handshake protocols to execute a de-authentication attack.
This attack forces AP-connected computers to drop their connections and reconnect with the
hackers soft AP (disconnects the user from the modem so they have to connect again using their
password which one can extract from the recording of the event). Man-in-the-middle attacks are
enhanced by software such as LAN jack and AirJack which automate multiple steps of the
process,

meaning

what

once

required

some

skill

can

now

be

done

by script

kiddies. Hotspots are particularly vulnerable to any attack since there is little to no security on
these networks.

3.1.6 Broadcast Monitor

If the Access point is connected with the hub and not connected with the switch then any
network traffic through the HUB is broadcast in the entire WLAN. Since Ethernet HUB
connecting it to all devices including wireless access points broadcast all packets, so that
an attacker can monitor sensitive data to network.

3.1.7 .Active attacks into the business flow

If an attacker

know the exact plain text of a message is encrypted, he can use this to

build the correct encryption package. The process includes: Building a new message by
calculating CRC-32 change the initial bits of data to encrypt the message into a new
message in clear text and then send the packets to the access points or mobile terminal,
the packets will be treated as A correct data packet was received .This illegal traffic will
be injected into the network, thus increasing the load even lead to complete paralysis of
the entire Network system.

14

4. Securing The WLAN

Securing a network becomes nightmare due to the increase of attacks and the use of new
techniques that are based mostly on free tools. This becomes even worse when it comes to
WLAN that facing extra mean of attacks since its signal is broadcasted on a free media the air
Attacks are not limited to external but also to internal which becomes hard to detect. Two of
internal main attacks can cause a big problem to WLAN at the AP and the MTs. These are rogue
AP, and running internal applications that cause system attack. At the AP, rogue AP can cause
illegal access to network resources which increase the network vulnerability. In addition, illegal
applications running at the mobile terminals can cause headache to managers and administrators
because of the possibility of having virus attacks that might cripple the network at some stage. A
new method has been suggested to improve the WLAN security by detecting and isolating a
rogue APs. A new technology through the use of police software has been suggested to improve
WLAN security by detecting illegal running of applications and discard its packets. The police
software will permit packets generated by authorized applications to pass to AP through
encrypted key known to this police software. The police software must be uploaded to MTs
during association with AP.

4.1 Solution To Prevent Non Authorized user

4.1.1 Based on Service set Identifier(SSID) to prevent unauthorized
users access
Service Set Identifier SSID is the name used to identify a network as a way to distinguish
between definer network can have up to 31 characters. Site set up a different wireless SSID to
access heterogeneous wireless networks. Wireless base stations must be set to the correct SSID
and with the wireless LAN access Aps SID the same point to be able to access the Ap If the
SSID provided by the user and provided by the Aps SSID is inconsistent then the AP refused to

15

directly access it through a wireless service area. SSID is a sense that the function of a similar
password. Then provide the password authentication mechanism shielding the access of illegal
users to ensure the security of wireless local area network SSID broadcasting is usually out by
the AP such as window XP can use the built in scanning all the region view the current SSID
Taking into account security you can ban AP broadcast SSID number but that the wireless base
station must take the initiative to send the correct SSID number to associate with the AP.

4.1.2 Second Solution

Wireless Network card Physical address filtering mechanism to prevent unauthorized User
access

Since Each

wireless card has a unique MAC address Physical address used to prevent

unauthorized user access. Adding control to access point that it only allow to enter particular
MAC address that are registered in it so we can maintain the AP through a group of physical
address access list to achieve physical address Filtering . However In theory the physical
address of IP packets can be forged so this is less secure authorization certification. Its a
hardware certification rather than the user authentication but This is helpful to prevent
non authorized user.

4.1.3 Encryption Based Security

Wired Equivalent Privacy, a security protocol for wireless local area networks defined in the
802.11b standard. WEP is designed to provide the same level of security as that of a wired LAN.
LANs are inherently more secure than WLANs because LANs are somewhat protected by the
physicalitys of their structure, having some or all part of the network inside a building that can
be protected from unauthorized access. WLANs, which are over radio waves, do not have the
same physical structure and therefore are more vulnerable to tampering. WEP aims to provide
security by encrypting data over radio waves so that it is protected as it is transmitted from one

16

end point to another. However, it has been found that WEP is not as secure as once believed.
WEP is used at the two lowest layers of the OSI Model - the data link and physical layers; it
therefore does not offer end-to-end security.

WEP(Wired Equivalent Privacy)

WEP try to use from four operations to encrypt the data (plaintext).
1.At first, the secret key used in WEP algorithm is 40-bit long with a 24-bit Initialization Vector
(IV) that is concatenated to it for acting as the encryption/decryption key.
2. Secondly, the resulting key acts as the seed for a Pseudo-Random Number Generator (PRNG).
3. Thirdly, the plaintext throw in a integrity algorithm and concatenate by the plaintext again.
4.Fourthly, the result of key sequence and ICV will go to RC4 algorithm. A final encrypted
message is made by attaching the IV in front of the Cipher text. Now in Fig. define the objects
and explain the detail of operations

B. In the Recipient side

WEP try to use from five operations to decrypt the received side (IV + Cipher text). At first, the
Pre-Shared Key and IV concatenated to make a secret key. Secondly, the Cipher text and Secret
Key go to in CR4 algorithm and a plaintext come as a result. Thirdly, the ICV and plaintext will
separate. Fourthly, the plaintext goes to Integrity Algorithm to make a new ICV (ICV) and

17

finally the new ICV (ICV) compare with original ICV. In fig you can see the objects and the
detail of operations schematically:

Initialization Vector (IV)

is a randomly bits that size of it depends on the encryption algorithm and is normally as large as
the block size of the cipher or as large as the Secret key.

The IV must be known to the recipient of the encrypted information to be able to decrypt it that
in WEP algorithm does this by transmitting the IV along with the packet. For two different
lengths (64, 128 bit) of keys IV is 24-bit.

Pre-Shared Key
is a simple 5- or 13-character password that is shared between the access point and all wireless
network users. This key is available by administrator an bye system auto generation. For the 64bit key the length of secret key is 40 bits and for 128-bit key the length is 104 bits.

18

PRNG
In WEP defined a method to create a unique secret key for each packet using the 5- or 13characters of the pre-shared key and three more pseudo-randomly selected characters picked by
the wireless hardware (IV).
For example, our Pre-shared key is "ARASH". This word would then be merged with "AHL" as
IV to create a secret key of "AHLARASH", which would be used in encryption operations of
packet. The next packet would still use "ARASH", but concatenate it this time with "ARA" to
create a new secret key of "ARAARASH". This process would randomly continue during the
transmission of data.

ICV & Intearity Algorithm (CRC-32)

is one of hashing algorithm and it is abbreviated of "Cyclic Redundancy Code". CRCs is a
family of algorithms and CRC32 is one certain member of this family (other members are
CRC16, XMODEM) that 32 represent the length of checksum in bits (= 4Byte). The "CRC"
term is reserved for algorithms that are based on the "polynomial" division idea. The base of the
idea to compute the checksum in all CRC algorithms is the same: Take the data as a VERY long
binary number and divide it by a constant divisor. If you do this with integer values you get a
rest; this rest is the CRC checksum. For example7/3=2+rest1=>1 are the checksum of 8.
In CRC algorithm, four operations are doing:

Choose a width (W).

Choose a poly (P) on width W.

Append W zero bits to the message (M).

Divide M by P using CRC algorithm (XOR). The reminder is checksum.

19

Notice, The length of additional bits to message is the actual bit position of the highest bit in W.
For

example,

if

your

is

10011

then

the

length

of

zero

bits

is

4,

not5(124+023+022+121+120) . As an example:
Then the result is 1110, it means the checksum or ICV is 1110.

RC4
RC4 that is not specific to WEP; it is a random generator, also known as a key stream generator
or a stream cipher, and was developed in RSA Laboratories in 1987. RC4 works by logically
XORing the key to the data. In the fig. 3 you can see the operation of RC4 simply:

Figure 4: RC4 Algorithm

For example, if the data has the format 10010100 and the key is 1011, then RC4 (data, key) =
00101111. Since RC4 is a two-way algorithm, a second call to RC4 (encrypted data, key) is
10010100 which is the original data

Keywords

20

4.1.3.1 WEP Problems

Size of IV is short and reused
Regardless of the key size, 24-bit long of WEP's IV can only provide 16,777,216 different RC4
cipher streams for a given WEP key. On a busy network this number can be achieved in a few
hours and reuse of the same IV then becomes unavoidable. In WEP the RC4 cipher stream is
XOR.ed with the original packet and the IV is sent in the clear format with each packet. If the
RC4 cipher stream for a given IV is found, an attacker can decrypt subsequent packets that were
encrypted with the same IV or can forge packets. If a hacker collects enough frames based on the
same IV, the individual can determine the shared values among them, i.e., the key stream or the
shared secret key. Because XORing two ciphertexts that use the same key stream would cause
the key stream to be cancelled out and the result would be the XOR of the two plainrexts.

Key management is lack and updating is poor

Most wireless networks that use WEP have one single WEP key shared between every node on the
network. Access points and client stations must be programmed with the same WEP key. Since
synchronizing the change of keys is difficult, network administrators must personally visit each wireless
device in use and manually enter the appropriate WEP key. Access points and client stations must be
programmed with the same WEP key. Since the change of keys task is tedious and difficult, they are
rarely changed by the system administrators. This may be acceptable at the installation stage of a WLAN
or when a new client joins the network, but anytime the key becomes compromised or there is a loss of
security, the key must be changed. This may not be a huge issue in a small organization with only a few
users, but it can be impractical in large corporations, which typically have hundreds of users.

Problem in the RC-4 algorithm

RC4 implementation has been considered to have weak keys, meaning that there is more
correlation between the key and the output than there should be. Determination of which packets
were encrypted with weak keys is an easy job. Since the first three bytes of the key are taken
from the IV that is sent unencrypted in each packet, this weakness can be exploited easily by a
passive attack. Out of the 16 million IV values available, about 9,000 are interesting. They

21

indicate the presence of weak keys. The attacker captures "interesting packets" filtering for IVs
that suggest weak keys, then analyses them and only has to try a small number of keys to gain
access to the network. Because all original IP packets start with a known value, it's easy to know
when he/she has the right key. To determine a 104-bit WEP key, he/she has to capture between
2,000 and 4,000 interesting packets. On a fairly busy network the capture of the interesting 5,000
packets might not pose any difficulty and can be achieved in a short period of time.

[2]

Easy forging of authentication messages

802.11 standards declare two types of authentication; Open System and Shared Key
authentication. The theoretical idea was that an authentication would be better than no
authentication. But in reality the opposite is emerged to be true. Turning on authentication with
WEP, actually reduce the total security of the network and make it easier to guess WEP key for
the intruders and attackers. Shared Key authentication involves demonstrating the knowledge of
the shared WEP key by encrypting a challenge. The problem here is, any monitoring attacker can
observe the challenge and the encrypted response. From those, then can determine the RC4
stream used to encrypt the response, and use that stream to encrypt any challenge he/she would
receive in th future. So by monitoring a successful authentication, the attacker can later forge an
authentication. The only advantage of Shared Key authentication is that it reduces the ability of
an attacker to create a denial-of-service attack by sending garbage packets (encrypted with the
wrong WEP key) into the network [14]. To handle the task of proper authenticating wireless
users turn off Shared Key authentication and depend on other authentication protocols, such as
802.1x.

4.1.2 Enhancements over WEP

Improved data encryption (TKIP)
Temporal Key Integrity Protocol (TKIP) using a hashing algorithm and, by adding an integritychecking feature, ensures that the keys haven't been tampered with. TKIP. is a Temporal Key
Hash Function and it is an alternative to WEP that fixes all the security problems and does not

22

require new hardware. Like WEP, TKIP uses the RC4 stream cipher as the encryption and
decryption processes and all involved parties must share the same secret key. This secret key
must be 128 bits and is called the "Temporal Key" (TK). TKIP also uses an Initialization Vector
(IV) of 48-bit and uses it as a counter. Even if the TK is shared, all involved parties generate a
different RC4 key stream. Since the communication participants perform a 2-phase generation of
a unique "Per-Packet Key" (PPK) that is used as the key for the RC4 key stream.

TKIP is a TGi's response to the need to do something to improve security for equipment that
already deployed in 802.11. TGi has proposed TKIP as a mandatory-to-implement security
enhancement for 802.11, and patches implementing it will likely be available for most equipment
in late 2002.
TKIP is a suite of algorithms wrapping WEP, to achieve the best security that can be obtained
given the problem design constraints. The TKIP algorithms are designed explicitly for
implementation on legacy hardware, hopefully without unduly disrupting performance. TKIP
adds four new algorithms to WEP:

A cryptographic message integrity code, or MIC, called Michael, to defeat forgeries;

A new IV sequencing discipline, to remove replay attacks from the attacker's arsenal;

A per-packet key mixing function, to de-correlate the public IVs from weak keys; and

A re-keying mechanism, to provide fresh encryption and integrity keys, undoing the
threat of attacks stemming from key reuse.

The remainder of this section analyses each of the TKIP components, and the next section
indicates how they are intended to work together to rescue WEP.

23

TKIP is an acronym for Temporal Key Integrity Protocol. The name is something of a
misnomer. The TKIP re-keying mechanism updates what are called temporal keys, which are
consumed by the WEP encryption engine and by the Michael integrity function.

4.1.3. User authentication (Use EAP Method)

Which is missing in WEP, through the extensible authentication protocol (EAP)? WEP regulates
access to a wireless network based on a computer's hardware-specific MAC address, which is
relatively simple to be sniffed out and stolen. EAP is built on a more secure public-key
encryption system to ensure that only authorized network users can access the network.

Remote Authentication Dial-In User Service

EAP is an envelope that supports many different kinds of authentication. Deploying 802.1X
requires adopting one or more EAP methods:

Cisco's Lightweight EAP (LEAP) uses mutual password authentication between the station
and AP. Because LEAP's challenge/response isn't encrypted, it's vulnerable to offline
dictionary attacks.

EAP-TLS requires mutual certificate authentication between stations and servers. EAP is
protected from eavesdropping by a TLS tunnel. The price paid for tighter security is a
certificate on every station.

24

EAP-TTLS and Protected EAP (PEAP) authenticate servers by certificate and stations by
passwords, made safe by tunneling over TLS. Logins known to your RADIUS server,
Active Directory or domain controller can be reused by 802.1X to simplify WLAN
deployment.

25

EAP is an authentication framework, not a specific authentication mechanism.[1] It provides

some common functions and negotiation of authentication methods called EAP methods. There
are currently about 40 different methods defined. Methods defined in RFCs include EAP-MD5,
EAP-POTP, EAP-GTC, EAP-TLS, EAP-IKEv2, EAP-SIM, EAP-AKA and EAP-AKA'.
Additionally a number of vendor-specific methods and new proposals exist. Commonly used
modern methods capable of operating in wireless networks include EAP-TLS, EAP-SIM, EAPAKA, and EAP-TTLS. Requirements for EAP methods used in wireless LAN authentication are
described.

26

The standard also describes the conditions under which the AAA key management requirements
described in RFC 4962 can be satisfied
Moreover, EAP-TTLS and PEAP aren't foolproof. They can be tricked into sending identity or
credentials without the protection of the TLS tunnel. A man-in-the-middle attack can intercept
and use these values to access your WLAN.

4.1.4 TKIP(Advance WEP)

TKIP and the related WPA standard implement three new security features to address security
problems encountered in WEP protected networks. First, TKIP implements a key mixing
function that combines the secret root key with the initialization vector before passing it to the
RC4 initialization. WEP, in comparison, merely concatenated the initialization vector to the root
key, and passed this value to the RC4 routine. This permitted the vast majority of the RC4 based
WEP related key attacks

[5]

Second, WPA implements a sequence counter to protect against

replay attacks. Packets received out of order will be rejected by the access point. Finally, TKIP
implements a 64-bit Message Integrity Check (MIC)
To be able to run on legacy WEP hardware with minor upgrades, TKIP uses RC4 as its cipher.
TKIP also provides a rekeying (Rekeying normally refers to the ability to change a lock so that a
different key may operate it. Rekeying is done when a lock owner may be concerned that
unauthorized persons have keys to the lock) mechanism. TKIP ensures that every data packet is
sent with a unique encryption keyKey mixing increases the complexity of decoding the keys by
giving an attacker substantially less data that has been encrypted using any one key. WPA2 also
implements a new message integrity code, MIC. The message integrity check prevents forged
packets from being accepted. Under WEP it was possible to alter a packet whose content was
known even if it had not been decrypted.

27

Conclusion Of WEP
In this research we explain the structure of WEP in sender and receiver side and try to describe
about all steps verbally and practically at the same time. Then discuss about all major problems
in WEP as IV length and RC-4 algorithm and key management. Finally explain about
improvement and solutions that submitted till now like TKIP, Mickael and EAP method.

4.1.5 WPA(Wifi Protected Access)

Wi-Fi Protected Access (WPA) is a software/firmware improvement over WEP. All regular
WLAN-equipment that worked with WEP are able to be simply upgraded and no new equipment
needs to be bought.
The TKIP encryption algorithm was developed for WPA to provide improvements to
WEP that could be fielded as firmware upgrades to existing 802.11 devices. The WPA profile
also provides optional support for a new algorithm that is the preferred algorithm in 802.11i and
WPA2.
WPA Enterprise provides RADIUS based authentication using 802.1x. WPA Personal
uses a pre-shared Shared Key (PSK) to establish the security using an 8 to 63 character
passphrase. The PSK may also be entered as a 64 character hexadecimal string. Weak PSK
passphrases can be broken using off-line dictionary attacks by capturing the messages in the
four-way exchange when the client reconnects after being deauthenticatd . Wireless suites such

28

as aircrack-ng can crack a weak passphrase in less than a minute. Other WEP/WPA crackers
are Air Snort and Auditor Security Collection .[20] Still, WPA Personal is secure when used with
good passphrases or a full 64-character hexadecimal key.

29

4.1.6 End-to-end encryption

One can argue that both layer 2 and layer 3 encryption methods are not good enough for
protecting valuable data like passwords and personal emails. Those technologies add encryption
only to parts of the communication path, still allowing people to spy on the traffic if they have
gained access to the wired network somehow. The solution may be encryption and authorization
in the application layer using technologies like SSL, SSH, GnuPG ,PGP and similar.

The disadvantage with the end-to-end method is, it may fail to cover all traffic. With encryption
on the router level or VPN, a single switch encrypts all traffic, even UDP and DNS lookups.
With end-to-end encryption on the other hand, each service to be secured must have its
encryption "turned on", and often every connection must also be "turned on" separately. For
sending emails, every recipient must support the encryption method, and must exchange keys
correctly. For Web, not all web sites offer https, and even if they do, the browser sends out IP
addresses in clear text.

End-to-end encryption (E2EE), which is non-certified Point-to-point encryption, is a digital

communications paradigm of uninterrupted protection of data traveling between two
communicating parties. It involves the originating party encrypting data to be readable only by
the intended recipient, and the receiving party decrypting it, with no involvement in said
encryption by third parties. The intention of end-to-end encryption is to prevent intermediaries,
such as Internet providers or application service providers, from being able to discover or tamper
with the content of communications. End-to-end encryption generally includes protections of
both confidentiality and integrity

30

Typical server -based communications systems do not include end-to-end encryption. These
systems can only guarantee protection of communications between clients and servers , not
between the communicating parties themselves. Examples of non-E2EE systems are Google Talk
, Facebook , and Dropbox . Some such systems, for example Lava Bit and SecretInk, have even
described themselves as offering "end-to-end" encryption when they do not. Some systems
which normally offer end-to-end encryption have been discovered to contain a back door , which
causes negotiation of the encryption key between the communicating parties to be subverted, for
example Skype Voltage .

31

5. Conclusion
Generally wireless LAN proved to be a reliable and reasonably fast mobile networking
solution. For most purposes the bandwidth it provides should suffice,although cabled LANs
offer more possibilities to extend the bandwidth . In situations where mobility is as a good
criterion as bandwidth, a wireless LAN should certainly be considered a serious option.
Wireless security is the prevention of unauthorized access or damage to computers
using wireless networks. Many laptop computers have wireless cards pre-installed. The
ability to enter a network while mobile has great benefits. However, wireless networking is
prone to some security issues.] Hackers have found wireless networks relatively easy to break
into, and even use wireless technology to hack into wired networks.
Different technique

are there to protect the information or for security of Wireless Lan

Network like WEP and WAP . WAP is more secured than WEP because of its encryption
technique. Its provide only two layer security both layer 2 and layer 3 encryption methods
are not good enough for protecting valuable data like passwords and personal emails. Those
technologies add encryption only to parts of the communication path, still allowing people to
spy on the traffic if they have gained access to the wired network somehow
End-to-end encryption (E2EE), which is non-certified Point-to-point encryption, is a digital
communications paradigm of uninterrupted protection of data traveling between two
communicating parties. It involves the originating party encrypting data to be readable only
by the intended recipient, and the receiving party decrypting it, with no involvement in said
encryption by third parties. The intention of end-to-end encryption is to prevent
intermediaries, such as Internet providers or application service providers, from being able to
discover or tamper with the content of communications. End-to-end encryption generally
includes protections of both confidentiality and integrity

32

6. References
1. Ref: "Network Security Tips". Cisco. Retrieved 2011-04-19.
2. "The Hidden Downside Of Wireless Networking".
3. http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=5189832
4. http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol
5. http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=5189832&tag=1#ref_2
6. A presentation by Brian Murgatroyd to the SFPG