Wireless Network Security
By Patrick Yount and
CIS 4360
Fall 2009
Taking Steps Towards a
Wireless World
QuickTime™ and a
decompressor
are needed to see this picture.
QuickTime™ and a
decompressor
are needed to see this picture.
QuickTime™ and a
decompressor
are needed to see this picture.
QuickTime™ and a
decompressor
are needed to see this picture.
What is a Wireless Network?
A group of
connected devices
that communicate
through the air by
means of
electromagnetic
waves, such as radio
waves.
Types of Wireless Networks
WPAN’s dynamically connect devices within a
relatively small area; maintain random
network configurations.
i.e. Bluetooth, ad-hoc networks
WLAN’s connect devices over a more broad
area, known as a cell. Can be found in our
homes, libraries, and coffee shops.
i.e. Wi-Fi, laser bridges
Types of Wireless Networks
WMAN’s are the connection of multiple
WLAN’s and may span an entire city or
college campus.
i.e. WiMAX
Mobile device networks which are
used by our cell phones.
i.e. GSM (2G), 3G cellular networks
Wireless Applications
Laptops
Cellular phones
Headphones
Keyboards
Printers
Speakers
Global Positioning
Systems (GPS)
Laser Bridges
Emergency Services
Robotics
Biotechnology
Nanotechnology
Radio Frequency
Identification (RFID)
transponders
The possibilities are endless!
What is RFID?
Quic kTime™ and a
dec ompres sor
are needed to see this pic ture.
QuickTi me™ a nd a
de com press or
are need ed to se e th is p icture.
QuickTime™ and a
decompressor
are needed to see this picture.
By means of a
simple integrated
circuit and an
antenna, RFID tags
can quickly and
reliably identify
nearly anything
when scanned with
an RFID reader.
Radio Frequency Identification
QuickTime™ and a
decompressor
are needed to see this picture.
Quic kTime™ and a
dec ompres sor
are needed to see this pic ture.
Three types:
1. Passive does not have a
power supply.
2. Active has a power
supply that powers the
transmission.
3. Semi-passive has a
power supply that
powers the chip, but not
the transmission.
Our Responsibility
 We must
understand and
adequately address
the inherent
security risks
involved with
wireless
networking.
 Physical theft
1. Be aware of your
surroundings.
2. Secure your devices
when they are not
in use.
 Wireless medium
Wireless Network Security.
Types of unauthorized access :
-Accidental
association
-Malicious
association
-Ad-hoc networks
-Non-traditional
networks
Types of unauthorized access :
-Identity theft
(MAC spoofing)
-Man-in-themiddle attacks
- Denial of service
-Network
injection
- Café Latte
attack
Counteracting security risks



All wireless LAN
devices need to be
secured
All users of the
wireless network need
to be educated in
wireless network
security
All wireless networks
need to be actively
monitored for
weaknesses and
breaches
 There are some very good cryptographic tools that
can be used to protect digital resources.
 Many of these tools have proven security
 The problem is usually bad implementations
 The best cryptographic security is point-to-point
security (such as VPN)
The source & destination
― are mutually authenticated (with public key cryptography)
― exchange privately a fresh secret key (with public key cryptography)
― use symmetric key encryption scheme to encrypt exchanged data
(with symmetric key cryptography
 Point-to-point security
― Authentication usually involves certificates (a trusted third party
certifies the public key of the entities) and a cryptographic handshake.
― WIMAX uses the Extensible Authentication Protocol for this purpose.
― For encryption it uses block ciphers such as DES3 or AES
 This offers protection at the protocol layer
― There are still problems at the physical layer, such as jamming attacks
(Denial-of-Service), or flooding attacks
 Security vs. functionality tradeoff
― Rule of thumb: the more security the less functionality …