Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Investigation Into IEEE 802.11 Security Issues Affecting Wireless Networks

Download as pdf or txt
Download as pdf or txt
You are on page 1of 9

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/266631414

Investigation into IEEE 802.11 Security Issues Affecting Wireless Networks

Article · June 2011


DOI: 10.2316/P.2011.730-024

CITATIONS READS

0 330

3 authors:

Albert Kofi Kwansah Ansah Thomas Kwantwi


University of Mines and Technology (UMaT) University of Mines and Technology
14 PUBLICATIONS   24 CITATIONS    2 PUBLICATIONS   6 CITATIONS   

SEE PROFILE SEE PROFILE

William Akotam Agangiba


University of Mines and Technology
11 PUBLICATIONS   18 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Privacy-Preservation in Bitcoin Blockchain View project

Computation Offloading with blockchain in 5G Network Slicing View project

All content following this page was uploaded by Albert Kofi Kwansah Ansah on 20 February 2017.

The user has requested enhancement of the downloaded file.


Proceedings of the IASTED International Conference
Wireless Communications (WC 2011)
June 1 - 3, 2011 Vancouver, BC, Canada

INVESTIGATION INTO IEEE 802.11 SECURITY ISSUES AFFECTING


WIRELESS NETWORKS
Albert K. Ansah1, Thomas Kwantwi2, Agangiba W. Akotam3
University of Mines and Technology
Computer Science and Engineering Department
P. O. Box 237, Tarkwa-Ghana
afkansah@yahoo.com

ABSTRACT different from wired technology because the connection is


Wireless networking is one of the exciting developments made by radio waves. To connect to a wired network, you
in the world of networking technology. After the need wires and permissions sometimes from the network
introduction of IEEE 802.11 Ethernet standard, Wi-Fi has administrator. For a wireless connection you can be
become the most widely adopted wireless networking located anywhere you receive the signal from the
type on the wireless network environment. Since wireless network. Connection to network wirelessly requires
networking is easy to deploy and upgrade and with decent devices that are capable of sending and receiving data. A
data rate available today at low cost, implementation of wireless network can be accessed from anywhere within a
wireless networking is growing all over the place. coverage area. Indeed, security is always a big issue when
Organizations and enterprises are switching from the it comes to implementing a wireless Local Area Network
traditional wired networks to wireless networking. (WLAN). [1][2][3][4][17]
Wireless can serve in many capacities, from a simple The principal aim for wireless deployment is to offer
extension to a distribution point. One of the leading unswerving signal coverage and Security with decent
glitches with wireless networking is that, the wireless performance for networks. Many organizations and also
networking devices provide no security as they come out home users are turning to wireless Local Area Network
of their boxes. Considering the fact that wireless networks technology simply to avoid having run network cables
are built on a shared medium and data packets float throughout the building. This makes wireless network
through the air on radio waves, security cannot be installation and usage pretty flexible and portable. The
overemphasized when dealing with wireless networking. 802.11 standard has turned out to be pretty common as a
It is arguable that many network users don’t have means to enhance or extend the traditional wired network.
procedures when they deploy their WLAN for the first The wireless network widespread is unquestionably
time. It is the dearth of procedures that help attackers get linked to its flexibility, cost effectiveness and augmented
into any networks they want. This paper seeks to throughput compared to its wired network counterpart.
demystify the security issues of the IEEE 802.11 wireless Flexibility means, wireless users stay connected whiles
standards. The paper goes on to address these security working from a colleague’s desk and elsewhere within the
concerns and points out the method used to secure a Wi-Fi range. 802.11 let users’ access servers, printers, and
wireless network. other network resources regardless of their location, as
long as they stay in the Wi-Fi range. Network security has
KEY WORDS always being a concern when deploying wireless
IEEE 802.11 Standards, Wireless Communication, Wireless networks. Network security is a broad topic and covers a
LAN, Wireless Security, Data Encryption multitude of sins. In a simplest form, Network Security is
making sure that nosy people cannot gain access to read
1. INTRODUCTION and modify data and messages intended for other people.
Today wireless is becoming the leader in communication Security is always a priority for people who administrator
choices among users. It is not anymore a backup solution networks. The teething troubles in securing wired network
for nomadic travellers but really a new mood naturally are augmented with a wireless network. In wired
used everywhere even when the wired communications networks, controlling access is very candid; that is if a
are possible. In some cases, the use of wireless user has physical access to a network hub or switch, he
networking is inevitable; whereby the buildings are being can use (or abuse) the network resources. Although
used as part of national heritage. In such cases, drilling software mechanisms are an important component of
through obstacles to lay the cabling is simply prohibited network security, denying physical access to network
by law. Another case is offices positioned on opposite devices is the ultimate access control mechanism. In
sides of a busy street, highway or office park. Wireless guileless term, allowing network access to trusted people
denotes the transmission of voice and data over radio secures the network and for that matter the network
waves. Wireless allows communication with networks becomes trusted. The demand for wireless networking
without physical connection. Wireless technology is hardware has experienced extraordinary progression,

DOI: 10.2316/P.2011.730-024 81
evolving quickly from newness to essential. This has security concerns is the prevalent use of 802.11 networks
compelled the Wi-Fi industry to come up with a themselves. The demand for more bandwidth access and
prodigious standard that could offer up to about 600 Mbps wireless LAN equipment has experienced a phenomenal
connectivity speed such as in 802.11n standards. growth in recent times. [7]
[5][6][7][8][9][10]
The prices of 802.11b client adapters dwindled to
Several organizations are now deploying Wireless Local almost the cost of 100BaseT Ethernet adapters after the
Area Networks (WLANs) because of the benefit and introduction of 802.11g standard hardware into the market
flexibility that come with wireless networking. because of the prodigious advantage in terms of speed.
According to a 2003 NOP World research study, WLAN The growing deployment of protocols from the Wi-Fi
users connected to their corporate network 3.64 hours per alliance is escalating the deployment of wireless
day longer than their wired peers, thus increasing networks. 802.11n protocol completely redefines Wi-Fi
productivity by 27 percent. Through the flexibility of speed, ushering in a whole new level of network
WLANs, not only does the productivity increased performance. This standard promises far greater
considerably, but also the response times are notably bandwidth, better range, and reliable than its
improved. The widespread of wireless LANs depends predecessors. Consumers are now taking advantage of the
closely on the developed standards. The standardization, new electronic application such as VoIP telephony or
however, ensures the reliability and the compatibility of video streaming that come with wireless N. As emerging
products from different equipment suppliers. One acute Network Applications take hold in the enterprise, a
difference between Ethernet and wireless is that, wireless growing number of consumers will come to view 802.11n
networks are built on a shared medium and therefore, standard not just as an enhancement to their existing
makes wireless network more vulnerable to security network, but especially as a necessity. Pervasive 802.11n
threats if resilient security policies are not implemented. deployment will also accelerate the growth of the
[1][2][7]
enterprise Voice over WLAN market to profit
Another grave problem with wireless networks is that, its applications such as VoIP or video streaming. 802.11n
users are relatively anonymous. Anyone, with fair or standard is a good opportunity to increase productivity
malice thought, can sit in any wireless available coverage and mobility. The prevalent nature of wireless
with a simple laptop and connect to the network. While communications forces a network designer to re-evaluate
your access point range may be seemed to be just a couple some of the underlying principles of traditional network
of hundred meters, a user with a high gain antenna may be architectures thereby increasing security concerns.
[4][5][7][9][10]
able to make use of the network even from several blocks
afar. Networks are targeted for various reasons by Network Security is concerned with people trying to
exploring security vulnerabilities to gain access and access remote services that they are not authorized to. It
wireless networks are on the high risk. To access a also deals with the snags of legitimate messages being
wireless network, a hacker only has to be in the proximity captured and replayed, and with people trying to deny that
of the wireless network range, often without even having they sent certain messages. If an unauthorized user is
to enter the building of the potential victim. Systems are detected, practically, it is impossible to merely trace back
targeted because of the information they contain or some to the user. A reprehensible user who gains access to a
specific resources. The reasons for the network attack wireless network can log all network data on disk and
could be financial, political, personal, or merely later use it to launch a more sophisticated attack against
convenience due to location or ease of access. The attack the network. Most often attackers may not be interested in
can be simple scripted or well-thought-out and data you send over the air, they just want to use your
orchestrated. [1][2][7] bandwidth to surf on the Internet or for nefarious uses.
For enterprise networks, if attackers had accessed to them,
2. BACKGROUND they can effectuate malicious operations under the
The term 802.11 wireless network is often used rather enterprise’s name. It is reasonably not enough to assume
than 802.11 LAN. This particular technology thaws the that radio waves just stop at the edge of your property
margin between local and wide area connectivity; 802.11b line. This calls for an enormous fear regarding wireless
standard point-to-point links can reach beyond 50 miles, network security. Security problems are deliberately
thus becoming wireless wide area network connections caused mostly by malicious people trying to gain some
when used as a last mile data delivery solution by wireless benefit, get attention, or to mischief someone. The table
long range links between offices. Thus the use of 802.11 below shows a couple of the most common perpetrators of
technologies is considered very necessary for Local Area networks. It is conspicuous from the table that making a
Networks (LANs) and Wide Area Networks (WANs) and network secure could involve a lot more than simply
therefore will always have different security requirements keeping the network from programming slips. It involves
and approaches. One of the major reasons for increasing outwitting often clever or intelligent, enthusiastic, devoted
security concerns and attentiveness is the widespread area and every so often well-funded adversaries. It should be
of 802.11 network coverage precincts. An attacker can clear, however, that measures that thwart casual
position himself where no one expects and stay well away antagonists would have little impact on the staid ones.
from the network's physical premises. Another reason for

82
Therefore security systems should consequently be designed with this fact in mind. [10][11][12]

Table 1: People who cause Security problems and why? Source: Computer Networks
Source: Computer Networks
Adversary Goal
Accountant To embezzle money from a company
Businessman To discover a competitor’s strategic marketing plan
Con man To steal credit card numbers for sale
Cracker To test out someone’s security system; steal data
Ex-employee To get revenge for being fired
Sales Rep To claim to represent all of Europe, not just Andorra
Spy To learn an enemy’s military or industrial secrets
Stockbroker To deny a promise made to a customer by e-mail
Student To have fun snooping on people’s e-mail
Terrorist To seal germ warfare secrets

Astonishingly, it is easy to design a system that is Eavesdropping is one of the activities used to gather
cogently downright secure by using Virtual Private packets using a wireless sniffer such as Ethereal. Nothing
Network (VPN) and firewalls. However, leaks like a sieve can be done to prevent this activity apart from encrypting
can occur if couple of the machines is wireless and use the network with encryption standard such as WEP or
radio communication, which passes over the firewall in WPA. Now war drivers, hackers or crackers and
both directions. 802.11 wireless networks coverage is employees are the three main categories of threat that lead
often a few hundred meters, so a mole can park within to unauthorized access. Hacker originally meant someone
employees’ car park, and leave an 802.11-enabled who probes deeply into computer system to understand
notebook computer in the car to record any information the structure and complexity of the system, but today, it
available. In theory, leakages like this should not happen. has come to mean malicious intruders who always exploit
Most of the security glitches can be marked out to the weak security measures. Wireless devices often than not
wireless access point manufacturers in a bid to trying to come WLAN-ready with default settings and can be
make their merchandise user friendly. Usually, the installed and used with little or no user configuration
wireless device begins operating immediately with no leaving client authentication open. Tools such as wireless
security at all after connecting to a power source, sniffers which have legitimate purpose are used by
divulging secrets to anyone within radio range. Ethernet network engineers to capture packet for system debugging
traffic precipitously becomes available once connected to and intruders can use the same tools to exploit security
Ethernet network. It therefore, goes without saying that weakness. [9][13][14][15]
security is even more important for wireless systems than A rogue access point could be configured with correct
for wired ones (Tanenbaum, 2003). [8][11][12] security settings to capture data in a WLAN and also to
provide unauthorized users with information such as
3. WIRELESS SECURITY THREATS MAC addresses of clients and to gain access to servers. A
Wi-Fi networks are still subject to malicious threats typical example of a rogue access point is one installed by
regardless several measures taken by IT professionals. employees which are intended for home use on the
The first dangers for wireless LAN are problems with the business network without authorization. These access
standard overall design. The Wi-Fi, releasing new points end up with security holes because they do not
standards has reused the same security tools from the have necessary security configuration. The man-in-the-
previous standards. Network administrators’ top priority middle (MITM) attack is one of the sophisticated attacks
is always security. There are always difficulties in an unauthorized person can make by positioning himself
keeping a wireless network secured. To connect to a logically between a selected host as target and the router
wired network, one needs wires and permissions from the or gateway. Whiles an attacker needs a physical access to
network administrator. For a wireless connection the same a wired LAN to plant his device logically, he uses the
person should only be located anywhere there is signal radio waves emitted by access point to provide connection
from the network and do malicious things as those in a WLAN. NIC cards only accept traffic meant for it but
attacks. A WLAN is open to anyone within range of an attackers have special software to modify NIC cards to
access point and an appropriate credential to associate it. accept all traffic and therefore can carry out wireless
An attacker need not have to physically enter the premises MITM attacks using a NIC as an access point. The entire
to gain access to a WLAN but with a wireless network network segment can be monitored by an attacker and
interface card NIC and knowledge of cracking techniques. wreak havoc on any user connected to it. [9][13][14][15]
Security concerns are more significant with business MITM attack defeat depends on how sophisticated the
networks because the backbone of business rest on the WLAN infrastructure is and vigilance in monitoring
protection of its information. Security breaches can lead activities on the network. This process commences with
to serious repercussions. [10] identifying legitimate devices on the WLAN. This is done

83
by authenticating every user on the WLAN. After could still be attacked even if users have discrete key,
knowing all legitimate users, the focus is then moved to because keys are usually stable for quite some period,
monitoring the devices and traffic that is not supposed to though, the WEP standard recommend that keys be
be there. The state-of-the-art WLAN devices provide changed on every packet to avoid key stream reuse attack.
administrators with tools that work together as a wireless Despite the increasing popularity of 802.11 networks,
intrusion prevention system (IPS). Some of the tools are hardly anyone used WEP. The flaws of WEP shared keys
scanners that identify rogue access point and ad-hoc encryption were two-fold; firstly, the algorithm used to
networks and radio resource management (RRM) which encrypt the data was crackable and secondly, the problem
monitors the RF band for activity and access point load. of scalability. The 32-bit WEP keys were manually
802.11b/g/n WLANS use the unlicensed 2.4 GHz ISM managed. Breaking 802.11's security is fairly
band which is used by most wireless consumer products. straightforward. [4][7][8][12][13]
These devices can throng the RF band. An attacker can Following the feebleness of WEP-based security, there
create noise on all channels in the band with commonly was a period of interim security measures. Cisco as
available device therefore creating a denial of service vendor trying to meet the demand for healthier security
(DoS) attack. Attacker using a computer NIC as access came up with their own systems and at the same time
point can flood the base service station (BSS) with clear- assisting to develop the 802.11i standard. The TKIP
to-send (CTS) messages, which rout carrier sense multiple encryption algorithm was born whiles developing the
access/collision avoidance (CSMA/CA) function by the 802.11i standard. This was linked to the Wi-Fi Alliance
station which in turn causes DoS. [9][13[14][15][17] WiFi Protected Access (WPA) security mode. The initial
WPA 1.0 was a nonstandard protocol stack. The WAP
4. METHODS forum later came up with WAP 2.0 which largely used
802.11 protocols unleashed a data link-level security standard protocol in all layers. This standard is IP based
protocol; Wired Equivalent Privacy (WEP), designed to and therefore supports full use of IPsec in the network
make the security of a wireless LAN as decent as its layer. With WAP 2.0, TCP connections are protected by
counterpart wired LAN. It is an 802.11’s optional Transport Layer Security (TLS) in the transport layer.
encryption standard implemented in the MAC layer that TLS, a successor of Secure Sockets Layer (SSL) is a
most radio network interface card and access point cryptographic protocol developed by Internet Engineering
vendors support. Once 802.11 security is enabled, secret Task Force (IETF) that provides communication security
keys are shared with the base station (access point) by over the Internet. In today’s wireless networks, the
each node. The distribution of the keys, however, is not standard that should be widely followed is the 802.11i
specified by the standard. WEP encryption uses a stream which is similar to the WPA2 standard. Most enterprises
cipher based on the RC4 algorithm designed by Ronald use WPA2 which includes a connection to a Remote
Rivest and it was kept secret until it leaked out and was Authentication Dial In User Service (RADIUS) database.
[7][9][12][13][14][15][16]
posted on the Internet in 1994 (Tanenbaum, 2003). This
approach looked good initially until a method for
breaking it was published (Borisov et al., 2001). Many The table below shows the prime stepping stones to
installations use the same shared key for all users, which secure WLAN.
means that each user can read all other users’ traffic. WEP

Table 2: Prime Stepping Stones to Secure WLAN

First Generation
Open Access Interim Present
Encryption
SSID WEP WPA 802.11i/WAP2
No encryption No strong authentication Standardized AES Encryption
Basic authentication Static breakable keys Improved encryption Authentication: 802.1x
Strong user based
Not a security handle Not scalable Dynamic key management
authentication
[14][15]

In home networks, which are an example of an open WPA. MAC filtering today is just fooled because
network, association is all that may be required to grant software are available that could be used to modify MAC
access to client devices and services on the WLAN. A addresses of wireless adapters. MAC filtering can still be
login or an additional authentication may be required to used with additional security such as WPA2. Though, an
grant access to clients in a stricter security network. The access point may not be broadcasting SSID, the back and
Extensible Authentication Protocol (EAP) manages the forth traffic between the client and the access point could
login process. EAP is a framework for authenticating eventually reveal the SSID. An attacker who may be
network access. Organizations used MAC filtering monitoring such a wireless network or RF band could
without broadcasting SSIDs in a bid to securing their sniff the SSID which is sent in plain text. Some
WLAN before the inception of 802.11i (WPA2) or even organizations turn off SSID broadcasting under their

84
security policy due to the ease of SSID discovery but this access control such as WPA2 is the best way to ensure the
idea of securing the WLAN with MAC filtering could end users that are supposed to be on the WLAN.
[7][9][13][14][15][16]
lead to a completely insecure WLAN. Now, port- based

Security

1997 – 2002 2003 – 2003 2004 – date


Time
Fig 1: Wireless Security Strength over years

802.11i specified two enterprise-level of encryption easily spoofed and SSID are easily discovered whether or
mechanisms which was certified as WPA and WPA2 by not access point broadcast them. [7][9][13][14][15][16]
the WiFi Alliance. These are Temporary Key Integrity Air Magnet wireless LAN analyzer is useful software
Protocol (TKIP), which is certified as WPA which that administrators could use to monitor wireless LAN for
addresses the original flaws concomitant with 802.11 increased reliability. It supports monitoring both 20 MHz
WEP encryption method making use of the original and 40 MHz channels. This software has the ability to
encryption algorithm used by WEP and Advanced detect and identify the use of various sniffing tools such
Encryption Standard (AES) notably IEEE 802.11i, which as Network Stumbler and indicate any unauthorized user
brings the WLAN encryption standards into alignment attempting to access the network and also detect security
with broader Information Technology industry standards vulnerabilities. Today every wireless user must secure
and best practices . AES is much preferred to TKIP even their wireless with WPA or WPA2 encryption. It is quite a
though; TKIP addresses all the known weakness of WEP. difficult process to put in place as is being reckoned, and
TKIP performs two primary functions; it encrypts Layer 2 users tend to leave their networks less secure just because
payload and carries out message integrity check (MIC) in of the complexity of the procedure. Wi-Fi Protected
the encrypted packet. This goes a long way to ensure that Setup is an optional certification program developed by
messages are not tampered with. The functions of both Wi-Fi Alliance to ease set up of security enables Wi-Fi
AES and TKIP are practically the same except that AES networks. WPS give end users of WLAN a more
adds a sequence number to an encrypted data header and standardized way to enable security features in their
also uses additional data from MAC header that allows network and additional devices can easily be added to the
destination host to recognize if non-encrypted bits have network. WPS features two wizard applications; pushing
been tampered with. Some wireless routers or access a button and pin methods. Wireless routers especially
points may specify WPA as pre-shared key (PSK) or 802.11n routers come with a unique 4 or 8 digit pin
PSK2 with TKIP and WPA2 as PSK or PSK2 with AES. required for each device to get connected on the network.
PSK2 without an encryption method specified refers to A fixed PIN label is placed on the device which is used to
WPA2. The concept of depth is having multiple solutions confirm the connection of intended devices. For increased
by adding extra security to a WLAN. Depth can be added security, it also uses WPS to encrypt data and authenticate
to a WLAN by implementing three-step approach; SSID each device on the network. Administrators can enable
cloaking, i.e. disabling SSID broadcasts from access data encryption using WPS by pushing a button
point, MAC address filtering i.e. creating a table in the physically on the access point and other devices wanting
access point to either allow or deny clients based on the to connect with software-based button known as Push
physical address of the adapter and WLAN security Button Configuration (PBC). The table below summarizes
implementation i.e. WPA or WPA2. SSID cloaking and the process used to secure a WLAN under WiFi protected
[7][9]13][14][15]
MAC address filtering are both not considered as a valid setup method and the process.
means of securing a WLAN because, MAC filtering are

85
Table 3: WPS Methods Procedure

Wi-Fi Protected Setup Wi-Fi Protected Setup


Legacy Process
PIN Method Push-Button Method
1. Power-on Access Point 1. Power-on Access Point/Register 1. Power-on Access Point
2. Set network name (SSID) 2. Power-on client device 2. Power-on client device
Network name generated automatically Network name generated automatically
3. Activate security
and broadcast to client devices and broadcast to client devices
4. Set passphrase 3. Access register 3. Push button on Access Point
5. Power-on client 4. Enter PIN 4. Push button on client device
6. Select network name (SSID)
7. Enter passphrase

Fig 2: SMC 802.11 n Pin method interface for WPS Fig 3: SMC 803.11 router: PBC method interface for WPS

5. DESIGN connected with a cable RJ45 to the router. Routers


Two simulations were performed with both 802.11g effectively possess a default password and an SSID
(MicraDigital) and 802.11n (SMC) routers with three (3) interface where admins can design and increase the level
laptops, One (1) desktop and an access point to form two of security. The routers both support WPA in both
wireless LANs in a bid to investigating the security of enterprise and pre-shared keys mode and WPA2/802.1X.
802.11 standards. The laptops were connected wirelessly Figure 4 below show SMC 802.11n WPA/802.1X
to the routers and the desktop was the only device interface.

Fig 4: SMC 802.11n WPA Interface

The aims of the simulation are to look at encryption potentially found on the WLANs available in such
method or SSID using ‘War diving’ as explained above important areas. The software used is Network Stumbler
and investigate the security of 802.11 devices. The or Netstumbler version 0.4.0 which can be downloaded
simulation was performed in two areas; Canary Wharf in free from www.netstumbler.com. The software enabled
East London where there are several organizations such as me to sniff several access points and monitor broadcast
financial institutions and Greenwich; a touristic area in and record information such as service set identifier
South East London. These places were chosen to (SSID), MAC addresses, broadcast channel and network
investigate the security vulnerabilities that could be types i.e. peer-to-peer or access point.

86
Fig 5: Netstumbler Interface

6. RESULT ANALYSIS terms of the networks found with both the secured and
The following table shows the outcome of the simulation unsecured.
in
Table 4: Site Survey Results: July 2009
Location
Samples
Canary Wharf Greenwich
Number of Networks found 125 62
Number of unsecure networks 32 15
Number of secured networks with WEP 23 20
Number of secured networks with WPA 30 8
Number of secured networks with WPA2 40 19

The results above show that about a quarter of the Access unsecured, therefore a malicious person with good
Points (AP) in both areas is unsecured. This may be due hacking skills can get into those enterprise networks and
to the fact that most of the network managers and users cause havoc. It is seen that enterprises encrypt their data
are not implementing security as default during APs more than other environments. However, I could not
installation. It is so amazing that a quarter of APs in a investigate whether the security method is 128-bit or 64-
sensitive place like Canary Wharf where information may bit encryption for the WEP and for the WPA, whether is a
be sensitive with massive financial institutions is pre-shared key or 802.1x

Fig 6: Graphical Presentation of Table 4: Site Survey Result: July 2009

I again sniffed my own area which showed my wireless interesting for an attacker because it could be used to
N AP named clifton (figure below), encrypted with WEP guess my default gateway and for that mather access my
with a serious security vulnerability revealing my subnet network.
information. The subnet information could be very

Fig 7: Netstumbler interface showing Subnet Information

87
An astonishing revelation I found is that, security 01/07/09 – 03/08/09 depicting how the throughput drops
encryption of my SMC wireless N access point was with highest encryption and increasing distance both
having an effect on the throughput with increasing downlink and uplink. The WEP showed the lowest
distance in a mixed mode i.e. combination of 802.11 throughput and this could be the fact manufacturers want
standards. The table below shows average sample to force wireless users to go for higher encryption
measurements taken over five (5) weeks between methods.

Table 5: 802.11N throughput in mixed mode with different encryption methods in Mbps

Encryption Method (Downlink) Encryption Method (Uplink)


Distance from AP
WEP 128 WPA/TKIP WPA2/AES WEP 128 WPA/TKIP WPA2/AES
Location 1: 10 feet 0.1421 0.4541 0.6845 0.00545 0.00796 0.0165
Location 2: 30 feet 0.0156 0.131 0.0423 0.001785 0.00463 0.00137
Location 3: 200 feet 0.00368 0.00514 0.0126 0.0004 0.0012 0.00019

7. CONCLUSION http://www.wired.com/gadgetlab/2009/08/wi-fi-standard/
In conclusion, I will say that wireless networks are more 2009: (accessed 12 October 2010 1620)
[6] Heimann, J. Oracle Software Security Assurance Process.
vulnerable than its wired counterpart therefore Network
[Online] Available from:
Designers and Administrators are to take securities as top http://www.oracle.com/us/technologies/security/software-
priority. Since wireless APs comes ready once it is out of security-assurance-wp-150395.pdf
the box, WLAN administrators must ensure that the 2007: (accessed 28 October 2010 1130)
strongest security protocol such as WPA or WPA2 is [7] Meyers, M. CompTIA Network+. 4th Ed. McGraw Hill,
deployed to prevent activities like eavesdropping, war USA, 2009: 504, 513-520
drivers etc. if possible, WLAN admins should adopt the [8] Flickenger, R. Wireless Networking. 2nd Ed. Hacker
Wi-Fi Protected Setup (WPS) program from Wi-Fi Friendly LLC, USA, 2007: 157-167
Alliance to ease setting up security on their Wi-Fi [9] Benton, K. (2010) The Evolution of 802.11 Wireless
Security. [Online] Available from:
networks since it give a more standardize way to enable
http://itffroc.org/pubs/benton_wireless.pdf:
security features and also extra devices could be easily 2010: (accessed 30 December 2010 1630)
added. Enterprises should employ some of the state-of- [10] Lehtinen, R., Russell D. and Gangemi, G. T. Sr. Computer
the-art WLAN devices tools that work with wireless Security Basics, 2nd Ed. O’Reilly Media, Inc., USA, 2006:
intrusion prevention system to identify rogue access 15-25, 21-39, 262-295
points and ad-hoc networks and radio resource [11] McCabe, J. D. Network Analysis, Architecture, and
management which could pose a serious treats to their Design. 3rd Ed. Morgan Kaufmann, USA, 2007: 85, 225,
WLANs. WLAN admins should legitimately identify all 367, 371, 373
devices on the network to defeat any man-in-the-middle [12] Tanenbaum, A. S. Computer Networks, 4th Ed. Prentice
Hall, New Jersey, 2003: 300-350
attack and also authenticate every user on the wireless
[13] Security of the WEP algorithm. [Online] Available from:
network. http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
2010: (accessed 03 December 2010 2041)
REFERENCES [14] Transport Layer Security. [Online] Available from:
[1] 802.11n Speed. [Online] Available from: http://en.wikipedia.org/wiki/Transport_Layer_Security
http://80211n.com/80211n-speed.html 2010: (accessed 28 December 2010 2105)
2010: (accessed 28 October 2010 1002) [15] Wireless LAN Security. [Online] Available from:
[2] Schiller, J. H. Mobile Communications. 2nd Ed. Addison- http://en.wikipedia.org/wiki/Wireless_encryption
Wesley, England, 2003: 201-204, 207, 2010: (accessed 29 December 2010 1155)
231-232 [16] Martyn, M. Mobile and Wireless Design Essentials, Wiley
[3] Labiod, H., Afifi, H. and Santis, C. DE. Springer, Publishing, Inc., Indianapolis, India, 2003: 31-63, 122-148
Netherlands, 2007:1 [17] Bosworth, S. and Kabay, M. E. Computer Security
[4] Vladimirov, A. A., Gavrilenko, K. V. and Mikhailovsky, A. Handbook. 4th Ed. John Wiley and Son, Inc, New York,
A. Wi-Foo. Addison Wesley, England, 2004: 1-8 2002: 35, 178, 203, 255-258, 262-280
[5] New Wi-Fi Standard Promises Blazing Fast Data Speeds.
[Online] Available from:

88

View publication stats

You might also like