Wireless Network Security
Wireless Network Security
Partha Dasgupta and Tom Boyd
Dept. of Computer Science and Engineering Fulton School of Engineering Arizona State University partha@asu.edu, tboyd@asu.edu Abstract
Wireless networking is inherently insecure. From jamming to eavesdropping, from man-inthe middle to spoofing, there are a variety of attack methods that can be used against the users of wireless networks. Modern wireless data networks use a variety of cryptographic techniques such as encryption and authentication to provide barriers to such infiltrations. However, much of the commonly used security precautions are woefully inadequate. They seem to detract the casual sniffer, but are unable to stop the powerful adversary. In this article, we look into the technology and the security schemes in IEEE 802.11, cellular and Bluetooth wireless transport protocols. We conclude that the only reliable security measure for such networks is one hat is based on application level security such as using a VPN.
1. Introduction The use of wireless communication for data networking has been around since the early 1990’s, mostly using proprietary technologies. The Aloha network in Hawaii (circa 1970) was one of the first data communication networks without wires. The emergence and acceptance of standards around 2000 has exploded the use of wireless access and currently (2004) several forms of wireless communication is widely used by the mainstream computing community. These forms include, amongst others, the IEEE 802.11 series of wireless products, various forms of data access provided by cellular providers and an emerging technology for short-range communication called Bluetooth. The barriers to wireless communication in the early 1990’s were many. Spectrum was in short supply, which was later resolved by the FCC opening up several large bands in the 2GHz and 5GHz ranges for unlicensed use. The price of producing hardware that operates at the multi gigahertz range fell sharply due to
Partha Dasgupta and Tom Boyd
Dept. of Computer Science and Engineering Fulton School of Engineering Arizona State University partha@asu.edu, tboyd@asu.edu Abstract
Wireless networking is inherently insecure. From jamming to eavesdropping, from man-inthe middle to spoofing, there are a variety of attack methods that can be used against the users of wireless networks. Modern wireless data networks use a variety of cryptographic techniques such as encryption and authentication to provide barriers to such infiltrations. However, much of the commonly used security precautions are woefully inadequate. They seem to detract the casual sniffer, but are unable to stop the powerful adversary. In this article, we look into the technology and the security schemes in IEEE 802.11, cellular and Bluetooth wireless transport protocols. We conclude that the only reliable security measure for such networks is one hat is based on application level security such as using a VPN.
1. Introduction The use of wireless communication for data networking has been around since the early 1990’s, mostly using proprietary technologies. The Aloha network in Hawaii (circa 1970) was one of the first data communication networks without wires. The emergence and acceptance of standards around 2000 has exploded the use of wireless access and currently (2004) several forms of wireless communication is widely used by the mainstream computing community. These forms include, amongst others, the IEEE 802.11 series of wireless products, various forms of data access provided by cellular providers and an emerging technology for short-range communication called Bluetooth. The barriers to wireless communication in the early 1990’s were many. Spectrum was in short supply, which was later resolved by the FCC opening up several large bands in the 2GHz and 5GHz ranges for unlicensed use. The price of producing hardware that operates at the multi gigahertz range fell sharply due to
References: [1] Weaknesses in the Key Scheduling Algorithm of RC4, Scott R, Fluher, Itsik Mantin, Adi Shamir, Lecture Notes in Computer Science, Revised Papers from the 8th Annual Internation Workshop on Selected Areas in Cryptography, Springer-Verlag, 2001, ISBN 3-540-43066-0 - 10 - [2] [3] “An Initial Security Analysis of the IEEE 802.1X Standard", with William A. Arbaugh, Technical Report, University of Maryland, Department of Computer Science CS-TR-4328, UMIACS-TR2002-10, Feburary 2001 http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1680_pp.htm Accessed February 29, , 2004, Posted Thu Aug 22 06:32:08 PDT 2002, Cisco Systems, Inc. - 11 -