Professional Documents
Culture Documents
1
Paula Raymond Lutui, 2Osai Tete’imoana and 3George Maeakafa. 1School of Engineering, Computer & Mathematical
Sciences, Auckland University of Technology, Auckland, New Zealand, 2,3School of Computer Science, Christ’s University in
Pacific, Nuku’alofa, Tonga. 1rlutui@aut.ac.nz, 2oteteimoana@gmail.com, 3gmaeakafa@yahoo.com
Abstract— This study evaluates the current state of protecting the privacy and confidentiality of its users.
wireless network security in the CBD of Nuku’alofa. Wireless Security measures were built into the wireless network
Networks have grown significantly since their introduction. standards; however, it is globally accepted that wireless is
Security protocols supplied with the wireless equipment have still more vulnerable than wired networks. Despite the
reached a level of strong and robust security. However,
security remains a problem; this study aims to answer two
advancements of WLANs, it is evident in the literature that
questions. What is the status of wireless network growth and attacks on WLANs exposed organizations to security risks.
security in Tonga? and what can be done to improve wireless II. WI-FI SECURITY
network security in Tonga. The war-drive results of
Nuku’alofa produced comprehensive data which clearly shows WEP, WPA, and WPA2 are the most common security
the number of networks, both company and home networks. protocols. WEP was proposed in 1999 as a measure to
An exploratory research approach is employed to guide the secure data transmission [6]. However, WEP has proven to
design of the study. The results show that there is a significant be weak and can be broken into in a few minutes.
growth in terms of WLAN usage since the implementation of
the fiber optic network. However, this study concludes that
Alternatively, WPA was introduced in 2003 to replace
WLAN security in Nuku’alofa is still in its early stages. WEP and address its shortcomings. WPA has two
generations – Personal and Enterprise. Personal WPA or
Keywords— wireless; LAN; network; security; wardriving; WPA-PSK (Pre-Shared Key) was designed for home and
standards small office. Enterprise WPA employed RADIUS server
I. INTRODUCTION for authentication which gives more effective control and
security [6]. Table 1 summarizes common wireless
Tonga is an economically developing country. In 2010, encryption standards.
Tonga Communications Corporation (TCC) – the country’s TABLE 1. VARIOUS WIRELESS ENCRYPTION STANDARDS
leading provider of complete end-to-end telephony and COMPARISONS
Internet services – launched the new mobile-broadband-
enabled GSM to replace the previous macro-GSM network WEP WPA WAP2
[1]. On the 21st August 2013, the first submarine cable Full Form Wired Wi-Fi Protected Wi-Fi
(fiber optic) that connects Tonga to the outside world went Equivalent Access Protected
live [2]. Therefore, more places are now available with open Privacy Access V2
wireless hotspot such as pizzerias, hotels, cafes, pubs, and Encryption RC4 with 40- TKIP with 128- AES-
restaurants. bit keys bit key CCMP
Wireless communication gained its popularity with the Authentication Pre-shared 802.1x with 802.1x with
keys EAP and EAP and
introduction of the IEEE 802.11 [3]. These are a family of RADIUS RADIUS
wireless specifications for managing wireless traffics. The
802.11 is the original wireless standard, this was followed Key Manual key Per-packet key Per-packet
Management rotation rotation key rotation
by 802.11a. Also completed in 1999 were the 802.11b
standard and the dominant standard for WLANs providing
sufficient speeds for most applications used these days. The A. Wireless Vulnerabilities
802.11g provides high data rates of up to 54 Mb/s [4].
While current IEEE 802.11n devices have reached data Ease of use and convenience seems to be the main drive
rates of up to 600 Mb/s, 802.11ac is expected to achieve behind the growing popularity of WLANs yet, it has its
aggregate throughputs beyond 1 Gb/s [5]. own vulnerabilities and risks. Privacy in WLAN is
achieved by utilizing data encryption techniques. Three
As the popularity of wireless applications grew rapidly, main security approaches have been reviewed. According
wireless network professionals are faced with problems of to [7], various wireless mobile devices are being used by 80
A. Manufacturer Analysis
The War-Driving tool employed captured the MAC
addresses of the wireless devices; however, it cannot Fig. 5. SSID Configuration Analysis.
extract vendor’s information based on the first three bytes.
As a result, MAC addresses were looked up on Hiding SSIDs of an AP is treated as a security
https://macvendors.com/. Fig. 3 shows almost 8% of the mechanism as SSIDs are broadcasted multiple times per
devices marked as unknown. This means that the second which makes WLAN vulnerable to sniffers,
macvendors.com website cannot extract the vendors eavesdroppers, etc. This study also found that 25% of the
information from the MAC address. With regards to wireless APs still use either the ISPs default SSIDs or the
manufacturers, there were 21 different manufacturers manufacturers default SSIDs.
identified excluding the unknown ones. As shown in Fig. 3, V. RECOMMENDATIONS
TP-Link at 32.45% is the most commonly used APs in the
CBD of Tonga followed by Huawei at around 24.47%. Unsecured wireless LANs can be easily attacked. Even
Ruckus devices from Ruckus wireless came third in this inexperienced hackers can exploit them without much
2017 27th International Telecommunication Networks and Applications Conference (ITNAC)
effort. Wi-Fi attacks are a real and ongoing threat. VI. CONCLUSION
Attackers will look for any means possible to infiltrate
network systems to gain access to data for their illicit This paper conducted a study to analyze the WLAN
purposes. deployment growth and its security status in Nuku’alofa.
As a result, this study concluded that the status of wireless
TABLE 3. AN EXAMPLE OF LAYERED DEFENSE network growth increased significantly over the last five
Types of Attack First Line of Second Line of years since the deployment of the fiber optic network. It is
Defense Defense also evident that WLAN security is still in its early stages.
WEP encryption method is still in use, majority at 51% still
Passive Link and Network Security enabled use WPA-PSK and only 28% use the latest encryption
Layer encryption application technique. 7% hide their SSID but 25% used the default
& traffic flow
security SSID. To answer the question - what can be done to
Active Defend the reserve Defend the improve wireless network security in Tonga? Creating
boundaries networking awareness is going to be a major part of the solution. This
environment study should be repeated after two years to get a better view
Insider Physical and Authenticated of the status of WLAN security in the CBD of Tonga, there
personnel security access control, is still a lot of room for improvements.
audit
Close-In Physical and Technical REFERENCES
personnel security surveillance [1] A. Grealish, T. Guest, and P. Mosa’ati. (2010, June 27). Altobridge
countermeasures Wireless Network goes Live in Tonga. Available:
Distribution Trusted software Run time https://www.realwire.com/releases/Altobridge-Wireless-Network-
development & integrity goes-Live-in-Tonga
distribution controls [2] M. Tonga. (2013, May 16). Tonga’s high speed internet goes live
August 21. Available:
Identifying the types of threats, attacks and attackers is http://matangitonga.to/2013/08/14/tonga%E2%80%99s-high-speed-
the first step to a successful Defense in Depth strategy. internet-goes-live-august-21
Attackers may include Insiders, Hackers, Criminals, [3] A. Nisbet, "A tale of four cities: Wireless security & growth in
Competitors or Terrorists. A basic understanding of the New Zealand," in 2012 International Conference on Computing,
attack and attacker’s motives is necessary for proper Networking and Communications (ICNC), 2012, pp. 1167-1171.
planning and Defense in Depth to be implemented to [4] D. Vassis, G. Kormentzas, A. Rouskas, and I. Maglogiannis, "The
IEEE 802.11g standard for high data rate WLANs," IEEE Network,
minimize the vulnerability of wireless networks. Proper vol. 19, pp. 21-26, 2005.
planning and configuration need to be integrated early into [5] O. Bejarano, E. W. Knightly, and M. Park, "IEEE 802.11 ac: from
the security plan. Companies need to identify the risks, the channelization to multi-user MIMO," IEEE Communications
businesses assets, and the necessary steps for mitigation Magazine, vol. 51, pp. 84-90, 2013.
and protection. At a minimum, data should be classified as [6] L. Arash Habibi, D. Mir Mohammad Seyed, and B. Samadi, "A
public or private with an emphasis placed on protecting all survey on wireless security protocols (WEP, WPA and
private data. WPA2/802.11i)," in 2009 2nd IEEE International Conference on
Computer Science and Information Technology, 2009, pp. 48-52.
Signal bleed is a risk, and APs should be placed to [7] N. Gohring, "Motion Sickness," eWeek, vol. 1, pp. 1-4, 2005.
minimize signal bleed. Use of a directional antenna and [8] S. Bosworth and M. E. Kabay, Computer security handbook: John
shielding on external walls helps to localize the signal and Wiley & Sons, 2002.
to contain private data within the expected locations. [9] K.-J. Farn, S.-K. Lin, and A. R.-W. Fung, "A study on information
Defense in Depth for Wireless Networks is the first step to security management system evaluation—assets, threat and
securing wireless. Each layer of security slows the attacker; vulnerability," Computer Standards & Interfaces, vol. 26, pp. 501-
examples include using Wi-Fi Protected Access 2 (WPA2) 513, 2004/10/01/ 2004.
protection, enabling Wireless Intrusion Detection Systems [10] C. Hurley, WarDriving: Drive, detect, defend: A guide to wireless
security: Syngress, 2004.
(WIDS), actively scanning and monitoring for rogue
devices. With regards to SSID configuration, this study [11] K. Panitzek, I. Schweizer, T. Bönning, G. Seipel, and M.
Mühlhäuser, "First responder communication in urban
found that only 7% hid the SSID. 25% still on the default environments," International Journal of Mobile Network Design and
SSID. This is a concern since there are only 2 ISPs in Innovation, vol. 4, pp. 109-118, 2012.
Tonga and their default username and password is known.
The data also showed a tremendous increase in terms of
wireless LAN usages in the last 5 years.