2017 27th International Telecommunication Networks and Applications Conference (ITNAC)

An Analysis of Personal Wireless Network

Security in Tonga
A study of Nuku’alofa

1
Paula Raymond Lutui, 2Osai Tete’imoana and 3George Maeakafa. 1School of Engineering, Computer & Mathematical
Sciences, Auckland University of Technology, Auckland, New Zealand, 2,3School of Computer Science, Christ’s University in
Pacific, Nuku’alofa, Tonga. 1rlutui@aut.ac.nz, 2oteteimoana@gmail.com, 3gmaeakafa@yahoo.com

Abstract— This study evaluates the current state of protecting the privacy and confidentiality of its users.
wireless network security in the CBD of Nuku’alofa. Wireless Security measures were built into the wireless network
Networks have grown significantly since their introduction. standards; however, it is globally accepted that wireless is
Security protocols supplied with the wireless equipment have still more vulnerable than wired networks. Despite the
reached a level of strong and robust security. However,
security remains a problem; this study aims to answer two
advancements of WLANs, it is evident in the literature that
questions. What is the status of wireless network growth and attacks on WLANs exposed organizations to security risks.
security in Tonga? and what can be done to improve wireless II. WI-FI SECURITY
network security in Tonga. The war-drive results of
Nuku’alofa produced comprehensive data which clearly shows WEP, WPA, and WPA2 are the most common security
the number of networks, both company and home networks. protocols. WEP was proposed in 1999 as a measure to
An exploratory research approach is employed to guide the secure data transmission [6]. However, WEP has proven to
design of the study. The results show that there is a significant be weak and can be broken into in a few minutes.
growth in terms of WLAN usage since the implementation of
the fiber optic network. However, this study concludes that
Alternatively, WPA was introduced in 2003 to replace
WLAN security in Nuku’alofa is still in its early stages. WEP and address its shortcomings. WPA has two
generations – Personal and Enterprise. Personal WPA or
Keywords— wireless; LAN; network; security; wardriving; WPA-PSK (Pre-Shared Key) was designed for home and
standards small office. Enterprise WPA employed RADIUS server
I. INTRODUCTION for authentication which gives more effective control and
security [6]. Table 1 summarizes common wireless
Tonga is an economically developing country. In 2010, encryption standards.
Tonga Communications Corporation (TCC) – the country’s TABLE 1. VARIOUS WIRELESS ENCRYPTION STANDARDS
leading provider of complete end-to-end telephony and COMPARISONS
Internet services – launched the new mobile-broadband-
enabled GSM to replace the previous macro-GSM network WEP WPA WAP2
[1]. On the 21st August 2013, the first submarine cable Full Form Wired Wi-Fi Protected Wi-Fi
(fiber optic) that connects Tonga to the outside world went Equivalent Access Protected
live [2]. Therefore, more places are now available with open Privacy Access V2
wireless hotspot such as pizzerias, hotels, cafes, pubs, and Encryption RC4 with 40- TKIP with 128- AES-
restaurants. bit keys bit key CCMP

Wireless communication gained its popularity with the Authentication Pre-shared 802.1x with 802.1x with
keys EAP and EAP and
introduction of the IEEE 802.11 [3]. These are a family of RADIUS RADIUS
wireless specifications for managing wireless traffics. The
802.11 is the original wireless standard, this was followed Key Manual key Per-packet key Per-packet
Management rotation rotation key rotation
by 802.11a. Also completed in 1999 were the 802.11b
standard and the dominant standard for WLANs providing
sufficient speeds for most applications used these days. The A. Wireless Vulnerabilities
802.11g provides high data rates of up to 54 Mb/s [4].
While current IEEE 802.11n devices have reached data Ease of use and convenience seems to be the main drive
rates of up to 600 Mb/s, 802.11ac is expected to achieve behind the growing popularity of WLANs yet, it has its
aggregate throughputs beyond 1 Gb/s [5]. own vulnerabilities and risks. Privacy in WLAN is
achieved by utilizing data encryption techniques. Three
As the popularity of wireless applications grew rapidly, main security approaches have been reviewed. According
wireless network professionals are faced with problems of to [7], various wireless mobile devices are being used by 80

978-1-5090-6796-1/17/$31.00 ©2017 IEEE

 2017 27th International Telecommunication Networks and Applications Conference (ITNAC)

percent of the U.S. work force and that contributes to

businesses’ productivity. On other hand, businesses that are
not fully prepared to ensure security requirements such as -
Confidentiality, Integrity and Availability (CIA) – remain
vulnerable to attacks [8].
B. Common Threats to Wireless LAN
The following is a list of common threats to wireless
LAN.
1) Wi-Fi signal jamming:
Jamming is done with the help of special hardware.
Once the attacker uses a jamming device, all wireless
networks within the vicinity are blocked off from all Fig. 1. Information about a wireless node.
communications. This is the first time for a study like this to be
2) Misconfigured access point attack: conducted in Tonga. As a result, in order to identify the true
Many organizations or individual users still use WLAN status of WLAN security implementation in the CBD of
APs with its default settings. This mistake gives hackers Tonga, the war-drive needs to capture both enterprise and
opportunity to gain unauthorized access to the network. personal WLAN data. Once the route is determined, then
the data collection process will start, as shown in Fig. 2.
3) Rogue access point attack:
This type of attack uses fake access point to mislead
users to believe that it is genuine access point. The attacker
sniffs all information from all traffics that connect to the
rogue access point.
4) Eavesdropping:
This type of attack captures all plain-text traffic. An
attacker can access a computer network by exploiting
wireless connections. Unencrypted or poorly encrypted
information transmitted over wireless connection can be
intercepted and disclosed. WLANs are also vulnerable to
Denial of Service (DoS) and Distributed Denial of Service
(DDoS) attacks.
Fig. 2. War-Driving route in Nuku’alofa.
According to [9], risk is a combination of vulnerability,
threat and impact. Vulnerability is a security hole that can Data analysis is designed to identify the true status of
be exploited. This exploit can be either technologically or WLAN security in Nuku’alofa. That is, conduct vendors’
organization. Organizational refers to the lack of access analysis, SSID configuration analysis, encryption methods
control management policy implemented by the company. analysis, and so on. The final phase allows the researcher(s)
Technological refers to the lack of security programs to communicate the outcome of the study. This
implemented - antivirus. There are two categories of communication includes the problem and its significance,
vulnerabilities that can be exploited: the authors’ recommendations and conclusions to other
researchers and practitioners in the field including service
o Passive –the attacker did not perform any
providers and the Government of Tonga.
modifications in fact, it is invisible to the victim.
o Active –modifications made - such as defacing IV. DATA COLLECTION AND FINDINGS
website contents.
The large coverage area of a WLAN AP may allow an
III. CHOSEN METHODOLOGY FOR THE STUDY attacker to exploit a private network. Some people uses
war-driving to demonstrate how easy it is to compromise
War-Driving is also known as access point mapping, it
WLANs. The war driver can systematically map the
is defined as the act of locating and exploiting WLAN
locations of the APs [10]. In order to start the data
connections while driving around.
collection process, we need to consider the hardware and
A. Design of the Study software for the war-drive. Access to well-known and
highly recommended tools such as a laptop with good
A systematic guidance of a methodology is highly wireless card and a Wi-Fi signal booster, GPS unit,
recommended to maintain the integrity of the findings. magnetically mount external antenna for the top of the
Exploratory research is employed in order to gain a deeper vehicle and amplifier is highly unlikely. Scanning software
understanding of a problem. This exploratory study will such as Kismet, Network Stumbler (NetStumbler), Airbase,
conclude with suggestions to improve the success of future and AirCrack is far-fetched/unrealistic due to hardware
implementation. The design of the study aims to identify requirements.
the problem based on the literature analysis.
 2017 27th International Telecommunication Networks and Applications Conference (ITNAC)

Vendors' Analysis study with 11.17% of the devices identified. Unidentified

Unknown 7.98 vendors came fourth and the rest sits under 5% of the
Tenda Technology 1.06
ASUSTek COMPUTER INC 0.53 Percentages vendors identified by macvendors.com.
Hewlett Packard 1.60
# of Devices
ASKEY 2.13
MitraStar 1.06 B. Encryption Methods Analysis
Belkin 0.53
ETEK
Samsung
0.53
0.53 According to the results, only 1% used WEP and 7%
Edimax
Fortinet
1.06
1.60 were configured ‘open’ access however, 4 of those devices
NETCOMM
NETGEAR
1.06
1.60 were identified as wireless printers. It is not known with
Sophos
Cisco
0.53
2.13
these open access wireless devices whether they employed
Micronet
Floware Wireless
1.06
0.53
any authentication method or not as this study did not make
Hon Hai
TP-Link
2.13 32.45
any attempt to access these networks. Majority of the
Ruckus
Huawei
11.17 24.47
identified APs – 51% were still using WPA with PSK and
D-Link
0 10
4.26
20 30 40 50 60 70
WPA2 on 28%. In the war-driving exercise, 13% were
marked as unknown because the encryption method used
Fig. 3. Vendor’s analysis cannot be identified.
Therefore, we have to use whatever is accessible to at
the time, Samsung Galaxy S5 – Model SM-G900T -
equipped with both wireless transceiver and GPS, running
on Android 6.0.1. This qualifies the Samsung Galaxy S5
for this war-driving exercise. In terms of scanning software,
the G-MoN 4.2.1 developed for Android devices by C.
Knuetter and D. Perna was available. G-MoN allows for
scanning for wireless LAN networks in the vicinity and
stores the data in a database with GPS coordinates in a
Keyhole Markup Language (KML) file [11].
Once the KML file is opened in Google Earth, the
colored dots represent positions of APs - when clicked it Fig. 4. Encryption methods analysis
provides the signal strength, quality and type of network, C. SSID Configuration Analysis
shown in Fig. 1. This information is critical for the purpose
of this study. G-MoN data can also be exported in Comma Service Set Identifier (SSID) is a 32-alphanumeric
Separated Values (CSV) and it shows GPS-Tagging and character unique identifier that attached to the header of
statistics of the captured WLANs. In terms of encryption every packets that transmit over a wireless LAN. The SSID
methods, G-MoN can display five different results – WEP, acts as a password when a mobile device tries to connect to
WPA, WPA2, Open and not defined. the basic service set (BSS) -- a component of the IEEE
802.11 WLAN architecture. 68% of the APs had their
TABLE 2. OVERALL SECURITY ANALYSIS RESULTS
SSIDs changed while 7% hides their SSIDs.
Provider Count Default Hi WEP W W
SSID dd P P
en Op Shared A
A
en Key 2
Unknown 163 31 13 25 0 3 2
5 5
Known 25 33 0 10 2 5 5
7 3
Total 188 64 13 35 2 9 7
2 8

A. Manufacturer Analysis
The War-Driving tool employed captured the MAC
addresses of the wireless devices; however, it cannot Fig. 5. SSID Configuration Analysis.
extract vendor’s information based on the first three bytes.
As a result, MAC addresses were looked up on Hiding SSIDs of an AP is treated as a security
https://macvendors.com/. Fig. 3 shows almost 8% of the mechanism as SSIDs are broadcasted multiple times per
devices marked as unknown. This means that the second which makes WLAN vulnerable to sniffers,
macvendors.com website cannot extract the vendors eavesdroppers, etc. This study also found that 25% of the
information from the MAC address. With regards to wireless APs still use either the ISPs default SSIDs or the
manufacturers, there were 21 different manufacturers manufacturers default SSIDs.
identified excluding the unknown ones. As shown in Fig. 3, V. RECOMMENDATIONS
TP-Link at 32.45% is the most commonly used APs in the
CBD of Tonga followed by Huawei at around 24.47%. Unsecured wireless LANs can be easily attacked. Even
Ruckus devices from Ruckus wireless came third in this inexperienced hackers can exploit them without much
 2017 27th International Telecommunication Networks and Applications Conference (ITNAC)

effort. Wi-Fi attacks are a real and ongoing threat. VI. CONCLUSION
Attackers will look for any means possible to infiltrate
network systems to gain access to data for their illicit This paper conducted a study to analyze the WLAN
purposes. deployment growth and its security status in Nuku’alofa.
As a result, this study concluded that the status of wireless
TABLE 3. AN EXAMPLE OF LAYERED DEFENSE network growth increased significantly over the last five
Types of Attack First Line of Second Line of years since the deployment of the fiber optic network. It is
Defense Defense also evident that WLAN security is still in its early stages.
WEP encryption method is still in use, majority at 51% still
Passive Link and Network Security enabled use WPA-PSK and only 28% use the latest encryption
Layer encryption application technique. 7% hide their SSID but 25% used the default
& traffic flow
security SSID. To answer the question - what can be done to
Active Defend the reserve Defend the improve wireless network security in Tonga? Creating
boundaries networking awareness is going to be a major part of the solution. This
environment study should be repeated after two years to get a better view
Insider Physical and Authenticated of the status of WLAN security in the CBD of Tonga, there
personnel security access control, is still a lot of room for improvements.
audit
Close-In Physical and Technical REFERENCES
personnel security surveillance [1] A. Grealish, T. Guest, and P. Mosa’ati. (2010, June 27). Altobridge
countermeasures Wireless Network goes Live in Tonga. Available:
Distribution Trusted software Run time https://www.realwire.com/releases/Altobridge-Wireless-Network-
development & integrity goes-Live-in-Tonga
distribution controls [2] M. Tonga. (2013, May 16). Tonga’s high speed internet goes live
August 21. Available:
Identifying the types of threats, attacks and attackers is http://matangitonga.to/2013/08/14/tonga%E2%80%99s-high-speed-
the first step to a successful Defense in Depth strategy. internet-goes-live-august-21
Attackers may include Insiders, Hackers, Criminals, [3] A. Nisbet, "A tale of four cities: Wireless security & growth in
Competitors or Terrorists. A basic understanding of the New Zealand," in 2012 International Conference on Computing,
attack and attacker’s motives is necessary for proper Networking and Communications (ICNC), 2012, pp. 1167-1171.
planning and Defense in Depth to be implemented to [4] D. Vassis, G. Kormentzas, A. Rouskas, and I. Maglogiannis, "The
IEEE 802.11g standard for high data rate WLANs," IEEE Network,
minimize the vulnerability of wireless networks. Proper vol. 19, pp. 21-26, 2005.
planning and configuration need to be integrated early into [5] O. Bejarano, E. W. Knightly, and M. Park, "IEEE 802.11 ac: from
the security plan. Companies need to identify the risks, the channelization to multi-user MIMO," IEEE Communications
businesses assets, and the necessary steps for mitigation Magazine, vol. 51, pp. 84-90, 2013.
and protection. At a minimum, data should be classified as [6] L. Arash Habibi, D. Mir Mohammad Seyed, and B. Samadi, "A
public or private with an emphasis placed on protecting all survey on wireless security protocols (WEP, WPA and
private data. WPA2/802.11i)," in 2009 2nd IEEE International Conference on
Computer Science and Information Technology, 2009, pp. 48-52.
Signal bleed is a risk, and APs should be placed to [7] N. Gohring, "Motion Sickness," eWeek, vol. 1, pp. 1-4, 2005.
minimize signal bleed. Use of a directional antenna and [8] S. Bosworth and M. E. Kabay, Computer security handbook: John
shielding on external walls helps to localize the signal and Wiley & Sons, 2002.
to contain private data within the expected locations. [9] K.-J. Farn, S.-K. Lin, and A. R.-W. Fung, "A study on information
Defense in Depth for Wireless Networks is the first step to security management system evaluation—assets, threat and
securing wireless. Each layer of security slows the attacker; vulnerability," Computer Standards & Interfaces, vol. 26, pp. 501-
examples include using Wi-Fi Protected Access 2 (WPA2) 513, 2004/10/01/ 2004.
protection, enabling Wireless Intrusion Detection Systems [10] C. Hurley, WarDriving: Drive, detect, defend: A guide to wireless
security: Syngress, 2004.
(WIDS), actively scanning and monitoring for rogue
devices. With regards to SSID configuration, this study [11] K. Panitzek, I. Schweizer, T. Bönning, G. Seipel, and M.
Mühlhäuser, "First responder communication in urban
found that only 7% hid the SSID. 25% still on the default environments," International Journal of Mobile Network Design and
SSID. This is a concern since there are only 2 ISPs in Innovation, vol. 4, pp. 109-118, 2012.
Tonga and their default username and password is known.
The data also showed a tremendous increase in terms of
wireless LAN usages in the last 5 years.