Wireless network security is the process of designing, implementing and ensuring security on

a wireless computer network. It is a subset of network security that adds protection for a
wireless computer network. Wireless network security is also known as wireless security.
APK file
An APK file is an Android Package file, and is the file format used by Android devices for
installing and managing software. APK files are similar to other package files, such as APPX
files used by Microsoft Windows, or Deb files used by Debian-based systems. When you
download an APK file from a website, it is downloaded to your device’s internal storage. You
can then use a file manager to find the APK and install it.
Types of mobile device vulnerabilities
There are two main types of mobile device vulnerabilities:
1. Unsecured communications: This is when data is transmitted between the device and a
server without being properly encrypted. This can allow third-parties to intercept and read the
data.
2. Insecure data storage: This is when data is stored on the device in an unencrypted format.
This can allow unauthorized access to the data if the device is lost or stolen.

Wireless Communication
Wireless communication refers to any type of data exchange between the parties that is
performed wirelessly (over the air). This definition is extremely wide, since it may
correspond to many types of wireless technologies, like:
 Wi-Fi Network Communication
 Bluetooth Communication
 Satellite Communication
 Mobile Communication

All the technologies mentioned above use different communication architecture, however
they all share the same "Wireless Medium" capability.
Wi-Fi
Wireless Fidelity (Wi-Fi) refers to wireless local area network, as we all know them. It is based on IEEE

802.11 standard. Wi-Fi is a type of wireless network you meet almost everywhere, at your
home, workplace, in hotels, restaurants and even in taxis, trains or planes. These 802.11
communication standards operate on either 2.4 GHz or 5 GHz ISM radio bands.
1
These devices are easily available in the shops that are compatible with Wi-Fi standard, they
have following image visible on the device itself. I bet you have seen it hundreds of times in
various shops or other public places!

Due to the fact, that 802.11 based wireless network are so heavily used in all types of
environments - they are also the biggest subject for various security researches across other
802.11 standards.
Wireless Clients
Wireless clients are considered to be any end-devices with a wireless card or wireless adapter
installed. Now, in this 21st century, those devices can be almost anything:
 Modern Smartphones – These are one of the most universally used wireless
devices you see in the market. They support multiple
wireless standards on one box, for example,
Bluetooth, Wi-Fi, GSM.
 Laptops – These are a type of device which we all
use every single day!

 Smartwatch – An example of Sony based smartwatch

is shown here. It can synchronize with your
smartphone via a Bluetooth
 .
 Smart-home Equipment - With the current progress of the technology, smart-
home equipment might be for example a freezer that you can control over Wi-Fi
or a temperature controller.

The list of possible client devices is growing every single day. It sounds a little scary that all
2
 Wireless
of those devices/utilities we use on a daily basis can be controlled via a wireless Security
network so
easily. But at the same time, remember that all the communication flowing through a wireless
medium can be
intercepted by anyone who is just standing at the right place at the right time.

Acess Point

Access Point (AP) is the central node in 802.11 wireless implementations. It is the interface
between wired and wireless network, that all the wireless clients associate to and exchange data
with.
For a home environment, most often you have a router, a switch, and an AP embedded in one
box, making it really usable for this purpose.

BaseTransceiverStation
Base Transceiver Station (BTS) is the equivalent of an Access Point from 802.11 world, but
used by mobile operators to provide a signal coverage, ex. 3G, GSM etc...

WirelessController(WLC)
In corporate wireless implementation, the number of Access Points is often counted in
hundreds or thousands of units. It would not be administratively possible to manage all the
3
 AP's and their configuration (channel assignments, optimal output power, roaming
configuration, creation of SSID on each and every AP, etc.) separately.

This is the situation, where the concept of wireless controller comes into play. It is the
"Mastermind" behind all the wireless network operation. This centralized server which has the
IP connectivity to all the AP's on the network making it easy to manage all of them globally
from the single management platform, push configuration templates, monitor users from all
the AP's in real time and so on.

ServiceSetIdentifier(SSID)
SSID directly identifies the wireless WLAN itself. In order to connect to Wireless LAN, the
wireless client needs to send the same exact SSID in the association frame as the SSID name,
preconfigured on the AP. So the question now arises how to find out which SSIDs are present
in your environment? That is easy as all the operating systems come with a built-in wireless
client that scans wireless spectrum for the wireless networks to join (as shows below). I am
sure you have done this process several times in your daily routine.

4
But, how those devices know that specific wireless network is named in that particular way
just by listening to radio magnetic waves? It is because one of the fields in a beacon frame
(that APs transmit all the time in very short time intervals) contains a name of the SSID
always in clear text, which is the whole theory about this.

5
 SSID can have a length of up to 32 alphanumeric characters and uniquely
identifies a particular WLAN broadcasted by the AP. In case, when the AP has
multiple SSIDs defined, it will then send a separate beacon frame for each
SSID.
Cell
A cell is basically a geographical region covered by the AP's or BTS's antenna
(transmitter). In the following image, a cell is marked with a yellow line.

6
 Most often, an AP has much more output power, when compared it with the
capabilities of the antenna built-in into the client device. The fact that, the
client can receive frames transmitted from the AP, does not mean that a 2-way
communication can be established. The above picture perfectly shows that
situation. - In both situations, a client can hear AP's frames, but only in the
second situation, the 2-way communication can be established.
The outcome from this short example is that, when designing the wireless cell
sizes, one has to take into account, what is the average output transmitting
power of the antennas that clients will use.
Channel
Wireless Networks may be configured to support multiple 802.11 standards.
Some of them operate on the 2.4GHz band (example are: 802.11b/g/n) and
other ones on the 5GHz band (example: 802.11a/n/ac).
Depending on the band, there is a predefined set of sub-bands defined for each
channel. In environments with multiple APs placed in the same physical area,
the smart channel assignment is used in order to avoid collisions (collisions of
the frames transmitted on exactly the same frequency from multiple sources at
the same time).

7
 Let's have a look at the theoretical design of the 802.11b network with 3 cells,
adjacent to each other as shown in the above picture. Design on the left is
composed of 3 non-overlapping channels - it means that frames sent by APs and
its clients in particular cell, will not interfere with communication in other cells.
On the right, we have a completely opposite situation, all the frames flying
around on the same channel leads to collisions and degrade the wireless
performance significantly.
Antennas
Antennas are used to "translate" information flowing as an electrical signal
inside the cable and into the electromagnetic field, which is used to transmit
the frame over a wireless medium

Every wireless device (either AP or any type of wireless client device) has an
antenna that includes a transmitter and the receiver module. It can be external and
visible to everyone around or built-in, as most of the laptops or smartphones
nowadays have.For wireless security testing or penetration tests of the wireless
networks, external antenna is one of the most important tools. You should get one of
them, if you want to go into this field! One of the biggest advantages of external
antennas (comparing to most of the internal antennas you might meet built-in to the
equipment), is that they can be configured in a so-called "monitor mode" - this is

8
 definitely something you need! It allows you to sniff the wireless traffic from your PC using
wireshark or other well-known tools like Kismet.
There is a very good article on the internet (https://www.raymond.cc/blog/best-compatible-usb- wireless-
adapter-for-backtrack-5-and-aircrack-ng/) that helps with the choice of the external wireless antenna,
especially for Kali Linux that has monitor mode capabilities. If you are seriously considering going into this
field of technology, I really recommend all of you to purchase one of the recommended ones (I have one of
them

Wireless Security apporaches:

1.MAC Authentication

2.WEP (Wired Equivalent Privacy)

3.802.11i (WPA - Wifi Protected Access)

4. EAP/LEAP (Extensible Authentication Protocol)

5. WAP (Wireless Application Protocol

1.MAC Authentication

Create a list of MAC addresses

– media access layer, e.g., ether 00:0a:95:d5:74:6a

– Only these devices are allowed on network

• Attack

– Listen on network for MAC address use -- laptop

– Masquerade as that MAC address (easy to do, manydevices programmable)

– ... can wait for it to go off line to avoid conflict, but notnecessary

2. WEP (Wired Equivalent Privacy)

Keys

– Pass-phrase converts 40 bits from passphrase, plus 24 bit initialization vector (or)

– 26 char hexadecimal + 24-bit IV = 128-bit WEP

– Ability to send packets is essentially authentication

• integrity used as authentication

9
– Built into the vast majority of home wireless routers

3.802.11i (WPA - Wifi Protected Access)

Two modes of operation

– Pre-shared key mode -- WEP like, shared key derived from single network passphrase

– Server mode -- uses 802.1X authentication server to authenticate/give unique keys to users

4. EAP/LEAP (Extensible Authentication Protocol)

Extensible Authentication Protocol

– Challenge response - auth. only

– Bolts onto other authentication mechanisms, e.g.,Kerberos, RADIUS

– Passes authentication information onto other protocols (WEP, WAP)

– LEAP: Cisco implementation/modifications (security problems are possibly serious)

– Standards: EAP-MD5, EAP-TLS

– PEAP: RSA/Microsoft/Cisco standards for WPA/WPA2 protocols

5. WAP (Wireless Application Protocol)

A set of protocols for implementing applications over thin (read wireless) pipes.

• Short version: a set of protocols to implement the web over wireless links as delivered to resource limited
devices

– reduce overhead and flabby content (image rich HTML)

– support limited presentation and content formats

• Wireless Markup Language (XML-based language)

– reduce the footprint of the rendering engine (browser)

• Security: WTLS

– SSL/TLS protocol -- public keys, key negotiation, etc.

Cryptography – Benefits

10
Cryptography is an essential information security tool. It provides the four most basic services of
information security −
 Confidentiality − Encryption technique can guard the information and communication from
unauthorized revelation and access of information.
 Authentication − The cryptographic techniques such as MAC and digital signatures can protect
information against spoofing and forgeries.
 Data Integrity − The cryptographic hash functions are playing vital role in assuring the users about
the data integrity.
 Non-repudiation − The digital signature provides the non-repudiation service to guard against the
dispute that may arise due to denial of passing message by the sender.

 1.1:High performance elliptic curve coprocessor

Elliptic Curves

In 1985, cryptographic algorithms were proposed based on elliptic curves. An elliptic curve is the set of
points that satisfy a specific mathematical equation. They are symmetrical.

Elliptic Curve Cryptography (ECC) is a key-based technique for encrypting data. ECC focuses on pairs of
public and private keys for decryption and encryption of web traffic.
ECC is frequently discussed in the context of the Rivest–Shamir–Adleman (RSA) cryptographic algorithm.
RSA achieves one-way encryption of things like emails, data, and software using prime factorization.

ECC, an alternative technique to RSA, is a powerful cryptography approach. RSA does something similar
with prime numbers instead of elliptic curves, but ECC has gradually been growing in popularity recently
due to its smaller key size and ability to maintain security. This trend will probably continue as the demand
on devices to remain secure increases due to the size of keys growing, drawing on scarce mobile resources.
This is why it is so important to understand elliptic curve cryptography in context.

In contrast to RSA, ECC bases its approach to public key cryptographic systems on how elliptic curves are
structured algebraically over finite fields. Therefore, ECC creates keys that are more difficult,
mathematically, to crack. For this reason, ECC is considered to be the next generation implementation of
public key cryptography and more secure than RSA.

It also makes sense to adopt ECC to maintain high levels of both performance and security. That’s because
ECC is increasingly in wider use as websites strive for greater online security in customer data and greater
mobile optimization, simultaneously. More sites using ECC to secure data means a greater need for this kind
of quick guide to elliptic curve cryptography.

In this elliptic curve cryptography example, any point on the curve can be mirrored over the x-axis and the
curve will stay the same. Any non-vertical line will intersect the curve in three places or fewer.

11
12
13
 Uses
 Websites make extensive use of ECC to secure customers’ hypertext transfer protocol connections.
 It is used for encryption by combining the key agreement with a symmetric encryption scheme.
Elliptic Curve Cryptography?

Elliptic Curve Cryptography vs RSA

The difference in size to security yield between RSA and ECC encryption keys is notable. The table below
shows the sizes of keys needed to provide the same level of security. In other words, an elliptic curve
cryptography key of 384 bit achieves the same level of security as an RSA of 7680 bit.

RSAKeyLength(bit)
1024
2048
3072
7680
15360

ECCKeyLength(bit)
160
224
256
384
521

There is no linear relationship between the sizes of ECC keys and RSA keys. That is, an RSA key size that
is twice as big does not translate into an ECC key size that’s doubled. This compelling difference shows that
ECC key generation and signing are substantially quicker than for RSA, and also that ECC uses less
memory than does RSA.

Also, unlike in RSA, where both are integers, in ECC the private and public keys are not equally
exchangeable. Instead, in ECC the public key is a point on the curve, while the private key is still an integer.
A quick comparison of the advantages and disadvantages of ECC and RSA algorithms looks like this:
ECC features smaller ciphertexts, keys, and signatures, and faster generation of keys and signatures. Its
decryption and encryption speeds are moderately fast. ECC enables lower latency than inverse throughout
by computing signatures in two stages. ECC features strong protocols for authenticated key exchange and
support for the tech is strong.
Disadvantage of ECC
 it isn’t easy to securely implement. Compared to RSA, which is much simpler on both the
verification and encryption sides, ECC is a steeper learning curve and a bit slower for accumulating
actionable results.
Advantages of Elliptic Curve cryptography
 Public-key cryptography works using algorithms that are easy to process in one direction and
difficult to process in the reverse direction. For example, RSA relies on the fact that multiplying

14
 prime numbers to get a larger number is easy, while factoring huge numbers back to the original
primes is much more difficult.
.
 Size is a serious advantage of elliptic curve cryptography, because it translates into more power for
smaller, mobile devices. It’s far simpler and requires less energy to factor than it is to solve for an
elliptic curve discrete logarithm, so for two keys of the same size, RSA’s factoring encryption is
more vulnerable.
 Using ECC, you can achieve the same security level using smaller keys. In a world where mobile
devices must do more and more cryptography with less computational power, ECC offers high
security with faster, shorter keys compared to RSA.
.

Symmetric and Asymmetric Encryption

Symmetric encryption is the much simpler form of encryption. Symmetric encryption utilizes one key to
encrypt data, whether that data is in-transit or at-rest. In reference to encrypting data-in-motion, the key is
created and shared with both the sender and the recipient of the message. The data in the message is
encrypted with the symmetric key, meaning the only person who can read this data is someone who owns
the encryption key. Once the message reaches the recipient, they can use the symmetric key to decrypt the
data. Using symmetric encryption alone is not recommended, as it is much more insecure compared to
asymmetric encryption. This is due to the fact that with symmetric encryption, the key created must at some
point be delivered to the data recipient. If this transfer is not done securely, the key could be intercepted
during delivery, meaning any encryption done with that key is now irrelevant. An example of data-in-transit
encrypted with a symmetric key can be seen below.

15
Asymmetric encryption, as I mentioned previously, is the more secure of the two types of encryption. With
asymmetric encryption, a key pair is created which consists of a public and private key. The public key is
kept available for anyone to see, while the private key is known only by the key pair creator. To
asymmetrically encrypt data, the key pair creator encrypts the message with their private key, sends the
encrypted message to the recipient, and the recipient can then use the public key, generally found from a
public key repository, to decrypt the message. By decrypting the message with the public key, the data
recipient can tell that the message is from who they think it is from and that the data in the message has not
been changed. If the data in the message had been changed, the decryption with the public key will not
produce a readable message, as the data would have been encrypted to a different value. Though asymmetric
encryption is more secure than symmetric encryption, they tend to be used in tandem for communications
encryption. The initial connection will be created with asymmetric encryption, a symmetric session key will
be created, and the session key will then be used to encrypt messages in the session. Below is a diagram of
the asymmetric encryption process.

16
17