WIRELESS

NETWORKING
CONCEPTS

Wireless Standards

Wireless Networking
• Computers are connected and communicate with each

other not by emissions of electromagnetic energy in the
air.
• Infrastructure Based Networks
• Infrastructure Less Networks

IBSS & DS

• SSID (service set identification) is the informal

name of the BSS.
• BSS is functionally a contention domain as a local
or workgroup network is functionally a broadcast
domain.
• In infrastructure mode, a single access point
together with all associated stations is called a
BSS.
• BSSID is used to uniquely identify a BSS. BSSID
is the MAC address of the wireless access point
(WAP).
• An Extended Service Set (ESS) is a set of two or
more BSSs that form a single sub network.

WLAN Architecture

IEEE802.11 Standards
• 802.11: This was the first 802.11 task group. The objective of this group

was to develop MAC layer and physical layer specifications for wireless
connectivity for fixed, portable, and mobile nodes within a local area.
• 802.11a: This group created a standard for wireless LAN operations in
the 5 GHz frequency band, where data rates of up to 54 Mbps are
possible.
• 802.11b: This task group created a standard for wireless LAN operations
in the 2.4 GHz Industrial, Scientific, and Medical (ISM) band, which is
freely
available for use throughout the world. This standard is popularly referred
to as Wi-Fi, standing for Wireless-Fidelity. It can offer data rates of up to
11 Mbps.
• 802.11c: This group was constituted for devising standards for bridging
operations. Manufacturers use this standard while developing bridges
and access points.

• 802.11d: This group's main objective is publishing

definitions and requirements for enabling the operation of
the 802.11 standard in countries that are not currently
served by the standard.
• 802.11e: The main objective of this group is to define an
extension of the 802.11 standard for quality of service
(QoS) provisioning and service differentiation in wireless
LANs.

• 802.11f: This group was created for developing specifications for

implementing access points and distribution systems following the
802.11 standard, so that interoperability problems between devices
manufactured by different vendors do not arise.
• 802.11g: This group was involved in extending the 802.11b standard
to
support high-speed transmissions of up to 54 Mbps in the 5 GHz
frequency band, while maintaining backward compatibility with
current 802.11b devices.
• 802.11h: This is supplementary to the 802.11 standard. It was
developed in order for the MAC layer to comply with European
regulations for 5 GHz
wireless LANs, which require products to have mechanisms for
transmission power control and dynamic frequency selection.
• 802.11i: This group is working on mechanisms for enhancing security
in the 802.11 standard.

• 802.11j: This task group is working on mechanisms for

enhancing the current
802.11 MAC physical layer protocols to additionally
operate in the newly
available Japanese 4.9 GHz and 5 GHz bands.
• 802.11n: The objective of this group is to define
standardized modifications to
the 802.11 MAC and physical layers such that modes of
operation that are capable of much higher throughputs at
the MAClayer, with a maximum of at least 100 Mbps, can
be enabled.

Wireless Architecture

Interaction between Services and State
Variables

• The IEEE 802.11 standard states that each station must maintain

two variables that are dependent on the authentication, deauthentication services and the association, re-association,
disassociation services.
• The variables are authentication state and association state and
used in a simple state machine that determines the order in
which certain services must be invoked and when a station may
begin using the data delivery service.
• A station may be authenticated with many different stations
simultaneously. However, a station may be associated with only
one other station at a time.

Interaction between Services and State
Variables
• In state 1, the station may use a very limited number of frame types.
• This frames are to find an IEEE 802.11 WLAN, an ESS, and its APs, to complete


the required frame handshake protocols, and to implement the authentication
service. If a station is part of an IBSS, it is allowed to implement the data service
in state 1.
In state2, additional frame types are allowed to provide the capability for a station
in state 2 to implement the association, re-association, and disassociation
services.
In state 3, all frame types are allowed and the station may use the data delivery
service. A station must react to frames it receives in each of the states, even those
that are disallowed for a particular state. A station will send a de-authentication
notification to any station with which it is not authenticated if it receives frames
that are not allowed in state 1.
A station will send a disassociation notification to any station with which it is
authenticated, but not associated, if it receives frames not allowed in state 2.
These notifications will force the station that sent the disallowed frames to make a
transition to the proper state in the state diagram and allow it to proceed properly
toward state 3.

Relationship between State Variables
and Services

IEEE 802.11 Service Sets and State
Machine

CSMA/CA
• Collision avoidance is used to improve the performance of

the CSMA method by attempting to divide the channel
somewhat equally among all transmitting nodes within the
collision domain.
• Carrier Sense
• Collision Avoidance
• Request to Send/Clear to Send
• Transmission

CSMA/CA
• CSMA/CD
• Inter Frame Space
• Role of Contention Window

Timing in CSMA/CA

Procedure

Wireless Frames
• Data Frame
• hauling data from station to station
• Control Frame
• area clearing operations
• channel acquisition
• carrier-sensing maintenance functions
• positive acknowledgment of received data
• Management Frame
• join and leave wireless networks
• move associations from access point to access point

Wireless Security

WEP

WPA

WPA2

Name

Wired Equivalent Wifi Protected
Privacy
Access

Wifi Protected
Access 2

Combo

48 bit
24 bit
initialization keys
48 bit
initialization keys
500 trillion
initialization keys
16.7 million
combinations
500 trillion
combination
Advanced
combinations
Encryption
Standard

Encryption

64 bits
128 bits

64 bits
128 bits

64 bits
128 bits

Keys

Static encryption
keys

Unique
encryption key

Unique
encryption key

Speed

Not much
processing
power

Somewhat
processing
power

Requires greater
processing
power

Master Key

Master keys are
used directly

Master keys are
never directly

Master keys are
never directly

Disadvantages of WEP
• WEP provides no forgery protection
• No protection against Message Replays
• WEP misuses the RC4 encryption algorithm in a way that

exposes the protocol to weak key attacks
• By reusing initialization vectors, WEP enables an attacker
to decrypt the encrypted data without ever learning the
encryption key

TKIP
• Temporal Key Integrity Protocol (TKIP) is the TaskGroupi’s

solution for the security loop holes present in the already
deployed 802.11 hardware
• It is a set of algorithms that wrap WEP to give the best
possible solution given all the above mentioned design
constraints.

Components of TKIP
• A cryptographic message integrity code, or MIC, called

Michael: to defeat forgeries;
• A new IV sequencing discipline: to remove replay attacks
from the attacker’s arsenal;
• A per-packet key mixing function: to de-correlate the
public IVs from weak keys
• A re-keying mechanism: to provide fresh encryption and
integrity keys, undoing the threat of attacks stemming
from key reuse.

TKIP Encryption Process

TKIP Decryption Process

AES
• Block Cipher
• 10 cycles of repetition for 128-bit keys
• 12 cycles of repetition for 192-bit keys
• 14 cycles of repetition for 256-bit keys
• Operations performed in first 9 rounds:
• Sub Bytes
• Shift Rows
• Mix Columns
• Add Round Key
• Operations performed in 10 rounds
• Sub Bytes
• Shift Rows
• Add Round Key

AES
Diagram

EAP
• Extensible Authentication Protocol
• Link layer Authentication Framework
• Used in Wireless and Point-Point Networks
• Uses 4 different kinds of messages:

1. EAP request
2. EAP response
3. EAP success
4. EAP failure

EAP Example
Peer

Identity Request
Identity Response

Repeated as
many times as
needed

Authenticat
or

EAP
Request

EAP Response with the same type or a
Nack

EAP Success or EAP Failure
message
Identity Request

Identity Response
If mutual
Auth
EAP Request
Repeate
Is
d as
required needed EAP Response with the same type or a
Nak

EAP Success or failure
message

Basic EAP Methods
• In the initial definition of EAP included several built in

authentication methods:
•Identity - request the other side to identify itself.
•Notification - to send notifications to the other side.
•Nak - peer refuses to use the authentication method.
•MD5-Challenge - an implementation of chap over EAP.
•One Time Password - used for one time passwords.
•Generic Token Card - used for generic token cards.
•Vendor Specific - *

EAPMD5

LEAP

EAPTLS

EAPTTLS

PEAP

Server
Authentication

None

Password
Hash

Public Key
(Certificate)

Public Key
(Certificate)

Public Key
(Certificate)

Supplicant
Authentication

Password
Hash

Dynamic Key
Delivery

No

Security Risks

Password
Public Key
Hash
(Certificate or
Smart Card)

Yes

Identity
Identity
exposed,
exposed,
Dictionary
Dictionary
attack, Manattack
in-the-Middle
(MitM) attack,

CHAP, PAP,
Any EAP,
MSlike EAPCHAP(v2), MS-CHAPv2
EAP
or Public
Key

Yes

Yes

Yes

Identity
exposed

MitM attack

MitM attack;
Identity
hidden in
Phase 2 but
potential
exposure in

RBAC
• Role-Based Access Control
• Role and Permission

RBAC Model Components
• Security Principles:
• Least Privilege
• Separation of duties
• Data Abstraction
• RBAC model is defined in terms of four model components:
• Core RBAC
• Hierarchical RBAC
• Static Separation of Duty Relations
• Dynamic Separation of Duty Relations

Core RBAC
(PA)
(UA) User
Assignment

USERS

Permission
Assignment

ROLES

OPERA
TIONS

OBJECTS

privileges
user_sessions

Sessions

session_roles

• Many-to-many relationship among individual users and privileges
• Session is a mapping between a user and an activated subset of assigned

roles
• User/role relations can be defined independent of role/privilege relations
• Privileges are system/application dependent
• Accommodates traditional but robust group-based access control

Hierarchical RBAC
Role Hierarchy
(PA)
(UA) User
Assignment

USERS

Permission
Assignment

ROLES

OPERA
TIONS

OBJECTS

privileges
user_sessions

Sessions

session_roles

• Role/role relation defining user membership and privilege inheritance
• Reflects organizational structures and functional delineations
• Two types of hierarchies:
• - Limited hierarchies
• - General hierarchies

Static Separation of Duty Relations
SSD

Role Hierarchy
(UA) User
Assignment

(PA) Permission
Assignment
ROLES

USERS

session_roles

user_sessions

OPERA
TIONS

OBJECTS

privileges

SESSIONS

SoD policies deter fraud by placing constrains on administrative
actions and there by restricting combinations of privileges that are
available to users
E.g., no user can be a member of both Cashier and AR Clerk roles
in Accounts Receivable Department

Dynamic Separation of Duty Relations
Role Hierarchy
User Assignment

Permission
Assignment
ROLES

USERS

session_roles

user_sessions
SESSIONS

OPERA
TIONS

OBJECTS

privileges

Dynamic
Separation of Duty

DSoD policies deter fraud by placing constrains on the roles that can be activated in
any given session there by restricting combinations of privileges that are available to
users

WIDS
• Wireless Intrusion

Detection System
• Components
• Sensor
• Dedicated Sensors
• Bundled with AP

• Console
• Management Server
• Database Server

WIPS
• Wireless Intrusion Prevention System
• Prevention Capabilities offered by WIPS
• Wireless :
• De-associate the current session between
• misconfigured STA and an authorized AP
• misconfigured AP and an authorized STA

• Wired :
• Block network activity based on the device’s MAC address or switch

port.

MAC Filtering
• GUI Filtering or Layer 2 Address Filtering
• Security Access Control Method
• Uses Blacklists and Whitelists
• Port Security