Chapter 18: Security in Wireless

Networks and Devices

Guide to Computer Network Security
Wireless technology is a new technology
that started in the early 1970s.
The rapid technological developments of
the last twenty years have seen wireless
technology as one of the fastest
developing technologies of the
communication industry.
Because of its ability and potential to
make us perform tasks while on the go
and bring communication in areas where
it would be impossible with the traditional
wired communication, wireless technology
has been embraced by millions.
It is based on wireless networking
technology that includes WLAN, Wireless
WAN, Web and an industry of wireless
communication devices.
Kizza - Guide to Computer Network Securi 2
ty
Cellular Wireless Communication Network Infrastructure

The wireless infrastructure, because of

distance problems, is in most parts
supported and complemented by other
wired and other communication
technologies such as satellite, infrared,
microwave, and radio.
In its simplest form, wireless technology
is based on a concept of a cell. That is why
wireless communication is sometimes
referred to as cellular communication.

Kizza - Guide to Computer Network Securi 3

ty
The cell concept is based on the current cellular
technology that transmits analog voice on
dedicated bandwidth. This bandwidth is split into
several segments permanently assigned to small
geographical regions called cells.
This has led to the tiling of the whole
communication landscape with small cells of
roughly ten square miles or less depending on
the density of cellular phones in the geographical
cell.
Each cell has, at its center, a communication
tower called the base station (BS) which the
communication devices use to send and receive
data. The BS receives and sends data usually via
a satellite. Each BS operates two types of
channels:
– The control channel which is used in the exchange
when setting up and maintaining calls
– The traffic channel to carry voice/data.
Kizza - Guide to Computer Network Securi 4
ty
The satellite routes the data signal to a second
communication unit, the Mobile Telephone Switching Office
(MTSO). The MTSO, usually some distance off the
origination cell, may connect to a land-based wired
communication infrastructure for the wired receiver or to
another MTSO or to a nearest BS for the wireless device
receiver.
An enabled wireless device such as a cellular phone must
be constantly in contact with the provider. This continuous
contact with the provider is done through the cell device
constantly listening to its provider’s unique System
Identification Code (SID) via the cell base stations.
If the device moves from one cell to another, the current
tower must hand over the device to the next tower and so
on so the continuous listening continues unabated. As long
as the moving device is able to listen to the SID, it is in
the provider’s service area and it can, therefore, originate
and transmit calls.
In order to do this, however, the moving device must
identify itself to the provider. This is done through its own
unique SID assigned to the device by the provider. Every
call originating from the mobile device must be checked
against a database of valid device SIDs to make sure that
the transmitting device is a legitimate device for the
provider. Kizza - Guide to Computer Network Securi
ty
5
The mobile unit, usually a cellphone, may originate a call
by selecting the strongest setup idle frequency channel
from among its surrounding cells by examining information
in the channel from the selected BS.
Using the reverse of this frequency channel, it sends the
called number to the BS. The BS then sends the signal to
the MTSO. The MTSO attempts to complete the connection
by sending the signal, called a page call, to a select number
of BSs via a land-based wired MTSO or another wireless
MTSO, depending on the called number.
The receiving BS broadcasts the page call on all its
assigned channels. The receiving unit, if active, recognizes
its number on the setup channel being monitored and
responds to the nearest BS which sends the signal to its
MTSO.
The MTSO may backtrack the routes or select new ones to
the call initiating MTSO which selects a channel and notifies
the BS which notifies its calling unit. See Figure 17.2 for
details of this exchange.

Kizza - Guide to Computer Network Securi 6

ty
During the call period, several things may
happen including:
– Call block which happens when channel
capacity is low due to high unit density in the
cell. This means that at this moment all traffic
channels are being used
– Call termination when one of two users hangs
up
– Call drop which happens when there is high
interference in the communication channel or
weak signals in the area of the mobile unit.
– Handoff when a BS changes assignment of a
unit to another BS. This happens when the
mobile unit is in motion such as in a moving
car and the car moves from one cell unit to
another adjacent cell unit.
Kizza - Guide to Computer Network Securi 7
ty
 Limited and Fixed Wireless Communication
Networks
This is a limited area wireless, known mainly as
cordless wireless, that is commonly found in
homes and offices.
Cordless telephones were developed for the
purpose of providing users with mobility.
Cordless has been popular in homes with a single
base station that provides voice and data
support to enable in-house and a small perimeter
around the house or office communication.
However, in office, this can be extended, if there
is a need, especially in a big busy office, to
multiple BSs connected to a single public branch
exchange (PBX) of a local land telephone
provider.
Kizza - Guide to Computer Network Securi 8
ty
Cordless wireless is limited in several areas
including:
– The range of the handset is limited to an average
radius of around 200 m from the BS
– Frequency flexibility is limited since one or a few users
own the BS and handset and, therefore, do not need a
range of choices they are not likely to use.
A wireless loop (WLL) provides services using
one or a few cells, where each cell has a BS
antenna mounted on something like a tall
building or a tall mast. Then each subscriber
reaches the BS via a fixed antenna mounted on
one’s building with an unobstructed line of sight
to the BS. The last link between the BS and the
provider switching center can be of wireless or
fixed technology. WLL offers several advantages
including:
– It is less expensive after the start up costs.
– It is easy to install after obtaining a usable frequency
band.
Kizza - Guide to Computer Network Securi 9
ty
The FCC has allocated several frequency
bands for fixed wireless communication
because it is becoming very popular.
Two popular technologies of WLL are:
– local multipoint distribution service (LMDS) –
delivers TV signals and two-way broadband
communications with relatively high data rates
and provides video, telephone, and data for
low cost
– multi-channel multipoint distribution service
(MMDS) - competes with cable TV services
and provides services to rural areas not
reached by TV broadcast or cable.

Kizza - Guide to Computer Network Securi 10

ty
Wireless LAN (WLAN) or Wireless Fidelity (Wi-Fi)
Wireless LAN (WLAN) or just Wi-Fi, as it is
commonly known in industry, is becoming
common in industry and for individuals.
A wireless LAN offers many advantages to a
business to supplement the traditional LAN.
– It is cheap to install;
– it is fast,
– it is flexible to cover traditionally unreachable
areas.

Kizza - Guide to Computer Network Securi 11

ty
A wireless LAN have applications in four areas:
LAN extension, cross-building interconnection,
nomadic access, and ad hoc networks:
– LAN extensions are wireless LANs (WLANs) linked to
wired backbone networks as extensions to them. The
existing LAN may be an Ethernet LAN, for example. The
WLAN is interfaced to a wired LAN using a control
module that includes either a bridge or a router.
– Cross-building interconnection WLANs are connected to
nearby or adjacent backbone fixed LANs in the building
by either bridges or routers.
– Nomadic access is a wireless link that connects a fixed
LAN to a mobile IP device such as a laptop. Most
wireless communication security problems are found in
this configuration.
– Ad Hoc Networking involves a peer-to-peer network
temporarily and quickly set up to meet an urgent need.

Kizza - Guide to Computer Network Securi 12

ty
 WLAN (Wi-Fi) Technology
WLAN technology falls in three types based on
the type of transmission used by the LAN:
– Infrared (IR) LANs are LANs in which cells are formed by
areas, without obstructing objects between network
elements, that the network is in. This is necessitated by
the fact that infrared light does not go through objects.
– Spread spectrum LANs use spread spectrum
transmission technology. If the transmission band is
kept within a certain frequency range then no FCC
licensing is required. This means they can be used in a
relatively larger area than a single room.
– Narrowband microwave LANS operate at microwave
frequencies, which means that they operate in large
areas and, therefore, require FCC licensing.

Kizza - Guide to Computer Network Securi 13

ty
Mobile IP and Wireless Application Protocol
(WAP)
The growth in popularity of WLANs has been
fueled by the growing number of portable
communication devices whose prices are
plummeting.
In response new technologies such as Mobile IP
and WAP, and standards such as the IEEE 803.11
( as we will shortly see) have been developed.
IN a fixed network, datagrams are moved from
clients to servers and from server to server using
the source and destination addresses (the IP
addresses) in the datagram header.
While this is not a problem in fixed networks, in
wireless networks with a moving transmitting and
receiving element, keeping connectivity in a
dynamically changing IP addressing situation is a
challenge.
Kizza - Guide to Computer Network Securi 14
ty
A mobile node has a home IP address ( in the
fixed LAN) and it is considered static. For this
mobile unit to move from this home base and still
communicate with it while in motion, the
following protocol handshake must be done.
– Once the mobile unit moves, it seeks a new
attachment to a new network; this new
network is called a foreign network. The mobile
unit must make its presence known to the new
network by registering with a new network
node on the foreign network, usually a router,
known as a foreign agent.
– The mobile unit must then choose another
node from the home network, the home agent,
and give that node a care-of address. This
address is its current location in the foreign
network. With this in place, communication
between the mobile unit and the home
network can begin.
Kizza - Guide to Computer Network Securi 15
ty
IN this environments packets are moved
from the home network to the mobile unit
as:
– A datagram with a mobile unit’s IP address as
its destination address is forwarded to the
unit’s home network.
– The incoming datagram is intercepted by the
designated home agent who encapsulate the
datagram into a new datagram with the mobile
unit’s care-of address as the destination
address in its IP header. This process is called
tunneling.
– Upon receipt of the new tunneled datagram,
the foreign agent opens the datagram to reveal
the inside old datagram with the mobile unit’s
original IP address. It then delivers the
datagram to the mobile unit.
– The process is reversed for the return trip.
Kizza - Guide to Computer Network Securi 16
ty
 Wireless Application Protocol
(WAP)
Just as the Mobile IP wireless
technology was dictated by the
mobility of customers, WAP
technology was also dictated by the
mobility of users and their need to
have access to information services
including the Internet and the Web.
See WAP Protocol stack – page 478

Kizza - Guide to Computer Network Securi 17

ty
Standards for Wireless Networks
While protocols spell out the “how
to” framework for the two or more
communicating devices, standards
govern the physical, electrical, and
procedural characteristics of the
communicating entities.
There has been a rapid development
of wireless standards – so rapid that
some people have called the many
standards – a children alphabet. We
discuss two: IEEE 802.11 and
Bluetooth.
Kizza - Guide to Computer Network Securi 18
ty
The IEEE 802.11
– Developed by the IEEE 802.11 working
group, IEEE 802.11 or more commonly
802.11, is the most well known and
most widely used and most prominent
wireless LAN specification standard.
It is a shared, wireless local area network
(LAN) standard.
It is based on the OSI layering model of the
fixed LAN including a similar physical layer
In fact the IEEE 802.11 is an umbrella
standard of many different standards
varying in speed, range, security, and
management capabilities as shown in Table
17.2. Kizza - Guide to Computer Network Securi 19
ty
Bluetooth (See Figure 17.9)
Bluetooth was developed in 1994 by Ericsson, a Swedish
mobile-phone company, to let small mobile devices such as
a laptop make calls over a mobile phone. It is a short-range
always-on radio hookup embedded on a microchip.
It uses a low-power 2.4 GHz band, which is available
globally without a license, to enable two Bluetooth devices
within a small limited area of about 5 m radius to share up
to 720 kbps of data.
Bluetooth has a wide range of potential applications and
gives users a low-power, cheap, untethered, and confined
ability to:
– Create wireless connections among computers, printers,
keyboards, and the mouse
– Wirelessly use MP3 players with computers to download
and play music
– Remotely and wirelessly monitor devices in a home
including remotely turning on home devices from a
remote location outside the home.

Kizza - Guide to Computer Network Securi 20

ty
 Security in Wireless Networks
Wireless networks are inherently insecure. This problem is
compounded by the untraceable hackers who use invisible
links to victimize WLANs and the increasing number of
fusions between LANs and WLANs, thus adding more
access points (the weak points) to the perimeters of secure
networks.
WLANs need to not only provide users with the freedom
and mobility which is so crucial for their popularity but
also the privacy and security of all users and the
information on these networks.
Several security mechanisms required in WLANS include
confidentiality, authentication, and access control.
The “wired equivalent” concept for the IEEE 802.11 WLAN
standard was to define authentication and encryption
based on the Wired Equivalent Privacy (WEP) algorithm.
This WEP algorithm defines the use of a 40-bit secret key
for authentication and encryption.
But all these mechanisms failed to work fully as intended.

Kizza - Guide to Computer Network Securi 21

ty
WLAN found itself facing severe privacy
and security problems including the
following:
– Identity in WLANs - WALN protocol contains a
media access control (MAC) protocol layer in
its protocol stack which the WLAN standard
uses as its form of identity for both devices
and users. However, in the newer open source
device drivers, this MAC is changeable,
creating a situation for malicious intruders to
masquerade as valid users.
In addition, WLAN uses a Service Set Identifier
(SSID) as a device identifier (name) in a network. It
allows clients to communicate with the appropriate
BS. Each BS comes with a default SSID, but
attackers can use these SSIDs to penetrate a BS. As
we will see later, turning off SSID broadcasts cannot
stop hackers from getting to these SSIDs.
Kizza - Guide to Computer Network Securi 22
ty
Other weaknesses include:
– Lack of Access Control Mechanism
– Lack of Authentication Mechanism in 802.11
– Lack of a WEP Key Management Protocol

Kizza - Guide to Computer Network Securi 23

ty