Chapter-1 Introduction to Wireless Ad hoc...
Transcript of Chapter-1 Introduction to Wireless Ad hoc...
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network
Chapter-1
Introduction to Wireless Ad hoc
Network
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 1
1.1 Introduction
Wireless network is a network set up by using radio signal frequency to
communicate among computers and other network devices. Sometimes, it is
also referred as Wi-Fi network or WLAN. This network is getting popular
nowadays due to easy to setup feature and no cabling involved. You can
connect computers anywhere in your home without the need of wires.
Whether it is because you have made a call using a mobile phone, received a
message on your pager, checked your email from a PDA or even just seen an
advert related to it, we have all come across a wireless data or voice network!
If a user, application or company wishes to make data portable, mobile and
accessible then wireless networking is the answer. A wireless networking
system would rid of the downtime you would normally have in a wired
network due to cable problems. It would also save time and money due to
the fact that you would spare the expenses of installing a lot of cables. Also,
if a client computer needs to relocate to another part of the office then all
you need to do is to move the machine with the wireless network card.
Wireless networking can prove to be very useful in public places. Libraries,
guest houses, hotels, cafeterias and schools are all places where one might
find wireless access to the Internet. From a financial point of view, this is
beneficial to both the provider and the client. The provider would offer the
service for a charge – probably on a pay per use system and the client would
be able to take advantage of this service in a convenient location; away from
the office or home. A drawback of wireless Internet is that the QoS (Quality
of Service) is not guaranteed and if there is any interference with the link
then the connection may be dropped.
These types of networks can be maintained over large areas, such as cities
or countries via multiple satellite systems or antenna sites looked after by
an ISP. These types of systems are referred to as 2G (2nd Generation)
systems.
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 2
Meters Network
0-10 Personal Area Network
0-100 Local Area Network
0-10000 Wide Area Network
(Table 1-1: Range of network in terms of meters)
The Figure 1-1 shows how it works, let us say you have two computers each
equipped with wireless adapter and you have set up wireless router. When
the computer sends out the data, the binary data will be encoded to radio
frequency and transmitted via wireless router. The receiving computer will
then decode the signal back to binary data.
It does not matter you are using broadband cable/DSL modem to access
internet; both ways will work with wireless network. If you heard about
wireless hotspot, which means that location is equipped with wireless
devices for you and others to join the network. You can check out the
nearest hotspots from your home here.
The two main components are wireless router or access point and wireless
clients.
If you have not set up any wired network, then just get a wireless router and
attach it to cable or DSL modem. You then set up wireless client by adding
wireless card to each computer and form a simple wireless network as
shown in Figure 1-2. You can also cable connect computer directly to router
if there are switch ports available.
If you already have wired Ethernet network at home, you can attach a
wireless access point to existing network router and have wireless access at
home. Wireless router or access points should be installed in a way that
maximizes coverage as well as throughput. The coverage provided is
generally referred to as the coverage cell.
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 3
(Figure 1-1: How Wireless Network Works)
Large areas usually require more than one access point in order to have
adequate coverage. You can also add access point to your existing wireless
router to improve coverage.
(Figure 1-2: How Wireless Network Works With Access Point)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 4
1.2 Types of Wireless Networks
The Following are the type of Wireless Networks
i. Wireless Personal Area Network
ii. Wireless Local Area Network
iii. Wireless Mesh Network
iv. Wireless Metropolitan Area Network
v. Wireless Wide Area Network
vi. Mobile Devices Network
1.2.1 WPANS: Wireless Personal Area Networks The two current technologies for wireless personal area networks are Infra-
Red (IR) and Bluetooth (IEEE 802.15). These will allow the connectivity of
personal devices within an area of about 30 feet. However, IR requires a
direct line of site and the range is less.
A Wireless Personal Area Network (WPAN) is a personal area network - a
network for interconnecting devices centered around an individual person's
workspace - in which the connections are wireless. Wireless PAN is based on
the standard IEEE 802.15. The three kinds of wireless technologies used for
WPAN are Bluetooth, Infrared Data Association and Wi-Fi.
A WPAN could serve to interconnect all the ordinary computing and
communicating devices that many people have on their desk or carry with
them today - or it could serve a more specialized purpose such as allowing
the surgeon and other team members to communicate during an operation.
A key concept in WPAN technology is known as "plugging in". In the ideal
scenario, when any two WPAN-equipped devices come into close proximity
(within several meters of each other) or within a few kilometers of a central
server, they can communicate as if connected by a cable. Another important
feature is the ability of each device to lock out other devices selectively,
preventing needless interference or unauthorized access to information.
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 5
The technology for WPANs is in its infancy and is undergoing rapid
development. Proposed operating frequencies are around 2.4 GHz in digital
modes. The objective is to facilitate seamless operation among home or
business devices and systems. Every device in a WPAN will be able to plug
in to any other device in the same WPAN, provided they are within physical
range of one another. In addition, WPANs worldwide will be interconnected.
Thus, for example, an archeologist on site in Greece might use a PDA to
directly access databases at the University of Minnesota in Minneapolis, and
to transmit findings to that database.
Wireless Technologies
Bluetooth is a simple type of wireless networking that allows the formation
of a small network with up to eight devices being connected at once [176].
Such devices would include PDAs, Laptops, Mobile Phones and Personal
Computers. However, Bluetooth may also be found in keyboards, mice,
headsets and mobile phone hands-free kits, amongst others. It was
originally invented by Ericsson in 1994. In 1998, the Bluetooth SIG (Special
Interest Group) was formed by a small number of major companies –
Ericsson, Nokia, Intel and Toshiba – to help each other develop and promote
the technology. Bluetooth falls under personal area networking since it is
has a very short range – 30 to 300 feet. This sort of range adds to the
security of such a technology in that if someone wanted to sniff your
connection they would not only need special equipment but they would have
to be fairly close to you. The main features of Bluetooth are that unlike
Infra-Red, the signal is not affected by walls, it uses radio technology, it is
not very expensive, and has little power consumption.
Bluetooth uses short-range radio waves over distances up to approximately
10 meters. For example, Bluetooth devices such as keyboards, pointing
devices, audio headsets, printers may connect to Personal Digital Assistants
(PDAs), cell phones, or computers wirelessly.
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 6
A Bluetooth PAN is also called a piconet (combination of the prefix "pico,"
meaning very small or one trillionth, and network), and is composed of up to
8 active devices in a master-slave relationship (a very large number of
devices can be connected in "parked" mode). The first Bluetooth device in
the piconet is the master, and all other devices are slaves that communicate
with the master. A piconet typically has a range of 10 meters (33 ft),
although ranges of up to 100 meters (330 ft) can be reached under ideal
circumstances.
Recent innovations in Bluetooth antennas have allowed these devices to
greatly exceed the range for which they were originally designed. At DEF
CON 12, a group of hackers known as "Flexilis" successfully connected two
Bluetooth devices more than half a mile (800 m) away. They used an
antenna with a scope and Yagi antenna, all attached to a rifle stock. A cable
attached the antenna to a Bluetooth card in a computer. They later named
the antenna "The BlueSniper." [176]
Infrared Data Association uses infrared light, which has a frequency below
the human eye's sensitivity. It is used in cell phones and TV remote ps3
controllers controls. Typical WPAN devices that use IrDA include printers,
keyboards, and other serial data interfaces [45].
Wi-Fi uses radio waves for connection over distances up to around 91
meters, usually in a Local Area Network (LAN) environment. Wi-Fi can be
used to connect local area networks, to connect cell phones to the Internet
to download music and other multimedia, to allow PC multimedia content to
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 7
be stream to the TV (Wireless Multimedia Adapter) and to connect video
game consoles to their networks (Nintendo Wi-Fi Connection).
1.2.2 WLAN: Wireless Local Area Network
A Wireless Local Area Network (WLAN) links two or more devices using some
wireless distribution method (typically spread-spectrum or OFDM radio),
and usually providing a connection through an access point to the wider
internet. This gives users the mobility to move around within a local
coverage area and still be connected to the network. Most modern WLANs
are based on IEEE 802.11 standards, marketed under the Wi-Fi brand
name.
(Figure 1-3: An example of Wi-Fi network)
Wireless LANs have become popular in the home due to ease of installation,
and in commercial complexes offering wireless access to their customers;
often for free. Large wireless network projects are being put up in many
major cities: New York City, for instance, has begun a pilot program to
provide city workers in all five boroughs of the city with wireless Internet
access [8].
WLANS allow users in a local area, such as a university campus or library to
form a network or gain access to the internet. A temporary network can be
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 8
formed by a small number of users without the need of an access point;
given that they do not need access to network resources.
Types of Wireless LANs Peer-to-Peer
An ad-hoc network is a network where stations communicate only peer to
peer (P2P). There is no base and no one gives permission to talk. This is
accomplished using the Independent Basic Service Set (IBSS).
A peer-to-peer (P2P) network allows wireless devices to directly communicate
with each other. Wireless devices within range of each other can discover
and communicate directly without involving central access points. This
method is typically used by two computers so that they can connect to each
other to form a network.
IEEE 802.11 defines the physical layer (PHY) and MAC (Media Access
Control) layers based on CSMA/CA (Carrier Sense Multiple Access with
Collision Avoidance). The 802.11 specification includes provisions designed
to minimize collisions, because two mobile units may both be in range of a
common access point, but out of range of each other.
(Figure 1-4: Peer-to-Peer / Ad-Hoc Network)
The 802.11 has two basic modes of operation: ad hoc mode and
infrastructure mode. In ad hoc mode, mobile units transmit directly peer-to-
peer. In infrastructure mode, mobile units communicate through an access
point that serves as a bridge to a wired network infrastructure. Since
wireless communication uses a more open medium for communication in
comparison to wired LANs, the 802.11 designers also included shared-key
Development of Protocols and Algorithms to
encryption mechanisms:
Access (WPA, WPA2), to secure wireless computer networks.
Bridge
A bridge can be used to connect networks, typically of different types. A
wireless Ethernet bridge allows the connection of devices on a wired
Ethernet network to a wireless network. The bridge acts as the connection
point to the Wireless LAN.
(Figure 1-5: Hidden node problem
Wireless Distribution System
A Wireless Distribution System enables the wireless interconnection of
access points in an IEEE 802.11 network. It allows a wireless network to be
expanded using multiple access points without the need for a wired
backbone to link them, as is traditionally required. The notable advantage of
WDS over other solutions is that it preserves the MAC addresses of client
packets across links between access points
An access point can be either a main, relay or remote base station. A main
base station is typically connected to the wired Ethernet. A relay base
station relays data between remote ba
relay stations to either a main or another relay base station. A remote base
station accepts connections from wireless clients and passes them to relay
or main stations. Connections between "clients" are made using MA
addresses rather than by specifying IP assignments.
Chapter 1: Introduction to Wireless Ad
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network
encryption mechanisms: Wired Equivalent Privacy (WEP),
(WPA, WPA2), to secure wireless computer networks.
A bridge can be used to connect networks, typically of different types. A
bridge allows the connection of devices on a wired
Ethernet network to a wireless network. The bridge acts as the connection
point to the Wireless LAN.
Hidden node problem: Devices A and C are both connecting with B, but are unaware of each other)
Wireless Distribution System
A Wireless Distribution System enables the wireless interconnection of
access points in an IEEE 802.11 network. It allows a wireless network to be
expanded using multiple access points without the need for a wired
bone to link them, as is traditionally required. The notable advantage of
WDS over other solutions is that it preserves the MAC addresses of client
packets across links between access points [175].
An access point can be either a main, relay or remote base station. A main
base station is typically connected to the wired Ethernet. A relay base
station relays data between remote base stations, wireless clients or other
relay stations to either a main or another relay base station. A remote base
station accepts connections from wireless clients and passes them to relay
or main stations. Connections between "clients" are made using MA
addresses rather than by specifying IP assignments.
Chapter 1: Introduction to Wireless Ad hoc Network
Secure Integration of Ad hoc Network and Wired Network Page 9
(WEP), Wi-Fi Protected
(WPA, WPA2), to secure wireless computer networks.
A bridge can be used to connect networks, typically of different types. A
bridge allows the connection of devices on a wired
Ethernet network to a wireless network. The bridge acts as the connection
: Devices A and C are both connecting with B, but are
A Wireless Distribution System enables the wireless interconnection of
access points in an IEEE 802.11 network. It allows a wireless network to be
expanded using multiple access points without the need for a wired
bone to link them, as is traditionally required. The notable advantage of
WDS over other solutions is that it preserves the MAC addresses of client
An access point can be either a main, relay or remote base station. A main
base station is typically connected to the wired Ethernet. A relay base
se stations, wireless clients or other
relay stations to either a main or another relay base station. A remote base
station accepts connections from wireless clients and passes them to relay
or main stations. Connections between "clients" are made using MAC
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 10
All base stations in a Wireless Distribution System must be configured to
use the same radio channel, and share WEP keys or WPA keys if they are
used. They can be configured to different service set identifiers. WDS also
requires that every base station be configured to forward to others in the
system.
WDS may also be referred to as repeater mode because it appears to bridge
and accept wireless clients at the same time (unlike traditional bridging). It
should be noted; however, that throughput in this method is halved for all
clients connected wirelessly.
When it is difficult to connect all of the access points in a network by wires,
it is also possible to put up access points as repeaters.
1.2.3 Wireless Mesh Network
A Wireless Mesh Network (WMN) is a communications network made up of
radio nodes organized in a mesh topology. Wireless mesh networks often
consist of mesh clients, mesh routers and gateways. The mesh clients are
often laptops, cell phones and other wireless devices while the mesh routers
forward traffic to and from the gateways which may but need not connect to
the Internet. The coverage area of the radio nodes working as a single
network is sometimes called a mesh cloud. Access to this mesh, cloud
depends on the radio nodes working in harmony with each other to create a
radio network. A mesh network is reliable and offers redundancy. When one
node can no longer operate, the rest of the nodes can still communicate with
each other, directly or through one or more intermediate nodes. The figure
1-6 below illustrates how wireless mesh networks can self-form and self-
heal. Wireless mesh networks can be implemented with various wireless
technology including 802.11, 802.15, 802.16, cellular technologies or
combinations of more than one type.
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 11
A wireless mesh network can be seen as a special type of wireless ad-hoc
network. A wireless mesh network often has a more planned configuration
and may be deployed to provide dynamic and cost effective connectivity over
a certain geographic area. An ad-hoc network, on the other hand, is formed
ad hoc when wireless devices come within communication range of each
other. The mesh routers may be mobile and be moved according to specific
demands arising in the network. Often the mesh routers are not limited in
terms of resources compared to other nodes in the network and thus can be
exploited to perform more resource intensive functions. In this way, the
wireless mesh network differs from an ad-hoc network, since these nodes
are often constrained by resources [192].
1.2.4 WMAN: Wireless Metropolitan Area Network
This technology allows the connection of multiple networks in a
metropolitan area such as different buildings in a city, which can be an
alternative or backup to laying copper or fibred cabling.
Fast communications of network within the vicinity of a metropolitan area is
called WMAN, that put up an entire city or other related geographic area and
can span up to 50km. WMAN designed for a larger geographical area than a
LAN. The standard of MAN is DQDB which cover up to 30 miles with the
speed of 34 Mbit/s to 155 Mbit/s. It is more common in schools, colleges,
(Figure 1-6: Wireless Mesh Network)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 12
and public services support a high-speed network backbone. WMAN is a
certified name by the IEEE 802.16 that functioning on Broadband for its
wireless metropolitan. WMAN have air interface and a single-carrier scheme
intended to activate in the 10-66 GHz spectrum, supports incessantly
unreliable transfer levels at many certified frequencies.
WMAN opens the door for the creation and Provide high-speed Internet
access to business subscribers. It can handle thousands of user stations
with prevents collisions and support legacy voice systems, voice over IP,
TCP/IP. WMAN offer different applications with different QoS requirements.
The technology of WMAN consists of ATM, FDDI, and SMDS. WiMAX is a
term used for Wireless metropolitan area network and plinth on the IEEE
802.16.
1.2.5 WWAN: Wireless Wide Area Network
A Wireless Wide Area Network (WWAN), is a form of wireless network. The
larger size of a wide area network compared to a local area network requires
differences in technology. Wireless networks of all sizes deliver data in the
form of telephone calls, web pages, and streaming video.
(Figure 1-7: Wireless Metropolitan Area Network)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 13
A WWAN often differs from Wireless Local Area Network (WLAN) by using
mobile telecommunication cellular network technologies such as LTE,
WiMAX (often called a wireless metropolitan area network or WMAN), UMTS,
CDMA2000, GSM, Cellular Digital Packet Data (CDPD) and Mobitex to
transfer data. It can also use Local Multipoint Distribution Service (LMDS)
or Wi-Fi to provide Internet access. These technologies are offered regionally,
nationwide, or even globally and are provided by a wireless service provider.
WWAN connectivity allows a user with a laptop and a WWAN card to surf
the web, check email, or connect to a Virtual Private Network (VPN) from
anywhere within the regional boundaries of cellular service. Various
computers can have integrated WWAN capabilities.
Since radio communications systems do not provide a physically secure
connection path, WWANs typically incorporate encryption and
authentication methods to make them more secure. Unfortunately some of
the early GSM encryption techniques were flawed, and security experts have
issued warnings that cellular communication, including WWAN, is no longer
secure [2]. UMTS (3G) encryption was developed later and has yet to be
broken.
Examples of providers for WWAN in the US include T-Mobile, Sprint Nextel,
Verizon Wireless, and AT&T. Satellite Internet access can also be used over
a wide area.
(Figure 1-8: Components of Wireless Wide Area Network)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 14
1.2.6 Mobile Devices Network
With the development of smart phones, cellular telephone networks
routinely carry data in addition to telephone conversations
• Global System for Mobile Communications (GSM): The GSM network
is divided into three major systems: the switching system, the base
station system, and the operation and support system. The cell phone
connects to the base system station which then connects to the
operation and support station; it then connects to the switching station
where the call is transferred to where it needs to go. GSM is the most
common standard and is used for a majority of cell phones [3].
• Personal Communications Service (PCS): PCS is a radio band that can
be used by mobile phones in North America and South Asia. Sprint
happened to be the first service to set up a PCS.
• D-AMPS: Digital Advanced Mobile Phone Service, an upgraded version of
AMPS, is being phased out due to advancement in technology. The newer
GSM networks are replacing the older system.
1.3 Security in Wireless Network
The following are three methods of security available when it comes to wireless:
(Figure 1-9: How WIFI Phones Work)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 15
1.3.1 WEP (Wired Equivalent Privacy)
Wired Equivalent Privacy is intended to stop the interception of radio
frequency signals by unauthorized users and is most suitable for small
networks. This is so because there is no key management protocol and each
key must be entered manually into the clients – this proves to be a very time
consuming administrative task. WEP is based on the RC4 encryption
algorithm by RSA Data Systems. It works by having all clients and Access
Points configured with the same key for encryption and decryption. The
original implementations of WEP used 64-bit encryption (40-bit + 24-bit
Initialization Vector). By means of a Brute Force attack, 64-bit WEP can be
broken in a matter of minutes, whereas the stronger 128-bit version will
take hours. It’s not the best line of defense against unauthorized intruders
but better than nothing and mainly used by the average home user. One of
the drawbacks of WEP is that since it uses a shared key, if someone leaves
the company then the key will have to be changed on the access point and
all client machines.
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11
wireless networks. Introduced as part of the original 802.11 standard
ratified in September 1999, its intention was to provide data confidentiality
comparable to that of a traditional wired network [72]. WEP, recognizable by
the key of 10 or 26 hexadecimal digits, is widely in use and is often the first
security choice presented to users by router configuration tools [24][10].
Encryption
WEP was included as the privacy component of the original IEEE 802.11
standard ratified in September 1999.WEP uses the stream cipher RC4 for
confidentiality [11], and the CRC-32 checksum for integrity [1]. It was
deprecated in 2004 and is documented in the current standard [71].
Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is
concatenated with a 24-bit initialization vector (IV) to form the RC4 key.
Development of Protocols and Algorithms to
(Figure 1-10: Basic WEP encryption: RC4 Key streams XORed with plain text)
At the time that the original WEP standard was drafted, the U.S.
Government's export restrictions on cryptographic technology limited the
key size. Once the restrictions were lifted, manufac
implemented an extended 128
(WEP-104).
A 64-bit WEP key is usually entered as a string of 10 hexadecimal (base 16)
characters (0-9 and A
four bits each gives 40 bits; adding the 24
bit WEP key. Most devices also allow the user to enter the key as five ASCII
characters, each of which is turned into eight bits using the character's byte
value in ASCII; however
character, which is only a small fraction of possible byte values, greatly
reducing the space of possible keys.
A 128-bit WEP key is usually entered as a string of 26 hexadecimal
characters. 26 digits of f
produces the complete 128
enter it as 13 ASCII characters.
A 256-bit WEP system is available from some vendors. As with the other
WEP-variants 24 bits of
protection. These 232 bits are typically entered as 58 hexadecimal
characters. ((58 × 4 bits =) 232 bits) + 24 IV bits = 256
Key size is one of the security limitations in WEP
requires interception of more packets, but there are active attacks that
Chapter 1: Introduction to Wireless Ad
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network
10: Basic WEP encryption: RC4 Key streams XORed with plain text)
At the time that the original WEP standard was drafted, the U.S.
Government's export restrictions on cryptographic technology limited the
key size. Once the restrictions were lifted, manufacturers of access points
implemented an extended 128-bit WEP protocol using a 104
bit WEP key is usually entered as a string of 10 hexadecimal (base 16)
9 and A-F). Each character represents four bits, 10 digits of
four bits each gives 40 bits; adding the 24-bit IV produces the complete 64
bit WEP key. Most devices also allow the user to enter the key as five ASCII
characters, each of which is turned into eight bits using the character's byte
value in ASCII; however, this restricts each byte to be a printable ASCII
character, which is only a small fraction of possible byte values, greatly
reducing the space of possible keys.
bit WEP key is usually entered as a string of 26 hexadecimal
characters. 26 digits of four bits each give 104 bits; adding the 24
produces the complete 128-bit WEP key. Most devices also allow the user to
enter it as 13 ASCII characters.
bit WEP system is available from some vendors. As with the other
variants 24 bits of that is for the IV, leaving 232 bits for actual
protection. These 232 bits are typically entered as 58 hexadecimal
characters. ((58 × 4 bits =) 232 bits) + 24 IV bits = 256-bit WEP key.
Key size is one of the security limitations in WEP [60]. Cracking a lo
requires interception of more packets, but there are active attacks that
Chapter 1: Introduction to Wireless Ad hoc Network
Secure Integration of Ad hoc Network and Wired Network Page 16
10: Basic WEP encryption: RC4 Key streams XORed with plain text)
At the time that the original WEP standard was drafted, the U.S.
Government's export restrictions on cryptographic technology limited the
turers of access points
bit WEP protocol using a 104-bit key size
bit WEP key is usually entered as a string of 10 hexadecimal (base 16)
F). Each character represents four bits, 10 digits of
bit IV produces the complete 64-
bit WEP key. Most devices also allow the user to enter the key as five ASCII
characters, each of which is turned into eight bits using the character's byte
, this restricts each byte to be a printable ASCII
character, which is only a small fraction of possible byte values, greatly
bit WEP key is usually entered as a string of 26 hexadecimal
our bits each give 104 bits; adding the 24-bit IV
bit WEP key. Most devices also allow the user to
bit WEP system is available from some vendors. As with the other
that is for the IV, leaving 232 bits for actual
protection. These 232 bits are typically entered as 58 hexadecimal
bit WEP key.
Cracking a longer key
requires interception of more packets, but there are active attacks that
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 17
stimulate the necessary traffic. There are other weaknesses in WEP,
including the possibility of IV collisions and altered packets [11] that are not
helped by using a longer key.
WEP Security Issues
WEP has led a troubled existence due to many security issues. The security
issues with Wired Equivalent Privacy (WEP) include:
I. A high percentage of wireless networks have WEP disabled because of
the administrative overhead of maintaining a shared WEP key.
II. WEP has the same problem as all systems based upon shared keys: any
secret held by more than one person soon becomes public knowledge.
Take for example an employee who leaves a company – they still know
the shared WEP key. The ex-employee could sit outside the company
with an 802.11 NIC and sniff network traffic or even attack the internal
network.
III. The initialization vector that seeds the WEP algorithm is sent in the
clear.
IV. The WEP checksum is linear and predictable.
The number and scope of difficulties with WEP security have led to the
creation of WPA (Wireless Protected Access).
(Figure 1-11: WEP Security Issues)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 18
WEP Security Tools
AirSnort
AirSnort is a Wireless LAN (WLAN) tool which cracks encryption keys on
802.11 WEP networks. AirSnort operates by passively monitoring
transmissions and computing the WEP encryption key when enough packets
have been gathered.
BSD-Airtools
BSD-airtools is a package that provides a complete toolset for wireless
802.11 auditing. Namely, it currently contains a bsd-based Wired
Equivalent Privacy (WEP) cracking application, called dweputils (as well as
kernel patches for NetBSD, OpenBSD, and FreeBSD). It also contains a
curses based AP detection application similar to netstumbler (dstumbler)
that can be used to detect wireless access points and connected nodes, view
signal to noise graphs, and interactively scroll through scanned AP's and
view statistics for each. It also includes a couple other tools to provide a
complete toolset for making use of all 14 of the prism2 debug modes as well
as do basic analysis of the hardware-based link-layer protocols provided by
prism2's monitor debug mode.
WEPCrack
WEPCrack is a tool that cracks 802.11 WEP encryption keys by exploiting
the weaknesses of RC4 key scheduling.
WEP Attack
WEP Attack is a WLAN open source Linux tool for breaking 802.11 Wired
Equivalent Privacy (WEP) keys. This tool is based on an active dictionary
attack that tests millions of words to find the right key. Only one packet is
required to start an attack on WEP.
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 19
WEPWedgie
WEPWedgie is a toolkit for determining 802.11 WEP key streams and
injecting traffic with known key streams. The toolkit also includes logic for
firewall rule mapping, ping scanning, and port scanning via the injection
channel and a cellular modem.
1.3.2 WEP2 (Wired Equivalent Privacy version 2)
In 2004, the IEEE proposed an updated version of WEP; WEP2 to address
its predecessor’s shortcomings. Like WEP it relies on the RC4 algorithm but
instead uses a 128-bit initialization vector making it stronger than the
original version of WEP, but may still be susceptible to the same kind of
attacks.
This stopgap enhancement to WEP was present in some of the early 802.11i
drafts. It was implementable on some (not all) hardware not able to handle
WPA or WPA2, and extended both the IV and the key values to 128 bits
[173]. It was hoped to eliminate the duplicate IV deficiency as well as stop
brute force key attacks.
After it became clear that the overall WEP algorithm was deficient (and not
just the IV and key sizes) and would require even more fixes, both the WEP2
name and original algorithm were dropped. The two extended key lengths
remained in what eventually became WPA's TKIP. Figure 1-12 shows the
relationship between WEP – WPA – WPA2.
(Figure 1-12: Relationship between WEP- WPA-WPA2)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 20
1.3.3 SSID (Service Set Identifier)
SSID acts as simple password by allowing a WLAN network to be split up
into different networks each having a unique identifier. These identifiers will
be programmed into multiple access points. To access any of the networks,
a client computer must be configured with a corresponding SSID identifier
for that network. If they match then access will be granted to the client
computer.
A service set is all the devices associated with a local or enterprise IEEE
802.11Wireless Local Area Network (WLAN).
(Figure 1-13: SSID working Diagram)
Types of Service Set Identifier
I. Independent Basic Service Set
The Basic Service Set (BSS) is the basic building block of an 802.11 wireless
LAN. In infrastructure mode, a single Access Point (AP) together with all
associated Stations (STAs) is called a BSS [5]. This is not to be confused
with the coverage of an access point, which is called Basic Service Area
(BSA) [4]. An access point acts as a master to control the stations within
that BSS. In ad hoc mode a set of synchronized stations, one of which acts
as master, forms a BSS. Each BSS is identified by a BSSID. The most basic
BSS consists of one access point and one station.
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 21
II. Extended Service Set
An Extended Service Set (ESS) is a set of one or more interconnected BSSs
and integrated local area networks that appear as a single BSS to the logical
link control layer at any station associated with one of those BSSs.
The set of interconnected BSSs must have a common Service Set Identifier
(SSID). They can work on the same channel, or work on different channels
to boost aggregate throughput.
(Figure 1-14: Wireless Network working in Extended Service Set mode)
III. Basic Service Set Identification
A related field is the Basic Service Set Identification (BSSID) [6], which
uniquely identifies each BSS (the SSID however, can be used in multiple,
possibly overlapping, BSSs). In an infrastructure BSS, the BSSID is the
MAC address of the Wireless Access Point (WAP). In an IBSS, the BSSID is a
locally administered MAC address generated from a 46-bit random number.
The individual/group bit of the address is set to 0 (individual). The
universal/local bit of the address is set to 1 (local).
A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A
broadcast BSSID may only be used during probe requests.
Security Gains of SSID hiding
Many access points allow a user to turn off the broadcast of the SSID. With
many network client devices, this results in the detected network displaying
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 22
as an unnamed network and the user would need to manually enter the
correct SSID to connect to the network.
Unfortunately, turning off the broadcast of the SSID may lead to a false
sense of security. The method discourages only casual wireless snooping,
but does not stop a person trying to attack the network [137].
It is not secure against determined crackers, because every time someone
connects to the network, the SSID is transmitted in clear text even if the
wireless connection is otherwise encrypted. An eavesdropper can passively
sniff the wireless traffic on that network undetected (with software like
Kismet), and wait for someone to connect, revealing the SSID. Alternatively,
there are faster (albeit detectable) methods where a cracker spoofs a
"disassociate frame" as if it came from the wireless bridge, and sends it to
one of the clients connected; the client immediately re-connects, revealing
the SSID [86][168].
(Figure 1-15: Wireless Network working in multiple SSID modes)
As disabling SSID does not offer protection against determined crackers,
proven security methods should be used such as requiring 802.11i/WPA2
[9].
Microsoft discourages SSID-hiding because it leads to clients probing for the
SSID in plain text. This not only exposes the SSID that was meant to be
hidden but also allows a fake access point to offer a connection [7].
Development of Protocols and Algorithms to
Programs that act as fake access
"airbase-ng" [169] and "Karma" [57].
1.3.4 MAC Address F
MAC Address
A Media Access Control address
assigned to network interfaces
segment. MAC addresses are used for numerous network technologies and
most IEEE 802 network technologies, including
addresses are used in the
OSI reference model.
(Figure 1-
MAC addresses are most often assigned by the manufacturer of a
Interface Card (NIC) and are stored in its hardware, the card's read
memory, or some other firmware mechanism. If assigned by the
manufacturer, a MAC address usually encodes the manufacturer's
registered identification number and may be referred to as the
address. It may also be known as an
hardware address or
NICs and will then have one unique MAC address per NIC.
Chapter 1: Introduction to Wireless Ad
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network
Programs that act as fake access points are freely available
ng" [169] and "Karma" [57].
Filtering
Control address (MAC address) is a
network interfaces for communications on the physical network
segment. MAC addresses are used for numerous network technologies and
network technologies, including Ethernet
addresses are used in the Media Access Control protocol sub
-16: Media Access Control (MAC) Address details)
MAC addresses are most often assigned by the manufacturer of a
) and are stored in its hardware, the card's read
memory, or some other firmware mechanism. If assigned by the
manufacturer, a MAC address usually encodes the manufacturer's
registered identification number and may be referred to as the
. It may also be known as an Ethernet Hardware
or physical address. A network node may have multiple
NICs and will then have one unique MAC address per NIC.
Chapter 1: Introduction to Wireless Ad hoc Network
Secure Integration of Ad hoc Network and Wired Network Page 23
points are freely available examples are
) is a unique identifier
for communications on the physical network
segment. MAC addresses are used for numerous network technologies and
Ethernet. Logically, MAC
protocol sub-layer of the
16: Media Access Control (MAC) Address details)
MAC addresses are most often assigned by the manufacturer of a Network
) and are stored in its hardware, the card's read-only
memory, or some other firmware mechanism. If assigned by the
manufacturer, a MAC address usually encodes the manufacturer's
registered identification number and may be referred to as the burned-in
ardware Address (EHA),
may have multiple
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 24
MAC addresses are formed according to the rules of one of three numbering
name spaces managed by the Institute of Electrical and Electronics
Engineers (IEEE): MAC-48, EUI-48, and EUI-64. The IEEE claims trade
marks on the names EUI-48 and EUI-64, in which EUI is an acronym for
Extended Unique Identifier.
MAC Filtering
In computer networking, MAC Filtering (or EUI filtering, or layer 2 address
filtering) refers to a security access control method whereby the 48-bit
address assigned to each network card is used to determine access to the
network.
MAC addresses are uniquely assigned to each card, so using MAC filtering
on a network permits and denies network access to specific devices through
the use of blacklists and whitelists. While the restriction of network access
through the use of lists is straightforward, an individual person is not
identified by a MAC address, rather a device only, so an authorized person
will need to have a white list entry for each device that he or she would use
to access the network.
While giving a wireless network some additional protection, MAC filtering
can be circumvented by scanning a valid MAC (via airodump-ng) and then
spoofing one's own MAC into a validated one. This can be done in the
Windows Registry or by using command line tools on a Linux platform.
(Figure 1-17: IP/MAC Filtering)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 25
A list of MAC addresses belonging to the client computers can be inputted
into an Access Point and thus only those computers will be allowed access.
When a computer makes a request, its MAC address is compared to that of
the MAC address list on the Access Point and permission granted or denied.
This is a good method of security but only recommended for smaller
networks as there is a high rate of work involved in entering each MAC
address into every Access Point.
1.4 IEEE Standards of Wireless Network Below is a figure indicating the range that wireless data networks can handle:
The 802.11 standard first appeared in the 1990’s and was developed by the
Institute of Electrical and Electronics Engineers. It has now emerged and
expanded to be one of the leading technologies in the wireless world.
(Figure 1-18: Demonstration of IEEE Standard Wireless Network)
802.11
The original 802.11 standard was developed in 1989 and defines the
operation of wireless networks operating in the 2.4 GHz range using either
DSSS or FHSS at the Physical layer of the OSI model. The standard also
defines the use of Infrared for wireless communication. The intent of the
standard is to provide a wireless equivalent for standards, such as 802.3,
that are used for wired networks. DSSS devices that follow the 802.11
standard communicate at speeds of 1 and 2 Mbps and generally have a
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 26
range of around 300 feet. Because of the need for higher rates of data
transmission and the need to provide more functionality at the MAC layer,
other standards were developed by the 802.11 Task Groups (or in some
cases the 802.11 standards were developed from technologies that preceded
them).
The IEEE 802.11 standard provides for all the necessary definitions and
constructs for wireless networks. Everything from the physical transmission
specifications to the authentication negotiation is provided. Wireless traffic,
like its wired counterpart, consists of frames transmitted from one station to
another. The primary feature which sets wireless networks apart from wired
networks is that one end of the communication pair is either another
wireless client or a wireless access point.
Using either FHSS (Frequency Hopping Spread Spectrum) or DSSS (Direct
Sequence Spread Spectrum) this provides a 1 to 2 Mbps transmission rate
on the 2.4GHz band.
802.11a
Using the OFDM (Orthogonal Frequency Division Multiplexing) this provides
up to 54Mbps and runs on the 5GHz band.
802.11b
Most common standard in use today for wireless networks is the 802.11b
standard which defines DSSS networks that use the 2.4GHz ISM band and
communicate at speeds of 1, 2, 5.5 and 11 Mbps. The 802.11b standard
defines the operation of only DSSS devices and is backward compatible with
802.11 DSSS devices. The standard is also concerned only with the PHY and
MAC layers: Layer 3 and higher protocols are considered payload. There is
only one frame type used by 802.11b networks, and it is significantly
different from Ethernet frames. The 802.11b frame type has a maximum
length of 2346 bytes, although it is often fragmented at 1518 bytes as it
traverses an access point to communicate with Ethernet networks. The
frame type provides for 3 general categories of frames: management frames,
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 27
control frames, and data. In general, the frame type provides methods for
wireless devices to discover, associate (or disassociate), and authenticate
with one another; to shift data rates as signals become stronger or weaker;
to conserve power by going into sleep mode; to handle collisions and
fragmentation; and to enable encryption through WEP. With regard to WEP,
we should note that the standard defines the use of only 64-bit (also
sometimes referred to as 40-bit to add to the confusion) encryption, which
may cause issues of interoperability between devices from different vendors
that use 128-bit or higher encryption.
This is also known as Wi-Fi or High Rate 802.11, uses DSSS and applies to
wireless LANs. It is most commonly used for private use, at home. It
provides an 11 Mbps transmission rate and has a fallback rate of 5.5, 2 and
1 Mbps.
802.11g
This provides more than 20 Mbps transmission rate applies to LANs and
runs on the 2.4GHz band.
1.5 Introduction to Wireless Ad hoc Network
A wireless ad hoc network is a decentralized type of wireless network [35].
The network is ad hoc because it does not rely on a pre-existing
infrastructure, such as routers in wired networks or access points in
managed (infrastructure) wireless networks. Instead, each node participates
in routing by forwarding data for other nodes, and so the determination of
which nodes forward data is made dynamically based on the network
connectivity. In addition to the classic routing, ad hoc networks can use
flooding for forwarding the data.
An ad hoc network typically refers to any set of networks where all devices
have equal status on a network and are free to associate with any other ad
hoc network devices in link range. Very often, an ad hoc network refers to a
mode of operation of IEEE 802.11 wireless networks.
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 28
(Figure 1-19: Illustration of Wireless Ad-Hoc Network)
It also refers to a network device's ability to maintain link status information
for any number of devices in a 1 link (aka "hop") range, and thus this is
most often a Layer 2 activity. Because this is only a Layer 2 activity, ad hoc
networks alone may not support a routable IP network environment without
additional Layer 2 or Layer 3 capabilities.
The earliest wireless ad hoc networks were the "Packet Radio" networks
(PRNETs) from the 1970s, sponsored by DARPA after the ALOHAnet project.
1.5.1 Network Modes
Network mode, like network architecture (and other networking terms)
means several different things in the Information Technology (IT) world, but
wireless networks come in three major modes: ad hoc, infrastructure, and
hybrid.
• Ad-Hoc Network Mode
Ad hoc mode refers to a wireless peer-to-peer network: that is, a network in
which each device (usually a PC) connects via wireless radio to every other
PC directly.
No central PC or device exists to act as a centre of the network or in the
terminology of computer networking, as a server for the rest of the PCs.
The primary technical distinction between ad hoc and infrastructure
networks is that infrastructure networks use an access point, while ad hoc
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 29
networks do not, although ad hoc networks and infrastructure networks can
certainly co-exist.
(Figure 1-20: Wireless Network in Ad-Hoc Network mode)
Think of an ad hoc network precisely as its name suggests: you connect
each PC as you require it, but in a completely non-centralized way. Figure 1-
20 shows an ad hoc network of three PCs.
• Infrastructure Network Mode
Infrastructure mode refers to a wireless network controlled through a
wireless access point that generates the signals for the individual devices to
read through their wireless network adapters.
The access point acts as a central traffic cop for the signals, and because
you place it physically for the best possible reception, it provides more
reliable connectivity than ad hoc networks.
The access point also allows you to share your Internet connection without
doing so through a PC.
(Figure 1-21: Wireless Network in Infrastructure Network mode)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 30
This is a benefit first because you do not have to leave your PC on for
network clients to connect to the Internet, and second because an access
point can provide some firewall security. Most importantly, however, many
access points also function as bridges between the WLAN and your wired
LAN.
In other words, if you already have a wired LAN, you can add the AP/bridge
as another client to the wired network, and when you connect clients to the
AP/bridge, you simultaneously add them to the network as a whole. Figure
1-21 shows a typical infrastructure network configuration:
• Hybrid Network Mode
Hybrid mode consists of a combination of ad hoc and infrastructure
networks. In this mode, you create an infrastructure network, and you then
create ad hoc networks among the devices connected to the infrastructure.
In other words, the hybrid network adds WLANs to the larger WLAN, in
much the same way as the bridged infrastructure network adds WLANs to a
larger LAN.
(Figure 1-22: Wireless Network in Hybrid Network mode)
Hybrid mode maximizes the bandwidth of a wireless network by relieving the
access point of the need to handle all traffic; instead, PCs transmit data to
one another when possible, leaving the access point free to relay data to and
from the wired LAN and to other access points.
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 31
Each of these modes has its strengths and its weaknesses. An ad hoc
network, quite obviously, works only when its PCs are physically close to
each other, and only when limited in number.
Furthermore, to share an Internet connection, one of the PCs must remain
powered on. But communication is fast and connection is easy, a significant
benefit for ad hoc groups of, say, students or employees.
Infrastructure networks allow for a shared Internet connection with only the
access point powered on, they centralize the network’s connections (most
access points also act as DHCP servers, providing network addresses for
each device) and they bridge wireless and wired LANs. But large buildings
require numerous access points for effective connectivity and access points
slow down considerably as more and more traffic is directed through them.
Hybrid networks provide the ideal solution for smaller groups of people
using a much larger network, but they run greater risks in uninvited
connectivity and uncontrolled network activity.
1.5.2 Wireless Network Security Challenges
Network Security is big missing
Internet broadband customers commonly protect their computer with anti-
virus or anti-spyware software, but fail to see the need to secure their home
network. Most do not realize that the connection that gives them access to
the Internet also gives their neighbour or any potential hacker roaming their
neighbourhood access to their home network, their host devices, and
ultimately their personal and financial information. They also lack
knowledge about the security mechanisms available for their home networks
and the necessary skills to implement them.
Network Security is difficult to setup and manage
Wireless home networks are difficult to setup and manage – often
consumers are satisfied just getting their host devices on the network.
Consumers who purchase Wi-Fi Access Points to create Wireless Local Area
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 32
Networks (WLAN) in their home typically use the default settings on these
devices during installation. Administrative passwords go unset, and firewalls
are not configured. Anyone who has searched for hotspots is familiar with
the “Default” or “Linksys” Service Set Identifier (SSID) being broadcasted by
an unsuspecting neighbour who has not implemented basic network
security.
(Figure 1-23: Network Security Problems)
Network Security is a deterrent at best
Consumers who have the right combination of awareness, skill, and
patience typically use Open System Interconnection (OSI) Layer II security
solutions such as Wired Equivalency Privacy (WEP) and its replacement, Wi-
Fi Protected Access (WPA) to secure their home network. However, WEP is
easily hackable, and ironically, WPA easier still. Malicious hacking software
is readily available to compromise home networks and their host devices. As
a result, unauthorized users can send untraceable communications,
download illegal material, steal personal and financial information, or even
record Voice over Wi-Fi (VoWi-Fi) conversations.
Network Security is prone to obsolescence
Wi-Fi access point security is typically configured to be compatible with the
oldest security mechanism utilized by its host devices. Moreover, since these
solutions are hardware based, the upgrade path is difficult, limited, or non-
existent. Home networks will always be vulnerable unless consumers are
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 33
willing to replace all their network hardware each time they want to upgrade
to the latest security technologies.
1.6 Motivation
In publicly accessible wireless networks information sharing between users
who may not trust each other, security, privacy and integrity are the
important properties in information collection.
Because in the civilian applications of wireless networks, the data we deal
with and the environments we interact with are not only about trees in the
forest and animals in habitat, rather they may be critical to our properties,
health and even lives, such systems will never succeed without adequate
provision for data security , privacy and integrity. Accordingly, I will focus
on two aspects of such systems security and integrity protection. My
objective is to design protocols for (1) Secure integration of ad hoc network
with the wired network; (2) Intrusion detection in ad hoc network, so users
can trust it. Therefore, we focus on security protocol design and a
conceptual model for Intrusion Detection. We can anticipate trustworthy
mobile ad hoc networks in the future.
Mobile ad hoc networks are complex distributed systems that comprise
wireless mobile nodes that can freely and dynamically self-organize into
arbitrary and temporary, “ad hoc” network topologies. They allow people and
devices to seamlessly interwork with no pre-existing communication
infrastructure and central administration. Securing MANETs is a highly
challenging issue, much more difficult than securing traditional
infrastructure based networks. The challenges come from MANET’s unique
characteristics: unreliability of wireless links, dynamic topology, and
absence of underlying infrastructure. A common approach to secure
network is to use preventive mechanisms: encryption of data traffic; public
and private keys for identification and authentication; etc. This can be seen
as a first wall of defense against network intruders. The second wall of
defense is intrusion detection. Intrusion detection can be defined as the
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 34
automated detection and subsequent generation of alarms to alert the
security administrator in any situation where intrusions have taken, are
taking, or about to be take place. It is generally accepted that preventive
mechanisms on their own are not sufficient for a network with even a
moderate level of security requirements. Continuing advances by intruders,
holes in current prevention mechanisms and possibility of attacks from
within the network mean the ability to detect an intrusion is vital. Since Y.
Zhang‘s and W. Lee’s milestone work, intrusion detection in wireless ad hoc
networks has received extensive research effort, and an architecture have
been proposed whose surveys can be found in [184]. However, the
characteristics of MANETs make most of these existing IDSs redundant, and
motivate effort for producing new architectures for intrusion detection in
MANETs.
1.7 Thesis Statement
Investigating, analyzing, and developing the suite of protocols and
algorithms to secure communication mechanisms in Wireless ad hoc
networks and integrating it with the Legacy Protocol and providing all-round
Security Manager for key management that meets the requirements of both
the wireless and the backend wired network.
The research challenges are: (1) How to design an efficient key management
scheme to support authentication, data integrity control, and information
confidentiality? (2) How to motivate the collaboration among mobile nodes
which try to maximize their own benefit? (3) How to identify and isolate
malicious attackers?
1.8 Outline of the Thesis
The dissertation is arranged as follows. Chapter 1 general overview of
wireless ad hoc networks; and explains the specific characteristics of
wireless ad hoc networks along with the specific features, security
mechanisms, security loopholes of ad hoc wireless networks. Chapter 2
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 35
presents an overview of a wide range of routing protocols proposed in the
literature. It also provides a performance comparison of all routing protocols
and suggests which of the protocols may perform best in large networks.
Chapter 3 focuses on the novel architecture which helps to reduce the
intruder attacks and the core concept of the research. Chapter 4 presents
the Highly Secure and Highly Available (HSHA) key management techniques
and how it works. Chapter 5 describes the collaboration mechanism and its
application to the University Campus using the HSHA protocol. Chapter 6
concludes the scope of our work and discusses the future directions of our
research.
1.9 Conclusion
The wireless communication revolution is bringing fundamental changes to
data networking, telecommunication, and is making integrated networks a
reality. By freeing the user from the cord, personal communications
networks, wireless LAN's, mobile radio networks and cellular systems,
harbor the promise of fully distributed mobile computing and
communications, anytime, anywhere.
(Figure 1-24: Characteristics of selected wireless standards)
Chapter 1: Introduction to Wireless Ad hoc Network
Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 36
There is a lot in store for wireless networking and wireless in general. The
introduction of WiMAX is just one of the things to look forward to. I can
foresee the use of wireless networking technology expanding, so much so
that it will continue to become an important, if not essential, part of
business and individuals alike. Needless to say, wireless networking is an
exciting aspect of Information Technology!