Chapter-1 Introduction to Wireless Ad hoc...

Chapter 1: Introduction to Wireless Ad hoc Network

Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network

Chapter-1

Introduction to Wireless Ad hoc

Network


Development of Protocols and Algorithms to Secure Integration of Ad hoc Network and Wired Network Page 1

1.1 Introduction

Wireless network is a network set up by using radio signal frequency to

communicate among computers and other network devices. Sometimes, it is

also referred as Wi-Fi network or WLAN. This network is getting popular

nowadays due to easy to setup feature and no cabling involved. You can

connect computers anywhere in your home without the need of wires.

Whether it is because you have made a call using a mobile phone, received a

message on your pager, checked your email from a PDA or even just seen an

advert related to it, we have all come across a wireless data or voice network!

If a user, application or company wishes to make data portable, mobile and

accessible then wireless networking is the answer. A wireless networking

system would rid of the downtime you would normally have in a wired

network due to cable problems. It would also save time and money due to

the fact that you would spare the expenses of installing a lot of cables. Also,

if a client computer needs to relocate to another part of the office then all

you need to do is to move the machine with the wireless network card.

Wireless networking can prove to be very useful in public places. Libraries,

guest houses, hotels, cafeterias and schools are all places where one might

find wireless access to the Internet. From a financial point of view, this is

beneficial to both the provider and the client. The provider would offer the

service for a charge – probably on a pay per use system and the client would

be able to take advantage of this service in a convenient location; away from

the office or home. A drawback of wireless Internet is that the QoS (Quality

of Service) is not guaranteed and if there is any interference with the link

then the connection may be dropped.

These types of networks can be maintained over large areas, such as cities

or countries via multiple satellite systems or antenna sites looked after by

an ISP. These types of systems are referred to as 2G (2nd Generation)

systems.



Meters Network

0-10 Personal Area Network

0-100 Local Area Network

0-10000 Wide Area Network

(Table 1-1: Range of network in terms of meters)

The Figure 1-1 shows how it works, let us say you have two computers each

equipped with wireless adapter and you have set up wireless router. When

the computer sends out the data, the binary data will be encoded to radio

frequency and transmitted via wireless router. The receiving computer will

then decode the signal back to binary data.

It does not matter you are using broadband cable/DSL modem to access

internet; both ways will work with wireless network. If you heard about

wireless hotspot, which means that location is equipped with wireless

devices for you and others to join the network. You can check out the

nearest hotspots from your home here.

The two main components are wireless router or access point and wireless

clients.

If you have not set up any wired network, then just get a wireless router and

attach it to cable or DSL modem. You then set up wireless client by adding

wireless card to each computer and form a simple wireless network as

shown in Figure 1-2. You can also cable connect computer directly to router

if there are switch ports available.

If you already have wired Ethernet network at home, you can attach a

wireless access point to existing network router and have wireless access at

home. Wireless router or access points should be installed in a way that

maximizes coverage as well as throughput. The coverage provided is

generally referred to as the coverage cell.



(Figure 1-1: How Wireless Network Works)

Large areas usually require more than one access point in order to have

adequate coverage. You can also add access point to your existing wireless

router to improve coverage.

(Figure 1-2: How Wireless Network Works With Access Point)



1.2 Types of Wireless Networks

The Following are the type of Wireless Networks

i. Wireless Personal Area Network

ii. Wireless Local Area Network

iii. Wireless Mesh Network

iv. Wireless Metropolitan Area Network

v. Wireless Wide Area Network

vi. Mobile Devices Network

1.2.1 WPANS: Wireless Personal Area Networks The two current technologies for wireless personal area networks are Infra-

Red (IR) and Bluetooth (IEEE 802.15). These will allow the connectivity of

personal devices within an area of about 30 feet. However, IR requires a

direct line of site and the range is less.

A Wireless Personal Area Network (WPAN) is a personal area network - a

network for interconnecting devices centered around an individual person's

workspace - in which the connections are wireless. Wireless PAN is based on

the standard IEEE 802.15. The three kinds of wireless technologies used for

WPAN are Bluetooth, Infrared Data Association and Wi-Fi.

A WPAN could serve to interconnect all the ordinary computing and

communicating devices that many people have on their desk or carry with

them today - or it could serve a more specialized purpose such as allowing

the surgeon and other team members to communicate during an operation.

A key concept in WPAN technology is known as "plugging in". In the ideal

scenario, when any two WPAN-equipped devices come into close proximity

(within several meters of each other) or within a few kilometers of a central

server, they can communicate as if connected by a cable. Another important

feature is the ability of each device to lock out other devices selectively,

preventing needless interference or unauthorized access to information.



The technology for WPANs is in its infancy and is undergoing rapid

development. Proposed operating frequencies are around 2.4 GHz in digital

modes. The objective is to facilitate seamless operation among home or

business devices and systems. Every device in a WPAN will be able to plug

in to any other device in the same WPAN, provided they are within physical

range of one another. In addition, WPANs worldwide will be interconnected.

Thus, for example, an archeologist on site in Greece might use a PDA to

directly access databases at the University of Minnesota in Minneapolis, and

to transmit findings to that database.

Wireless Technologies

Bluetooth is a simple type of wireless networking that allows the formation

of a small network with up to eight devices being connected at once [176].

Such devices would include PDAs, Laptops, Mobile Phones and Personal

Computers. However, Bluetooth may also be found in keyboards, mice,

headsets and mobile phone hands-free kits, amongst others. It was

originally invented by Ericsson in 1994. In 1998, the Bluetooth SIG (Special

Interest Group) was formed by a small number of major companies –

Ericsson, Nokia, Intel and Toshiba – to help each other develop and promote

the technology. Bluetooth falls under personal area networking since it is

has a very short range – 30 to 300 feet. This sort of range adds to the

security of such a technology in that if someone wanted to sniff your

connection they would not only need special equipment but they would have

to be fairly close to you. The main features of Bluetooth are that unlike

Infra-Red, the signal is not affected by walls, it uses radio technology, it is

not very expensive, and has little power consumption.

Bluetooth uses short-range radio waves over distances up to approximately

10 meters. For example, Bluetooth devices such as keyboards, pointing

devices, audio headsets, printers may connect to Personal Digital Assistants

(PDAs), cell phones, or computers wirelessly.



A Bluetooth PAN is also called a piconet (combination of the prefix "pico,"

meaning very small or one trillionth, and network), and is composed of up to

8 active devices in a master-slave relationship (a very large number of

devices can be connected in "parked" mode). The first Bluetooth device in

the piconet is the master, and all other devices are slaves that communicate

with the master. A piconet typically has a range of 10 meters (33 ft),

although ranges of up to 100 meters (330 ft) can be reached under ideal

circumstances.

Recent innovations in Bluetooth antennas have allowed these devices to

greatly exceed the range for which they were originally designed. At DEF

CON 12, a group of hackers known as "Flexilis" successfully connected two

Bluetooth devices more than half a mile (800 m) away. They used an

antenna with a scope and Yagi antenna, all attached to a rifle stock. A cable

attached the antenna to a Bluetooth card in a computer. They later named

the antenna "The BlueSniper." [176]

Infrared Data Association uses infrared light, which has a frequency below

the human eye's sensitivity. It is used in cell phones and TV remote ps3

controllers controls. Typical WPAN devices that use IrDA include printers,

keyboards, and other serial data interfaces [45].

Wi-Fi uses radio waves for connection over distances up to around 91

meters, usually in a Local Area Network (LAN) environment. Wi-Fi can be

used to connect local area networks, to connect cell phones to the Internet

to download music and other multimedia, to allow PC multimedia content to



be stream to the TV (Wireless Multimedia Adapter) and to connect video

game consoles to their networks (Nintendo Wi-Fi Connection).

1.2.2 WLAN: Wireless Local Area Network

A Wireless Local Area Network (WLAN) links two or more devices using some

wireless distribution method (typically spread-spectrum or OFDM radio),

and usually providing a connection through an access point to the wider

internet. This gives users the mobility to move around within a local

coverage area and still be connected to the network. Most modern WLANs

are based on IEEE 802.11 standards, marketed under the Wi-Fi brand

name.

(Figure 1-3: An example of Wi-Fi network)

Wireless LANs have become popular in the home due to ease of installation,

and in commercial complexes offering wireless access to their customers;

often for free. Large wireless network projects are being put up in many

major cities: New York City, for instance, has begun a pilot program to

provide city workers in all five boroughs of the city with wireless Internet

access [8].

WLANS allow users in a local area, such as a university campus or library to

form a network or gain access to the internet. A temporary network can be



formed by a small number of users without the need of an access point;

given that they do not need access to network resources.

Types of Wireless LANs Peer-to-Peer

An ad-hoc network is a network where stations communicate only peer to

peer (P2P). There is no base and no one gives permission to talk. This is

accomplished using the Independent Basic Service Set (IBSS).

A peer-to-peer (P2P) network allows wireless devices to directly communicate

with each other. Wireless devices within range of each other can discover

and communicate directly without involving central access points. This

method is typically used by two computers so that they can connect to each

other to form a network.

IEEE 802.11 defines the physical layer (PHY) and MAC (Media Access

Control) layers based on CSMA/CA (Carrier Sense Multiple Access with

Collision Avoidance). The 802.11 specification includes provisions designed

to minimize collisions, because two mobile units may both be in range of a

common access point, but out of range of each other.

(Figure 1-4: Peer-to-Peer / Ad-Hoc Network)

The 802.11 has two basic modes of operation: ad hoc mode and

infrastructure mode. In ad hoc mode, mobile units transmit directly peer-to-

peer. In infrastructure mode, mobile units communicate through an access

point that serves as a bridge to a wired network infrastructure. Since

wireless communication uses a more open medium for communication in

comparison to wired LANs, the 802.11 designers also included shared-key

Development of Protocols and Algorithms to

encryption mechanisms:

Access (WPA, WPA2), to secure wireless computer networks.

Bridge

A bridge can be used to connect networks, typically of different types. A

wireless Ethernet bridge allows the connection of devices on a wired

Ethernet network to a wireless network. The bridge acts as the connection

point to the Wireless LAN.

(Figure 1-5: Hidden node problem

Wireless Distribution System

A Wireless Distribution System enables the wireless interconnection of

access points in an IEEE 802.11 network. It allows a wireless network to be

expanded using multiple access points without the need for a wired

backbone to link them, as is traditionally required. The notable advantage of

WDS over other solutions is that it preserves the MAC addresses of client

packets across links between access points

An access point can be either a main, relay or remote base station. A main

base station is typically connected to the wired Ethernet. A relay base

station relays data between remote ba

relay stations to either a main or another relay base station. A remote base

station accepts connections from wireless clients and passes them to relay

or main stations. Connections between "clients" are made using MA

addresses rather than by specifying IP assignments.

Chapter 1: Introduction to Wireless Ad


encryption mechanisms: Wired Equivalent Privacy (WEP),

(WPA, WPA2), to secure wireless computer networks.


bridge allows the connection of devices on a wired


point to the Wireless LAN.

Hidden node problem: Devices A and C are both connecting with B, but are unaware of each other)

Wireless Distribution System




bone to link them, as is traditionally required. The notable advantage of


packets across links between access points [175].



station relays data between remote base stations, wireless clients or other



or main stations. Connections between "clients" are made using MA

addresses rather than by specifying IP assignments.


Secure Integration of Ad hoc Network and Wired Network Page 9

(WEP), Wi-Fi Protected

(WPA, WPA2), to secure wireless computer networks.


bridge allows the connection of devices on a wired


: Devices A and C are both connecting with B, but are




bone to link them, as is traditionally required. The notable advantage of




se stations, wireless clients or other



or main stations. Connections between "clients" are made using MAC



All base stations in a Wireless Distribution System must be configured to

use the same radio channel, and share WEP keys or WPA keys if they are

used. They can be configured to different service set identifiers. WDS also

requires that every base station be configured to forward to others in the

system.

WDS may also be referred to as repeater mode because it appears to bridge

and accept wireless clients at the same time (unlike traditional bridging). It

should be noted; however, that throughput in this method is halved for all

clients connected wirelessly.

When it is difficult to connect all of the access points in a network by wires,

it is also possible to put up access points as repeaters.

1.2.3 Wireless Mesh Network

A Wireless Mesh Network (WMN) is a communications network made up of

radio nodes organized in a mesh topology. Wireless mesh networks often

consist of mesh clients, mesh routers and gateways. The mesh clients are

often laptops, cell phones and other wireless devices while the mesh routers

forward traffic to and from the gateways which may but need not connect to

the Internet. The coverage area of the radio nodes working as a single

network is sometimes called a mesh cloud. Access to this mesh, cloud

depends on the radio nodes working in harmony with each other to create a

radio network. A mesh network is reliable and offers redundancy. When one

node can no longer operate, the rest of the nodes can still communicate with

each other, directly or through one or more intermediate nodes. The figure

1-6 below illustrates how wireless mesh networks can self-form and self-

heal. Wireless mesh networks can be implemented with various wireless

technology including 802.11, 802.15, 802.16, cellular technologies or

combinations of more than one type.



A wireless mesh network can be seen as a special type of wireless ad-hoc

network. A wireless mesh network often has a more planned configuration

and may be deployed to provide dynamic and cost effective connectivity over

a certain geographic area. An ad-hoc network, on the other hand, is formed

ad hoc when wireless devices come within communication range of each

other. The mesh routers may be mobile and be moved according to specific

demands arising in the network. Often the mesh routers are not limited in

terms of resources compared to other nodes in the network and thus can be

exploited to perform more resource intensive functions. In this way, the

wireless mesh network differs from an ad-hoc network, since these nodes

are often constrained by resources [192].

1.2.4 WMAN: Wireless Metropolitan Area Network

This technology allows the connection of multiple networks in a

metropolitan area such as different buildings in a city, which can be an

alternative or backup to laying copper or fibred cabling.

Fast communications of network within the vicinity of a metropolitan area is

called WMAN, that put up an entire city or other related geographic area and

can span up to 50km. WMAN designed for a larger geographical area than a

LAN. The standard of MAN is DQDB which cover up to 30 miles with the

speed of 34 Mbit/s to 155 Mbit/s. It is more common in schools, colleges,

(Figure 1-6: Wireless Mesh Network)



and public services support a high-speed network backbone. WMAN is a

certified name by the IEEE 802.16 that functioning on Broadband for its

wireless metropolitan. WMAN have air interface and a single-carrier scheme

intended to activate in the 10-66 GHz spectrum, supports incessantly

unreliable transfer levels at many certified frequencies.

WMAN opens the door for the creation and Provide high-speed Internet

access to business subscribers. It can handle thousands of user stations

with prevents collisions and support legacy voice systems, voice over IP,

TCP/IP. WMAN offer different applications with different QoS requirements.

The technology of WMAN consists of ATM, FDDI, and SMDS. WiMAX is a

term used for Wireless metropolitan area network and plinth on the IEEE

802.16.

1.2.5 WWAN: Wireless Wide Area Network

A Wireless Wide Area Network (WWAN), is a form of wireless network. The

larger size of a wide area network compared to a local area network requires

differences in technology. Wireless networks of all sizes deliver data in the

form of telephone calls, web pages, and streaming video.

(Figure 1-7: Wireless Metropolitan Area Network)



A WWAN often differs from Wireless Local Area Network (WLAN) by using

mobile telecommunication cellular network technologies such as LTE,

WiMAX (often called a wireless metropolitan area network or WMAN), UMTS,

CDMA2000, GSM, Cellular Digital Packet Data (CDPD) and Mobitex to

transfer data. It can also use Local Multipoint Distribution Service (LMDS)

or Wi-Fi to provide Internet access. These technologies are offered regionally,

nationwide, or even globally and are provided by a wireless service provider.

WWAN connectivity allows a user with a laptop and a WWAN card to surf

the web, check email, or connect to a Virtual Private Network (VPN) from

anywhere within the regional boundaries of cellular service. Various

computers can have integrated WWAN capabilities.

Since radio communications systems do not provide a physically secure

connection path, WWANs typically incorporate encryption and

authentication methods to make them more secure. Unfortunately some of

the early GSM encryption techniques were flawed, and security experts have

issued warnings that cellular communication, including WWAN, is no longer

secure [2]. UMTS (3G) encryption was developed later and has yet to be

broken.

Examples of providers for WWAN in the US include T-Mobile, Sprint Nextel,

Verizon Wireless, and AT&T. Satellite Internet access can also be used over

a wide area.

(Figure 1-8: Components of Wireless Wide Area Network)



1.2.6 Mobile Devices Network

With the development of smart phones, cellular telephone networks

routinely carry data in addition to telephone conversations

• Global System for Mobile Communications (GSM): The GSM network

is divided into three major systems: the switching system, the base

station system, and the operation and support system. The cell phone

connects to the base system station which then connects to the

operation and support station; it then connects to the switching station

where the call is transferred to where it needs to go. GSM is the most

common standard and is used for a majority of cell phones [3].

• Personal Communications Service (PCS): PCS is a radio band that can

be used by mobile phones in North America and South Asia. Sprint

happened to be the first service to set up a PCS.

• D-AMPS: Digital Advanced Mobile Phone Service, an upgraded version of

AMPS, is being phased out due to advancement in technology. The newer

GSM networks are replacing the older system.

1.3 Security in Wireless Network

The following are three methods of security available when it comes to wireless:

(Figure 1-9: How WIFI Phones Work)



1.3.1 WEP (Wired Equivalent Privacy)

Wired Equivalent Privacy is intended to stop the interception of radio

frequency signals by unauthorized users and is most suitable for small

networks. This is so because there is no key management protocol and each

key must be entered manually into the clients – this proves to be a very time

consuming administrative task. WEP is based on the RC4 encryption

algorithm by RSA Data Systems. It works by having all clients and Access

Points configured with the same key for encryption and decryption. The

original implementations of WEP used 64-bit encryption (40-bit + 24-bit

Initialization Vector). By means of a Brute Force attack, 64-bit WEP can be

broken in a matter of minutes, whereas the stronger 128-bit version will

take hours. It’s not the best line of defense against unauthorized intruders

but better than nothing and mainly used by the average home user. One of

the drawbacks of WEP is that since it uses a shared key, if someone leaves

the company then the key will have to be changed on the access point and

all client machines.

Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11

wireless networks. Introduced as part of the original 802.11 standard

ratified in September 1999, its intention was to provide data confidentiality

comparable to that of a traditional wired network [72]. WEP, recognizable by

the key of 10 or 26 hexadecimal digits, is widely in use and is often the first

security choice presented to users by router configuration tools [24][10].

Encryption

WEP was included as the privacy component of the original IEEE 802.11

standard ratified in September 1999.WEP uses the stream cipher RC4 for

confidentiality [11], and the CRC-32 checksum for integrity [1]. It was

deprecated in 2004 and is documented in the current standard [71].

Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is

concatenated with a 24-bit initialization vector (IV) to form the RC4 key.


(Figure 1-10: Basic WEP encryption: RC4 Key streams XORed with plain text)

At the time that the original WEP standard was drafted, the U.S.

Government's export restrictions on cryptographic technology limited the

key size. Once the restrictions were lifted, manufac

implemented an extended 128

(WEP-104).

A 64-bit WEP key is usually entered as a string of 10 hexadecimal (base 16)

characters (0-9 and A

four bits each gives 40 bits; adding the 24

bit WEP key. Most devices also allow the user to enter the key as five ASCII

characters, each of which is turned into eight bits using the character's byte

value in ASCII; however

character, which is only a small fraction of possible byte values, greatly

reducing the space of possible keys.

A 128-bit WEP key is usually entered as a string of 26 hexadecimal

characters. 26 digits of f

produces the complete 128

enter it as 13 ASCII characters.

A 256-bit WEP system is available from some vendors. As with the other

WEP-variants 24 bits of

protection. These 232 bits are typically entered as 58 hexadecimal

characters. ((58 × 4 bits =) 232 bits) + 24 IV bits = 256

Key size is one of the security limitations in WEP

requires interception of more packets, but there are active attacks that



10: Basic WEP encryption: RC4 Key streams XORed with plain text)



key size. Once the restrictions were lifted, manufacturers of access points

implemented an extended 128-bit WEP protocol using a 104

bit WEP key is usually entered as a string of 10 hexadecimal (base 16)

9 and A-F). Each character represents four bits, 10 digits of

four bits each gives 40 bits; adding the 24-bit IV produces the complete 64



value in ASCII; however, this restricts each byte to be a printable ASCII


reducing the space of possible keys.

bit WEP key is usually entered as a string of 26 hexadecimal

characters. 26 digits of four bits each give 104 bits; adding the 24

produces the complete 128-bit WEP key. Most devices also allow the user to

enter it as 13 ASCII characters.

bit WEP system is available from some vendors. As with the other

variants 24 bits of that is for the IV, leaving 232 bits for actual


characters. ((58 × 4 bits =) 232 bits) + 24 IV bits = 256-bit WEP key.

Key size is one of the security limitations in WEP [60]. Cracking a lo




10: Basic WEP encryption: RC4 Key streams XORed with plain text)



turers of access points

bit WEP protocol using a 104-bit key size

bit WEP key is usually entered as a string of 10 hexadecimal (base 16)

F). Each character represents four bits, 10 digits of

bit IV produces the complete 64-



, this restricts each byte to be a printable ASCII


bit WEP key is usually entered as a string of 26 hexadecimal

our bits each give 104 bits; adding the 24-bit IV

bit WEP key. Most devices also allow the user to

bit WEP system is available from some vendors. As with the other

that is for the IV, leaving 232 bits for actual


bit WEP key.

Cracking a longer key




stimulate the necessary traffic. There are other weaknesses in WEP,

including the possibility of IV collisions and altered packets [11] that are not

helped by using a longer key.

WEP Security Issues

WEP has led a troubled existence due to many security issues. The security

issues with Wired Equivalent Privacy (WEP) include:

I. A high percentage of wireless networks have WEP disabled because of

the administrative overhead of maintaining a shared WEP key.

II. WEP has the same problem as all systems based upon shared keys: any

secret held by more than one person soon becomes public knowledge.

Take for example an employee who leaves a company – they still know

the shared WEP key. The ex-employee could sit outside the company

with an 802.11 NIC and sniff network traffic or even attack the internal

network.

III. The initialization vector that seeds the WEP algorithm is sent in the

clear.

IV. The WEP checksum is linear and predictable.

The number and scope of difficulties with WEP security have led to the

creation of WPA (Wireless Protected Access).

(Figure 1-11: WEP Security Issues)



WEP Security Tools

AirSnort

AirSnort is a Wireless LAN (WLAN) tool which cracks encryption keys on

802.11 WEP networks. AirSnort operates by passively monitoring

transmissions and computing the WEP encryption key when enough packets

have been gathered.

BSD-Airtools

BSD-airtools is a package that provides a complete toolset for wireless

802.11 auditing. Namely, it currently contains a bsd-based Wired

Equivalent Privacy (WEP) cracking application, called dweputils (as well as

kernel patches for NetBSD, OpenBSD, and FreeBSD). It also contains a

curses based AP detection application similar to netstumbler (dstumbler)

that can be used to detect wireless access points and connected nodes, view

signal to noise graphs, and interactively scroll through scanned AP's and

view statistics for each. It also includes a couple other tools to provide a

complete toolset for making use of all 14 of the prism2 debug modes as well

as do basic analysis of the hardware-based link-layer protocols provided by

prism2's monitor debug mode.

WEPCrack

WEPCrack is a tool that cracks 802.11 WEP encryption keys by exploiting

the weaknesses of RC4 key scheduling.

WEP Attack

WEP Attack is a WLAN open source Linux tool for breaking 802.11 Wired

Equivalent Privacy (WEP) keys. This tool is based on an active dictionary

attack that tests millions of words to find the right key. Only one packet is

required to start an attack on WEP.



WEPWedgie

WEPWedgie is a toolkit for determining 802.11 WEP key streams and

injecting traffic with known key streams. The toolkit also includes logic for

firewall rule mapping, ping scanning, and port scanning via the injection

channel and a cellular modem.

1.3.2 WEP2 (Wired Equivalent Privacy version 2)

In 2004, the IEEE proposed an updated version of WEP; WEP2 to address

its predecessor’s shortcomings. Like WEP it relies on the RC4 algorithm but

instead uses a 128-bit initialization vector making it stronger than the

original version of WEP, but may still be susceptible to the same kind of

attacks.

This stopgap enhancement to WEP was present in some of the early 802.11i

drafts. It was implementable on some (not all) hardware not able to handle

WPA or WPA2, and extended both the IV and the key values to 128 bits

[173]. It was hoped to eliminate the duplicate IV deficiency as well as stop

brute force key attacks.

After it became clear that the overall WEP algorithm was deficient (and not

just the IV and key sizes) and would require even more fixes, both the WEP2

name and original algorithm were dropped. The two extended key lengths

remained in what eventually became WPA's TKIP. Figure 1-12 shows the

relationship between WEP – WPA – WPA2.

(Figure 1-12: Relationship between WEP- WPA-WPA2)



1.3.3 SSID (Service Set Identifier)

SSID acts as simple password by allowing a WLAN network to be split up

into different networks each having a unique identifier. These identifiers will

be programmed into multiple access points. To access any of the networks,

a client computer must be configured with a corresponding SSID identifier

for that network. If they match then access will be granted to the client

computer.

A service set is all the devices associated with a local or enterprise IEEE

802.11Wireless Local Area Network (WLAN).

(Figure 1-13: SSID working Diagram)

Types of Service Set Identifier

I. Independent Basic Service Set

The Basic Service Set (BSS) is the basic building block of an 802.11 wireless

LAN. In infrastructure mode, a single Access Point (AP) together with all

associated Stations (STAs) is called a BSS [5]. This is not to be confused

with the coverage of an access point, which is called Basic Service Area

(BSA) [4]. An access point acts as a master to control the stations within

that BSS. In ad hoc mode a set of synchronized stations, one of which acts

as master, forms a BSS. Each BSS is identified by a BSSID. The most basic

BSS consists of one access point and one station.



II. Extended Service Set

An Extended Service Set (ESS) is a set of one or more interconnected BSSs

and integrated local area networks that appear as a single BSS to the logical

link control layer at any station associated with one of those BSSs.

The set of interconnected BSSs must have a common Service Set Identifier

(SSID). They can work on the same channel, or work on different channels

to boost aggregate throughput.

(Figure 1-14: Wireless Network working in Extended Service Set mode)

III. Basic Service Set Identification

A related field is the Basic Service Set Identification (BSSID) [6], which

uniquely identifies each BSS (the SSID however, can be used in multiple,

possibly overlapping, BSSs). In an infrastructure BSS, the BSSID is the

MAC address of the Wireless Access Point (WAP). In an IBSS, the BSSID is a

locally administered MAC address generated from a 46-bit random number.

The individual/group bit of the address is set to 0 (individual). The

universal/local bit of the address is set to 1 (local).

A BSSID with a value of all 1s is used to indicate the broadcast BSSID. A

broadcast BSSID may only be used during probe requests.

Security Gains of SSID hiding

Many access points allow a user to turn off the broadcast of the SSID. With

many network client devices, this results in the detected network displaying



as an unnamed network and the user would need to manually enter the

correct SSID to connect to the network.

Unfortunately, turning off the broadcast of the SSID may lead to a false

sense of security. The method discourages only casual wireless snooping,

but does not stop a person trying to attack the network [137].

It is not secure against determined crackers, because every time someone

connects to the network, the SSID is transmitted in clear text even if the

wireless connection is otherwise encrypted. An eavesdropper can passively

sniff the wireless traffic on that network undetected (with software like

Kismet), and wait for someone to connect, revealing the SSID. Alternatively,

there are faster (albeit detectable) methods where a cracker spoofs a

"disassociate frame" as if it came from the wireless bridge, and sends it to

one of the clients connected; the client immediately re-connects, revealing

the SSID [86][168].

(Figure 1-15: Wireless Network working in multiple SSID modes)

As disabling SSID does not offer protection against determined crackers,

proven security methods should be used such as requiring 802.11i/WPA2

[9].

Microsoft discourages SSID-hiding because it leads to clients probing for the

SSID in plain text. This not only exposes the SSID that was meant to be

hidden but also allows a fake access point to offer a connection [7].


Programs that act as fake access

"airbase-ng" [169] and "Karma" [57].

1.3.4 MAC Address F

MAC Address

A Media Access Control address

assigned to network interfaces

segment. MAC addresses are used for numerous network technologies and

most IEEE 802 network technologies, including

addresses are used in the

OSI reference model.

(Figure 1-

MAC addresses are most often assigned by the manufacturer of a

Interface Card (NIC) and are stored in its hardware, the card's read

memory, or some other firmware mechanism. If assigned by the

manufacturer, a MAC address usually encodes the manufacturer's

registered identification number and may be referred to as the

address. It may also be known as an

hardware address or

NICs and will then have one unique MAC address per NIC.



Programs that act as fake access points are freely available

ng" [169] and "Karma" [57].

Filtering

Control address (MAC address) is a

network interfaces for communications on the physical network


network technologies, including Ethernet

addresses are used in the Media Access Control protocol sub

-16: Media Access Control (MAC) Address details)

MAC addresses are most often assigned by the manufacturer of a

) and are stored in its hardware, the card's read



registered identification number and may be referred to as the

. It may also be known as an Ethernet Hardware

or physical address. A network node may have multiple

NICs and will then have one unique MAC address per NIC.



points are freely available examples are

) is a unique identifier

for communications on the physical network


Ethernet. Logically, MAC

protocol sub-layer of the

16: Media Access Control (MAC) Address details)

MAC addresses are most often assigned by the manufacturer of a Network

) and are stored in its hardware, the card's read-only



registered identification number and may be referred to as the burned-in

ardware Address (EHA),

may have multiple



MAC addresses are formed according to the rules of one of three numbering

name spaces managed by the Institute of Electrical and Electronics

Engineers (IEEE): MAC-48, EUI-48, and EUI-64. The IEEE claims trade

marks on the names EUI-48 and EUI-64, in which EUI is an acronym for

Extended Unique Identifier.

MAC Filtering

In computer networking, MAC Filtering (or EUI filtering, or layer 2 address

filtering) refers to a security access control method whereby the 48-bit

address assigned to each network card is used to determine access to the

network.

MAC addresses are uniquely assigned to each card, so using MAC filtering

on a network permits and denies network access to specific devices through

the use of blacklists and whitelists. While the restriction of network access

through the use of lists is straightforward, an individual person is not

identified by a MAC address, rather a device only, so an authorized person

will need to have a white list entry for each device that he or she would use

to access the network.

While giving a wireless network some additional protection, MAC filtering

can be circumvented by scanning a valid MAC (via airodump-ng) and then

spoofing one's own MAC into a validated one. This can be done in the

Windows Registry or by using command line tools on a Linux platform.

(Figure 1-17: IP/MAC Filtering)



A list of MAC addresses belonging to the client computers can be inputted

into an Access Point and thus only those computers will be allowed access.

When a computer makes a request, its MAC address is compared to that of

the MAC address list on the Access Point and permission granted or denied.

This is a good method of security but only recommended for smaller

networks as there is a high rate of work involved in entering each MAC

address into every Access Point.

1.4 IEEE Standards of Wireless Network Below is a figure indicating the range that wireless data networks can handle:

The 802.11 standard first appeared in the 1990’s and was developed by the

Institute of Electrical and Electronics Engineers. It has now emerged and

expanded to be one of the leading technologies in the wireless world.

(Figure 1-18: Demonstration of IEEE Standard Wireless Network)

802.11

The original 802.11 standard was developed in 1989 and defines the

operation of wireless networks operating in the 2.4 GHz range using either

DSSS or FHSS at the Physical layer of the OSI model. The standard also

defines the use of Infrared for wireless communication. The intent of the

standard is to provide a wireless equivalent for standards, such as 802.3,

that are used for wired networks. DSSS devices that follow the 802.11

standard communicate at speeds of 1 and 2 Mbps and generally have a



range of around 300 feet. Because of the need for higher rates of data

transmission and the need to provide more functionality at the MAC layer,

other standards were developed by the 802.11 Task Groups (or in some

cases the 802.11 standards were developed from technologies that preceded

them).

The IEEE 802.11 standard provides for all the necessary definitions and

constructs for wireless networks. Everything from the physical transmission

specifications to the authentication negotiation is provided. Wireless traffic,

like its wired counterpart, consists of frames transmitted from one station to

another. The primary feature which sets wireless networks apart from wired

networks is that one end of the communication pair is either another

wireless client or a wireless access point.

Using either FHSS (Frequency Hopping Spread Spectrum) or DSSS (Direct

Sequence Spread Spectrum) this provides a 1 to 2 Mbps transmission rate

on the 2.4GHz band.

802.11a

Using the OFDM (Orthogonal Frequency Division Multiplexing) this provides

up to 54Mbps and runs on the 5GHz band.

802.11b

Most common standard in use today for wireless networks is the 802.11b

standard which defines DSSS networks that use the 2.4GHz ISM band and

communicate at speeds of 1, 2, 5.5 and 11 Mbps. The 802.11b standard

defines the operation of only DSSS devices and is backward compatible with

802.11 DSSS devices. The standard is also concerned only with the PHY and

MAC layers: Layer 3 and higher protocols are considered payload. There is

only one frame type used by 802.11b networks, and it is significantly

different from Ethernet frames. The 802.11b frame type has a maximum

length of 2346 bytes, although it is often fragmented at 1518 bytes as it

traverses an access point to communicate with Ethernet networks. The

frame type provides for 3 general categories of frames: management frames,



control frames, and data. In general, the frame type provides methods for

wireless devices to discover, associate (or disassociate), and authenticate

with one another; to shift data rates as signals become stronger or weaker;

to conserve power by going into sleep mode; to handle collisions and

fragmentation; and to enable encryption through WEP. With regard to WEP,

we should note that the standard defines the use of only 64-bit (also

sometimes referred to as 40-bit to add to the confusion) encryption, which

may cause issues of interoperability between devices from different vendors

that use 128-bit or higher encryption.

This is also known as Wi-Fi or High Rate 802.11, uses DSSS and applies to

wireless LANs. It is most commonly used for private use, at home. It

provides an 11 Mbps transmission rate and has a fallback rate of 5.5, 2 and

1 Mbps.

802.11g

This provides more than 20 Mbps transmission rate applies to LANs and

runs on the 2.4GHz band.

1.5 Introduction to Wireless Ad hoc Network

A wireless ad hoc network is a decentralized type of wireless network [35].

The network is ad hoc because it does not rely on a pre-existing

infrastructure, such as routers in wired networks or access points in

managed (infrastructure) wireless networks. Instead, each node participates

in routing by forwarding data for other nodes, and so the determination of

which nodes forward data is made dynamically based on the network

connectivity. In addition to the classic routing, ad hoc networks can use

flooding for forwarding the data.

An ad hoc network typically refers to any set of networks where all devices

have equal status on a network and are free to associate with any other ad

hoc network devices in link range. Very often, an ad hoc network refers to a

mode of operation of IEEE 802.11 wireless networks.



(Figure 1-19: Illustration of Wireless Ad-Hoc Network)

It also refers to a network device's ability to maintain link status information

for any number of devices in a 1 link (aka "hop") range, and thus this is

most often a Layer 2 activity. Because this is only a Layer 2 activity, ad hoc

networks alone may not support a routable IP network environment without

additional Layer 2 or Layer 3 capabilities.

The earliest wireless ad hoc networks were the "Packet Radio" networks

(PRNETs) from the 1970s, sponsored by DARPA after the ALOHAnet project.

1.5.1 Network Modes

Network mode, like network architecture (and other networking terms)

means several different things in the Information Technology (IT) world, but

wireless networks come in three major modes: ad hoc, infrastructure, and

hybrid.

• Ad-Hoc Network Mode

Ad hoc mode refers to a wireless peer-to-peer network: that is, a network in

which each device (usually a PC) connects via wireless radio to every other

PC directly.

No central PC or device exists to act as a centre of the network or in the

terminology of computer networking, as a server for the rest of the PCs.

The primary technical distinction between ad hoc and infrastructure

networks is that infrastructure networks use an access point, while ad hoc



networks do not, although ad hoc networks and infrastructure networks can

certainly co-exist.

(Figure 1-20: Wireless Network in Ad-Hoc Network mode)

Think of an ad hoc network precisely as its name suggests: you connect

each PC as you require it, but in a completely non-centralized way. Figure 1-

20 shows an ad hoc network of three PCs.

• Infrastructure Network Mode

Infrastructure mode refers to a wireless network controlled through a

wireless access point that generates the signals for the individual devices to

read through their wireless network adapters.

The access point acts as a central traffic cop for the signals, and because

you place it physically for the best possible reception, it provides more

reliable connectivity than ad hoc networks.

The access point also allows you to share your Internet connection without

doing so through a PC.

(Figure 1-21: Wireless Network in Infrastructure Network mode)



This is a benefit first because you do not have to leave your PC on for

network clients to connect to the Internet, and second because an access

point can provide some firewall security. Most importantly, however, many

access points also function as bridges between the WLAN and your wired

LAN.

In other words, if you already have a wired LAN, you can add the AP/bridge

as another client to the wired network, and when you connect clients to the

AP/bridge, you simultaneously add them to the network as a whole. Figure

1-21 shows a typical infrastructure network configuration:

• Hybrid Network Mode

Hybrid mode consists of a combination of ad hoc and infrastructure

networks. In this mode, you create an infrastructure network, and you then

create ad hoc networks among the devices connected to the infrastructure.

In other words, the hybrid network adds WLANs to the larger WLAN, in

much the same way as the bridged infrastructure network adds WLANs to a

larger LAN.

(Figure 1-22: Wireless Network in Hybrid Network mode)

Hybrid mode maximizes the bandwidth of a wireless network by relieving the

access point of the need to handle all traffic; instead, PCs transmit data to

one another when possible, leaving the access point free to relay data to and

from the wired LAN and to other access points.



Each of these modes has its strengths and its weaknesses. An ad hoc

network, quite obviously, works only when its PCs are physically close to

each other, and only when limited in number.

Furthermore, to share an Internet connection, one of the PCs must remain

powered on. But communication is fast and connection is easy, a significant

benefit for ad hoc groups of, say, students or employees.

Infrastructure networks allow for a shared Internet connection with only the

access point powered on, they centralize the network’s connections (most

access points also act as DHCP servers, providing network addresses for

each device) and they bridge wireless and wired LANs. But large buildings

require numerous access points for effective connectivity and access points

slow down considerably as more and more traffic is directed through them.

Hybrid networks provide the ideal solution for smaller groups of people

using a much larger network, but they run greater risks in uninvited

connectivity and uncontrolled network activity.

1.5.2 Wireless Network Security Challenges

Network Security is big missing

Internet broadband customers commonly protect their computer with anti-

virus or anti-spyware software, but fail to see the need to secure their home

network. Most do not realize that the connection that gives them access to

the Internet also gives their neighbour or any potential hacker roaming their

neighbourhood access to their home network, their host devices, and

ultimately their personal and financial information. They also lack

knowledge about the security mechanisms available for their home networks

and the necessary skills to implement them.

Network Security is difficult to setup and manage

Wireless home networks are difficult to setup and manage – often

consumers are satisfied just getting their host devices on the network.

Consumers who purchase Wi-Fi Access Points to create Wireless Local Area



Networks (WLAN) in their home typically use the default settings on these

devices during installation. Administrative passwords go unset, and firewalls

are not configured. Anyone who has searched for hotspots is familiar with

the “Default” or “Linksys” Service Set Identifier (SSID) being broadcasted by

an unsuspecting neighbour who has not implemented basic network

security.

(Figure 1-23: Network Security Problems)

Network Security is a deterrent at best

Consumers who have the right combination of awareness, skill, and

patience typically use Open System Interconnection (OSI) Layer II security

solutions such as Wired Equivalency Privacy (WEP) and its replacement, Wi-

Fi Protected Access (WPA) to secure their home network. However, WEP is

easily hackable, and ironically, WPA easier still. Malicious hacking software

is readily available to compromise home networks and their host devices. As

a result, unauthorized users can send untraceable communications,

download illegal material, steal personal and financial information, or even

record Voice over Wi-Fi (VoWi-Fi) conversations.

Network Security is prone to obsolescence

Wi-Fi access point security is typically configured to be compatible with the

oldest security mechanism utilized by its host devices. Moreover, since these

solutions are hardware based, the upgrade path is difficult, limited, or non-

existent. Home networks will always be vulnerable unless consumers are



willing to replace all their network hardware each time they want to upgrade

to the latest security technologies.

1.6 Motivation

In publicly accessible wireless networks information sharing between users

who may not trust each other, security, privacy and integrity are the

important properties in information collection.

Because in the civilian applications of wireless networks, the data we deal

with and the environments we interact with are not only about trees in the

forest and animals in habitat, rather they may be critical to our properties,

health and even lives, such systems will never succeed without adequate

provision for data security , privacy and integrity. Accordingly, I will focus

on two aspects of such systems security and integrity protection. My

objective is to design protocols for (1) Secure integration of ad hoc network

with the wired network; (2) Intrusion detection in ad hoc network, so users

can trust it. Therefore, we focus on security protocol design and a

conceptual model for Intrusion Detection. We can anticipate trustworthy

mobile ad hoc networks in the future.

Mobile ad hoc networks are complex distributed systems that comprise

wireless mobile nodes that can freely and dynamically self-organize into

arbitrary and temporary, “ad hoc” network topologies. They allow people and

devices to seamlessly interwork with no pre-existing communication

infrastructure and central administration. Securing MANETs is a highly

challenging issue, much more difficult than securing traditional

infrastructure based networks. The challenges come from MANET’s unique

characteristics: unreliability of wireless links, dynamic topology, and

absence of underlying infrastructure. A common approach to secure

network is to use preventive mechanisms: encryption of data traffic; public

and private keys for identification and authentication; etc. This can be seen

as a first wall of defense against network intruders. The second wall of

defense is intrusion detection. Intrusion detection can be defined as the



automated detection and subsequent generation of alarms to alert the

security administrator in any situation where intrusions have taken, are

taking, or about to be take place. It is generally accepted that preventive

mechanisms on their own are not sufficient for a network with even a

moderate level of security requirements. Continuing advances by intruders,

holes in current prevention mechanisms and possibility of attacks from

within the network mean the ability to detect an intrusion is vital. Since Y.

Zhang‘s and W. Lee’s milestone work, intrusion detection in wireless ad hoc

networks has received extensive research effort, and an architecture have

been proposed whose surveys can be found in [184]. However, the

characteristics of MANETs make most of these existing IDSs redundant, and

motivate effort for producing new architectures for intrusion detection in

MANETs.

1.7 Thesis Statement

Investigating, analyzing, and developing the suite of protocols and

algorithms to secure communication mechanisms in Wireless ad hoc

networks and integrating it with the Legacy Protocol and providing all-round

Security Manager for key management that meets the requirements of both

the wireless and the backend wired network.

The research challenges are: (1) How to design an efficient key management

scheme to support authentication, data integrity control, and information

confidentiality? (2) How to motivate the collaboration among mobile nodes

which try to maximize their own benefit? (3) How to identify and isolate

malicious attackers?

1.8 Outline of the Thesis

The dissertation is arranged as follows. Chapter 1 general overview of

wireless ad hoc networks; and explains the specific characteristics of

wireless ad hoc networks along with the specific features, security

mechanisms, security loopholes of ad hoc wireless networks. Chapter 2



presents an overview of a wide range of routing protocols proposed in the

literature. It also provides a performance comparison of all routing protocols

and suggests which of the protocols may perform best in large networks.

Chapter 3 focuses on the novel architecture which helps to reduce the

intruder attacks and the core concept of the research. Chapter 4 presents

the Highly Secure and Highly Available (HSHA) key management techniques

and how it works. Chapter 5 describes the collaboration mechanism and its

application to the University Campus using the HSHA protocol. Chapter 6

concludes the scope of our work and discusses the future directions of our

research.

1.9 Conclusion

The wireless communication revolution is bringing fundamental changes to

data networking, telecommunication, and is making integrated networks a

reality. By freeing the user from the cord, personal communications

networks, wireless LAN's, mobile radio networks and cellular systems,

harbor the promise of fully distributed mobile computing and

communications, anytime, anywhere.

(Figure 1-24: Characteristics of selected wireless standards)



There is a lot in store for wireless networking and wireless in general. The

introduction of WiMAX is just one of the things to look forward to. I can

foresee the use of wireless networking technology expanding, so much so

that it will continue to become an important, if not essential, part of

business and individuals alike. Needless to say, wireless networking is an

exciting aspect of Information Technology!

Chapter-1 Introduction to Wireless Ad hoc...

Documents

Transcript of Chapter-1 Introduction to Wireless Ad hoc...