8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 1/44
I
TABLE OF CONTENTS
LIST OF TABLES xll
LIST OF FIGUERS xlll
Chapter 3 WLAN Security
3.1 802.11 Family…………………………………………………….1
3.1.1 IEEE 802.11.…………………………………………………..……..1
3.1.2 IEEE 802.11a.……………………………………………………….2
3.1.3 IEEE 802.11b.…………………………………………………….…2
3.1.4 IEEE 802.11g.………………………………………………….……3
3.1.5 Modification……………………………………….………………..4
3.2 WLAN Architecture ………..………………………………………………5
3.2.1 Ad-hoc mode...…………………………….…….……...….….…....5
3.2.2 Infrastructure mode.…………………………………………...…....6
3.2.3 BSS. ………………………………………………………………....7
3.2.4 ESS.………………………………………………………………....8
3.2.5 DS.………………………………………………………………......8
3.3 Authentication in 802.11 …………………………………………93.3.1 Open system authentication……………….…….……...….….…..10
3.3.2 Share key authentication.………………………………………….10
3.4 Encryption and Decryption ………….………………………………….…11
3.4.1 WEP..………………………………………………………………12
3.4.2 WPA.…………………………………………………………...….14
3.4.3 WPA2.……………………………...……………………………...14
3.5 IEEE 802.1X ………..…………………………………………………… 15
3.5.1 802.1x Framework......................…………………………………..15
3.5.2 802.1x Communication/ Authentication………………………...16
3.5.3 802.1xKey management………………………………………….18
3.6 802.11i ……… ………………………………………………………… 20
3.6.1 RSN………………………………………………………………20
3.6.2 Key Hierarchy……………………………………………………22
3.6.3 TKIP……………………………………………………………...26
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 2/44
II
3.6.4 CCMP………………………………………………………………30
3.7 Security Threats: Passive ……………………………………… 33
3.7.1 Eavesdropping……………………………………………………33
3.7.2 Traffic Analysis…………………………………………………..34
3.8 Security Threats: Active ………………………………………. 34
3.8.1 Message Injection/Active Eavesdropping..………………………..34
3.8.2 Message Deletion and Interception..………………………………34
3.8.3 Masquerading and Malicious AP.……………………………….....35
3.8.4 Session Hijacking……………………………………………….....35
3.8.5 Man-in-the-Middle.………………………………………………..36
3.8.6 DOS attack .……………………………………………………….36
3.9 Summary .……………………………………………………….37
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 3/44
III
LIST OF TABLES
3.1 comparison among 802.11 families .……………………………………….. 4
3.2 WEP, WPA, WPA2 comparison…………………………………………...14
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 4/44
IV
LIST OF FIGURES
3.1 Ad Hoc mode…………………………………………………………………6
3.2 Infrastructure mode…………………………………………………………..7
3.3 Basic Service Set(BSS)....................................................................................7
3.4 Extened Service Set(ESS)................................................................................8
3.5 Open System authentication………….……………………………….…….10
3.6 Share Key authentication………….……………………………….………..11
3.7 Wired Equivalent Privacy (WEP) encryption……….…………….………...12
3.8 Wired Equivalent Privacy (WEP) decryption……….…………….………...133.9 IEEE 802.1x framework……………………….………………….………...16
3.10 802.1 x Communication/ Authentication.…….………………….………...173.11 IEEE 802.1x four-way handshake.…………...………………….………...19
3.12 IEEE802.1x group-key handshake…..…………………………………….20
3.13 Pairwise key hierarchy.…………………………………………………….24
3.14 Transient key component. …………………………………………….253.15 Group key hierarchy..………………………………..…………………….26
3.16 TKIP key mixing..…………… .………………………………………….283.17 TKIP encapsulation..………………………… ..………………………….28
3.18 TKIP decapsulation..………………………………………………. .…….29
3.19 Counter mode..…………………………………………………………….31
3.20 CBC mode..…………………………………………………………… ….31
3.21 CCMP encapsulation..………………………… ….………………………32
3.22 CCMP decapsulation………………………… ………….……….…….…33
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 5/44
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 6/44
2
data rates of 1 and 2 megabits per second (Mbps) to be transmitted via infrared (IR)
signals or by either frequency hopping spread spectrum(FHSS) or Direct-sequence
spread spectrum (DSSS) in the frequency band at 2.4 GHz. Unfortunately, 802.11
only supported a maximum bandwidth of 2 Mbps. For this reason, ordinary 802.11
wireless products are no longer being manufactured.
3.1.2 IEEE 802.11a
IEEE ratified 802.11a in 1999, and 802.11b was approved about the same time. Due
to its high cost, 802.11a is usually found on business networks, whereas 802.11b
better serves the home market. 802.11a supports bandwidth up to 54 Mbps, uses
frequency band at 5 GHz, and operates in orthogonal frequency-division multiplexing
(OFDM) modulation. This higher frequency compared to 802.11b limits the range of
802.11a networks. The higher frequency also means 802.11a signals have more
difficulty penetrating walls and other obstructions. Because 802.11a and 802.11b
utilize different frequencies, the two technologies are incompatible with each other.
Some vendors offer hybrid 802.11a/b network gear, but these products simply
implement the two standards side by side (each connected devices must use one or the
other).
3.1.3 IEEE 802.11b
IEEE expanded on the original 802.11 standard in July 1999, creating the 802.11b
specification. 802.11b supports bandwidth up to 11 Mbps and uses the frequency band
at 2.4 GHz - as the original 802.11 standard. However, 802.11b only used DSSS
spread spectrum and complementary code keying (CCK), is not the same as 802.11.
Since there are many appliances used at this frequency, 802.11b devices can incur
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 7/44
3
interference from microwave ovens, cordless phones, and other appliances using the
same 2.4 GHz.
802.11b cards can operate at 11 Mbps, but will scale back to 5.5, then 2, then 1 Mbps
if signal quality becomes an issue. Extensions have been made to the 802.11b protocol
(for example, channel bonding and burst transmission techniques) in order to increase
speed to 22Mbps, but the extensions are proprietary and have not been endorsed by
the IEEE. Many companies call enhanced versions "802.11b+".
3.1.4 IEEE 802.11g
In June 2003, IEEE802.11g was ratified. This standard works in the 2.4 GHz band,
which is the same as 802.11b, but operates at a maximum data rate of 54 Mb/s, or
about 24.7 Mb/s net throughputs (just like 802.11a). 802.11g hardware is compatible
with 802.11b hardware. Details of making b and g work well together occupied much
of the lingering technical process. In older networks, however, the presence of an
802.11b participant significantly reduces the speed of an 802.11g network.
The modulation scheme used in 802.11g is orthogonal frequency-division
multiplexing (OFDM) modulation for the data rates of 6, 9, 12, 18, 24, 36, 48, and 54
Mbps, and reverts to CCK (like the 802.11b standard) for 5.5 and 11 Mbps. Even
though 802.11g operates in the same frequency band as 802.11b, it can achieve higher
data rates (maximum data rate is 54Mbps). The maximum range of 802.11g gears are
slightly greater than that of 802.11b gears, but the range in which a client can achieve
the full 54 Mbps data rate is much shorter than an 802.11b client can reach 11 Mbps.
The comparisons are shown in table 2.1 which contain modulation, spread
spectrum, data rate distance, frequency band, interference, data transmission, voice
transmission, and security among 802.11 families:
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 8/44
4
Table 3.1 comparison among 802.11 families
3.1.5 Modification
Several other standards for wireless local area networks have been ratified. A brief
introduction is given below.
IEEE 802.11c:
IEEE 802.11c was ratified in October of 1998. It provides requirements of
802.11-specific MAC procedures to the ISO/IEC (International Organization for
Standardization/International Electrotechnical Commission). In particular, it adds a
sub-clause under 2.5 Support of the Internal Sublayer Service , to cover bridge
operations with 802.11 MACs.
IEEE 802.11d:
IEEE 802.11d, ratified in July of 2001, is an amendment to the base 802.11
specification that adds support for "additional regulatory domains". This support
includes the addition of a country information element to beacons, probe requests, and
probe responses. This modification make 802.11 standard to operate in countries that
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 9/44
5
not served by the standard.
IEEE 802.11e:
IEEE 802.11e has been approved as a standard which attempts to enhance the 802.11
MAC to increase the quality of service (QoS) possible for LAN applications. The
standard is considered critical importance for delay-sensitive applications, such as
Voice over Wireless IP and Streaming multimedia.
IEEE 802.11f:
IEEE 802.11f was finished in 2002. The standard developed for practice that provides
AP communication among multiple servers. The purpose is to increase compatibility
between Access Point devices from different vendors
IEEE 802.11h:
IEEE 802.11f is the IEEE standard for spectrum and transmit power management in
the 5 GHz band. The standard solves problems like interference with rador in some
European countries. It provides Dynamic Frequency Selection (DFS) and Transmit
Power Management (TPM). DFS means the channal selection to reduce interference
to rador. TPM means the average power is less than the regulatory maximum power to
decrease interference to rador.
3.2 WLAN ArchitectureIEEE defines two types of architecture on wireless LAN 802.11: ad hoc mode and
infrastructure mode. The 802.11 architecture is comprised of several components such
like basic service set (BSS), service set (ESS), distribution system (DS). In this
section, we will introduce two architectures and their components on wireless LAN
802.11.
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 10/44
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 11/44
7
Figure 3.2 Infrastructure mode
3.2.3 Basic Service Set (BSS)
Ad shown in Fig 3.3, A BSS is a group of 802.11 stations or devices comunicating
with each other. We can know the framework from Fig 3.3. A BSS requires an access
point which is the central point of communicaqtion for all stations. The stations do not
communicate directly with each other. They first communicate with the access point,
and then access point delivers the frames to the destination stations.
D i s t r i b u t e d s y s t e m ( D S )
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 12/44
8
Figure 3.3 Basic Service Set (BSS)
3.2.4 Extened Service Set (ESS)
An ESS is composed of two or more BBSs. In other words, the collection of BBSs is
known as ESS. BSSs communicate via distribution system (DS). Fig 3.4 shows an
atthitecture of ESS. The DS can be wired or wireless network, but for the most part,
DS uplinks are wired network.
Figure 3.4 Extened Service Set (ESS)
3.2.5 Distribution System (DS)
A distribution system is a system that interconnects several BSSs. DS can be
constructed of either a wired network or wireless network but usually wired network.
The system provides five services: association, de-association, re-association,
distribution, and integration, we now start to introduce the details of five services.
Association:
The association service is used to make a connection between a mobile devices and an
access point. Each device must become associated with an access point before it is
D i s t r ib u t e d s y s t e m ( D S )
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 13/44
9
allowed to send data through the access point to the distribution system. The
connection is necessary for the distribution system to know where to deliver data to
the mobile station.
De-association:
The de-association is used to disconnect between mobile devices and an access point.
The situation is occurred when the mobile devices no longer require the service of
distribution system. If the station or wireless devices want to obtain the service, it
must begin a new association with access point again.
Re-association:
The re-association service is similar to the association service. The situation is
occurred when the mobile devices leave the ESS, lose connection with the access
point that it is associated, and need to become associated with a new access point.
Distribution:
Distribution is the primary service used by an 802.11 station. The devices uses the
distribution service every time it sends MAC frames through the distribution system.
The distribution service provides the distribution with only enough information to
determine the proper destination BSS for the MAC frame.
Integration:
The integration service connects the 802.11 WLAN to other LANs, including one or
more wired LANs or 802.11 WLANs. The integration service delivers 802.11 frames
to another network or from other networks to 802.11 WLANs.
3.3 Authentication in 802.11Because WLANs have limited physical security to prevent unauthorized access,
802.11 defines two authentication modes, namely open system authentication and share
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 14/44
10
key authentication to control access to WLAN. The goal of authentication service is to
provide access control equivalent to a wired LAN.
After authentication and association process, wireless devices can begin to transmit
and receive data. If wireless devices are configured with a key that different from
access point, the devices will not be able to encrypt or decrypt data frames correctly.
Consequently, the frames will be discarded by both the client and the access point. In
this section, we will first introduce open system authentication and then shared key
authentication.
3.3.1 Open System Authentication
This is the default authentication method, which is very simple. There are two
message exchanges in open system authentication. The steps are shown in Fig 3.5.
First the supplicant who wants to authenticate with authenticator sends an
authentication management frame containing the sending supplicant’s identity.
According to the identity, the authentication result is sent from the authenticator back
to the supplicant.
Figure 3.5 Open System Authentication
3.3.2 Shared Key Authentication
Unlike open system authentication, shared key authentication requires that the
wireless devices and access point have the same WEP keys. There are four messages
S u p p l i c a n t a u t h e n t i c a t o r
A s s o c i a t i o nr e q u e s t
A s s o c i a t i o n r e s p o n s e
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 15/44
11
exchanged as shown in Fig 3.6. The following summaries the share key
authentication process:
1. The supplicant sends a registration request that contains the identity of supplicant to
the authenticator.
2. The authenticator then responds with a plaintext challenge packet to the supplicant.
3. The supplicant encrypts the challenge packet using the shared WEP key and sends
the result back to authenticator.
4. If the authenticator can decrypt the response packet and retrieve the original
challenge, he sends the supplicant a success message.
Figure 3.6 Share-Key Authentication
3.4 Encryption and DecryptionWireless networks ensure its security through the use of various security protocols,
encryption algorithms, and authentication methods. IEEE first ratified WEP as a
solution to wireless security. But WEP has some flaws in its implementation and its
design. For this reason, WEP was replaced by the WiFi alliance with a subset of the
supplicant
1. registration request
2. challenge (a random number R)
3. response (sign R by shared key)
4. build up authentication relationship
authenticator
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 16/44
12
802.11i protocol, which called WPA. WPA was intended to still have security
concerns in wireless network. When the IEEE ratified the 802.11i protocol in 2004,
the WiFi alliance adopted the protocol as WPA2. In section 3.4, we first introduce
WEP in section 3.4.1; include its encryption and decryption algorithms, and then
introduce WPA in section 3.4.2. Finally, WPA2 is introduced in section 3.4.3.
3.4.1 Wired Equivalent Privacy (WEP)
WEP is a part of IEEE 802.11standard ratified in September 1999. WEP uses the
stream cipher RC4 algorithm for confidentiality and and the CRC-32 for integrity.
Standard 64-bit WEP uses a 40 bit key, which is concatenated to a 24-bit Initial Vector
(IV). WEP encryption is depicted in Fig 3.7. The Initial Vector (IV) and secret key are
passed into RC4 algorithm to generate the encryption key, also called RC4 key. On
the other hand, the plaintext message is used to generate Integrity Check Value (ICV),
which is appended to the message. The ciphertext is produced by XORing the RC4
key with the combined the message and ICV. After XOR operation, the result is
transmitted to the wireless network.
IV IV
IV KeyCipherText
ICV
RC4PRNG
Key
Plain text Plain text CRC32
CRC32
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 17/44
13
Figure 3.7 Wired Equivalent Privacy (WEP) encryption.
In contrast, WEP decryption as shown in Figure 3.8, the received encrypted
packet consists of the Initial Vector (IV), ciphertext, and ICV. Initial Vector is not
encrypted while transmitted. The IV is concatenated with the shared secret key and
passed into RC4 algorithm to produce the “key stream.” The decrypted data
(plaintext) is obtained by XORing the “key stream” and ciphertext with the ICV. Then
the plaintext uses the same integrity algorithm (CRC-32) when used in WEP
encryption to generate new ICV. This ICV is compared with the original ICV
appended to the data. If the two ICVs match with each other, the data is valid.
Otherwise, the data must be modified during the transmission and will be rejected by
the system.
Figure 3.8 Wired Equivalent Privacy (WEP) decryption.
Two main vulnerabilities in WEP are the use of a 32-bit CRC checksum and a
24-bit Initialization Vector (IV) for the encryption algorithm. The CRC checksum is
intended to detect unintentional errors in the packet. Attackers can still modify the
packet and calculate a new CRC checksum as if the packet was not modified. The
problem with the 24-bit IV is that the IV domain is not large enough to guarantee use
IV
CipherText
ICV
Key
IV KeyRC4
PRNG
Plain text CRC32
CRC32 CRC32'
CRC32=CRC32'Wrong
data
RightdataYes
No
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 18/44
14
only for once. Attackers can observe sufficient network traffic to completely exhaust
the entire domain of the 24-bit IVs. The attacker can eavesdrop two encrypted packets
with the same IV to reduce the probability of cracking the encryption key.
Consequently, WEP is insecure.
3.4.2 Wireless Protected Access (WPA)
To cope with the weaknesses of WEP, the Wi-Fi alliance attempts to offer a better
security solution than WEP. This subset protocol is called Wireless Protected Access
(WPA). WPA specified the Temporal Key Integrity Protocol (TKIP) that replaced the
weak 32-bit CRC checksum with a strong HMAC checksum. In addition, WPA adds a
Message Integrity Check (MIC) based on the Michael algorithm, and replaces the
24-bit IV with a 48-bit IV. WPA also defined dynamic key rotation and Extensible
Authentication Protocol (EAP) to allow strong authentication in wireless LAN. WPA
is intended for upgrading legacy systems that use stream cipher RC4 and secure
communication protocol WEP. Even though WPA is more secure than WEP, it still
uses RC4 for the compatibility with legacy systems. The use of weak stream cipher
RC4 makes WPA not strong enough against various attacks. For example, it is
possible to monitor initial key exchanges and launch dictionary attacks to break the
key. WPA was never intended as a robust security solution, it is only a better wireless
security solution than WEP when WPA2 was not ratified.
3.4.3 Wireless Protected Access Version 2 (WPA2)
In 2004, the IEEE ratified the 802.11i protocol, which provides Robust Security
Network (RSN) capabilities that is more secure than WEP and WPA. The main
difference between WEP and WPA2 is that the encryption algorithm used in WPA2 is
Advanced Encryption Standard (AES) for data confidentiality. The comparison
among WEP, WPA, and WPA2 are shown in table 3.2:
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 19/44
15
Table 3.2 WEP, WPA, WPA2 comparison
3.5 IEEE 802.1X
IEEE 802.1X is part of IEEE 802.1 group of protocol. It provides point-to-point
connection and prevents access from a port with authentication failure. It is used for
certain access point, and is based on EAP. EAP is an authentication framework used
in wireless networks and point-to-point connections. 802.1X is available on certain
network switches, and can be configured to authenticate hosts which are equipped
with client software, denying unauthorized access to the network at the data link layer.
3.5.1 802.1x Framework
IEEE 802.1x framework is depicted in Fig 3.9. Both supplicant and authenticator have
a port access entity (PAE). The PAE controls the authorized/unauthorized state when
the supplicant is not authenticated successfully. We can find in Fig 3.9 that the
authenticator uses an uncontrolled port to communicate with the supplicant PAE
WEP WPA WPA2
Transport protocol WEP 802.1x/EAP 802.1x/EAP
Encryption algorithm RC4 RC4 AES
Key management NONE TKIP CCMP
Cryptographic digest None MIC MIC
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 20/44
16
before the supplicant is authenticated. In this state, the authenticator blocks all traffic
except 802.1x messages.
802.1x also defines EAP protocol that compresses EAP messages between the
supplicant and authenticator. EAP messages are delivered from the supplicant to the
authenticator server by PAE. In order to let server authenticate user information, the
authenticator PAE compresses the same EAP messages in server (RADIUS) packet
format and sends them to the authenticator server. Once the supplicant is
authenticated successfully, the controlled port is authorized. The supplicant can obtain
services through the controlled port. [J-C CHEN, M-C JIANG, AND Y-W LIU]
“WIRELESS LAN SECURITY AND IEEE 802.11I,” February 2005
Figure 3.9 IEEE 802.1x framework
3.5.2 802.1x Communication/ Authentication
Fig 3.10 depicts a typical 802.1x communication and authentication process between
the supplicant and the authenticator. The following summaries the 802.1x
communication/authentication process:
1. The supplicant sends an EAP-start message to start the communication.
SupplicantPAE
Supplicantsystem
Authenticatorsystem
Service offeredby authenticator
system
AuthenticatorPAE
Authenticatorserversystem
Authenticatorserver
LAN
Controlledport
Uncontrolledport
EAPprotocol
exchangescarried inhigher-layer
protocol
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 21/44
17
2. The authenticator sends an EAP-request identity message to obtain supplicant’s
identity.
3. Upon receipt of the EAP-request/identity message from the authenticator, the
supplicant responds with the EAP-response/identity packet along which includes
the client's identity.
4. Upon receipt of the EAP-response/identity, the authenticator PAE state transits to
the authenticating state and then encapsulates the EAP-response/identity message
in RADIUS-access-request and sends it to the authentication server.
5. The authentication server challenges the supplicants to prove themselves by
sending a RADIUS-access-challenge to the authenticator.
6. The authenticator encapsulates RADIUS-access-challenge in EAP-request/Auth
and then sends to the supplicant. Upon receipt of the message, state of the
supplicant changes to authenticating state.
7. The supplicant respond with an EAP-response/Auth to the authenticator.
8. The authenticator relays to the authentication server in the form of RADIUS-
access-request. The authentication server then either accepts or rejects the client's
request for connection.
9. If the authentication server accepts the connection, it sends a RADIUS-access –
accept to the authenticator and then authenticator PAE state transits to
authenticated state. Afterwards, the authenticator PAE sends EAP-success to the
supplicant.
10. Otherwise, the authentication server rejects the connection, and sends a
RADIUS-access-reject to the authenticator. The authenticator PAE state transits
to the held state, and then sends EAP-failure to the supplicant.
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 22/44
18
Figure 3.10 802.1 x Communication/ Authentication
3.5.3. 802.1x Key Management
In this section, key management of the authentication process in IEEE 802.1x is
described. Both the four-way handshake and group-key handshake are introduced.
Fig 3.11 gives the four-way handshake messages exchanged. In the four way
handshake, the authenticator first sends an Anonce and key information to the
supplicant. Anonce is a nonce value generated by the authenticator and will only be
used once. After receiving the first message, the supplicant checks the validity of the
message by using the “replay counter.” The “replay counter” will be incremented by
each EAPOL-key message. Once the “replay counter” is smaller or equal to the value
kept in the supplicant, the message will be discarded. Otherwise, the supplicant sends
the second message that contains its own nonce-value ( SNonce ), key information,
message integrity code (MIC), and supplicant’s RSN IE ( Robust Security Network
s u p p l i c a n t
E A P O L - s t a r t
A u t h e n t i c a t i o ns e r v e r
E A P O L - r e q u e s t / i d e n t i t y
A u t h e n t ic a t o r
E A P O L - r e s p o n s e / i d e n t i t y
R A D I U S - a c c e s s - r e q u e s t
R A D I U S - a c c e s s - c h a l l e n g eE A P - r e q u e s t / A u t h e n t ic a t i o n
E A P - r e s p o n s e / A u t h e n t ic a t i o n
R A D I U S - a c c e s s - r e q u e s t
M u l t i - r o u n d a u t h e n t i c a t i o n m e s s a g e e x c h a n g e s
R A D I U S - a c c e s s - a c c e p t
E A P - s u c c e s s
R A D I U S - a c c e s s - r e j e c t
E A P - f a i l u r e
E A P - l o g o f f
A u t h e n t i c a t i o nm e s s a g e e x c h a n g e
A u t h e n t ic a t i o ns u c c e s s
A u t h e n t ic a t i o nf a i l u r e
l o g o f f
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 23/44
19
Information Element ) to the authenticator. RSN IE carries RSN security information
including RSN capabilities, authentication, and cipher key selectors. An RSN IE can
be used to distinguish between pre-RSN stations and RSN-capable stations .
RSN-capable stations shall include the RSN IE in beacons, probe response,
association and re-association request, and the second and third messages of the
four-way handshake. In contrast, there is no RSN-IE in messages sent by pre-RSN
stations.
Upon receipt of the second message, the authenticator checks the validity of the
message by using the “replay counter.” Besides, the authenticator also verifies the
MIC. If the MIC is incorrect, the message is discarded. Otherwise, the authenticator
sends the thirds message which contains Anonce , key information, MIC, and
authenticator’s RSN IE to the supplicant.
Upon receipt of the third message, the supplicant validates the message by checking
the “replay counter.” It then compares the RSN IEs. If the RSN IEs are different, the
connection between the supplicant and the authenticator will be disconnected. If RSN
IE is correct, the supplicant checks the MIC later. The supplicant sends back the
fourth message if the MIC is valid.
When the authenticator receives the fourth message, it first checks the “replay
counter.” If the “replay counter” is valid, it then keeps a check on MIC. The four-way
handshake is completed if the MIC is valid.
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 24/44
20
Figure 3.11 IEEE802.1x four-way handshake
The group key handshake is shown in Fig 3.12. It is performed after the four way
handshake. The authenticator first sends the message which contains key information,
MIC, and GTK (Group Temporal Key) to the supplicant. After receiving the first
message, the supplicant checks the validity of the message by using the “replay
counter.” It then checks the MIC if the “replay counter” is valid. The supplicant sends
back the second message includes key information and MIC to the authenticator if
MIC is valid. Once the second message is received by the authenticator, the
authenticator checks the validity of the message as before. If the “replay counter” and
the MIC are valid, the group key handshake is completed.
1.EAPOL-key (key_info, Anonce)
2.EAPOL-key (key_info, Snonce, MIC, RSN IE)
3.EAPOL-key (key_info, Anonce, MIC, RSN IE)
4.EAPOL-key (key_info, MIC)
AuthenticatorSupplicant
Authenticator delivers anothernonce to AP so that it can
generate PTKSupplicant delivers anothernonce to AP so that it can
generate PTK
Ensure PTK is fresh
This frame servers only asan ACK
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 25/44
21
Figure 3.12 IEEE802.1x group key handshake
3.6 802.11i
IEEE 802.11i provides two classes of security mechanisms for wireless networks to
improve security, namely, pre-RSN and RSN security mechanisms. The pre-RSN
security mechanism includes the original security mechanism in the IEEE 802.11
specifications such as shared key authentication for validating an unfamiliar station,
and using WEP to enhance the confidentiality by protecting the transmitted data.
The second one is RSN security mechanism , which is constructed from many different
security mechanisms. The components of RSN will be introduced in the following
sections.
3.6.1 RSN (Robust Security Networks)
IEEE 802.11i has a working group on the MAC layer that is named Task Group I
(TGi). TGi focus on the research of enhancing the security of IEEE 802.11i, and its
EAPOL-key(key_info, key ID,keyRSN, MIC, GTK)
EAPLO-key(key_info, MIC)
Supplicant Authenticator
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 26/44
22
main mission of is to define a standard named robust security networks (RSN). RSN
is defined according to the IEEE 802.11i draft. It allows two devices in a wireless
network to construct a robust security network association (RSNA) to ensure the
security. In this network, all the APs and stations contribute many RSNAs, and the
RSN is formed by a large number of RSNAs. RSNA has also been defined in IEEE
802.11i draft. It began its measure by applying a four-way handshake, which is
described earlier to make sure that both communication parties get a valid pairwise
master key (PMK), establishes the temporal key, and confirm the cipher method used
in the following session..
The RSNA focuses on the authentication frameworks such that using 802.1X, and it
transits the authentication services and maintains the key management mechanisms,
Four-way handshake provides much more robustness for managing the session keys.
But it is not enough for just provide the authentication methods for a goal to achieve a
robust and secure network, for many threats may occur. For confidentiality, IEEE
802.11 standard chooses some cryptography algorithms to ensure the confidentiality of
the transferred data, some hash functions for checking integrity of transferred frames
and the data origin authentication, and some other algorithms for key generation. All
of these algorithms have the same characteristics, that is, they are all symmetric
algorithms. These algorithms are listed below.
Confidentiality:
TKIP (RC4)
WEP (RC4)
CCM (AES - CTR)
NIST Key Wrap
Integrity:
HMAC – SHA – 1
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 27/44
23
HMAC – MD5
TKIP (Michael MIC)
CCM (AES – CBC – MAC)
Key generation:
HMAC – SHA – 1
RFC 1750
Proprietary
3.6.2 Key Hierarchy
The security of keys is particularly important in 802.11 because the data
confidentiality relies on the protection and use of the keys. 802.11i introduce the
key hierarchy which needs to meet the following requirements:
1. Keys should be generated randomly for reducing the probability that any adversary
can get it by guessing.
2. Keys need to be changed frequently to prevent sophisticated cryptanalysis.
3. To protect enciphered data, keys should be protected in storage.
4. Keys cannot be eavesdropped while transmitted.
5. Keys should be deleted when not needed.
In order to achieve these requirements, “key management” scheme is needed which
defines “the process of handling and controlling cryptographic keys and related
material (such as initialization values) during their life cycle in a cryptographic
system, including ordering, generating, distributing, storing, loading, escrowing,
archiving, auditing, and destroying the material” [S. Frankel, B. Eydt, L. Owens, K.
Kent]. IEEE 802.11i has met the requirements and leave the details open for
implementation.
For pre-RSN or older security policies in 802.11, key management is not included in
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 28/44
24
the specifications because WEP only uses a single key for all devices in a wireless
local area network, and they key is entered manually. There is no need to distribute
keys to stations.
In RSN systems, RSNA needs keys for encryption, integrity, and authentication. This
makes the legacy method inefficient because each key is distributed manually. IEEE
802.11i specifications define two key hierarchies for RSNAs. One is Pairwise Key
Hierarchy, designed for unicast protection. The other is Group Key Hierarchy for
multicast/broadcast protection. The following is the introduction to these two key
hierarchies.
Pairwise Key Hierarchy
Figure 3.13 shows the key hierarchy of pairwise key hierarchy. The two keys on top
of the whole hierarchy are called root keys. The root keys are the basis of all other
keys in the key hierarchy. The two root keys in Pairwise Key Hierarchy represent two
ways other keys may be set up in an 802.11 RSNA device. Details are described as
follows :
Pre-Shared Key (PSK): A PSK key should be put into wireless devices before
establishing, and the delivery of the key should in an out-of bound channel, that is, the
establisher may need input the key into device manually. In the 802.11i standard,
there is no specification for how to generate or distribute the PSKs. The
implementation of generation or distribution of PSKs is left to the implementers.
The PSKs can be generated using any kind of pseudo random generator and distributed by
a USB device which can be brought to anywhere, etc. No matter how the PSK is generated
or distributed, the implementer should be careful for any possible threats and design
the process of key distribution in an effective fashion.
Authentication, Authorization, and Accounting Key (AAA Key) : An AAA key,
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 29/44
25
which is also called Master Session Key (MSK), is handed over through the
Extensible Authentication Protocol (EAP) to APs when establish an RSNA. The AAA
key will be changed every time a user authentication request is invoked, and an AAA
key will be used in a user’s session. The AAA key expires when its lifetime ends or
the user initiates re-authentication. For the delivery of the AAA key, it needs EAP
authentication method to provide key generation method. All of the EAP mechanisms
that support RSNs should have the capability to generate the AAA key for the RSN.
The EAP method to be selected is up to the implementer’s decision. Different AP or
STAs may have different implementation of EAP methods.
Figure 3.13 Pairwise key hierarchy
In the Figure 3.13, a Pairwise Master Key (PMK) will be derived from the two root
keys, either the PSK or the AAAK. The PMK is used as a key-generating key, which
is used for generating another key Pairwise Transient Key (PTK). The PTK is
derived from the MAC addresses of STA and AP, and a nonce created each time in the
key generation process. The STA and AP addresses are used to protect against session
hijacking and impersonation, the nonce is used to add additional random material. A
Pre-Shared Key AAA key
Pairwise Master Key
Pairwise Transient Key
256 bits >=256 bits
256 bits
384 bits for CCMP512 bits for TKIP
Possible truncation
PRF
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 30/44
26
PTK is composed of three components as follows:
EAP over LAN (EAPOL) Key Confirmation Key (EAPOL –KCK): the
EAPOL–KCK’s purpose is to provide the integrity and the data origin authenticities
for the STA–to–AP control frames during the setup of the RSN. The process also
performs proof–of–possession of the PMK.
EAPOL Key Encryption Key (EAPOL -KEK): EAPOL–KEK can provide
protection for confidentiality of keys or data in some RSN processes.
Temporal Key: Temporal Key ( TK) is used to encrypt and protect all the user traffic.
Figure 3.13 shows length of the keys. The two root keys, PSK is of 256 bits long, and
on the other hand the AAA key can be of 256 bits long or larger. PMK is 256 bits long,
and it needs a pseudo-random function to deliver the TK. The length of the TK may
be different for different confidentiality and integrity protocols used. In this case,
512 bits for TKIP and 384 bits for CCMP are used. The components of these two
different TK are shown in Figure 3.14.
Figure 3.14 Transient key components
Group Key Hierarchy
Pairwise transient ke
EAPOL KCK EAPOL KEK TK
EAPOL KCK EAPOL KEK TK MIC key
128 bits 128 bits 128 bits
128 bits 128 bits 128 bits 128 bits
TKIP
CCMP
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 31/44
27
Another key hierarchy is Group Key Hierarchy shown in Figure 3.15, and the key
derived from PMK is called Group Temporal Key (GTK). GTK is usually generated
by the AP and delivered to its associated STA. The generation of a GTK is still
undefined in IEEE 802.11 specification, and it depends on the implementation of
different implementers. But every implementation should obey the rule that the value
must computationally indistinguishable from random.
Figure 3.15 shows that GTK is 256 bits long for TKIP and 128bits long for CCMP.
Its standardization is still underway.
Figure 3.15 Group key hierarchy
3.6.3 Temporal Key Integrity Protocol (TKIP)
Although the RSN can provide some security mechanisms to enhance the security of
IEEE 802.11 wireless network, the legacy devices may not have the capability to
implement the mechanisms. For enhancing the security of legacy devices, pre-RSN
was defined and TKIP is used for replace the WEP protocol. TKIP is a set of
algorithms wrapping WEP. TKIP adds four new algorithms to WEP: a cryptographic
Pairwise transient keyPairwise master key
TKIP - GTK
GTK GMK GTK
TKIP - GTK CCMP - GTK
128 bits256 bits
PRF
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 32/44
28
Message Integrity Code (MIC) called Michael to exclude forged packets, an IV
sequencing discipline to remove the replay attack, a per-packet key mixing function to
de-correlate the IVs from weak keys and a re-keying mechanism to provide fresh
encryption and integrity keys. This section will show all of the TKIP features, the
encapsulation and de-capsulation procedures, and some countermeasures.
The following is the feature of TKIP in IEEE 802.11:
1. Use RC4 algorithm for confidentially protection
2. Use Michael message digest algorithm to check the integrity against modification
attacks.
3. Apply the frame sequencing mechanism for replay prevention.
4. Refresh the encryption key for each frame, it’s used to defend an attack named
Fluhrer-Mantin-Shamir (FMS) attack, which can break the WEP-based WLAN.
5. Implement countermeasures when the SPAs or APs find a MIC error, this error
usually means there exists some active attack.
TKIP Encapsulation
TKIP encapsulation is established from the WEP, but it includes some additional
techniques through software, because it is required to be usable on legacy devices.
The following is main features for TKIP encapsulation
1. In the Michael message digest algorithm, there needs two 64–bits message integrity
keys for producing the message integrity code. Each key is used for each half
transmission between the STA and AP. The MIC is computed from user data,
source address, destination address and priority bits for checking data integrity.
TKIP also provide some countermeasure to mitigate the threats invoke by attackers,
because the attackers can forge the MIC.
2. In the each frame, TKIP adds an additional sequence counter for avoiding replay
attacks. The receiver drops the frame not in order.
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 33/44
29
3. Using a two-phase process to mix the cryptographic key refreshed per sending
frame, TK and sequence counter are required to create the dynamic key. The key
mixing function is shown in Figure 3.16. The key mixing function, also called
temporal key hash, produces the 128-bit RC4 per-frame encryption key. This function takes as
input the 128-bit Temporal Key (TK), the 48-bit Transmitter’s Address (TA) and 48-bit IV.
The 48-bit IV is often called the TKIP Sequence Counter (TSC). The 32 most significant bits
of the TSC are represented by IV32 and the 16 least significant bits of the TSC are represented
by IV16 here. The key mixing function outputs 128-bit WEP key, the three first bytes of which
are derived from the TSC. TKIP key mixing has two phases. The input to phase 1 is
TK, TA and IV32. The output of phase is 80-bit Phase 1 Key (P1K). The P1K will
be part of the input to phase 2. P1K is the same for consecutive frames from the
same TK, TA and IV32. Therefore, P1K is often calculated only once for the first
frame and is cached for the next phase, though it can be calculated for every framein theory. In phase 2 it takes as input P1K, TK and IV16, and outputs the 128-bit
WEP key for the RC4 encryption algorithm. d is a dummy byte designed to avoid
weak keys. The key mixing process can be described as follows:
P1K = Phase1 (TK, TA, IV32)
RC4Key = Phase2 (P1K, TK, IV16)
Figure 3.16 TKIP key mixing
Upper 32bits Lower 16bits
IV IV Per acket ke
Phase 1
Phase 2
48-bit TA
TK
D
128-bit TK48-bit IV (TSC)
RC4 encrypted key
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 34/44
30
The procedure for TKIP encapsulation is shown in Figure 3.17
Figure 3.17 TKIP encapsulation
TKIP decapsulation
In the de-capsulation, it comes with some checks. The first is the check for the
sequence order. The frame will be discarded if it is out of order. The MIC is the
following one. It compares the MIC in the frame and the MIC computed by the
receiver itself. The countermeasures are invoked if the two MIC is not matched.
Figure 6 – 6 shows the procedure of TKIP de-capsulation.
Phase 1
Phase 2
Michal
Fragmentation
WEP enca sulation
TTAK
Sequence SA+DA+MSDU
MAC Protocol
MSDU plaintext
MSDU plaintextWEP WEP key
Encrypted MDPU
TK TA MIC key
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 35/44
31
figure 3.18 TKIP decapsulation
TKIP countermeasures
Countermeasures are used when the MIC check is failed. Michael MIC check is much
more stronger than usual CRC check, but it is still a weak protection against existing
attacks, and the countermeasures is needed for any failure of the MIC checks.
The following is the countermeasures:
1. Logging security events: Active attacks may occurs when the MIC check failed, the
system administrator should check the events
2. Limiting MIC failures: For a large number of attacks in a limited time, the attacker
may learn what the Michael key is. Therefore, it is required to limit the MIC failures
in a limited time. For example, permit 3 failures per minutes.
3. Changing the PTK or GTK: re-initialize the temporal key.
4. Blocking the IEEE 802.1X ports: block the control ports since the authentication
mechanism is used.
Reverse mixing IVPhase 1ke mixin
Phase 2key mixing
TKTKIP TSC
WEP
Recombination
Michael
MICcheck
MIC ke
MDPU plaintext
MIC'
MIC sucess
WEP seedOrderedMDPU
encrypted
Discardnon-orderedMPDU
TSC
countermeasurefail
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 36/44
32
3.6.4. Counter Mode with Cipher Block Chaining MAC Protocol (CCMP)
CCMP is another protocol for protect data confidentiality and integrity, but contrast to
TKIP, CCMP is created with no constraint with old devices, and it is considered as a
long-term solution for the IEEE 802.11 WLAN.
CCMP uses CCM, which is an encryption block cipher mode for AES CCM can
applied to any 128-bit long cipher system. There are two important components in the
CCM: counter mode(CTR) and Cipher Block Chaining MAC (CBC-MAC) Protocol.
Figure 6 – 7 and 6 – 8 shows the CTR and the CBC protocol.
The following are the features of CCMP:
1. Use only one key for encipher and integrity check to improve the prerformance
2. Provide integrity check for both frame header and the frame payload.
3. Can compute some parameters for cryptography before the process for the frame,
this can reduce the execution time for the mechanisms for security.
4. Less costs due to small fsoftware and hardware implementation size.
5. Minimize the size for security related fields.
6. No additional patents
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 37/44
33
figure 3.19 Counter mode
Figure 3.20 CBC mode
CCMP Encapsulation
Counter
AES
XOR
Counter+1
AES
XOR
M1 M2
IV XOR
Encr tion Encr tion
XOR
C hered C hered
Block1 Block2
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 38/44
34
Following is the main steps of CCMP encapsulation:
1. Increases the packet number (PN) for each individual session
2. Derive nonce using the PN and part of the address field.
3. Compose the CCMP header from the Temporal Key ID and the PN.
4. Build the Additional Authentication Data by frame header (AAD)
5. Use nonce, AAD, and the plaintext data as the input to CCM with the TK as the
key.
6. Concatenate the packet header, the CCM header, and the enciphered data as the
ciphertext frame.
Figure 6 – 9 shows the encapsulation of CCMP.
figure 3.21 CCMP encapsulation
CCMP Decapsulation
Main steps of decapsulation of CCMP protocol is the following:
1. Parse the frame to rebuild the AAD and nonce, AAD comes from the header.
Increment PN
Construct Construct
Construct AAD
CCM encryption
MAC header Data
MAC header CCM header Encrypted data MIC
PNKeyIDA2
TK
AAD
nonce
Ciphertext MPDU
4848
48
K=16, M=8, L=2
128 bits
Plaintext MPDU
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 39/44
35
2. Nonce was rebuild from PN and destination address and priority field.
3. Check the MIC.
4. Recover the plaintext by using the TK, nonce, AAD, and the enciphered payload
5. Compare the PN in the frame and the counter counted for the session, the received
one must be the greater one, or the frame will be discarded.
The process for CCMP decapsulation is showed in figure 6 – 10.
Figure 3.22 CCMP decapsulation
3.7 Security threats: passive
Passive security threats are the attacks start by an unauthorized part getting
information about the traffic content. There are two kinds of passive attacks:
eavesdropping and traffic analysis.
3.7.1. Eavesdropping
Construct
Construct AAD
CCM encryption
MAC header Data
MAC header CCM header Encrypted data MICPN
A2
TK
AAD
nonce
PN48
128 bits
K=16, M=8, L=2MDPU
Out-of-se
quence
PN
Plaintext MPDU
Ciphertext MPDU
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 40/44
36
In a wireless network the attacker can easily fetch the frame transfer from one to
another in the same local area network. This characteristic is not bothered by encrypt
and is performed for different purpose.
3.7.2. Traffic Analysis
According to last section, the attacker can get the information from the frame no
matter what it is. Not only the content of payload is the target, other fields may
provide some information of the key or about the MIC check, analyze these fields
may find some part information about the key information and let the attacker have
the chance to break the encryption or forge another MIC data.
3.8 Security threats: activeActive security threats are the attacks that may modify the content or traffic of
messages. Sometimes the active attacks will success due to lack of defense
mechanisms. Active attacks involves message injection/active eavesdropping,
message deletion and interception, masquerading and malicious AP, session hijacking,
man-in-the-middle attack, DOS attack.
3.8.1 Message Injection/Active Eavesdropping
Attackers can modify the content of the frame or other field by using some modified
devices, though most of the devices was equipped to allow only 802.11 traffic. In this
condition, the attacker can pass the integrity check by modify the MIC field, or
modify the payload of a frame used for replay attack in a no replay attack prevention
system.
3.8.2 Message Deletion and Interception
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 41/44
37
It seems impossible to delete a packet send in a wireless channel, for the characteristic
of the wireless network. But there still exist methods to delete a frame in the wireless
channel. It needs another antenna for interfering the receiver’s antenna, after the
interfering the receiver will get a interfered frame and the integrity check may not
pass. At the last the receiver can only drop the received packet, and the attacker
achieve his goal.
The way to message interception is alike the step of message deletion. But for
interception, the attacker should have the ability to control the frame sent to the
receiver. That is, the attacker can decide which packet will be sent and which will be
discarded. To achieve this, the attacker need an antenna to delete the frame sent to the
remote antennas, and another one get the frame. By the content in the frame, the
attacker decides whether the packet will be sent or not. The receiver can only receive
chosen frame and does not know there is an attacker interfering the frames, and
modify or create other frame will be sentlate to the receiver.
3.8.3 Masquerading and Malicious AP
if there is no protection or integrity check about the MAC address, the attacker can
easily modify the MAC address in its frame. It is more dangerous if the system use
only the MAC address to identify another wireless device. So it is easy for an AP to
masquerade as another AP, the STAs can also do this by spoofing. It is dangerous for a
station associated with a malicious AP.
3.8.4. Session Hijacking
Session hijacking is happened when a session pass the authentication process. for an
authenticated device, the attacker can disconnect it from this session. The second step
the attacker masquerade as the victim and send and receive frames as the victim in the
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 42/44
38
session. But there has some mechanism to prevent this kind of attack, such like the
protection of confidentiality and the integrity. In this circumstance, the attacker can’t
create valid frame to communicate with the AP, and the session hijacking can’t get
any benefit.
3.8.5. Man-in-the-Middle attack
Contrast to message interception, the man-in-the-middle attack need to
participate in the connection. If the attacker is not in any connection, it
need to try to break another connection, and then involved into the
connection to derive the man-in-the-middle attack. The attacker need to
act as aP for the victim station and act as a station to the victim AP.
Another way to implement man-in-the-middle attck is do the ARP
spoofing just like in wired LAN.
3.8.6. DOS attack
DOS attack includes three main kinds of attack.
beacon flood
Lots of attackers masquerade as different APs and send lots of frames with different
SSID to make the station sees ten or hundreds of APs in the network and make the
traffic of the station slower.
authentication flood
Using a similar method as the last section but masquerading as lots of stations in this
section. The attacker can send a large amount of authentication frames to the AP, since
the AP spends a slice of time to process the authentication request, the authentication
frames can hang the AP.
deauthentication flood
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 43/44
39
The victim of deauthentication flood is a pair of AP and STA. Because the
deauthentication frame is not encrypted, attackers can deauthentication any session
easily. Large numbers of deauthentication frame nay make the pair of AP and STA
spends lots of time in establishing connection.
3.9 Summary
With the development and enhancement in 802.11 wireless networks, this technique is
widely spread. Although the nature wireless network make the message transferred on
the fly get exposed easily, it is still become much more popular. The IEEE 802.11
alliance select WEP as their solution to provide security as the wired network, but
WEP is proved a weak method in few years later. To fulfill the secure requirement for
802.11 WLAN, IEEE 802.11 provides a much more complete solution, 802.11i.
802.11i provides lots of security features such as adopting 802.1X port-based access
control to support authentication and access control, two classes of key hierarchy for
key generation and distribution, two protocols for enhancing data confidentiality and
integrity in pre-RSN and RSN environment.
The threats are also discussed. Various kinds of attack and threats occur in reports
everyday and become more complicated. Though the secure mechanisms have large
growth, there still no one can ensure the 802.11wireless network is safe.
3.10 Reference[Arbaugh 01] William A. Arbaugh, Narendar Shankar, Y.C. Justin Wan “Your 802.11
Wireless Network has No Clothes,” Mar. 2001
[CHENG 05] Jyh-Cheng Chen, Ming-Chia Jiang, and Yi-Wenliu “Wireless LAN
security and IEEE 802.11i,” Feb. 2005
8/14/2019 A survey on wireless networks-final report.pdf
http://slidepdf.com/reader/full/a-survey-on-wireless-networks-final-reportpdf 44/44
[Frankel 06] S. Frankel, B. Eydt, L. Owens, K. Kent “Draft Guide to IEEE 802.11i
Establishing Robust Security Networks,” June 2006
[Gable 05] Eliot Gable “802.11WirelessAuthentication and Encryption,” Mar. 2005
[He] C. He, J. C. Mitchell, “Security Analysis and Improvements for IEEE 802.11i ”
[Karygiannis 02] Tom Karygiannis, Les Owens ”Wireless Network Security 802.11,
Bluetooth and Handheld Devices,” Nov. 2002