802.

11 Security

COEN 150 Winter 2005 Philippe Huibonhoa & Chris Williams

Table of Contents
Abstract Introduction 802.11 overview Wireless Proliferation Wireless in Government Security Standards Wired Equivalency Privacy Symmetric Keys and Key Generators IV Collisions RC4, IVs, and the FMS Attack Surviving with WEP WPA WPA a Closer Look WPA Weaknesses 802.11i Additional Risks Evil Twin/Rogue Access Point Solutions to Evil Twin and Rogue Access Point Wardriving Warchalking Sniffing Solutions to Sniffing Other Security Measures Security Risks Tools Conclusion Appendix A: Charts and Figures Figure 1 (802.11 Standards) Figure 2 (WEP Encryption) Figure 3 (Exploiting XOR during IV Collisions) Figure 4 (802.11i 4-Way Handshake) Figure 5 (Warchalking Symbols) Appendix B: RC4 Code KSA PRGA Appendix C: Examples of MAC Address Attacks Brute Force attack against MAC Address Authentication Code that generates fake MAC addresses Works Cited 2 3 3 3 4 5 5 6 7 9 10 10 11 12 12 13 13 14 15 16 16 17 17 19 19 20 21 21 21 21 22 22 23 23 23 24 24 24 25

-1-

Abstract
Undoubtedly, wi-fis most attractive feature is unlimited mobility, but with this added power comes large security risks. Almost anyone in the right spot can get immediate access to the network. This can be a great thing for libraries or places offering free Internet but a nightmare for corporations wishing to keep their networks private. This paper will explore some of the security mechanisms and threats of the 802.11 group of wireless technologies, primarily 802.11a, 802.11b, and 802.11g. We will first briefly discuss how 802.11 works and the different competing standards in the group, as will as the proliferation of wireless networks throughout residential, public, commercial, and corporate buildings, and what this means in terms of information assurance. We will then examine the various methods for securing 802.11 and focus on how the Wired Equivalent Privacy (WEP) works and how hackers are able to break it. We will also discuss other alternatives to securing wireless networks such as MAC address filtering, and new encryption standards such as Wi-Fi Protected Access (WPA) and 802.11i. We will then cover some of the tactics and tools hackers might use to help them penetrate these security features, such as packet sniffing and wardriving.

-2-

Introduction
802.11 Overview The introduction of laptops to the consumer sphere marked a new age where mobility and portability became major issues in computing. Users dreamt of accessing their networks free of the hassle of cables and cords. They dreamt of a wireless LAN. And many companies responded by developing short-range radio transmitters and receivers for those users; the problem was that none of these products were compatible. Consequently the IEEE (Institute of Electrical & Electronics Engineers) developed a standard for wireless networking called 802.11. The three most prominent standards used today are 802.11a, 802.11b, and 802.11g (see Figure 1, Appendix A for details). While 802.11a can deliver up to 54Mbps worth of data, it operates at a much higher frequency (5Ghz) and has a much shorter range than 802.11b, which has a maximum of 11Mbps but has 7 times more range than 802.11a. Of course anytime there are two different solutions with their own advantages and disadvantages, you can always combine them to the benefits of both. 802.11g does just that. 802.11g operates at the 2.4Ghz band with a similar range as 802.11b, but has a theoretical max bandwidth of 54Mbps (Tanenbaum, 295). Wireless LANs are capable of operating in two modes. The first uses a base station or access point to send any communications among nodes in the network. The second, an ad-hoc network, allows computers to talk amongst themselves without a central station. It is important to note that, similar to wired networks, nodes within a wireless network hear any transmissions sent by them (Tanenbaum, 69). This is a useful trait in that it helps nodes avoid sending signals at the same time, which lead to messages colliding (essentially turning both messages into garbage), but it also allows nodes to sniff any traffic they might come across. The ability to sniff traffic is an essential tool for hackers trying to compromise a network. Wireless Proliferation The popularity of wireless networks is growing globally in todays economy. Establishments including hotels, coffee shops (most notably Starbucks), malls, airports, bookstores, restaurants, and even rental car offices have made 802.11 networks available to customers. Due to the fact that wi-fi is a relatively cheap expense for businesses and that it is becoming increasingly popular with customers, hotspots are on their way to becoming ubiquitous. Although not always free to users, 802.11 stands as a value-added service: businesses attract more customers by being able to boast that they offer wireless Internet. As more and more companies utilize this new marketing technique to increase store contact among consumers, newer figures and predictions of 802.11 networks have been released. Such facts include the following: By the end of 2005, people living in metropolitan regions are predicted to spend around 80 percent of their time on local establishments free wireless networks. With demand for wireless networks growing in both the consumer and business market, a faster 802.11 network, 802.11 G, was created in fall 2003. These networks were easily adapted and in turn further increased the demand for wireless access (Waring).

-3-

The number of WiFi hot spots in the United States is anticipated to grow from the current number of 22,000 to 65,000 in 2008 (Simon). As stated by the Telecommunications Industry Association, market expenditures on 802.11 are expected to rise from the 2004 figure of $48 million to $78 million by 2007.

Topping the list of places with newly added 802.11 networks is the city of Grand Haven, Michigan. Although expensive at $44.99 a month for a 512kbps speed, the city hopes to attract people looking for constant Internet service anytime and anywhere: on land or on water. Grand Haven, with a coastal area for boating, is able to extend its wireless network as far as 15 miles off the shore of Lake Michigan. Now year-round, seasonal, and recreational boaters can go online without having to come ashore (Ankeny). Throughout the nation, many towns and cities are supporting initiatives to do what Grand Haven has done. Cities like Philadelphia and Boston have started to detail what would be involved to make their cities completely wireless. Providing wireless networks access to the entire city is a much more complicated than offering 802.11 to only government offices or specific public places, such as libraries or train stations. Major decisions include setting a price for the wireless networks (Philadelphia states that access to its network will be free, while Boston is quoting a price of $10 per month for its users), pinpointing geographic points to place routers, and determining how to fund the costs of the project. Planners for these cities plans ask how these cities would operate their networks compared to typical service providers. Since the cities are not looking to make a profit with their 802.11 networks, their prices would be much lower price than companies such as Comcast or SBC. Boston is looking to act as a local utility provider as Philadelphia is planning to work with a local or national service provider (Viser) (Tedeschi). Wireless in Government While it is still impossible to know whether a large city can truly support wi-fi access throughout its borders, the U.S. government has no doubts that wireless networks are a smart idea for particular branches of its own. Government offices often relocate or expand to larger facilities, many times causing branches to occupy temporary locations. Laying network wire for temporary places is very expensive and space-constraining, as well as useful for only a short period of time. Nowadays, government offices decide to use wireless networks in lieu of installing permanent technology. Thanks to 802.11 networks, for a low cost, employees housed in temporary spaces can have the same network usability as their coworkers working from a different location. Although having an instantaneous Internet outlet is extremely useful and cost effective, wireless networks do pose some threats. Security is a tremendous concern with wireless, especially when it comes to the governments operations and classified information. The U.S. government recognizes that while wireless networks offer numerous advantages, they need to be dealt with on a secure level. To avoid unintentional dissemination of information, the government implements the following policies when dealing with 802.11 (Vacca):

-4-

 Networks should be regularly monitored and checked for rogue access points. Wireless LANs should be treated as unsafe networks and kept outside firewalls. VPNs should be used to authenticate wireless LAN users into corporate and government networks. Wireless LAN traffic should be put into a segregated virtual LAN. Host firewalls should be installed (and always used) on all wireless-enabled clients. The Department of Defense uses even more stringent guidelines to protect its intelligence. In DoD-controlled areas, wireless network procedures are as follows (Vacca): Recognizing the pace of technological change and, therefore, requiring an annual review to keep pace with rapidly evolving technologies. Prohibiting connectivity to classified networks and computers. Prohibiting synchronization with IT devices that aren't approved by a designated approving authority. Allowing the use of wireless devices (e.g., cellular telephones and personal digital assistants) for unclassified data only. Allowing the use of wireless devices in areas where only unclassified information is electronically stored, processed, or transmitted. Allowing use of wireless devices in areas where classified information is electronically stored, processed, or transmitted unencrypted only when there's a documented operational need; the device's infrared, radio frequency and microphone/audio capabilities are disabled; and DCID rules are followed. Requiring punitive action for repeated policy violations that jeopardize the security of the Pentagon and its IT services.

802.11 Security Standards

Wired Equivalency Privacy Wired Equivalency Privacy or WEP is the first generation security standard for 802.11 networks. Unfortunately WEP suffers from a number of architectural and implementation flaws that make it vulnerable to a variety of attacks while giving users a false sense of security. In order to understand these attacks we should first explore how WEP works. The WEP encryption process always begins with a host trying to send information over a wireless connection to another node in the network, whether that is an access point, a computer, or a network peripheral. This information is the message that WEP is responsible for protecting. In order to encrypt the message WEP first performs a 32-bit CRC (cyclic redundancy check) checksum of the message and appends the checksum to the end of the message (Barken). The checksum is used not only for security reasons but also as a means for error detection and correction, because wireless communication is generally more error prone than traditional guided networks (Tanenbaum, 297). The concatenated string of the original message and the checksum forms the plaintext that WEP needs to encrypt.

-5-

At this point we have a plaintext message and a secret key, which was previously shared amongst the access point and all other nodes in the network; enough tools it might seem to safely communicate wirelessly. The job of WEP is complete and we can all sleep soundly, knowing our wireless data is safe. Unfortunately, things are not so simple. WEP uses RC4 (Rivest Cipher 4), a popular stream cipher used in other networking protocols such as SSL and designed by Ron Rivest of the RSA (named after founders Ron Rivest, Adi Shamir and Len Adleman). The most critical rule of RC4 is to absolutely never ever reuse keys for encryption. However, we only have one shared secret key, and thus can only send one packet of encrypted data over our network. Looks like more restless nights lie ahead with the haunting question of how to effectively utilize RC4 encryption for WEP? The solution finally dreamt up by the 802.11 working group is to generate a 24-bit Initialization Vector (IV). They do not specify exactly how to generate the IV whether one should simply count up from 1 or whether it should be random and as you will see later, this lack of guidance well be a major weakness in the security of the WEP algorithm, but for now it does not matter how the IV is obtained so long as it is unique. The shared secret key is then concatenated to the end of the generated IV, and thus we have 224 unique encryption keys for RC4. The IV + shared key combination is fed into the RC4 Pseudo-Random Number Generator (PRNG) and the output is a key stream sequence of equal length to our plaintext message (original message + CRC checksum). To generate the ciphertext, we simply perform an XOR (exclusive-or) on the plaintext and the key stream. Before we are ready to send the ciphertext, however, we must prepend the IV, so that the receiver will be able to decrypt the message. The whole process is generalized in Figure 2 (Appendix A). Decryption is just the process in reverse (Fogie). Several flaws in the encryption process leave WEP highly vulnerable to intrusions and attacks by hackers. From the decision to use RC4 and XOR to the very implementation of IVs and secret keys, WEPs best security feature seems to be the potential that some other access point nearby is not using it. Symmetric Keys and Key Generators The first major weakness with WEP is the use of symmetric keys. Symmetric keys make key management in a large-scale environment almost impossible. Large networks generate a great deal of traffic giving hackers more material to work with, in effect making their job easier. Using a single shared password means that only a single session needs to be compromised for a hacker to gain repeated access to a network. This problem can be minimized by routinely changing the shared password; the problem is it is so much of a hassle that network admins are discouraged from doing so. Changing the key to the network means an administrator must somehow securely convey the new password to everyone on the network. In a large company, for example, how can an administrator guard the secret key when hundreds of people know it? Should the administrator change the key every time someone leaves the company, and if so how can he do so securely and efficiently? The very key, which WEP relies upon, already seems flawed.

-6-

Further weakening the secret key of WEP encryption is the use of key generators. Most access point production companies provide users with the option of generating a secret key from a password. For 64-bit WEP encryption users would normally have to enter a 10 digit hexadecimal number to serve as a key. Since maintaining and remembering such a key is too much of a hassle for many people, the option to generate a 10 digit hexadecimal number from an ASCII pass phrase would seem like a helpful feature. Unfortunately for 64-bit keys, a 32-bit seeded PRNG is XORed with the ASCII pass phrase, in a manner similar to WEPs use of the RC4 key stream. The problem is the highest bit of ASCII values is always 0, so instead of an effective range of: 00:00:00:00 ff:ff:ff:ff (32-bit seed) only 00:00:00:00 00:7f:7f:7f values are possible (Barken). This would be equivalent to a 21-bit seed; not very much in terms of encryption power, thus making the WEP susceptible to a brute force attack. In fact using brute force, a hacker with a Pentium III, 500 Mhz laptop could crack this 64-bit WEP encryption in 35 seconds! Had the 64-bit key been entered manually, the same hacker would need approximately 210 days to crack the encryption. 128-bit key generators and above, however, do not suffer from the same flaw, since they use MD5 hashing to achieve key generation. A brute force attack on a 128-bit encryption with the same laptop would take an estimated 1019 years of computation (Barken). IV Collisions Brute force is usually not the weapon of choice by hackers against WEP; there are other ways to deduce the secret key of a WEP encryption and IVs gladly lend a helping hand. The first flaw to note is that IVs are sent in the clear (if they were not, the receiver would have no way to decrypt the message). By sending the IV in the clear, however, we are effectively reducing the strength of our encryption. A 64-bit WEP encryption, for example, is actually only equivalent to a 40-bit encryption since 24-bits are sent in the clear; all a hacker has to do is sniff the traffic being sent over the network (Barken). An even greater danger posed by IVs is their relatively short length. Because IVs are only 24-bits in length, they only have 16, 777, 216 (224) possible values. But their purpose, as you might recall, was to provide us with unique keys so that we would be able to use RC4 on multiple messages. On high traffic networks the entire 24-bit IV space could be consumed in a matter of hours, meaning that at some point some IVs will have to be reused (Barken). Since our secret key is not changing and some IVs will be reused, some of our inputs to RC4 will be recycled; meaning we are breaking the most critical rule of RC4, never ever repeat keys for encryption! When the same IV is used multiple times, it is called an IV collision. IV collisions open the WEP to attacks not possible when IVs are kept unique, and because IVs are sent in the clear, any hacker sniffing the network can immediately tell when a collision has occurred. In one such attack a hacker can analyze the two packets involved in an IV collision and with some work derive the plaintexts being sent. This attack, called the key stream attack, is rooted in the fact XORing two ciphertexts will produce the same result as if you XORed their respective plaintexts (see Figure 3, Appendix A). Consequently if a hacker knew the values of both ciphertexts and one of the plaintexts, he could easily deduce the contents of the second plaintext. Knowing the contents of the

-7-

ciphertexts is not difficult, a hacker just has to sniff traffic on the network (which he presumably has been doing since he detected an IV collision). But how could a hacker know the first plaintext? There are two commonly used methods. One, the hacker could simply send a node on the network a packet. Since he sent the packet he knows what the plaintext is. By making it some odd packet size the hacker could easily pick it out from the sniffed traffic and determine the ciphertext that corresponds to his message. The second way is to just guess. A number of protocols like DHCP and ARP have very well documented signatures so guessing the plaintext of these packets is not as improbable as you might think (Barken). A dangerous derivative from the previous attack is the ability to decipher the key stream of a WEP. Knowing the plaintext and its corresponding ciphertext of a single packet allows hackers to easily determine the key stream for those texts. This is because XOR is an invertible operation, just as addition is. We all know 1+2=3, but if I told you 1+?=3, you would be able to tell me that the ? is actually 2. Given any two operands, you could easily find the third. XOR works the same way. So if a hacker knows the plaintext and its corresponding ciphertext, he can easily determine the key stream. Now this would only allow him to read texts with the same IV (since the key stream is based off the IV + secret key, if the key stream was based solely off the secret key he would be able to read all encrypted messages; this is part of the reason keys should never be repeated when using RC4). But the ability to read the plaintext of other packets with the same IV is no more powerful than the previous attack described above, why would anyone care what the key stream is? Knowing all the key streams, though, is just as good as knowing the WEP passkey, itself, because a hacker can then decrypt every message sent through the network on the fly. As a result hacking programs usually keep decryption dictionaries, a table containing entries for each of the 224 possible IV values and their corresponding key streams if they are known. Using the table a hacker decrypt sniffed data as they are sent (Borisov p 5). Another interesting use of obtaining the key stream for a particular IV is to use it to encrypt a falsified message and send it to a target machine. The target machine in response would have to accept the message as a valid WEP packet because according to 802.11 standards IVs can be reused. This attack, called message injection, plays an important role authentication spoofing. WEP uses a Challenge-Response Protocol in order to authenticate users. A sample authentication would proceed like this:
Valid User ---sends authentication request to access point-- AP Client --128 byte challenge text--- AP Client ---EWEP-KEY(challenge text)-- AP (AP validates user since WEP-KEY is a shared symmetric key) Client --success/failure message--- AP

The underlying problem is that a hacker could sniff the entire negotiation process. Consequently a hacker would see not only the challenge text sent in the clear but also the encrypted response. This is a legitimate plaintext ciphertext pair, meaning the hacker can, derive the key stream. Now the hacker can request authentication and, using the same key stream, encrypt the challenge he is sent and successfully authenticate without -8-

ever knowing the WEP key. Again these attacks are only possible because according to WEP standards IVs are repeated and reused. RC4, IVs, and the FMS Attack By far the most popular attack on WEP is the FMS attack, named after Scott Fluhrer, Itsik Mantin, and Adi Shamir, the authors of the paper, Weaknesses in the Key Scheduling Algorithm of RC4 from which the attack is based. Most software such as AirSnort and Wep_crack implement the FMS attack or a form of it (Mikhailovsky). What Fluhrer, Mantin, and Shamir discovered is that RC4 has some fundamental flaws that allow attackers to crack WEP when given access to a large amount of sniffed data. The RC4 encryption process begins with the Key Scheduling Algorithm (KSA) which creates an array of size 256 (the size determines the strength of the encryption), called the state array. The values of the array are initially equal to its indices (so that Array[0] = 0, Array[1] = 1, ). A pseudorandom number is generated based off the values in the secret key array, which is just an array that stores each of the characters of the secret key including the IV. The pseudorandom number is used to randomly swap elements in the state array (see KSA Appendix B for the actual RC4 KSA code). Finally the PRGA uses the result to create the key stream that is XORed with the plaintext to produce the ciphertext (Fogie). What Fluhrer, Mantin, and Shamir noticed was that certain IVs revealed critical information about the WEP key. These weak IVs follow the form (A + 3, N - 1, X) where A is the byte in the WEP key we wish to crack, N is the length of the KSA array, and X is a random number (Fluhrer, 11). RC4 also suffers from an invariance weakness where certain bytes in the key have a greater effect on the output than others (Mikhailovsky). The only additional information that hackers need according to Fluhrer, Mantin and Shamir is the first bytes of plaintext of some of the packets, which is not hard to come by since the 802.11 standard specifies that these bytes should contain the SNAP (Sub-Network Attachment Point) header information (Mikhailovsky). Analysis of these fragments of information allows hackers to reverse the RC4 process to a certain accuracy. Consequently most basic FMS attacks consist primarily of searching and collecting these weak packets (packets containing weak IVs). On average it takes only 3k to 3.5k weak IVs to break a 64-bit or 128-bit WEP using the FMS attack (Mikhailovsky). To make matters worse David Hulton, in his paper, Practical Exploitation of RC4 Weaknesses in WEP Environments, discusses an algorithm that searches for weak IVs based on the probability and distributions that these weak IVs will appear per key byte derived, improving the efficiency of the FMS attack. The algorithm effectively reduces the search time for each byte in a key by .05%, but studies have shown that an improved FMS attack can accumulate in 4 hours the equivalent amount of data as a 15 hour traditional FMS attack (Mikhailovsky). Improved FMS is currently implemented in programs such as dwepcrack. On a small home network cracking a WEP encryption may take weeks since the traffic generated is relatively light, but on high traffic networks it would only take days,

-9-

or even hours to crack the WEP. Whereas the time for a brute force attack rises exponentially as the number of bits used in encryption increases, the time for a successful FMS attack rises linearly; the difference between cracking a 64-bit WEP and a 128-bit WEP is relatively small (Barken). Hackers can improve their cracking time still, by searching for protocol negotiation packets. ARP packets, for instance, are known to be 28 bytes long. A hacker could capture an encrypted ARP request and simply reinject the request into the network as often as he desires. This tactic could generate a significant amount of traffic and can greatly reduce the required time for a successful FMS attack (Barken). Lazier hackers, on the other hand, can simply install programs like AirSnort on a PDA and leave the device running in a nearby bush. Many programs these days can even save information from a FMS attack so that the hacker can crack a network over multiple sessions. The availability and flexibility of FMS attack programs is staggering, and it is easy to see why FMS has become the most popular WEP cracking tool for hackers. Surviving with WEP While WEP is not the most reliable security mechanism around, it can still be useful to the average user to help fend off attacks if WPA or other alternatives are not available. First off you should never rely solely on WEP; it is nowhere near secure enough to be the only line of defense employed. Using it in conjunction with other security measures (see other security measures below), though, might be enough to deter potential hackers. Many hackers will be looking to target completely insecure access points, and having to wait days, maybe even weeks, to crack WEP is too much of an inconvenience. Users should also always use at least 128-bit encryption. The difference between using 64-bit encryption and 128-bit encryption is the extra couple of seconds required to type several more hex digits for the longer secret key. There is no reason that anyone should be using 64-bit encryption when 128-bit encryption or higher is available. Another good precaution is to change the WEP passkey often. For a small home network it would take several weeks worth of data to capture enough weak packets to crack WEP; changing the passkey every couple months would minimize the payoff from the overhead required to crack WEP. Another good policy is to keep the firmware up to date. WPA can be applied as a firmware update, but even if your manufacturer is not yet offering WPA they may have updates that implement weak key avoidance (Barken). This ensures weak keys are avoided whenever possible, thus severely crippling any normal FMS attack that might be mounted. This does not protect users against other statistical attacks on WEP, but is still handy nevertheless. So while WEP proves to be far from secure, the added nuisance to hackers can be helpful protection when no other alternatives are around. WPA WPA, which stands for Wi-Fi Protected Access, is the interim standard for wireless encryption. Since WEP was shown to be easily broken, IEEE began working on a new wireless encryption standard called 802.11i (also nicknamed WPA2). However, as with many standards in the IEEE, it wouldnt be ready for several years. Thus, WPA was released by the Wi-Fi Alliance in 2002 as an interim solution and improvement over the insecure WEP protocol. Based off the outline plan set by the IEEE for the 802.11i

- 10 -

standard, WPA needed to bandage the bleeding that WEP had caused until 802.11i could be fully standardized, but it had to do so without additional hardware. The members of the Wi-Fi Alliance decided requiring new hardware for an interim security solution was self-defeating since the cost and hassle would mean many people simply wouldnt upgrade. As a result WPA relies on a similar encryption process as WEP and still utilizes RC4 implemented with IVs but it does so in a much safer fashion (Loeb). By late 2003, many vendors were offering firmware upgrades that replaced WEP with the newer WPA scheme. WPA uses one of the primary technologies that would later be used in 802.11i called TKIP or Temporal Key Integrity Protocol. TKIP improves WEP by solving 3 problems: short keys, static keys, and forged message infiltration (Loeb). One of the primary problems in WEP was that keys were too short. And as we know, short keys are easier to crack. TKIP corrects this problem by using 256-bit keys. If the key is inputted as ASCII, WPA uses a hash function to create the key (Loeb). Furthermore, the WPA committee recommends a pass phrase 20 characters of longer (Loeb). The second problem with WEP is the use of static keys. Under WEP, an administrator would have to manually recreate the key, much like a user changing their password on a system. And just like a typical user, most administrators rarely changed their WEP key. Not to mention forcing every other user to change their password in sync with the new access point password would be nearly impossible on large networks. WPA solves this problem by changing the keys automatically, usually after 10,000 packets have been sent (Loeb). To solve the third problem, WPA includes a component named Michael (MIC) which checks the integrity of data packets sent over the network so forgeries cannot occur (Loeb). WPA also includes a new mechanism for setting the master key. The first way, which is suitable for most home networks, requires the master key be based on a trusted password that all parties wishing to connect have knowledge of. The second way, which is suitable for large corporations, is called RADIUS (Remote Access Dial-In User Service)(Loeb). For many corporations it simply doesnt make sense to give every employee the master password, thus RADIUS allows new users to authenticate to a central server before joining the network (Loeb). WPA a Closer Look One of the major weaknesses of WEP was the use of IVs, but WPA uses IVs as well. This then begs the question, is WPA just as vulnerable or does it somehow use initialization vectors more securely? Fortunately, WPA does indeed implement them in a more secure fashion. As you might recall, one of the reasons IVs were insecure in WEP was because of the brevity of the length of IVs used. This forced WEP to reuse IVs because the entire IV space would be depleted in as short as an hour. WPA avoids IV collisions by increasing the IV size from 24-bits to 48-bits, enough unique IVs to last 900 years (Fogie, WPA fixes). The problem is WEP only allocates 24-bits in a packet for the IV value. So how does WPA squeeze 48-bits into a 24-bit slot? WPA works around this problem by placing 16-bits in the 24-bit slot and appending the other 32-bits before the WEP encryption process (Fogie, WPA Fixes). While extending the IV length to 48-bits protects against accidentally IV collisions, it does not prevent intentional ones.

- 11 -

Encrypting 32 of IV bits, on the other hand, does, since it makes the reading and manipulating of IV values much more difficult. The development of WPA also benefits greatly from experts being able to study and analyze the statistical weakness of WEP. This analysis is manifested in the way WPA breaks up the IV. Notice only 16-bits are entered in the original WEP IV slot although WEP allows up to 24-bits. WPA only puts 16 of the 48 bits of the IV in the original slot because, as you might recall, these 24-bits are sent in the clear. WPA uses special algorithms to ensure that the 16-bits sent in the clear are immune to all the statistical attacks the plagued WEP (Fogie, WPA Fixes). Cleverly enough, the other 48bits incorporate a TKIP sequence counter (TSC) that prevents any replay attacks, such as injecting the same packet repeatedly to generate network traffic (Fogie, WPA Fixes). All in all WPA was able to turn one of WEPs greatest weaknesses, the IV, into a fairly suitable strength. One of the reasons messages were so easily forged in WEP was because once the key stream was extracted from an IV collision, there were no more lines of defense. The CRC checksum served more to protect against unintentional errors rather than protecting against forgeries. A hacker with access to the key stream could simply forge a message and recompute the checksum for the forgery. WPA addresses this issue by using a Message Integrity Check, or MIC. While the WEP checksum is only 4 bytes the MIC is 12 bytes long and is based off the source and destination address, making undetected forgeries and replies more difficult to achieve (Fogie, WPA Fixes). WPA Weaknesses WPA is not without its faults. For instance when two invalid MICs are detected within a minutes time, a network protected with WPA will automatically shut down to prevent any further hacking attempts. While this does prevent further hacking it also prevents further authorized usage. Consequently hackers could easily spam invalid packets in a denial of service attack. The MIC also opens the pre-shared key to dictionary attacks when no authentication server is used. In order to create a MIC a network node needs the source address, destination address, a randomly generated value and the primary master key, which is based off the pre-shared key (Fogie, WPA Fixes). The problem is that these values are sent in the clear, so a hacker can easily grab the primary master key and run a dictionary attack on it to find the pre-shared key. Even with these flaws WPA does a good job securing networks given what it had to work with. 802.11i IEEE finally ratified 802.11i also known as WPA2 in June of 2004. One main difference between 802.11i and WPA/WEP is that 802.11i uses the AES block cipher instead of RC4. This not only means that 802.11i is free of IVs, but that both the payload and header fields of a packet are encrypted. The standard also uses a four way handshake (Figure 4, Appendix A). First, the access point sends a nonce to the client, the client then generates a temporary key called the PTK (Pairwise temporal key) which is generated by putting the PMK (Pairwise Master Key), access point name, the received nonce, a client generated nonce, the client MAC address, and the access point MAC

- 12 -

address all through a cryptographic function (Wikipedia). The handshake also uses Michael (MIC) to ensure data integrity. The access point then responds with a GTK (Group Temporal Key) used to decrypt multicast and broadcast traffic. After the handshake the client sends an acknowledgement to the access point. The PTK is also used to generate a KCK (Key Confirmation Key) used to compute the MIC, and a KEK (Key Encryption Key) used for confidentiality, and the TK (Temporal Key), which is used to encrypt all future traffic (Wikipedia). Although 802.11i is a significant improvement over WEP, it suffers from the same MIC flaw as WPA, where the PMK (Primary Master Key) was based upon an ASCII passphrase. When a key exchange occurred, a hacker sniffing the network could see a copy of the PTK and later run a dictionary attack. Security experts now recommend that PMKs be based upon a random string, converted to hex, and then entered as text passphrase for sufficient randomness (Fleishman).

Additional Risks
Although WEP, WPA, and 802.11i have their own associated problems, other threats exist affecting wireless networks, especially those networks in the corporate and local hotspot environment. Attackers specifically target these environments because they contain information hackers are looking for: credit cards, usernames and passwords, and trade secrets. Secondly, tens or hundreds of users use these public and corporate wireless networks. This large usage increases the chance of personal information being sent through the air. Two new types of attacks have gained notoriety recently called the Evil Twin and Rogue Access Points. Both involve stealing personal information on these types of networks (Seltzer). Evil Twin / Rogue Access Point The first type of attack is called the Evil Twin. Take for example, the subscription based 802.11 Internet access offered at many coffee houses such as Starbucks. Upon connecting to one of these networks, the customer is presented with a website asking for login information, or the ability to subscribe to the service, which usually requires a credit card. The evil twin attack involves a malicious user creating his or her own access point. When an unbeknownst user connects to this access point and loads their web browser, a user will be presented with a login or subscription page that looks very similar to the real one. The user can then enter their login and password so the hacker now has a free internet account, or even worse, the user may try to sign up for the service, in which case the hacker now knows the users credit card and personal information (Seltzer). In many respects, this is very similar to the idea of phishing where hackers setup fake websites that look very similar to the real site in an attempt to gather personal information. The evil twin can be even more effective when an attacker hooks up their twin access point to the internet so the user never even knows he or she is using the wrong one (Seltzer). From personal experience, I can see this attack being very effective at Starbucks, which uses a subscription based 802.11 internet service from T-Mobile for $30.00/mo (http://www.tmobile.com/hotspot/services_plans.htm). Interestingly, the name of the access point in every Starbucks is named T-MOBILE. Lets say a malicious user decided to create an evil twin access point named

- 13 -

Starbucks. If you had never used the service before, which one would you connect to? To make matters even more confusing, take, for example, the Starbucks that is located across the street from SCU. Next door to it is a cell phone store. Since T-Mobile is known for selling cellular phone service, even cautious customers might believe the legitimate Starbucks access point named T-Mobile is actually affiliated with the cell phone store next door and be fooled into connecting to the evil twin access point named Starbucks instead. Many Starbucks stores do not even display materials about the service so it is further up to the customer to make a best guess. Local coffee houses or public wireless networks where confusion exists as to the name of the legitimate network provide a perfect environment for the Evil Twin attack. The next type of attack is called the Rogue Access Point which is very similar to the Evil Twin attack. It takes advantage of the feature in Windows where the computer will automatically connect to any wireless access point with the same name as a recently connected wireless access point. Take for example, a hacker sitting in a parking lot of a large corporation. They may setup an access point named linksys. It is important to note that the name linksys is the default access point name on every Linksys brand wireless access point. Linksys tends to sell mostly consumer access points that are used in the home. Thus, lets say several employees at this corporation also use Linksys brand wireless access points at home and never changed the default name. Since their Windows laptops also remember the access point named linksys from their home, their laptop automatically connects to it. Now the hacker in the parking lot can try to gain access to the employees laptop through file shares or other numerous exploits in the Windows operating system (Seltzer). Solutions to Evil Twin and Rogue Access Point Interestingly enough, both of these types of attack have little to do with how wireless networks function or the security mechanisms built into access points. The evil twin attack, for example, plays on the confusion of users and in cases like Starbucks, lack of information displayed. I encountered a similar problem at Bostons Logan Airport which also offered subscription based internet service but didnt advertise the information anywhere in the terminal. Solving these problems seems somewhat obvious; corporations should publish details about the wireless Internet services they offer in easily read signs throughout the hotspot. Unfortunately it will probably take several reported attacks for these policies to be implemented. The Rogue Access Point attack also has little to do with how the 802.11 standard is implemented but rather how the OS decides to implement connection and access point name management. In the case of Windows, one solution would be to store the names of access points in the form:{AccessPointName, MACAddr}. If an attacker uses a similar name, the OS will know its a different access point because their MAC addresses do not match. Several companies have also come up with solutions for these types of attacks. One such company is known as AirDefense, which offers software to protect wireless 802.11 enterprise networks from rogue access points. The software monitors for unauthorized connections, rogue access points, and man in the middle style attacks. When it discovers a rogue access point, it then tries to shut it down using DOS and buffer overflow type attacks (Judge).

- 14 -

Wardriving Another type of risk affecting wireless networks is the act of wardriving, which is defined as a collection of information and resources pertaining to the activity of driving around in a car searching and pinpointing the location of wireless networks (WarDriving.com). This activity involves people driving around with GPS and recording the position of every wireless access point they see and uploading it to a website. One website, http://www.wardriving.com, lists the equipment required, and step-by-step instructions for wardriving. Several websites such as http://www.wifimaps.com and http://www.wigle.net allow wardrivers to upload their results. These websites also provide search capabilities such as access point name, city, and zip code. Wigle, for example, contains over 2.3 million access points in their database. The website also contains some interesting statistics such as: of the newest 300,000 access points added to their database 38.7% use WEP, 17.4% used some type of encryption besides WEP, 50.9% used no encryption at all, and 28.7% still used default settings on their access points (http://www.wigle.net/gps/gps/GPSDB/stats/?eventid=1). The website also ranks users by the number of wireless networks they discover, which, to many participants, becomes a type of game. The legality of wardriving is also somewhat hazy since no court cases have dealt with it. Many believe it is legal so long as wardrivers dont try to access the network that the access point is connected to. Others, however, believe it could be illegal and cite the law on cellular telephones where receiving any type of signal in the 895-925Mhz range is illegal (Fred). Regardless of its legality, there are over 33,000 registered wardrivers on http://www.wigle.net alone and the number is growing every day. The act of simply scanning for public networks doesnt create a security risk in itself. However, the fact that wardrivers upload the coordinates of wireless networks that werent intended to be public creates a grave security risk and prays upon many home users who know little about computer security. In turn, these websites become a central database for hackers looking to sniff personal information or simply receive free Internet access. A simple search of Redwood City, CA on the website http://www.wifimaps.com yielded over 300 802.11 wireless networks with names such as CityHall, AdamsHome, WendyNetgear, zentekwap, Grays Family, and struvenfamnet. Alarmingly, the people running these wireless access points probably have no idea their networks are advertised with exact coordinates. Unfortunately, there is little that can be done to keep a wardriver from listing your wireless network. As one IT professional adds, Running a home network with no security is akin to unlocking your door and hanging a sign on your house inviting thieves inside to steal. It's easy to see how for someone with no real training, figuring out how to protect yourself might seem nearly impossible." (Hines). Many access points support an option that will hide their names from passer bys (known as turning off SSID broadcasting). However, these networks can still be discovered with special sniffers. Ultimately, as the hackers themselves point out, the only way to keep yourself from being a victim is simply not to use 802.11 at all (Fred).

- 15 -

Warchalking A trend from the time when public wireless access points were first being introduced is warchalking. Warchalking is the practice of marking a road or wall with chalk to let other potential Wi-Fi users know of a nearby access point. The credited creator of warchalking Matt Jones developed the idea by combining his knowledge of wardriving with that of hobo signs (McGarvey). Hobo signs, as Jones refers to them, are a set of secret symbols used by the homeless to alert others of impeding dangers or possible job opportunities. Within a week of posting his idea for warchalking on the web, Jones received photos of actual chalkings from 5 different countries (McGarvey). Figure 5 (Appendix A) provides some of the symbols used. As you can see there were distinct signs for open access points, closed access points, and even encrypted ones. The practice of warchalking has seemed to have died out, now that stumblers and sniffers can link with GPS devices to collect geographic information of discovered access points. In addition websites like http://www.wifimaps.com, that collect such information on access points all over the country are much more detailed and convenient to use than scouring the roads for chalk symbols. Nevertheless you should still be wary of any unusual symbols marked by any of your network access points. Sniffing Assuming all of the security precautions fail and a hacker gains access to your home or corporate 802.11 network what real damage can be caused? The result is the same as if a hacker broke into your house or office building and plugged his or her laptop right into the network. As one can see, the real attraction to wireless networks for hackers is that no breaking and entering is required, and there is usually no firewall blocking internal machines, which, in a lot of cases, keeps hackers from breaking into LANs from the internet. Furthermore, when a hacker breaks into a corporate network over the Internet, there is (usually) some identifiable evidence left behind such as an IP address. The IP address can be traced to an ISP, which through a court order, can be traced to a billing address. However, on a wireless network, the attacker takes advantage of the users own network and thus no identifiable information is usually left behind. Since the same attacks apply as if the hacker plugged directly into the network, the same exploits affecting LANs apply. By far, the most troubling is sniffing. Sniffing occurs when a network device is set to promiscuous mode and instead of ignoring packets not intended for it, it chooses to receive them. Sniffing is not a problem directly affecting wireless networks, but rather any local network (switched or non-switched) (Surasoft). In the simplest terms, sniffing allows a user to eavesdrop on any traffic on the local network, easily capturing usernames, passwords, credit cards, etc. In the case of wireless networks, programs such as AirSnort allow a hacker to sniff wireless networks for weak WEP packets and MAC addresses even before they have connected to the actual network (Thomas). The chances of traffic being sniffed on wireless networks increase greatly because anyone can connect to it (either in a public network or through WEP flaws). In most cases, one wouldnt expect a boss or coworker to sniff the network because if caught they might be fired. Even if we assume our coworkers are malicious, there is still a limited number of employees and they are usually

- 16 -

traceable. When a network is literally open to the public (even unintentionally), the amount of malicious users is unknown and possibly large. Furthermore, tracing them could be impossible. The golden rule is to encrypt all sensitive traffic on the network. An encrypted stream of characters is of little use to the hacker. Unfortunately most users dont take advantage of encryption, and some companies simply dont use it. Almost always the first piece of data hackers steal is a persons email password. One such solution to this would be a POP and SMTP email server offering SSL encryption. Fortunately some larger ISPs are offering SSL email servers such as Comcast. However, others are not so quick to employ these technologies. SCU is one such example of an institution that does not provide SSL email servers. E-mail is not the only service susceptible to sniffing. Any service that doesnt employ encryption is vulnerable, such as TELNET, FTP, Basic HTTP, AOL Instant Messenger, etc. Combined with the fact that many users reuse their passwords, a simple email password could gain access to a users banking information, computer access, etc. Sniffing thus becomes a very frightening and real threat to wireless networks. Solutions to Sniffing Thus, how does the Systems Administrator limit sniffing on wireless networks? To answer the first question, there are several ways to limit sniffing on wireless networks. The most obvious method is to put the wireless access point outside the company LAN and firewall. Thus employees can only use wireless for Internet related services and not to connect to protected internal company servers. If an attacker connects to the access point they wont be able to see the internal network and traffic inside is protected. This solution doesnt fix the problem, but does help reduce the risk that an attacker will gain access to important machines. Also, connecting the wireless access point to a switch instead of a hub helps reduce packet sniffing. Sniffing packets on a switch is more difficult than a hub and requires ARP spoofing (Surasoft). Although limiting sniffing is a good thing, it doesnt make the problem go away. In order to render sniffing obsolete, the golden rule still applies: encrypt all traffic. One may ask then what if I have no choice to use unencrypted services on a public wireless connection? Two options exist. First, some companies offer VPNs which can allow employees to access network resources securing using IPSec. Unfortunately, many of us dont have access to an encrypted VPN, but another solution exists: SSH Tunneling. This allows one to forward ports on a local machine through an encrypted SSH connection. So if I have an account on any system that uses SSH, I can take advantage of this technology. Because the commands for running SSH Tunnels can be quite long, several GUIs help speed up the process such as the free SSH Tunnel Manager on Mac OS X and shareware Internet Secure Tunneling for WinXP (Bowman). Thus forwarding insecure ports such as 21(FTP), 25(SMTP), 110(POP), etc. through an encrypted SSH tunnel can help make using an insecure wireless network more secure. Other Security Measures In the absence of true access restriction on many 802.11 networks (due to WEP flaws) there exists several other solutions (not including encryptions schemes such as WPA and 802.11i) for keeping prying eyes from gaining access. Many wireless access

- 17 -

points support the feature of MAC Address Filtering. This allows the wireless access point to keep a list of authorized users MAC Addresses and determine access accordingly. Although this solution works in most cases, it can fail if a hacker spoofs their MAC address. According to the paper, Detecting Wireless LAN MAC Address Spoofing by Joshua Wright, Nearly all 802.11 cards in use permit their MAC addresses to be altered, often with full support and drivers from the manufacturer Windows users are commonly permitted to change their MAC address by selecting the properties of their network card drivers in the network control panel (Wright, 2). Combined with a wireless sniffer such as airsnort, a hacker can see the MAC addresses being used on the network and then spoof their MAC address and gain access. This also allows a hacker to impersonate another user (Wright, 2). A hacker can also use a brute force method of guessing the correct MAC address (see Brute Force attack against MAC Address Authentication, Appendix C). There are several ways to see if a hacker is spoofing MAC addresses on a wireless network. The first is to log any MAC address that is not within the 6,278 organization prefixes that IEEE allows (Wright, 3). The second way to detect MAC spoofing deals with number analysis. It can be seen that many of the MAC address brute force programs (such as AirJack) generate fake 802.11 packets in a predictable manner (Wright, 7). Another way many administrators try to secure their wireless access points is by turning off SSID broadcasting. This means that the name of the access point will not be broadcasted, requiring users to type the name of the access point in order to connect to it. Much like MAC address filtering, this offers some protection from normal passer bys but can also be circumvented. The most common way to find an access point not being broadcast is by using a wireless sniffer such as airsnort, which will detect packets from these networks if someone is using the network. One interesting way some administrators have helped deter attacks on their wireless networks is through a program called Fake-AP. The program generates thousands of fake access points a second, which can confuse hackers trying to break in and essentially hide the real access point among thousands of fakes. The Fake-AP website jokingly writes, If one access point is good, 53,000 must be better. In order to fool the programs, which look for access points (referred to as stumblers), Fake-AP generates thousands of 802.11 beacon frames that appear as separate access points (http://www.blackalchemy.to/project/fakeap/). As the website describes, Fake-AP can also be used as a honeypot, which is an access point (or something that appears as an access point) to deliberately catch wireless hackers or simply waste their time. Yet another uncommon way some corporations have tried to deal with wireless hackers is by literally making sure their wireless signal never reaches the outside, in other words limiting the range of your wireless access point or the radiation zone. One of the most basic methods of doing so is placing the access point towards the center of your home or office. While this may sound basic, many people unwittingly install their access stations off to a side by a window or door (Fogie, Radiation Zone). Another good practice is to limit the power of the signal since signal power and signal range are proportional. You can also control the direction of a signal my positioning the antenna,

- 18 -

or on dual antenna access points, like the Linksys BEFW1154, you have the option of turning off one of the antennae to restrict any unnecessary range. A company called Force Field Wireless now offers a grey latex paint for $69 a gallon called DefendAir, which contains pieces of copper and aluminum. The paint helps to create a electromagnetic shield that keeps wireless signals inside the home or office (Hines). Security Risks The risks for home users may make it seem like pursuing some of these security measures are not worthwhile. After all what data do home users have that a hacker could possibly want? The first thing to remember is that all users do have sensitive data on their computers and their networks. Credit card numbers, passwords, bank accounts, and credit statements are just some of the sensitive data vulnerable when your network is open to intrusion. In addition hackers may compromise your network as a stopover to their true target, compromising not only your network but your integrity as well. A major target for hackers that users also tend to easily forget is bandwidth. Hackers may not even be using your network to compromise another computer but rather to utilize your bandwidth for large uploads or downloads. These days most broadband services cap their users upload speeds. This, combined with the invention of P2P clients where downloads are made proportional to a users upload, has pushed the need for higher bandwidth at lower costs- and nothing beats free. You should never assume you are not a viable target, because as soon as you do, you make yourself that much more vulnerable, and vulnerable targets are a hacker favorite. Tools To get a feel for the myriad of tools available, the following is a list of many popular programs used to sniff, break into, or simply cause havoc on wireless networks. Netstumbler used to quickly scan for available wireless networks HostAP used to turn a laptop into a rogue access point Kismet sniffer, and network scanner Ethereal packet sniffer and network analyzer AirJack suite of tools for sniffing, breaking WEP encryption, and launching DOS attacks AirSnarf creates rogue access points with special emphasis on stealing usernames and passwords AirSnort Sniffer and WEP password cracker dsniff collection of tools for sniffing email, passwords, files, etc. All of the above programs are offered free of charge and can be easily obtained by a simple search on Google. The one thing that keeps these tools out of casual users hands is that most only run on Linux and features such as breaking WEP dont work on all brands of wireless cards. Although anyone determined enough with significant computer knowledge has little trouble obtaining and using these tools. Even for those who are not completely computer literate obtaining and running these programs has become less of an issue because several websites offer tutorials and tips on how to use these tools to hack an wireless network.

- 19 -

Conclusion
Wireless networks are growing at an extraordinary rate regardless of the soundness of their security infrastructure. While the IEEE standards committee started off more than just slow with use of WEP, the security fixes included in WPA and the nascent 802.11i standard are very promising. Even more promising is that security has become a major factor with consumers and wireless vendors. Access points have firmware updates that upgrade WEP to WPA and newer models have 802.11i included. Vendors are also finally offering better implementations so home users with little computer knowledge can better protect themselves from wandering hackers. For example, Linksys now offers software called SecureEasyStep which allows you to set up a very secure Wi-Fi network without having to know any of the technical ins and outs." (Hines). Other vendors such as Broadcom and HP are offering similar software for their access points which make implementing security much less of a headache (Krazit). Ultimately, wireless is still at its infancy in terms of security and will require years before failsafe, true and tested security policies become a reality. In the mean time, wireless will still serve as the hackers playground.

- 20 -

Appendix A: Charts and Figures

Figure 1 (802.11 Standards) Frequency 5Ghz ISM 2.4Ghz ISM 2.4Ghz ISM Bandwidth 54Mbs 11Mbs 54Mbs Modulation OFDM HR-DSSS OFDM

802.11a 802.11b 802.11g

Figure 2 (WEP Encryption)

(Barken) Figure 3 (Exploiting XOR during IV Collisions)

(Barken)

- 21 -

Figure 4 (802.11i 4-Way Handshake)

(Wikipedia) Figure 5 (Warchalking Symbols)

(MacGarvey)

- 22 -

Appendix B: RC4 Code

KSA
1. Assume N = 256 2. K[] = Secrete Key array 3. Initialization: 4. For i = 0 to N 1 5. S[i] = i 6. j = 0 7. Scrambling: 8. For i = 0 ... N 1 9. j = j + S[i] + K[i] 10. Swap(S[i], S[j])

(Fogie)

PRGA
1. 2. 3. 4. 5. 6. 7. 8. 9. Initialization: i = 0 j = 0 Generation Loop: i = i + 1 j = j + S[i] Swap(S[i], S[j]) Output z = S[S[i] + S[j]] Output XORed with data

(Fogie)

- 23 -

Appendix C: Examples of MAC Address Attacks

Brute Force attack against MAC Address Authentication

(Wright, 4) Code that generates fake MAC addresses

(Wright, 3)

- 24 -

Works Cited
Ankeny, Jason. Cities Without Limits: How Wireless Is Galvanizing Small-Town America. URL: http://web.lexis-nexis.com/universe/document?_m=8581677b5c477dc79a dfe904047472ed&_docnum=3&wchp=dGLbVlz-zSkVA&_md5=32f2332 b6ff43869949c48aaa2c82502 (9/1/04) Barken, Lee. WEP VulnerabilitiesWired Equivalent Privacy? URL: http://www.phptr.com/articles/article.asp?p=102230&seqNum=1 (12/23/03) Borisov, Nikita, Goldberg, Ian, and Wagner, David. Intercepting Mobile Communications: The Insecurity of 802.11. New York: ACM Press, 2001. Bowman, Douglan. Secure Wireless Email on Mac OS X. URL: http://stopdesign.com/log/2005/02/07/secure-email.html (2/7/05) FakeAP. Projects fakeAP. URL: http://www.blackalchemy.to/project/fakeap/ (7/6/03) Fleishman, Glenn. WPAs Little Secret. URL: http://wifinetnews.com/archives/002453.html (11/4/04) Fluher, Scott, Mantin, Itsik, and Shamir, Adi. Weaknesses in the Key Scheduling Algorithm of RC4. London: Springer-Verlag, 2001. Fogie, Seth. Cracking WEP. URL: http://www.informit.com/articles/article.asp?p=27666&seqNum=1 (7/12/02) Fogie, Seth, and Peikari, Cyrus. WPA Fixes. URL: http://www.informit.com/guides/content.asp?g=security&seqNum=83 (2/9/05) Fred (Alias). Wardriving HOW-TO. URL: http://www.wardriving.com/doc/Wardriving-HOWTO.txt (4/9/02) Hines, Matt. Worried about Wi-Fi security? URL: http://asia.cnet.com/news/systems/0,39037054,39214094,00.htm (1/20/05) Judge, Peter. AirDefense Locks Up Wi-Fi. URL: http://www.pcworld.com/news/article/0,aid,118173,00.asp (10/15/04) Krazit, Tom. Broadcom Adds Wi-Fi Security. URL: http://www.pcworld.com/news/article/0,aid,119191,00.asp (1/6/05)

- 25 -

Loeb, Larry. Wi-Fi Protected Access heralds a new era in WLAN security. URL: http://www-106.ibm.com/developerworks/wireless/library/wi-roam11.html (6/18/2003) MacGarvey, Joe. War(chalking): What is it Good For? URL: http://www.wi-fiplanet.com/columns/article.php/1402401 (7/12/02) Mikhailovsky, Andrei, Gavrilenko, Konstantin, and Vladimirov, Andrew. Wireless Hacking: Breaking Through. URL: http://www.awprofessional.com/articles/article.asp?p=353735&seqNum=3 (12/17/04) Seltzer, Larry. Avoiding Evil Twins and Rogue Access Points. URL: http://www.eweek.com/article2/0,1759,1755275,00.asp (1/26/05) Simon, Seena. Small Business, High Fidelity. Wireless Spots Getting Hotter; Businesses are Adding an Amenity You Can't Even See. URL: http://web.lexis-nexis.com/universe/document?_m=f02021fd99fd8e3904a 6e7c475502f4a&_docnum=7&wchp=dGLbVzbzSkVb&_md5=a4e3cfee0 f80ba11570dadbb125e16bb (12/12/04) Surasoft. Packet Sniffing (wiretaps, protocol decoding). URL: http://www.surasoft.com/articles/packetsniffing.php Tanenbaum, Andrew S. Computer Networks. New Jersey: Prentice Hall PTR, 2003. Tedeschi, Bob. What Would Benjamin Franklin Say? Philadelphia Plans Citywide Free Wi-Fi Internet Access for Computer Users. URL: http://web.lexis-nexis.com/universe/document?_m=6f87b16ba813de1616 7614354c23b464&_docnum=3&wchp=dGLbVlz-zSkVb&_md5=d055d0 505b392ef0303a46c5e28281d1 (9/27/04) Thomas, Tom M. Wireless Security. URL: http://www.ciscopress.com/articles/article.asp?p=177383&seqNum=7 (7/16/04) Vacca, John R. The U.S. Government Goes Wireless. URL: http://web.lexis-nexis.com/universe/document?_m=423ffc16ba13d1e0c4 77aeaa1727b9ce&_docnum=2&wchp=dGLbVlz-zSkVb&_md5=13cf7d5 eb501d55b066c549203db3adc (10/12/04) Viser, Matt. Citywide Wi-Fi Link Considered: Internet Access Would be Virtually Everywhere. URL: http://web.lexis-nexis.com/universe/document?_m=6f87b16ba813de1616 7614354c23b464&_docnum=5&wchp=dGLbVlz-zSkVb&_md5=386562 52845c3ad1d1639ac82f9b018b (10/24/04)

- 26 -

WarDriving.com. WarDriving.com URL: http://www.wardriving.com (2004) Waring, Becky. Speed-Boosted Wi-Fi. URL: http://www.pcworld.com/reviews/ article/0,aid,116279,00.asp (2/20/05) Wright, Joshua. Detecting Wireless LAN MAC Address Spoofing. URL: http://home.jwu.edu/jwright/papers/wlan-mac-spoof.pdf (1/21/03) Wikipedia. 802.11i URL: http://en.wikipedia.org/wiki/802.11i (2/6/05)

- 27 -