Development of Architecture for

Securing WLAN
Introduction
Nowadays, wireless network has been widely used throughout various different sectors
as the result of the system’s cost-of-ownership that is greatly reduced, installation process that
is easy and simple as well as its flexibility, portability and scalability. Not to mention that in
today’s world, Wi- Fi network can practically be easily accessed through cameras, game
consoles, laptops, mobile phones and of course many other consumer electronic gadgets. This
has since brought a great impact on our daily lives since Wireless Local Area Network
technology or better known as WLAN in short has changed the ways of communication and
information sharing (Dhiman, 2014). The situation that acted as the key factor for this is
basically the elimination of the barriers for such activities which includes the distance and
location involved in the process. As the result, wireless networking usage has been growing
rapidly as more and more users extended their typical wired local area networks (LAN) to
include WLAN.
It is undeniable such situation had led WLANs to go through rapid changes in recent
years. These changes were mainly performed for the purpose of further improving and
strengthening the security architecture of WLAN. One of the views on these changes covered
the incorporation of current WLANs under the already existing umbrellas of virtual private
network or VPN in short. This however is to be viewed as a mere alternative access method,
thus, conserving the existing infrastructure of the VPN. In addition to this, another view on the
changes for WLANs involved the security of the airwaves to be addressed. This is in
conjunction to the fact that the security of the airwaves had been proven to be extremely
vulnerable. As the matter of fact, the security standardisation has been evolving in accordance
to the work of the IEEE in evolving from WEP to WPA. This development had since presented
a new key management and integrity mechanisms through to IEEE 802.11i or better known as
WAP2. This development of WAP2 maintained WPA’s management and integrity
mechanisms while simultaneously introduced advanced encryption standard or AES and
moved most of the functionality in regard to security to the hardware (Mathews & Hunt, 2007).
In conjunction to this, the development and evolution of security architecture of WLAN will
further be discussed and explained in this current study.

Table 1: Search Query variation for every database used in this study.

DATABASE NAME SEARCH QUERY RETURN VALUE

Google Scholar “security architecture 15
development” OR “security
architecture evolution” AND
“WLAN” OR “wireless
local area networks”
IEEE Xplore "Publication Title":“security 11,601
architecture development”
OR “security architecture

1
 evolution” AND “WLAN”
OR “wireless local area
networks”
Emerald Insight “security architecture 536
development” OR “security
architecture evolution” AND
“WLAN” OR “wireless
local area networks”
Science Direct “security architecture 3,132
development” OR “security
architecture evolution” AND
“WLAN” OR “wireless
local area networks”

For the purpose of assisting the direction of this study, several relevant studies have
been collected with the usage of a set of search strings constructed at the initial stage of the
research through the extrapolation of the key terms determined to be used in the study. The
selected key terms used for this study are “security architecture development” OR “security
architecture evolution” AND “WLAN” OR “wireless local area networks”. Table 1 above
shows the queries developed based on these keywords to search for relevant studies on the
database mentioned. Table 2 as shown below on the other hand, presents the distribution of the
focus of the studies selected for this current research.

Table 2: Heatmap distribution of focus on the development of security architecture for

wireless local area networks.

Wireless LAN security issues 7

Air jacking 1
Mobile communications 1
Security of the WEP algorithm 1
Security flaws in 802.11 data link protocols 1
Threats and an effective security assessment 1
framework
Weakness in the key scheduling algorithm 1
of RC4
Rogue access point-based dos attacks 1
Evolution of wireless LAN security 1
architecture
A key recovery attack on the 802.11b 1
802.11i and WPA 1
Data-centric approach to securing 1
 Wireless LAN security and laboratory 1
designs
Security research on WEP 1

Development of WLAN’s Security Architecture

The development of the architecture in securing WLAN can be seen to have occurred
in three main stages. The first stage involved the original IEEE 802.11b protocol followed by
an intermediate stage that utilised Wi-Fi Protected Access or better known as WPA before
evolving into its final stage that defined the IEEE 802.11i protocol (Mathews & Hunt, 2007).
In the year 2000 subsequent to successful attacks being demonstrated on the IEEE 802.11
security standard (Fluhrer, et al., 2001) – Wireless Equivalent Privacy (WEP) – the IEEE and
Wi-Fi Alliance have then begun the design of the IEEE 802.11i standard. In order to provide
interim protection, Wi-Fi Alliance has then developed their own subset of 802.11i protocol that
is known as Wi-Fi Protected Access or WPA in short.
First Stage: IEEE 802.11b
This stage of development of WLAN involved three key methods that was initially
designed for the implementation of security in the wireless network. These methods are address
filtering of the Media Access Control or MAC in short, Service Set Identifiers or SSID as well
as Wired Equivalent Privacy in which is called WEP in short (Yasir & Yang., 2004). Among
the three, MAC address filtering was not considered as part of the standard of 802.11 and was
only included due to its wide deployment. The implementation of this access control method
actually comprised of the access points’ configuration for the purpose of allowing authorised
MAC addresses only to enter the network since every network interface will possess a unique
MAC address at layer two (Arbaugh, et al., 2001). SSID on the other hand that acts as an
identifier for a specific WLAN refers to a service set’s network name in the form of 32-byte or
lesser (Yasir & Yang., 2004). Further explanation on the SSID will be provided on the later
part of this study. As for the WEP, it was a security standard established under the ratification
of 802.11 protocol. This stand of security for WLAN has the purpose of offering the same
amount of privacy in the wireless network just as being provided in a wired network. This
standard for WLAN security, consists of three main areas of interest, namely the authentication,
encryption and data integrity (Mathews & Hunt, 2007).
Second Stage: Wi-Fi Protected Access (WPA)
The security structure of Wi-Fi Protected Access or WPA that consists of the Temporal
Key Integrity Protocol (TKIP) was introduced by IEEE 802.11 Task Group I (TGi) in the
second stage of the development for WLAN in order to correct the flaws that existed in WEP.
This evolution of the security structure for WLAN has resulted in two possible modes that
WPA can operate, which is through the use of Pre-shared Key or also known as PSK as well
as Enterprise (UBM, 2004). Between these two modes, WPA-PSK is considered to be less
secure since it offers a shared secret compared to the Enterprise but it is much easier to be
installed. In this stage of development for WLAN security architecture, the TKIP mentioned
earlier acts as the patch for the WEP from the previous development in order to allow the
protocol to run of the latest hardware by wrapping the WEP protocol with three new elements.
These are a message integrity code or MIC in short named Michael, a per packet mixing
function as well as a packet sequencing procedure (Mathews & Hunt, 2007). Michael is
basically the algorithm checks used in ensuring the integrity of the data as well as checking for
forgeries. Packet sequencing on the other hand is used to avoid replay attacks. The procedure
requires TKIP to use 48-bit sequence number that will change with the replacement of a MIC
key. As for per packet key mixing, the function involves mixing the key, the MAC address of
the transmitter and packet sequence number to produce a new WEP key (Cam-Winget, et al.,
2003). Subsequent to this stage of WLAN’s evolution, the initialisation vector is no longer
concatenated with the key as in the previous stage.
Third Stage: IEEE 802.11i (WPA2)
Subsequent to the above-mentioned stages, WLAN has undergone another stage of
development in 2004 where the ratification of IEEE 802.11i standard has took place. This
ratified standard of IEEE 802.11 is also referred to by the name of Wi-Fi Alliance or WPA2.
The result of this development has led to the implementation of 128-bit Advanced Encryption
Standard block cipher or AES in short for the purpose of encrypting and authenticating under
this newly developed 802.11i standard. Not to mention that this evolution of 802.11 protocol
can actually use application layer authentication. Prior to the authorisation process in 802.11i,
the requests shall be made by utilising uncontrolled ports. Clients that has been authenticated
will then be granted with the access on the controlled ports to the resources of the network. In
addition to the fact that 802.11i standard actually offered a network infrastructure that is secure
for the users, it also is considered to be flexible in terms of leaving the actual choice of
authentication to the enterprise. Despite this, any authentication scheme that was selected by
the enterprise will need to be capable of operating with 802.1x (Mathews & Hunt, 2007).
IEEE 802.1x is basically an IEEE standard that was introduced in the second stage of
802.11 evolution to be used in both wired and wireless networks for the purpose of offering a
means to authenticate clients onto a network (Liu & Yu, 2008). As the point-to-point protocol
evolved from purely being used for dial-up Internet access, the demands for a variety of more
secure authentication systems had continuously increased as time flies. As the solution to this
surge in demands for more secure authentication systems, a protocol known as the Extensible
Authentication Protocol or EAP in short has been developed (Mathews & Hunt, 2007). This
development holds the purpose of forming a framework within point-to-point protocol upon
which other methods of authentication could possibly operate. The authentication process as
standardised by EAP allows remote servers to be able of passing the methods of authentication
onto the authenticating servers such as RADIUS or DIAMETER with no deciphering processes
involved for each protocol. This authentication procedure is then adopted for LANs usage
through the utilisation of Ethernet instead of point-to-point protocol. In conjunction to this, a
protocol called EAP Encapsulation over LANs or EAPOL has been developed and defined
within the IEEE standard of 802.1x (Mendez, et al., n.d.). Due to this, IEEE 802.1x standard
permits the authenticator to not have to have huge processing and memory capabilities
especially since most of them will be performed at the authenticating server and client ends.

Vulnerabilities of IEEE 802.11

Vulnerabilities of IEEE 802.11 There are several vulnerabilities of IEEE 802.11 that
has been triggering its development and evolution throughout the years. For instance, it has
been discovered that there have been some issues with the SSID, WEP and MAC address
filtering that were used to implement security in the wireless network. The issues with SSID
exist mainly because the SSID itself was broadcasted in an open system. This can lead to a
potential probe request frame being sent by the client in order to discover an access point of a
specific SSID. NetStumbler is one of the networks beacon sniffers that are commonly used for
this purpose. However, if the situation actually involved a closed network, an active beacon
will make so much noise in which will lead to it being easily discovered. In this case, passive
sniffers will be used to passively capture traffics on a specific band of frequency to detect the
network’s SSID. In conjunction to this, it is worth to note that passive sniffers will typically
have their network cards set to work in monitor mode.
As for the issues with MAC address filtering, there have been two issues that have been
discovered. One of the issues is the logistics of keeping list of authorised MAC address that is
continuously being updated for the purpose of updating the access points based on the list. This
is usually performed specifically in a large network. Not to mention that it has also been
discovered that such situation has created many holes in the security structure of the system
especially if the lists are wrongly updated or when the access point actually have lists that are
outdated.
Out of the three, WEP has been proven by Borisov, et al. (2001) and Fluhrer, et al.
(2001) to be the one that have critical security flaws. Despite this, (Housley & Arbaugh, 2003)
and (Berghel & Uecker, 2004) argued that the vulnerabilities posed by WEP was mainly due
the incorrect usage of RC4 stream cipher as well as utilisation of CRC-32 that is poorly selected
for data integrity validation. WEP usage actually is considered as an optional utilisation in
802.11 since it will need to be manually configured. The discovery of the fact that most wireless
networks do not have any security implementation was initially fuelled by war-related
experiments. It was found that although with WEP, the identity of a mobile client will be
confirmed by access point, the mobile client on the other hand will not be confirming the
identity of the access point (Mathews & Hunt, 2007). Due to this, an attacker will be provided
with this one-way authentication process to masquerade as access points, authenticate clients
as well as redirect traffic that was initially destined for the access points to their advantages.
Apart from this, the security system of WEP also does not have any procedure that
create and manage shared key or initialisation vectors as it is left up to the administrator on
how to share the secret key between stations. Not to mention that it also was never meant to be
a part of the 802.11 standard. Due to the fact that such procedure could be quite laborious and
consume a lot of time, the keys usually will not be changed as frequently (Borisov, et al., 2001)
and thus allowing a patient attacker to make decryption much easier by collecting a large
amount of data related to the same key. In regard to this, an initialisation vector was added as
WEP key is shared for the purpose of providing different state of initialisation. Regardless, the
fact that initialisation vector can only provide up to 224 combinations since it is only 24 bits
(Cam-Winget, et al., 2003). Not only that, it also due to the same reason as well, it provides the
potential of having duplicated initialisation vectors in a relatively short period. Adding to the
flaws is the fact that the initialisation vector usually will be sent in plain text, which provides
an opportunity for the attacker to develop a database of WEP key combinations or dictionary
that will be usable in either injecting or decoding the packets.

WLAN’s Security Threats

The WLAN or technically known as IEEE 802.11 protocol has been allowing a
seamless flow of data between two types of local area networks. Due to this, it is undeniable
that the users of WLAN will require the exact same level of security as wired LANs for their
wireless data although the fact still remain that wireless networks actually faced a different
level of security issues compared to the wired networks (Mathews & Hunt, 2007). With that
being said, an attacker is actually required to be physically connected to the wired network in
order to gain access to the network, however, in terms of wireless networks that broadcasted
radio waves, the attacker will only need to be within the range of the access point with publicly
available tools in order to begin an attack on the network. Hence, regardless of the convenience,
efficiency and cost advantage provided from the usage of WLAN, radio waves utilisation in
wireless networks can be seen to be creating a risk in getting the network hacked.
In conjunction to the attacks on WLANs becoming more widespread (Stubblefield, et
al., 2004), security architecture for the networks has then developed from what initially offered
in the original protocol of IEEE 802.11 to the new protocol of IEEE 802.11i that has since
became a protocol that is widely used in today’s world. Due to this, the first thing hackers will
be doing before initiating the attack on the WLAN is reconnaissance to ensure the perfect
method that they could use in conducting the attack. Some of the security threats and attacks
that is capable of damaging the security of WLANs includes denial of service, eavesdropping,
man-in-the-middle and spoofing (Al Naamany, et al., 2006). Thus, various WLAN or IEEE
802.11 security standards such as WEP, WPA and WPA2 have been developed as the solution
to these threats and issues. Not to mention that these solutions also help to avoid current and
future wireless networks from being exposed to the same threats that have been discovered and
further enhance the security architecture of the WLAN.
Attack on Service Set Identifier (SSID)
Service Set Identifier or commonly known as SSID refers to a specific WLAN by
access points in identifying a network for the purpose of differentiating between different
networks (Ye & Yue, 2010). SSID is allowed to consist of up to 32 characters. An access point
will refuse to access the SSID directly through a wireless service area when an inconsistency
exists between the SSID provided by the user and the access points. Due to this ability, SSID
has thus been offering the protection for password authentication mechanism in terms of illegal
access by the users. This was done to ensure the wireless local area network is fully secured.
According to Mathews & Hunt (2007), SSID works in two modes, namely the open
mode and the closed mode. Since SSID of the access point is broadcasted to the world in the
open mode, network beacon sniffers are usually utilised in finding such networks. This is
because a client will be able to send a probe request frame for the purpose of finding an access
point of a specific SSID. One of the most common network beacon sniffers that is commonly
used by the attackers is NetStumbler3. In the closed mode on the other hand, SSID will remain
hidden as the WLANs will not be responding to any messages except if the correct SSID is
provided in the headers of the messages. Hence, every device that is connected to a specific
WLAN will have to be configured with SSID that is exactly the same.
One more configuration that is a default in access points is that the protocol of Dynamic
Host Configuration is ON. This allowed users to be capable of automatically obtain the IP
addresses and thus allowing them to easily access the WLAN (Al Naamany, et al., 2006).
Although SSID is usually broadcasted by access point, the broadcast of SSID number by access
point can easily be ban in regard to account security. However, the wireless base station will
then be required to send SSID number that is correct in order to allow association with the
access points (Al Naamany, et al., 2006).
MAC Spoofing and Session Hijacking
A unique MAC address has already been assigned to every wireless card. A MAC
address is basically a physical address that is commonly utilised in preventing access by
unauthorized users. The addition of Access Control or Access Control List to the access point
based on the physical address will be able to make sure that only the registered card’s physical
address will be able to enter the network. In conjunction to this, the access point can manually
be maintained through a group of the physical address access list for the purpose of achieving
the filtration of physical address (Feng, 2012). This approach is basically utilised for the
purpose of denying access to the wireless network in the situation where the MAC address of
the client authenticating the session does not match with any of the authorized MAC addresses
in the list. Due to this, a hacker will find it more difficult to access the network using a random
MAC address. However, IP packets have physical addresses that can easily be forged and thus
making it a less secure certification for authorization since filtering physical address will be
considered as a hardware certification instead of user authentication (Feng, 2012). Regardless,
this method still possessed some shortcomings as it needs physical address from the list of
access points in order to update, not to mention that it will typically need to be manually
performed. When a communication between the stations and access points take place, MAC
addresses are usually sent in clear, thus providing attacker with access to privileged data as
well as resources that existed within the network through the assumptions made in regard to
the identity of a valid user.
Once the attacker managed to obtain the address information, it will then be easier for
them to spoofed it by manually inserting another MAC address in the settings of the targeted
network (Ye & Yue, 2010). This situation is possible mainly because the 802.11 networks
actually do not have any authentication process for the address of the sources in which is the
MAC address of the frames. Hence, the attackers will therefore be able to spoof MAC addresses
and thus hijack the session of the network (Hamid, 2003). Adding up to this, the fact that 802.11
actually does not require the access point to prove the validity of the access point also played
a huge role in contributing to this situation. Due to this as well, attackers may masquerade
themselves as an access point when attacking wireless network. Apart from this, it is also
undeniable that such situation even 1makes it possible for the network addresses to easily be
captured directly from legitimate wireless traffic. (Al Naamany, et al., 2006) has stated that
this can be done with the use of Ethereal or Kismet which are some of the example of packet
monitoring tools that help to generate a database consisting MAC addresses as well as
legitimate wireless stations.
Denial of Service
Denial of service is basically the cause of users or systems inability to access resources
they required. This type of attack is usually launched against WLAN networks specifically at
the physical layer and data link layer. The physical layer or Layer 1 attack that is also known
as RF jamming attack refers to the attacks that are basically conducted by having the intentional
radiators to put out RF energy at supported power levels for the purpose of drowning out the
RF energy transmitted on the WLAN by valid stations. As the result from this situation, this
type of attack is capable of making it possible for a DoS scenario to be effectively caused on
the system. On the other hand, a Layer 2 attack or an attack on the data link layer is typically
launched through the exploitation of processes used in frame management as well as network
communications within a WLAN.
For instance, a de-authentication frame might be spoofed by an attacker through the
generation of a frame on the WLAN manager that utilises spoofs of MAC address of the AP.
The frame generated from this process is basically considered as the de-authentication or
disassociation frame. Since these frames are mainly the management frames or notification
frames to be specific, they usually are not able to be ignored by the client stations. As the result,
client stations will definitely be denied any form of access to the WLAN for as long as the
attacker continuously transmitting spoofed de-authentication or disassociation frames.
Security Assessment for Corporate WLAN
Just like a conventional wired network, wireless LANs also have the exact same
vulnerabilities and risks. Due to this, an organisation will definitely need to take into
consideration the numerous types of WLAN threats and attacks if a corporate WLAN is needed
to be kept free from any form of attacks. Some of the threats and attacks that are typically faced
by a corporate WLAN include active and passive attacks as well as loss of confidentiality,
integrity and network availability (Choi, et al., 2006).
An active attack basically refers to the changes and alterations made by an unauthorised
party to a message or file. This type of attack may not be preventable although it is usually easy
to be detected. Some of the examples of active attacks that a corporate WLAN can be threaten
with are denial-of-service, replay, masquerading and message modification (Choi, et al., 2006).
Masquerading occurs if an attacker tried to impersonate an authorised user for the purpose of
gaining the access to the network thus compromising the identity of an authorised user. Denial-
of-service attack, as mentioned earlier, refers to the attack made with the purpose of disabling
a WLAN since the attacker will usually prevent or prohibit the use of a network. Replays on
the other hand, occurs if an attacker acts as an authorised user to retransmits the information
he or she obtained from transactions monitoring. Although this type of attack actually begins
as a passive attack, it will then turn into an active attack as the attacker replies to the
transmission. As for message modification, it refers to the situation that involved an attacker
to modify a message through changing or reordering the message as well as its deletion and
addition. In other terms, any tampering made on the message will be considered as message
modification.
As for passive attacks, they referred to the situation where an unauthorised party
obtained the access for the network without making any modification on the content. The most
common types of passive attacks that a corporate WLAN can be vulnerable to are
eavesdropping and traffic analysis or monitoring. Eavesdropping refers to the situation where
an attacker monitors the transmissions for message content while being within the business
area and listen to the transmission made between two workstations. As for traffic analysis or
monitoring, it refers to the attack that is typically made by an intruder beyond the perimeter of
the business to monitor the transmissions for patterns of communication.
Since confidentiality is deemed to be a major concern when dealing with any network,
it is certain that an organisation would not want the organisation’s private information and
investments being exposed to the public, especially to their competitors. Due to the fact that an
attacker can easily go through radio and broadcast waves with WLANs in order to access the
network, the traditional security for LANs can be considered to be less effective. Not to
mention that such attack will definitely be able of assaulting the confidentiality just by listening
to the transmissions. Just as those in LANs, WLANs will also loss its integrity as it also losses
the confidentiality. Apart from that, the fact that most organisations usually do not have
sufficient amount of protection, it is hard for them to actually achieve the integrity especially
when an attacker message actually modifies the company’s data. As for the loss of network
ability, it goes along the same line as denial of service attacks as discussed earlier in this study.
A denial of service attack such as jamming usually involves an attacker to create a signal for
the purpose of blocking the wireless signals that will cause the entire network to be jammed.
As the result, no information can be sent or received and users will typically be unable to
communicate on the said network.
Implementation of Information Security Architecture as a Solution
Enterprise information security architecture or EISA in short refers to the practice of
applying a comprehensive and rigorous method that are meant to describe current and/or future
structure as well as behaviour in regard to the security processes, information security systems,
personnel and organizational sub-units of an organisation to ensure that they are align with the
core goals and strategic direction of the said organisation (Woody, 2013). In simpler terms,
EISA is basically a structured approach that are essential for the organisation in developing a
security architecture that is integrated and comprehensive that is fit to the size, risk profile and
budget of the organisation. Enterprise information security architecture can be considered
important for the company to implement especially because it helps to guide the organization
when developing an integrated roadmap for the purpose of improving its information security
while at the same time reducing the likelihood of data loss.
Through the implementation of an information security architecture or roadmap, an
organisation will be provided with a logical way that can be used in decomposing and
identifying specific activities that are compulsory in strengthening data protection within the
organisation. In addition to this, information security architecture will also be able to clearly
identifies the require security controls and at the same time makes the process of auditing
easier. Apart from this, information security architecture will also allow the organisation’s
projects to be developed based upon the architecture in which is usually manageable by an
individual.
In order to implement an information security architecture, an organisation will have to
first gather the information inclusive of data classification, risk data and security assessment
findings inclusive of organizational awareness, policy analysis as well as technology. These
data and information will be used for the purpose of identifying high-value information security
initiatives as well as the requirements for the document specific project. Subsequent to this, an
organisation will have to ensure that a formal approval for high priority projects are obtained.
Following to this, several project specific management plans will have to be develop while
keeping in mind the implementation of information security initiatives. With all these steps
being taken into action, an organisation will then need to monitor for the effectiveness of each
of the steps for better results.

Conclusion
Conclusively, a deduction can be made on the fact that an organisation will have to
comprehend the significance of current security threats posed on the wireless networks. In
addition to this, it is also important for the organisation to understand the needs for the
implementation of strong protection against the potential attacks on the wireless network that
a corporate WLAN might be faced. The development of several new security standards such
as 802.11i, WPA and WPA2 helps to offer varying degrees of protection. Due to this,
organisations will have to understand each of the standards and decides on which is considered
to be the most feasible for them.
References
Al Naamany, A. M., Shidhani, A. & Bourdoucen, H., 2006. IEEE 802.11 wireless LAN
security overview. International Journal of Computer Science and Network Security, 6(5B),
pp. 138-186.
Arbaugh, W. A., Shankar, N. & Wan, Y. J., 2001. Your 802.11 Wireless Network has No
Clothes. pp. 1-13.
Berghel, H. & Uecker, J., 2004. Wireless infidelity II: airjacking. Communications of the ACM,
47(12), pp. 15-20.
Borisov, N., Goldberg, I. & Wagner, D., 2001. Intercepting Mobile Communications: The
Insecurity of 802.11. Rome, ACM SIGMOBILE.
Borisov, N., Goldberg, I. & Wagner, D., 2001. Security of the WEP Algorithm. [Online]
Available at: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html.
Cam-Winget, N., Housley, R., Wagner, D. & Walker, J., 2003. Security flaws in 802.11 data
link protocols. Communications of hte ACM, 46(5), pp. 35-39.
Choi, Y. B., Muller, J., Kopek, C. V. & Makarsky, J. M., 2006. Corporate wireless LAN
security: threats and an effective security assessment framework for wireless information
assurance. International Journal of Mobile Communications, 4(3), pp. 266-290.
Dhiman, D., 2014. WLAN Security Issues and Solutions. IOSR Journal of Computer
Engineering, 16(1), pp. 67-75.
Feng, P., 2012. Wireless LAN security issues and solutions. s.l., s.n.
Fluhrer, S., Mantin, I. & Shamir, A., 2001. Weakness in the Key Scheduling Algorithm of RC4.
Selected Areas of Cryptography, Volume 2259, pp. 1-24.
Hamid, R. A., 2003. Wireless LAN: Security Issues and Solutions, s.l.: SANS Institute.
Housley, R. & Arbaugh, W., 2003. Security problems in 802.11-based networks.
Communication of the ACM, 46(5), pp. 31-34.
Liu, C. & Yu, J., 2008. Rogue access point based dos attacks against 802.11 WLAN. s.l., s.n.
Mathews, M. & Hunt, R., 2007. Evolution of Wireless LAN Security Architecture to IEEE
802.11i (WPA2). Phuket, ACTA Press Anaheim, pp. 292-297.
Mendez, G. A., Silva, L. C. D. & Punchihewa, A., n.d. Review of Present IEEE 802.11 “Wi-
Fi” Security Issues and of Other Possible Vulnerabilities, New Zealand: Institute of
Information Sciences & Technology.
Stubblefield, A., Ioannidis, J. & Rubin, A., 2004. A key recovery attack on the 802.11b wired
equivalent privacy protocol. ACM Transactions on Information and System Security (TISSEC),
7(2).
UBM, 2004. Examining 802.11i and WPA. [Online]
Available at: https://www.networkcomputing.com/wireless/examining-80211i-and-
wpa/1094618365/page/0/6
Woody, A., 2013. Enterprise Security: A Data-Centric Approach to Securing the Enterprise.
Birmingham: Packt Publishing Ltd.
Yasir, Z. & Yang., T., 2004. Wireless LAN security and laboratory designs. Journal of
Computing Sciences in Colleges, 19(3), pp. 44-60.
Ye, P. & Yue, G., 2010. Security Research on WEP of WLAN. Jinggangshan, s.n.
Appendix A: Feature Comparison of Security Protocol

Table 3: Feature comparison of WLAN's security protocol (Mathews & Hunt, 2007).

Security
Method WPA2 (802.11i) WPA WEP
Property

Cipher AES RC4 RC4

Data Integrity CCM MIC (Michael) CRC-32

Header Integrity CCM MIC (Michael) None

48/128-bit IV 48/128-bit IV 24-bit IV

Key Life TKIP mixing TKIP mixing Concatenate IV to
function function base key

Key Management EAP-based (802.1x) EAP-based (802.1x) None

128 bits (encryption)

Key Size 128 bits 64 bits 40/104 bits
(authentication)

Packet Key Not needed Mixing function Concatenated

Enforce IV Enforce IV
Replay Detection None
sequencing sequencing
Appendix B: Rate of Interest in the Development of WLAN’s Security
Architecture

Publication Year
4.5
4
3.5
3
Paper

2.5
2
1.5
1
0.5
0

Axis Title

Publication Year

Figure 1: The rate of interest in the development of WLAN's Security Architecture.