Network Security: A Focus in the IEEE 802.

11 Protocols
Juan M. Monge Arroyo#1, Brendaliz Romn Cardona*2, Jan Flores Guzmn#3
#

Electrical & Computer Engineering and Computer Science Department Polytechnic University of Puerto Rico Alfredo Cruz, Ph.D. A network consists of computers connected to each other using guided or unguided mediums to transfer data between each other. Guided mediums are those that transfer signals through solid mediums like copper. Unguided mediums transmit and receive signals through an antenna. Data transfer is achieved in LANs and WLANs using guided and unguided mediums respectively. Currently, the Institute of Electrical and Electronics Engineers (IEEE) have three main standards for wireless LAN: IEEE 802.11a, IEEE 802.11b and IEEE 802.11g. The IEEE 802.11g and the IEEE 802.11a both have nominal speeds of 54Mbps operating in the 2.4 GHz and 5 GHz bands respectively. The 802.11b is the slowest from the three having nominal speeds of 11Mbps while operating in the 2.4 GHz spectrum [1]. B. Encryption Security is the protection of data that is transmitted through unguided mediums like air. Encryption methods are used to protect the data being transmitted. Encryption solves the following problems of information security: authenticity, integrity, confidentiality, and non-repudiation. Encryption works using special keys to protect and unprotect data. Encryption is divided into two categories: symmetric and asymmetric. In the symmetric type, all devices will use the same key for encryption and decryption. The security of the symmetric method is completely dependent on how well users protect the key [2].

Abstract High impact vulnerabilities are discovered and exploited when something becomes the standard of the industry. The Institute of Electrical and Electronics Engineers (IEEE) has some standards for data communications named the IEEE 802 standards. This paper will explain some of those standards focusing in the 802.11 (wireless) protocols. Wireless Local Area Networks (WLANs) use air as the medium of data transfer, meaning that they can be intercepted without physical attacks. Interception methods or attacks like denial of service and man in the middle attacks are frequently used to intercept data or to even stop or deny the functioning of a computer resource. Most of the IEEE 802 standards use encryption methods to protect the data being transmitted. The WLAN security standards to be discussed in this paper are 802.11, 802.1x, and 802.11i. Keywords Network IEEE802.11. Security, Wireless LAN Security,

I. INTRODUCTION The internet was created for information exchange between trusted hosts in universities. Initially, it allowed the sharing of information between universities and its researchers in a cooperative environment. Local Area Networks (LANs) and Wireless Local Area Networks (WLANs) succeeded in providing network access to computers using guided or unguided transmission methods. The Institute of Electrical and Electronics Engineering (IEEE) has a set of standards and specifications for data communications in wired and wireless networks. When data is transmitted through non guided mediums like air, the interception becomes a possible threat. Some common attacks threatening wireless communications are smurfing, distributed denial-of-service, spoofing and others. The 802.11 protocol defined the Wired Equivalent Privacy (WEP) protocol to protect wireless communications. Unfortunately, WEP could not deliver wireless secure communications. Other security standards were created to address the problems WEP could not solve. Some of those standards are 802.11, 802.1x, 802.11i and others. II. NETWORKS AND ENCRYPTION LANs and WLANs are networks susceptible to attacks. One of the solutions to those attacks is encryption. A. Networks

In the asymmetric encryption, the public key can be known to everyone, and the private key must be only known to the

owner. Each key type can be used for encryption and decryption. Asymmetric, the public key can be known to everyone and the public key must only be known to the owner the different to Symmetric and Asymmetric, the private key has one key public and one key private, symmetric has two key public.

If the private key is used for encryption, it cannot be used for decryption and vice versa. Digital signatures enable the recipient of information to verify the authenticity of the informations origin. Public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation meaning that the senders identity is known at all times [2]. Hash functions ensure that the data being transmitted arrives intact. Some of the uses of hash functions are: unique file identification, data corruption detection, and others. As long as a secure hash function is used, there is no way to take someone's signature from one file and attach it to another, or to alter a signed message in any way. The slightest change in a signed document will cause the digital signature verification process to fail [2]. See figure 1 below for the better understanding of hash functions.

Fig. 1 Hash Functions common operation

III. NETWORK ATTACKS The internet was created for information exchange between trusted hosts in universities. Initially, it allowed the sharing of information between universities and its researchers in a cooperative environment. As such, security did not weigh in heavily in the initial design of the Internet Protocol Suite [3]. In todays world, networks and the internet have emerged as a critical, evolving vehicle for global communication and commerce. As we rely more and more on network communications, this lack of inherent security has become an increasingly significant concern as attacks and exploitations have evidenced this fact. Some common network attacks are: SYN flooding, smurfing, denial of service, spoofing attacks and others. A. SYN Flooding Attacks To establish a connection, TCP performs what is known as a three-way handshake. Clients and servers used special synchronization/acknowledgement (SYN/ACK) packets to establish a connection. The SYN flooding attack consists of sending a large number of SYN packets without acknowledging any of them. The victim accumulates each SYN packet awaiting acknowledgement, until the software could not hold anymore and either crashed the system or locked out network access. The victim suffered a denial of service as a result. The solution for this attack was the use of a SYNcookie [3]. A SYNcookie is simply a random number added to SYN/ACK packets with the intention of replacing the need to keep the copies of SYN packets. That way, its not required to keep information about half-open sessions. B. Smurfing Attacks Smurfing is an attack that uses the ICMP protocol to overwhelm the intended host with a large amount of echo

replies. To accomplish this, the attacker sends a large number of ICMP echo requests with the spoofed source address of the victim to broadcast addresses within smurf amplifier networks. The smurf amplifier networks proceed to send the ICMP echo request to all the hosts in the local network. Once every host in the local smurf amplifier network receives the ICMP echo request with the spoofed address of the victim, each one proceeds to reply to the victim with an ICMP echo reply. The large number of echo replies sent to the victim can easily overwhelm the system, causing the victim to suffer the effect of a denial of service. Near the end of the 1990s, the protocol standards were updated. The update resolved this issue in two ways: configure individual hosts and routers so that they do not respond to ping requests or broadcasts [3], and configure routers so that they do not forward packets directed to broadcast addresses by default. This effectively prevents the network from being exploited to attack. Since that time, the frequency with which this type of attack is used has dramatically decreased. C. Distributed Denial-of-Service Attacks In distributed denial-of-service attacks (DDoS), the attackers compromise a large number of hosts over some length of time before the actual attack. These hosts are sometimes collectively known as a botnet. A botnet can be defined as follows: A collection of compromised computers (generally called zombie computers) running software (usually installed via drive-by downloads exploiting web browser vulnerabilities, worms, Trojan horses, or backdoors) under a common command-and-control infrastructure. Once attackers have established a botnet, they are able to coordinate the software running on the zombie hosts to launch a simultaneous attack on a victim. The attack typically consists of bombarding the victim with a large number of messages such as packets and other network traffic from multiple, numerous zombie hosts. This kind of attack is relatively novel and thus, still under research. It has shown to offer attackers several benefits over more traditional attacks. This can actually make this kind of attack particularly difficult to prevent. Some work has been done with ICMP traceback messages to help trace flooding attacks back to the source hosts. Although this is helpful in detecting the source of the attacks, it does little in the way of actually preventing it. D. Spoofing Attacks In a spoofing attack, the attacker is able to assume the identity of another in a communication by falsifying information. There are many kinds of attacks that fall into this category. One of the common spoofing attacks exploits the use of the address resolution protocol (ARP), a widespread protocol to associate a hosts physical MAC address to its current IP address. In an ARP spoof attack, the attacker intends to associate his own MAC address with the IP address of the victim, typically a default gateway. If the attack succeeds, then all

traffic that was meant for the victim will be sent to the attacker. The attacker may then either forward the traffic to the victim (passive sniffing), or alter the information before forwarding it (man-in-the-middle attack). Another possibility for the attacker would be to associate the victims default gateway IP with a non-existent MAC address, effectively inflicting the user to a denial of service attack. The attacker accomplishes this by sending unsolicited ARP responses to the victims with fake information. If the victim accepts and caches the information, this effectively poisons their ARP cache, causing an unintended association between a legitimate IP address and the MAC address of the attacker. There are several mechanisms to prevent this type of attack. A particularly effective solution to this problem is a mechanism called DHCP snooping. DHCP service running on network devices have a list of all the MAC addresses of the hosts connected to the device. This makes the device capable of detecting and dropping spoofed ARP responses (ARP responses with MAC addresses not on their lists). There are various other alternatives when dealing with this problem. Most of them are software based and rely on detection, not prevention. IV. WIRELESS LAN SECURITY STANDARDS The wireless security goal is to prevent the unauthorized access to any type of system that uses wireless networks. IEEE created three basic technologies for client authentication and protection. The technologies are: open system authentication, shared key authentication, and WEP. Later on, IEEE created the more secure IEEE802.11i improving the authentication process. The IEEE802.11i also protects the privacy and integrity of the data transmitted [4]. A. IEEE 802.11 There are two authorization methods defined in the IEEE802.11: open system and shared key. The open system authorization only requires the Service Set Identification (SSID) from the wireless station for authentication. This authentication method is totally unprotected because most APs broadcast the SSID. In the shared key authentication, the AP sends to the client a challenge text packet that the wireless station must encrypt with the correct WEP key and return it to the AP. If the client has the wrong key or no key, authentication will fail and the client will not be allowed to associate with the AP [5]. See figure 2 below. The shared authentication is more exposing than the open authentication because in the first step of the process, the AP sends the correct WEP key to the client to associate. This WEP key can be intercepted and cracked. WEP is a security protocol created to secure communications between the AP and the wireless station. It can use the open system or the shared key authorizations. WEP is based on a stream cipher encryption symmetric key algorithm called RC4. Stream cipher is an encryption method where each bit of the data is sequentially encrypted using one bit of the key. It uses an initialization vector (IV) to produce a

unique stream independent from other streams produced by the same encryption key [6].

bits are different, and false if they are equal. To technically understand why the process is the same whether the message is encrypted or unencrypted, see Table 1 below for the XOR truth table.
TABLE 1 XOR TRUTH TABLE INPUT MESSAGE (B) 0 1 0 1 Table 1 XOR truth table

KEY (A) 0 0 1 1

OUTPUT A XOR B 0 1 1 0

Fig. 2 Shared Key Authentication Steps of 802.11

WEP protocol can be divided in two stages. In the first stage, a cyclic redundancy check (CRC) is made to the message and then is concatenated at the end of it. After the CRC, an IV is selected. In the other stage of the process, the RC4 algorithm generates the WEP encryption key using the IV and the shared key [7]. Finally, the key stream generated is XORed with the message to generate the encrypted message (cipher text) to be sent. Before sending, the IV is concatenated to the encrypted message. See figure 3 below.

The WEP security protocol has some major flaws. One of those flaws is that the 802.11 standard does not state how the keys are going to be distributed, so in most cases every client in an AP uses the same key. Other major flaw is that there is a direct relationship between the WEP encryption keys and the IV used in a single session, so it is easy for an attacker who knows the WEP encryption key to capture the corresponding IV [8]. Other important issue is that the key length is too short (40 bits). This was resolved in an update called WEP2. The key was updated to 104 bits. To try to fix the WEP encryption without requiring a complete replacement of the AP hardware or client network interface card (NIC), IEEE created the Key Integrity Protocol (TKIP). TKIP is a security protocol used in the 802.11 standard. In the TKIP, when the wireless station is communicating with the AP, different encryption keys are utilized every time a packet is sent [7]. The encryption keys are generated from a combination of the shared key, senders MAC address and the TKIP sequence number. The TKIP sequence number is a counter that increments every time a packet is sent. This counter is stored in the IV fields [8]. The TKIP is an improvement of the WEP protocol. It is an upgrade from WEP because it has longer key and IV length [7]. It is also better because it dont have a direct relationship between the IV and the WEP encryption key. It also eliminates the WEP key recovery attacks due to the key mixing function. It is an upgrade but it has flaws. TKIP is still based in the RC4 encryption. TKIP affect the networks overall performance due to the amount of encryptions/decryptions it executes [4]. B. IEEE 802.1x The IEEE802.1x is a protocol providing mutual authentication and efficient key exchange between clients. This standard is based on supplicant, authenticator, and authentication server. In WLANs, the supplicant is the wireless station, the authenticator is an access node which allows wireless stations to access the network, and the authentication server is a server with authentication mechanisms [8]. Authentication requests and replies are managed by the Extensible Authentication Protocol (EAP). EAP encapsulates the messages that travel from supplicants to the authenticator.

Fig. 3 Wired Equivalent Privacy (WEP) encryption algorithm

In the decryption process of WEP, the RC4 take the IV from the encrypted message and the shared key to re-create the WEP encryption key. Finally, the key stream is XORed with the encrypted message to create the original message [7]. The only difference between the encryption and decryption is that the message to be XORed in the decryption process is encrypted compared to the unencrypted message XORed in the encryption. The XOR operation simply yields true if two

The IEEE802.1x also securely distributes encryption keys. See figure 4 below.

REFERENCES
[1] [2] [3] [4] [5] [6] [7] [8] Becta. Wireless Local Area Networks (WLAN). 2006. <http://foi.becta.org.uk/content_files/corporate/resources/technology_a nd_education_research/w_lans.pdf> CISSP. CISSP All-in-One Certification Exam Guide. 2007. <http://www.cccure.org/Documents/Cryptography/cisspallinone.pdf> R. J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. 2008. <http://www.cl.cam.ac.uk/~rja14/Papers/SE-18.pdf> Y. Zahur, & T Yang. Wireless Security and lab designs. 2004. <http://portal.acm.org/citation.cfm?id=948839> Internet Security Systems. Wireless LAN Security. 2001. <http://documents.iss.net/whitepapers/wireless_LAN_security.pdf> N. Borisov, I. Goldberg, & D. Wagner. Intercepting Mobile Communications: The Insecurity of 802.11. 2001. <http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf> A. M. Al Naamany, A. Al Shidhani, & H. Bourdoucen. IEEE 802.11 Wireless LAN Security. 2006. <http://paper.ijcsns.org/07_book/200605/200605C01.pdf> J. C. Mitchell. Security Analysis and Improvements for IEEE 802.11i. 2005. <http://www.isoc.org/isoc/conferences/ndss/05/proceedings/papers/ND SS05-1107.pdf> A. Al Tamimi. Security in Wireless Data Networks: A Survey Paper. 2006. <http://www.cse.wustl.edu/~jain/cse57406/ftp/wireless_security.pdf> P. Roshan, & J. Leary. 802.11 Wireless LAN Fundamentals. USA: Cisco Press, 2003. M. Srivatsa, A. Iyengar, J. Yin, & L. Liu. A Client-Transparent Approach to Defens Against Denial of Service Attacks. 2006. <http://domino.research.ibm.com/library/cyberdig.nsf/papers/AAC856 2DACFDF1C0852571B20055ACA9/$File/rc23993.pdf> 3Com Corporation. Wireless LANs: Assuring Enterprise Security and Identity Awareness. 2005. <http://3com.com/other/pdfs/legacy/en_US/3Com-503165.pdf>

Fig. 4 EAP message flow that occurs during 802.1x authentication

C. IEEE 802.11i The IEEE802.11i is another standard created to improve authentication, integrity and data transfer. It was created to solve the main problems of the WEP and TKIP. WPA2 is the protocol based in this standard. The 802.11i is capable of two methods of authentication: 1) 802.1x and EAP to authenticate the users, 2) per-session key per-device. The second method has a shared key called Group Master Key (GMK). GMK is used to derive Pair Transient Key (PTK) and Pair Session Key (PSK) to execute the encryption and authentication [6]. An algorithm called Michael is used in the IEEE802.11i to calculate an 8 byte integrity check called Message Integrity Code (MIC). Michael produces a special tag using a 64 bit authentication key. The key along with the text to be encrypted are taken as inputs [2]. The method for creating the special tag uses XOR operations, bit swapping and addition. The message and the tag are sent to the receiver to use a verification procedure [2]. This algorithm is an upgrade over the old CRC method because it has a counter that minimizes recurrent attacks. It also protects the data and the header. V. CONCLUSION Wireless networks will be always more susceptible to attacks compared to wired networks. Most of the attacks can be avoided or treated by using the correct process and protocol. At first, the direction of wireless networks was to connect wireless devices to wired networks. After some security problems, WEP was the first protocol to be used. After more problems occurred due to the poor protection, TKIP was implemented. TKIP was a temporal solution due to the fact that it was based in the WEP protocol. Finally 802.11i came, and solved most of the problems by implementing new authentication methods and encryption algorithms. The 802.11i standard is very secure for now, but eventually new problems will arise and a new standard will be needed.

[9] [10] [11]

[12]