Evaluation of WLAN Security and Performance

EVALUATION OF WLAN SECURITY AND PERFORMANCE

ABSTRACT

This report addresses the reality of Wireless LAN security and performance. It provides an overview of security mechanisms and explains how security works in Wireless LAN networks. An in depth analysis of the Wired Equivalent Privacy (WEP), Wi-Fi protected access (WPA) and WPA2 standards is presented. The security vulnerabilities that exist in them are analyzed and explained. An experiment involving four devices (Dlink, Linksys, nanostationloco2 and a WBS) was done at Kampala international university. It was discovered from literature that most people prefer using WEP yet it is least secure. One study says 30% of all WLANs detected during network discovery experiment operate with WEP encryption. The study further proved that WEP can be compromised with 100% success. It was also discovered during the experiment that factors such as line of sight, obstruction, distance, antenna type, channel being used all affect network performance. The findings of this experiment can be used as guideline choosing the right encryption method and in designing a WLAN.

CHAPTER ONE INTRODUCTION

Background

A decade ago hardly anyone heard of wireless networks but today, the IT technology is mostly based on the wireless connection followed by the development of wireless network-enabled devices (Cache and Liu, 2010). The manufacturers of the speed network equipment generate billions of pounds, yet a worldwide usage carries a number of risks costing their business overwhelming amounts of money and resources.

In Wireless Local Area Networks (WLAN) major issues are associated with security and at times performance problems arising from network overloads due to the ease with which people can connect to a given network. The wireless signal of the WLAN is broadcast through the air in all directions simultaneously. An unauthorized user can easily capture this signal using either a laptop or a freeware tools to exploit WLAN vulnerability. WLANs are increasingly used within home and business environment due to the convenience, mobility, and affordable prices for wireless devices. WLAN gives mobility and flexibility to users in homes and hot spot environments, such as airports and campuses. The wide range of usage emphasizes the importance of having a secure network and protection from potential break-ins.

According to Timothy and Linda( 2004), encryptions such as WEP and WPA/WPA2 are used and this allows the transmitted data within the network to be encrypted but this does not guarantee total security because hacking specialists can access it (Cache and Liu, 2010).

Therefore, the main focus of this study will be to examine different encryption methods and to identify potential risks when using wireless networks and recommend possible means of securing WLANs.

Statement of the problem

Wireless LAN networks are generally designed with emphasis on convenience rather than security this is common in places where management would like to reach out to a much wider coverage than the sister wired network can go. This is exactly where the problem lies because, almost anyone with a WLAN enabled device can easily connect to and penetrate other users’ systems in addition to increasing the amount of traffic on the network. Kampala international university experienced the same problem in 2011 after it acquire a WBS with a 5km radius coverage that so the whole of Gongo la mboto gain access to its “ kiu wireless” network. This did not happen because no security measures had been taken but the security measures that had been implemented were weak and easy to compromise. As a result, the network broke a record of not being in position of opening even a single web page leading to a denial of service situation.

Objectives of the study

Main objective

The objective of this study was to evaluate WLAN encryption mechanisms and factors that affect WLAN performance

Specific Objectives

To examine the current wireless LAN security issues.

To identify factors that affect WLAN performance.

To make recommendations on how WLAN security and performance can be improved.

Research questions

Examine the current trend in WLAN security?

Which factors affect WLAN performance?

How can WLAN security and performance be improved?

Scope of the study

The study was carried out at KIU located in Gongo la mboto which is found in Ilala district, Dar es Salaam region.

The study involved literature analysis of three encryption mechanisms and several experiments aimed at evaluating different association time and factors that affect WLAN performance.

The encryption mechanisms were evaluated basing on literature and measurement of association time. Whereas performance was evaluated by measuring signal strength (number of network bars) and download speeds at different locations. The experiments involved four WLAN devices.

Significance of the study

The study findings can be used as a guideline for computer professionals on deciding which security mechanism to apply when they are working in different environments.

The study findings have expanded on the knowledge in the field of wireless networks performance and security.

The study findings have exposed major factors that affect WLAN performance

CHAPTER TWO LITERATURE REVIEW

In this chapter, popular WLAN technologies and problems relevant to the research area are introduced. The aim is to provide an overview of wireless LAN securities and to evaluate the WLAN security issues.

Wireless LAN Security

There are currently three main encryption technologies available to WLAN communication; WEP, WPA, and WPA2. These technologies attempt to provide Confidentiality, Integrity and Authentication. However, they do not all succeed at these tasks and introduce vulnerabilities into the WLANs.

In the book written by Fluhrer, Martin and Shamir (2001), the first protection method and the easiest to use on wireless networks is Wired Equivalent Privacy (WEP). Although it appeared a successful invention, it could not survive for long and after only a period of two years, its RC4 was broken and this gave a bad reputation to wireless technology because of its perceived security flaw (Howard and Prince, 2010). The perceived flaws in the WEP saw the introduction of Wi-Fi Protected Access which is practically more efficient compared to WEP because it is much more complicated algorithm. As time went by, an improvement of WPA was made and that saw the introduction of WPA2.

WEP - Wired Equivalent Privacy

As the name suggests, according to Howard and Prince (2010), the objective of WEP designers, was never to make WLAN a 100 per cent secure, but to provide the same security as in a wired network. WEP was built for the encryption of the network traffic, the data integrity and station authentication. And despite its weaknesses, WEP is still widely deployed especially in organizations where security of information is not a very big concern like in schools to allow students to easily connect to university’s hot spots.

According to Beaver and McClure (2010), WEP uses a process of authentication to verify that a valid user is trying to connect to the network. In WEP there are two approaches to do this: open system authentication and shared key authentication. With Open Authentication, when a station wants to connect, the Access point always accepts the request and allows a station to join the network automatically. It uses a device-based authentication scheme as the user does not need to provide a valid user ID or password. Instead, the MAC address of the connecting node is used to identify it. Borisov (2001) in his early research highlights the possibility to configure the MAC addresses of the permitted clients with their access points. However, this approach does not provide the desired security as it is easy to spoof an address.

With Shared key Authentication, when a station requests for a connection, the AP sends a challenge-text in the form of a 40 or 128-bit number. The Station encrypts this text with the WEP secret key, sends it back to the AP which decrypts the text, checks if it is the correct one and then grants access to the network. This process only authenticates the station to the access point, not the other way around; therefore a malicious AP can simply pretend that the authentication was successful without knowing the secret key (Gast, 2005).

WEP uses the RC4 algorithm to encrypt data messages. This algorithm uses a stream cipher meaning that every byte is encrypted individually with the WEP key. The decryption is the reverse of this process and uses the same key (Fluhrer et al, 2001). Usually the cipher key has 128 bit and consist of 24 bit initialization vector (IV and 104 bit key). An IV is used to produce a single key-stream for each frame transmitted. The unique key is sent in plain text with the packet, therefore can be viewed by a packet sniffer (Lockhart, 2006). This is a major flaw of WEP encryption. As said by Flickenger (2006) the fact that the same key is used for all frames transmitted in the WLAN network it makes penetration test much easier.

WEP still provides basic security and it is integrated in most of the routers. In a survey conducted in all IT shops in Tanzania, it was discovered that all wireless devices they had on market supported this type of encryption and it is also supported by most laptops on the market.

According to Alikira, a network administrator KIU, WEP is easy to configure and also provides an option that does not require the client to even login and it is supported by most wireless devices and routers unlike WPA and WPA2 which are new and therefore not supported by some old laptops(interview,2012).

Walker (2000) concurs with other researchers that WEP is an unsafe encryption method and does not even meet its design goal which was to provide data privacy to the level of a wired network. Borisov et al (2001) presented the first serious paper on WEP insecurity receiving a high volume of controversy in the press. He would later be supported by Gast in 2005 who in his book published the same argued that, it only took a week for his group of students to crack the WEP key. An improved version of WEP called WEP+ was introduced later with patches by Agere systems. It greatly reduced the amount of weakness produced by normal WEP implementations and was released as a firmware update for their own access points (Burns, 2007). Cisco did not sit back it introduced the concept of Dynamic WEP Keys to their Aironet and Linksys WLAN Products and this also improved the WEP security. Unfortunately, all the above improvements were vendor specific which resulted in another limitation of incompatibility. In 2007, a new generation of WEP attacks was published by Tews, Weinmann, and Pyshkin. Their attack called PTW introduced new concepts, which allow breaking into WEP in less than a minute. The KoreK and PTW attacks were quickly integrated into WEP cracking and WLAN auditing tools and are now the standard for attacking WEP protected WLANs (Aircrack-ng, 2010).

WPA/WPA2 - Wi-Fi Protected Access

The design of WPA is based on a Draft 3 of IEEE 802.11i standard. It was proposed to ensure the release of a higher volume of security WLAN products before IEEE group could officially introduce 802.11i. Yet, major weaknesses of the WEP had already been known at the time (IEEE-SA Standards Board, 2004). Due to those weaknesses, WPA introduced some improvements. First, WPA can be used with an IEEE 802.1x authentication server, where each user is given different keys and it can also be used in a less secure “pre-shared key” (PSK) mode, where every client is given the same pass-phrase just like with WEP (Lockhart, 2006).

In 2004, WPA2 standard was released to replace the less secure WEP and WPA. The final IEEE 802.11i standard not only adapts all the improvements included in WPA, but also introduces a new AES-based algorithm considered as fully secure (CPP UK, 2010).

WPA/WPA2 brings with it an improved level of security in WLANs can be implemented using WPA as in WEP. However, it does not include most of the flaws of the previous systems. The work on the WPA started immediately after the first reports of violation of the WEP and later on was deployed worldwide (Lowe, 2010). WPA includes two types of user authentication. One named WPA Personal with a pre-shared key mechanism similar to that of WEP and the WPA Enterprise, which uses 802.1X and derives its keys automatically (Lockhart, 2006). Nonetheless, the main improvement of the WPA was introduction of Temporal Key Integrity Protocol (TKIP) Instead of using a preshared key, which creates a key stream. It uses a pre-shared key to serve as the seed for generating the encryption keys (Lammle, 2010). WPA also uses the RC4 stream cipher with a 128-bit key and a 48bit IV, which is similar to the WEP for data encryption. However, unlike the WEP, there is a major improvement for WPA to use the Temporal Key Integrity Protocol (TKIP), which is the heart of WPA.

With a similar encryption process to WEP, implementation of the WPA is as simple as upgrading clients’ software and updating the firmware of older access points (Lowe, 2010).

Like WPA, WPA2 offers two security modes: pre-shared key authentication based on a shared secret and authentication by an authentication server. Pre-shared key authentication is intended for personal and small office use where an authentication server is unavailable (interview-data Alikira, 2012).

[...]