Security in Wireless Local Area Networks (WLANs)

Major research domains in the WLAN security include: access control & data frame protection, lightweight authentication and secure handoff. Access control standard like IEEE 802.11i provides flexibility in user authentication but on the other hand fell prey to Denial of Service (DoS) attacks. For Protecting the data communication between two communicating devices—three standard protocols i.e., WEP (Wired Equivalent Privacy), TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption Standard—Counter mode with CBC-MAC protocol) are used. Out of these, AES-CCMP protocol is secure enough and mostly used in enterprises. In WLAN environment lightweight authentication is an asset, provided it also satisfies other security properties like protecting the authentication stream or token along with securing the transmitted message. CAPWAP (Control and Provisioning of Wireless Access Points), HOKEY (Hand Over Keying) and IEEE 802.11r are major protocols for executing the secure handoff. In WLANs, handoff should not only be performed within time limits as required by the real time applications but should also be used to transfer safely the keying material for further communication. In this chapter, a comparative study of the security mechanisms under the above-mentioned research domains is provided

Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions

As computation spreads from computers to networks of computers, and migrates into cyberspace, it ceases to be globally programmable, but it remains programmable indirectly: network computations cannot be controlled, but they can be steered by local constraints on network nodes. The tasks of "programming" global behaviors through local constraints belong to the area of security. The "program particles" that assure that a system of local interactions leads towards some desired global goals are called security protocols. As computation spreads beyond cyberspace, into physical and social spaces, new security tasks and problems arise. As networks are extended by physical sensors and controllers, including the humans, and interlaced with social networks, the engineering concepts and techniques of computer security blend with the social processes of security. These new connectors for computational and social software require a new "discipline of programming" of global behaviors through local constraints. Since the new discipline seems to be emerging from a combination of established models of security protocols with older methods of procedural programming, we use the name procedures for these new connectors, that generalize protocols. In the present paper we propose actor-networks as a formal model of computation in heterogenous networks of computers, humans and their devices; and we introduce Procedure Derivation Logic (PDL) as a framework for reasoning about security in actor-networks. On the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL) that evolved through our work in security in last 10 years. Both formalisms are geared towards graphic reasoning and tool support. We illustrate their workings by analysing a popular form of two-factor authentication, and a multi-channel device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended references, added discussio

Wireless Local Area Network Security : An Investigation Into Security Tool Usage In Wireless Networks

Many organisations and individuals installing wireless local area networks (WLANs), which are based on the IEEE 802.11 b standard, have little understanding of the security issues that surround this technology. This study was initiated to determine how WLAN security issues affect organisations in Perth, Western Australia. The scope of the study was restricted to 802.llb WLANs operating in infrastructure mode, where all traffic is transmitted by wireless access points (APs). This study was conducted in two phases. The general aims of the first phase were to determine the number of detectable WLANs in the Perth Central Business District (CBD) and subsequently, the percentage of them that have enabled Wired Equivalent Privacy (WEP). Additionally, phase 1 was able to show how many WLANs were still using the manufacturer\u27s default settings and how the network devices may be grouped according to manufacturer. The general aims of the second phase were to find out if the IT managers of various Perth organisations were aware of the security issues related to WLANs and to find out the degree to which the security tools and processes have been implemented. These aims were also achieved and in addition, anecdotal information was collected and analysed. The results of this study indicate that in the Perth CBD, the majority of those persons responsible for the implementation and management of wireless networks are aware of the problems and have taken steps to secure their networks

Security scheme under opensource software for accessing wireless local area networks at the university campus

Wireless networks provide flexibility, increase in productivity, and savings in infrastructure and are useful in organizations with high volume of mobile device users. The services in wireless networks require mechanisms that guarantee their efficient, secure, and reliable use. A security scheme is designed for accessing wireless local area networks (WLAN) at the campus of a Venezuelan university. The confidentiality, integrity, availability (CIA) information security principles are applied, as well as control objectives specified in ISO 27001. The proposed access security scheme mitigates threats, monitors the use of services, and establishes security parameters for reducing attacks to the network, complying with national laws and internal regulations of the university under study respecting to the use of opensource software based on the National Institute of Standards and Technolog

Security scheme under opensource software for accessing wireless local area networks at the university campus

Wireless networks provide flexibility, increase in productivity, and savings in infrastructure and are useful in organizations with high volume of mobile device users. The services in wireless networks require mechanisms that guarantee their efficient, secure, and reliable use. A security scheme is designed for accessing wireless local area networks (WLAN) at the campus of a Venezuelan university. The confidentiality, integrity, availability (CIA) information security principles are applied, as well as control objectives specified in ISO 27001. The proposed access security scheme mitigates threats, monitors the use of services, and establishes security parameters for reducing attacks to the network, complying with national laws and internal regulations of the university under study respecting to the use of opensource software based on the National Institute of Standards and Technology

A Survey of Positioning Techniques and Location Based Services in Wireless Networks

International audiencePositioning techniques are known in a wide variety of wireless radio access technologies. Traditionally, Global Positioning System (GPS) is the most popular outdoor positioning system. Localization also exists in mobile networks such as Global System for Mobile communications (GSM). Recently, Wireless Local Area Networks (WLAN) become widely deployed, and they are also used for localizing wireless-enabled clients. Many techniques are used to estimate client position in a wireless network. They are based on the characteristics of the received wireless signals: power, time or angle of arrival. In addition, hybrid positioning techniques make use of the collaboration between different wireless radio access technologies existing in the same geographical area. Client positioning allows the introduction of numerous services like real-time tracking, security alerts, informational services and entertainment applications. Such services are known as Location Based Services (LBS), and they are useful in both commerce and security sectors. In this paper, we explain the principles behind positioning techniques used in satellite networks, mobile networks and Wireless Local Area Networks. We also describe hybrid localization methods that exploit the coexistence of several radio access technologies in the same region, and we classify the location based services into several categories. When localization accuracy is improved, position-dependant services become more robust and efficient, and user satisfaction increases

Mitigating External Threats in Wireless Local Area Networks

As computer networks become more critical to enterprises, it is inevitable that efficient security policies are designed, case in point: wireless networks, in order to effectively ensure the confidentiality, availability, and integrity of the data traversing these networks. The primary objective of this paper is to appropriately simulate an enterprise network, and evaluate the threats, and possible mitigation approaches applicable. An analysis of an enterprise WLAN (Wireless Local Area Network) was carried out, to identify relevant vulnerabilities, and possible countermeasures against these threats. The primary threats analysed were those possible by an external adversary. Upon identification of said threats, a security model was developed, so as to improve enterprise network security, and ensure the levels are optimum. In addition, a number of the principles involved are applicable to non-wireless networks.   Keywords: WLAN, Wireless, Security, WPA 2, IEEE 802.11.