CBWT3103:

Wireless Technology

eH
Unit 2: WPAN and WLAN

Part 1 ext (continue

from
ET03)
IEEE 802.11 Data Link Layer

 The TWO types of Wireless

Network:
 1. Ad Hoc Network
IEEE 802.11 Data Link Layer

 The TWO types of Wireless Network:

 1. Ad Hoc Network
 Characteristics:
 Do not need any IP
 Do not support much
mobility
IEEE 802.11 Data Link Layer

 The TWO types of Wireless Network

 2. Infrastructure Network
IEEE 802.11 Data Link Layer

 The TWO types of Wireless Network

 2. Infrastructure Network
 Characteristics:
 Before transmitting
a frame, the MAC coordination
must obtain the access
grant from the Network
Center (known as DCF,
normally a
Access Point).
IEEE 802.11 Data Link Layer

 The TWO types of Wireless Network

 2. Infrastructure Network
 Distributed Coordination Function (DCF)
 is the fundamental MAC
technique of the IEEE 802.11
based WLAN standard.
 DCF employs a CSMA/CA
IEEE 802.11 Data Link Layer

 Medium Access
Control
 Why not
CSMA/CD?
 Collision detection is
difficult in radio
environment(signal
strength decrease, nodes
out of radio range)
 Stations may interfere
from other LANs (BSS)
 Hidden node problem
IEEE 802.11 Data Link Layer

 Medium Access
Control
 CSMA/CD!
IEEE 802.11 Data Link Layer
 Medium Access
Control
(CSMA/CA)
 Carrier sensing:
Listen before
talking
 Collision
Avoidance
IEEE 802.11 Data Link Layer
 Medium Access
Control
(CSMA/CA)
 Carrier sensing:
Listen before
talking
 Collision
Avoidance
WLAN Products : WLAN
Cards
WLAN Products : AP
WLAN Products : Outdoor
Application
WLAN Products : - Antenna
WLAN Products : Outdoor
Application
IEEE 802.11 Data Link Layer

 Authentication and Privacy

 The steps:
Unit 2: WPAN and WLAN

Part 2
WPAN
WPAN

 is a low-range wireless network which

covers an area of only a few dozen metres.
 This sort of network is generally used for
linking peripheral devices (like printers,
cellphones, and home appliances) or
a personal assistant (PDA) to a computer, or
just two nearby computers, without using a
hard-wired connection.
WPAN

 There are several kinds of technology used

for WPANs:
 Bluetooth
 HomeRF
 Zigbee
 Infrared
WPAN - Bluetooth

 launched by Ericsson in 1994

 offers a maximum throughput of 1 Mbps
over a maximum range of about 30 metres.
 also known as IEEE 802.15.1.
 the advantage:
 very energy-efficient, which makes it
particularly well-suited to use in small devices

 almost the first Ad-Hoc network.

WPAN - HomeRF
 The old WiFi
 launched in 1998 by HomeRF Working
Group (which includes the manufacturers Compaq,
HP, Intel, Siemens, Motorola and Microsoft
 has a maximum throughput of 10 Mbps with a
range of about 50 to 100 metres without an
amplifier.
 The HomeRF standard, despite Intel's support, was
abandoned in January 2003, largely because
processor manufacturers had started to support on-
board Wi-Fi (via Centrinotechnology, which included
a microprocessor and a Wi-Fi adapter on a single
WPAN - Zigbee
 also known as IEEE 802.15.4.
 can be used to connect devices wirelessly at a
very low cost and with little energy consumption.
 well-suited for being directly integrated into small
electronic appliances (like home appliances,
stereos, and toys).
 Zigbee, operates on the frequency band of 2.4 GHz
and on 16 channels, can reach transfer speeds of
up to 250 Kbps with a maximum range of about
100 metres.

 Zigbee is an ad-hoc network.

WPAN - Infrared
 irDA (Infrared Data Association), formed in 1995,
has more than 150 members (that use the servis of
this technology) .
 can be used to create wireless connections over a
few metres with speeds than can reach a few
megabits per second.
 Nowadays, this technology is widely used in home
electronics (like remote controls), but light waves
can interfere with the signal.
 Piconet
• A general purpose, low-powered, ad-hoc
network
• It allows two devices near each other to
inter-operate
• These devices can be either mobile or
fixed
• The range is said to be reasonably short
• An ad-hoc network.
26
Wireless comparison

27
 Security
In Wireless
Network
History of Wireless Networking

• Wireless Local Area Networks (WLAN) have been around

since 1970.

• The first model was created at the University of Hawaii by

Norman Abramson.

• This was a star topology and connected 7 computers across

4 islands.

• Today, wireless networking is largely standardized by IEEE

and their various versions of 802.11.
Unsecured
• A wireless network with no sort of encryption algorithm
applied.

• Any user can readily authenticate and access the internet.

• Packets are unencrypted and visible.

• Attacks:
o ARP Spoofing - Associate attacker's MAC address with
default gateway's IP. All traffic meant for gateway goes
through attacker's machine first. Traffic can be passed
through (passive sniff) or modified and passed (MIM).
o Firesheep - Firefox extension that decodes cookies on
unsecured network. Allows log in as user for sites like
Facebook and Twitter.
Wireless Networks and
Security
1) What are Wireless Networks?
• A wireless network is the way that a computer is
connected to a router without a physical link.
2) Why do we need?
• Facilitates mobility – You can use lengthy wires
instead, but someone might trip over them.
3) Why security?
• Attacker may hack a victim’s personal computer
and steal private data or may perform some illegal
activities or crimes using the victim’s machine and
ID. Also there's a possibility to read wirelessly
transferred data (by using sniffers)
Security in Wireless Network

 is the prevention of unauthorized access

to wireless networks.

 The most common types of wireless security

are:
 Wired Equivalent Privacy (WEP)
 Wi-Fi Protected Access(WPA)
Security in Wireless Network

 Wired Equivalent Privacy (WEP)

 WEP is a notoriously weak security
standard.
 The password it uses can often be
cracked in a few minutes with a basic
laptop computer and widely available
software tools.
 WEP is an old IEEE 802.11 standard
from 1999 which was outdated in 2003
by WPA or Wi-Fi Protected Access
WEP (Wired Equivalent
Privacy)
 Encryption:
 40 / 64 bits
 104 / 128 bits
24 bits are used for IV (Initialization vector)

 Passphrase:
 Key 1-4
 Each WEP key can consist of the letters "A" through "F"
and the numbers "0" through "9". It should be 10 hex or 5
ASCII characters in length for 40/64-bit encryption and 26
hex or 13 ASCII characters in length for 104/128-bit
encryption.
 Attacking WEP
• iwconfig – a tool for configuring wireless adapters. You
can use this to ensure that your wireless adapter is in
“monitor” mode which is essential to sending fake ARP
(Address Resolution Protocol) requests to the target
router
• macchanger – a tool that allows you to view and/or
spoof (fake) your MAC address
• airmon – a tool that can help you set your wireless
adapter into monitor mode (rfmon)
• airodump – a tool for capturing packets from a wireless
router (otherwise known as an AP)
• aireplay – a tool for forging ARP requests
• aircrack – a tool for decrypting WEP keys
 How to defend when using
WEP
 Use longer WEP encryption keys, which makes the data analysis
task more difficult. If your WLAN equipment supports 128-bit WEP
keys.
 Change your WEP keys frequently. There are devices that support
"dynamic WEP" which is off the standard but allows different WEP
keys to be assigned to each user.
 Use a VPN for any protocol, including WEP, that may include
sensitive information.
 Implement a different technique for encrypting traffic, such as
IPSec over wireless. To do this, you will probably need to install
IPsec software on each wireless client, install an IPSec server in
your wired network, and use a VLAN to the access points to the
IPSec server.
How to crack WEP
Security in Wireless Network

 Wi-Fi Protected Access(WPA).

 WPA was a quick alternative to
improve security over WEP.
 The current standard is WPA2; some
hardware cannot support WPA2 without
firmware upgrade or replacement.
 WPA2 uses an encryption device
which encrypts the network with a
256 bit key; the longer key length
improves security over WEP.
WPA/WPA2 Personal
 Encryption:
 TKIP
 AES

 Pre-Shared Key:
 A key of 8-63 characters

 Key Renewal:
 You can choose a Key Renewal period, which instructs the
device how often it should change encryption keys. The
default is 3600 seconds
 Attacking WPA
• macchanger – a tool that allows you to view and/or
spoof (fake) your MAC address
• airmon – a tool that can help you set your wireless
adapter into monitor mode (rfmon)
• airodump – a tool for capturing packets from a wireless
router (otherwise known as an AP)
• aireplay – a tool for forging ARP requests
― Capture WPA/WPA2 handshakes by forcing clients to
reauthenticate
― Generate new Initialization Vectors
• aircrack – a tool for decrypting WEP keys (should be
used with dictionary)
How to defend when using
WPA
 Passphrases – the only way to crack WPA is to sniff
the password PMK associated with the handshake
authentication process, and if this password is
extremely complicated it will be almost impossible
to crack

 Passphrase Complexity – select a random

passphrase that is not made up of dictionary words.
Select a complex passphrase of a minimum of 20
characters in length and change it at regular
intervals
How to crack WPA
 Common defense techniques
 Change router default user name and password
 Change the internal IP subnet if possible
 Change default name and hide broadcasting of the
SSID (Service Set Identifier)
 None of the attack methods are faster or effective when
a larger passphrase is used.
 Restrict access to your wireless network by filtering
access based on the MAC (Media Access Code)
addresses
 Use Encryption
To be
continued
on ET05