Wireless Networking And Malicious Association Computer Science Essay

radio Networking And vicious Association Computer learning EssayWireless earnest is to stay fresh wildcat utilizationr to admission the piano tuner engagement or damage the estimator by employ radio mesh topo encrypty. When the radio receiver engineering science has been first introduced to the world, it already has few jeopardy systems that testament harm the drug drug drug exploiters desktop or laptop computing machine, but that meter banger and drudge dont abide any(prenominal) resources to crack or navvy a profit by employ radiocommunication applied science. At that time, the piano tuner electronic interlock whole victimization up by the big company. But now day, radio set mesh is actually common, every corner of the world like caf, obtain m from each one(prenominal), school, or college that has depart tuner coming for the people to find it. non only caf and college using piano tuner cyberspace, at early(a)wise country it use radio set technology to tie in whole citys net profit.With this technology, people that around the piano tuner r appeargonr shtup easily to addition the radiocommunication interlock to do the hunting of the information, check mail or play online game. Because of the radio technology, now day, every laptop has receiving set adapter card pre-install inner(a) and shoot the laptop more port suitable and let them basis affiliate to internet easily. non only for laptop, radio technology to a fault grant benefit for the desktop. setting skunk relate to interlocking by installing a tuner adapter card or plug in an USB radio adapter indeed desktop nominate connect to a net and without overseas telegram messy around the floor. In this case, piano tuner technology has become wide use and because of this reason, the risk of using radio receiver technology has increase and let umteen plug found the charge to hack the radio lucre. each of shelter risk is related to the current radio receiver protocol and encoding method.Most of the wireless earningss use IEEE 802.11b for standard communication and IEEE 802.11b devour already became standard wireless electronic meshing technology among the elfin business exploiter and substructure plate substance ab exploiter. The IEEE 802.11b can support the indoor distance from around(prenominal)(prenominal) meter to several hundred meters, and can support the outdoor from several kilometer to several ten of kilometers by using unlicensed wireless band. Now day, the wireless intercommunicate devices normally argon equipped with Wired kindred seclusion (WEP) entropy encoding. WEP data encoding was based on 64-bit RC4 encoding algorithmic program. different that 64-bit RC4 recruition algorithm, 128-bit encryption algorithm is an parvenu(prenominal)(prenominal) data encryption on the WEP data encryption. But this kind of device is more expensive comparing with 64-bit RC4 enc ryption and beside that, all the nodes must use the uniform(p) encryption take.1.2 design of ResearchAim of the research is to implement the wireless gage into the CSC system to prevent illegitimate user to approaching the wireless network.To increase the security level of the wireless network.To avoid the data or information inside the original of ceremonies or computing machine been hacked by unauthorized user.To increase the resort of the data transfer between boniface and reck mavenr.To add extra encryption method to encrypt the softw atomic number 18 program necessity to be transfer.To prevent unauthorized user to shut d ingest whole system though the wireless admission crest.Chapter 2 Main Body2.1 Wireless security measure patternA research has been carried out about the impression of the Wireless trade valueion and how to deepen the wireless security. Wireless Security is to prevent an unauthorized user to invade the server database and bring harm to en tire network. to a lower place argon the results of the research.2.1.1 Unauthorized retrieveAccording to the research, acquit a lot of way to break into the wireless access doom without an authorization. The unauthorized access leave alone cause companys daily operation failure and lose profit. Below are the some of the examples unauthorized accesses.2.1.1.1 mac Spoofing macintosh spoofing is a proficiency to diverge an assigned mack (Media Access Control) manoeuver to another different mac speak. When a someone using this technique, he/she has his/her reason to changes a network devices macintosh scream, whether is legitimatize or illegitimate. Changes a network devices assigned mac palm concedes bypass the access operate on list on the server or router, each hiding a computer on a network or firinging a network by bear another network device. mack spoofing occurs when a fire snapper or ward-heeler has the ability to listen the network traffic that passed by and with it the cracker or nag can identify the MAC address of the computer with network privileges. Most of the wireless system provides MAC filtering to only allow authorized computer that with specific MAC address to access the network. The computer that dont has specific MAC address cant access the network, so the cracker or galley slave use a program which has network sniffing electrical capacity and combine with other balmyware or program to pret abolish the computer has any MAC address that the cracker desires. (Wikipedia, 2010)2.1.1.2 Malicious AssociationThe Malicious Association is hacker that can connect to company network by using their cracked laptop. This type of laptop is seen as comfortable AP (Access Point) and this type of laptop is buildd by using some software that makes the hacker laptops wireless adapter card look like a legitimate access pinnacle. afterwards the hacker has already gained the access to the company network, the hacker can steal the password or plant the computer computer virus into the network. (Wikipedia, 2010)2.1.1.3 Ad-hoc NetworkAd-hoc network, also know as peer-to-peer network built up between two or more wireless computers and these wireless computers dont have access point in between them. Ad-hoc network usually provide little protection, encryption method to the network. When a company or person using Ad-hoc network and pumped(p) infrastructure network together at the same time, and pass on link up a coverd network to an unfastened network.Connect two different network topology gather up to have a yoke between them. Bridging is in two forms. User can connect the network topology y a direct bridge and indirect bridge. Direct bridge learn to configure by the user and indirect bridge is user theatrical role resource on the user computer. The indirect bridge is provides two security problems. The first problem is the data can be obtained through the ascertaind network on the user computer and this data exposed to other user discovery via the Ad-hoc network bypassing the user secured network. The second problem is a Trojan, computer virus or wrick can be placed on the user computer through the Ad-hoc network. The unauthorized user no sine qua nons to crack the password of the network and can place the computer virus through the Ad-hoc network. (Wikipedia, 2010)2.1.1.4 demurral of advantageCUsersZoukyDesktop424px-Stachledraht_DDos_ fervour.jpgnation (Denial of Service) or DDoS (Distributed Denial of Service) go out occurs is when an ardourer continues non-stop bombards an attacker targeted access point with bogus request, failure messages, or other commands. Denial of service will cause other users cant get into the network and also will cause a network crash. The DoS attack will expose a little bit of the data to the attacker, when the DoS attack happen, the interrupted network will prevents the data flow and also indirectly prevent the data from being transmitted. Aft er the DoS attack has been coiffureed, the attacker will start to observe recovery of the wireless network. During the initial handshake compute is start to re-transmitted to the wireless network, the attacker continue what he remain. The attacker will record down the initial handshake calculate and use cracking tools to analyze the security weakness and exploit this code to get an unauthorized access to the system. (Wikipedia, 2010)2.1.1.5 Man-in-the-middle AttackMan-in-the-middle attacker using a computer to sets up a soft AP (Access Point) and enticing other computers to log into the computer that already been sets up to soft AP. After this all are done, the attacker connects to a certain access point by using other wireless card and the attacker will offers a steady flow of the network traffic through the done hacking computer to real network. Man-in-the-middle attack forces other computers AP drop the connection to real network and reconnect to attackers soft AP. This allo ws hacker to receive what other computers want data need to invest out to real network. (Wikipedia, 2010)2.2 Basic Security for WirelessWireless network exist in this world already has a decade, at that time the security for the wireless network keep mum not strong affluent to prevent infiltrate by hacker or cracker. But at that time the hacker doesnt familiar on technology or technique to hack the wireless network. One of the reasons is the hacking device to hack the wireless network all the same hard to achieve on that time market. After a decade, the technology and technique to hack a wireless network and the measure to build up the hacking device can found on internet. So now day the wireless network users need to have a strong and develop wireless security to secure the wireless network. Below are the basic securities for wireless network for the first wireless network has been introduced.2.2.1 Service Set IdentifierSSID (Service Set Identifier) is a common network report for a device in a wireless LAN and some of the wireless device has its own default SSID. The default SSID can be replaced by other string and normally this string is arrestd randomly. SSID is to identify a name for particular wireless access point. All wireless network need to have SSID within the wireless access point in effect(p) can communicate each other. The customer doesnt know the SSID of the access point, because that client cant simply access the network this is to prevent hacker to invade network by access through access point. The hacker need to know the SSID of a network in effect(p) can recognize the 802.11b protocol to access the network. The access point will broadcasts the SSID by the shine inside the wireless device. However, even the broadcasting of the access point is deviate off, the SSID still can detected by hacker with undetected observe of particular network or sniffing. So, all the clients need to know the SSID of the access point before can make connection to the wireless device.(Bhagyavati, Wayne C. Summers and Anthony DeJoie, 2004), (Prasad, 2007)2.2.2 metier Access Control Address FilterEach wireless access point can be configured only accept the clients MAC address that already takeed inside the wireless access point. With this function, the network decision makers can limit the access of the client into wireless network by memoir the clients MAC address into the wireless access point. Most of wireless devices MAC address is unique and MAC address filter only allow the clients MAC address already registered in the wireless access point to access the network. The entire clients MAC address will store into MAC address ACL (Access Control List) and wireless access point will denied other wireless device if the wireless devices MAC address is not register inside wireless access points MAC address ACL.(Bhagyavati, Wayne C. Summers and Anthony DeJoie, 2004), (Prasad, 2007)2.2.3 Wired Equivalent PrivacyWEP (Wired Equivale nt Privacy) is intend to give wireless users have a security scheme is equivalent to the pumped-up(a) network security. WEP doesnt provide any superior level or higher(prenominal) than that level of security, although WEP doesnt has superior level of security but it security level is equivalent with wired network. In the practice, the result show that the security level of WEP need to equivalent to wired network security is hardly to achieve. The use of WEP is to prevent the wireless client from sending and receiving data from the wireless access point, the wireless clients need to have the correct WEP distinguish sightly can connect to the wireless access point. Now mostly of the network devices is equipped with the WEP data encryption and the encryption algorithm for the WEP is 64-bit RC4. Some of the network device capable to uses 128-bit encryption algorithm. After WEP is active, each 802.11 bundle will encrypted by 64-bit RC4 recognise with RC4 compute stream. This detec t is composed of 24-bit IV (Initialization sender) and other 40-bit is WEP cite. IV is chosen by the sender and the IV can be change, this make every packet usage encrypt with the same secern. Another additional 4-byte is for ICV ( impartiality Check Value) ICV is computed and appended on the compass key packet. RC4 cipher stream is generated by 64-bit RC4 encryption algorithm. The WEP encryption algorithms work on a key that share between wireless device and wireless access point. The packet is encrypted by using the key before packet is send out and all packets wont have same cipher stream. The packet receiver use integrity check to ensure that the packet is not modified during the transmittance. Most of the systems are share a mavin key among all the wireless device and wireless access point. The Integrity Check Field is to ensure the packets are not been modified during the transmission and Integrity Check Field also encrypted with the RC4 cipher stream. WEP is using CRC -32 (Cyclic tautology Code 32) utensil for integrity check. CRC is defined as a physical body of checksum to prevent overflow by dividing the message into binary.(Bhagyavati, Wayne C. Summers and Anthony DeJoie, 2004), (Halil Ibrahim BulBul, Ihsan Batmaz and Mesut Ozel, 2005), (Prasad, 2007)2.3 Comparison between SSID, MAC Address Control Filter and WEPFrom the research, SSID (Service Set Identifier), MAC (Medium Access Control) address control filter and WEP (Wired Equivalent Privacy) are the basic security for the wireless network. This three security methods can implement together in one network. Because these are basic security for wireless network, so the security methods are easy to break by unauthorized user. If not implement other security methods and only just implement SSID, MAC address control Filter and WEP into wireless network, that wireless network will not secure under protection of these three security methods.The wireless access point will broadcast the SSID to the wireless client and wireless client just can access to the access point. When the access point broadcast its own SSID, the entire nearby wireless client will know the SSID of that network or access point, even the unauthorized users also will know the SSID of the network. The unauthorized users will attempt to access the wireless access point. And the wireless access point can close the SSID broadcast function designate that the SSID is hidden. But when the authorized user requires connecting to the access point, the authorized user will broadcast the SSID to the wireless access point, if the SSID broadcast by the authorized user is match with the SSID of the access point. The authorized user just can make connect to the access point. This make hacker a chance to hack the access point because when authorized user is broadcasts the SSID to the access point, hacker can capture the packet that broadcast by the authorized user and make connection to the wireless access point.The w ireless devices MAC address will store inside the wireless access point ACL (Access Control List), the wireless devices MAC address need to be match with MAC address inside the wireless access point ACL just can connect with wireless network. If that wireless network has more than 20 computers need to connect to the wireless network, then the network executive need to enter all the computers MAC address into the wireless access point ACL. This will make the network administrator very troublesome enter the MAC address one by one and MAC address can be manipulated.WEP has been considered as a failure in wireless security, at the end it still accepted by the IEEE because WEP wasnt aim for provides fully security for wireless. WEP encryption is very easy to crack by the unauthorized user. WEP only certifys the wireless client. This allows an unauthorized user to capture the packet send by the wireless client. WEP key is easily lost or stolen by unauthorized user and if the stolen WEP key hasnt been report to the network administrator, the network administrator wont able to detect the unauthorized user has already infiltrated the wireless network. If the stolen WEP key has been reported, network administrator require to change the entire devices that have use the same WEP key with stolen devices WEP key. If the company or enterprise has more than thousands of wireless user using that wireless network, this can be a very trying task for the network administrator to change the entire WEP key for each wireless users.Like just mentioned, the WEP trademark message is easy to hammer by the unauthorized user. Unauthorized user can capture the authentication message that send by the wireless client and forge a new authentication message unauthorized user can use this forged message to associate with wireless access point. The fuckment for WEP key in not specific in WEP standard. Since dont have management for WEP key, then WEP key will be use for a long status and l ack of quality. Most of the wireless network uses one WEP key and share between the entire network and the entire wireless clients access point need to program with same WEP key. Because of this reason, network administrators rarely change the WEP key.SSID, MAC address control filter and WEP is basic security for wireless network these methods still cant apply in wireless network. Just using SSID, MAC address control filter and WEP are not full to prevent the security break. These methods require associate with other security methods to enhance the wireless security to prevent security break.2.4 Advanced Security for WirelessFrom the research that carried out, advanced wireless securities are to replace the basic wireless security and improve what basic wireless security vulnerability.2.4.1 Wi-Fi saved AccessWPA (Wi-Fi Protected Access) is a certification program that created by Wi-Fi (Wireless Fidelity) Alliance WPA is a subset of the IEEE 802.11i. This technology is designed to r esponse to the weaknesses that found in WEP. WPA will generate the key based on the master key and the master key never use by WPA. To encrypt the data, WPA is frequently more secure than WEP. central management and updating in WEP is poorly provided, the secure key management is a built-in function in WPA. Mean that WPA can update and manage the key easily, not like WEP. If WEP need to manage or update the key, the network administrator needs to change entire wireless client key that has connection with the wireless network. WPA got one key only and that is master key like just mentioned, network administrator only require to change that master key then WPA will generate the key based on the master key. Generated key is hierarchy of the master key. So this make the management and updating become much easier.The IV (Initialization Vector) values can be reuse and the length of the IV is become longer, from 24-bit increase to 48-bit. Another additional part, the IVs are the sequence counters for the TSC (TKIP while Counter), to protect the loop of the data. The WEP message integrity protocol CRC-32 has been proved ineffective. Because of this reason, WPA uses a MIC (Message Integrity Check) mechanism to replace the WEP message integrity protocol. The correct MIC is very difficult to guess. (Halil Ibrahim BulBul, Ihsan Batmaz and Mesut Ozel, 2005), (Bhagyavati, Wayne C. Summers and Anthony DeJoie, 2004), (DifferenceBetween, 2010)WPA has 3 improvements over WEPImproved data encodingWPA improves the data encryption through the TKIP (Temporal tombstone Integrity Protocol). TKIP generates the key by using hashing algorithm and adding the integrity checking feature, this will ensure the key havent been edited by other person. TKIP is a Temporal Key hash Function and it is another option to WEP to fix all security problems that WEP has and it doesnt require installing other new hardware. TKIP same like WEP, use RC4 stream cipher to encrypt and decrypt data and al l involved clients require share the same key. This key must be 128-bit and it calls Temporal Key (TK). The Initialization Vector also include in TKIP. Even if the TK is shared among all the wireless clients, all wireless clients generate different RC4 key stream. Since the communication participants perform a 2-phase generation of a unique Per-Packet Key (PPK), which is used as the key for the RC4 key stream. (Halil Ibrahim BulBul, Ihsan Batmaz and Mesut Ozel, 2005)User AuthenticationUser authentication in WPA is through the EAP (Extensible Authentication Protocol). This function is missing in WEP and WEP access to the wireless network is based on computers network cards MAC address and MAC address is very simple to be stolen. The purpose of EAP is to create a more secure public-key encryption system to ensure that only authorized user can access the wireless network. (Halil Ibrahim BulBul, Ihsan Batmaz and Mesut Ozel, 2005)IntegrityWPA has a new mechanism call (MIC) Message Integr ity Code for TKIP is computed by a new algorithm, name Michael. MIC is computed to detect errors in the data contents, either is transfer errors or purposely change the data content. The Michael is a 64-bit MIC and need to add to the data and ICV (Integrity Check Value). (Halil Ibrahim BulBul, Ihsan Batmaz and Mesut Ozel, 2005)2.4.2 Robust Security NetworkRSN (Robust Security Network), also call as WPA (Wi-Fi Protected Access) 2. At year 2004, excogitation of RSN has been released, where the wireless devices need to support by additional capabilities. RSN is fully time-tested by Wi-Fi Alliances. RSN has a whole new standard and architecture to utilize the IEEE 802.1X standard for AES (Advanced Encryption Standard) and access control. RSN is using a pair-wise key transmute (Four Way Handshake) protocol, RSN also utilizing with 802.1X for key management process and mutual authentication. Now, 802.11i allows for the network implementation and also can use TKIP (Temporal Key Integrit y Protocol). By default RSN uses CCMP (Counter Mode MAC Protocol) and AES (Advanced Encryption Standard) to provide for a climbable and stronger solution. AES is a replacement for RC4.Data transmission between the wireless access point and wireless device, RSN uses encryption algorithms and ever-changing negotiation of authentication on the data transmission. The authentication of RSN is based on 802.1X and EAP (Extensible Authentication Protocol). Encryption algorithms and dynamic negotiation of authentication make RSNs security more secure and save. RSN is stronger and better than WEP and WPA because RSN is using dynamic negotiation, 802.1X, EAP and AES. Unfortunately only the latest devices have the electrical capacity let RSN to accelerate the speed of algorithms calculation in wireless client and wireless access point now day of wireless proceeds cant fully provide the performance of RSN.(Halil Ibrahim BulBul, Ihsan Batmaz and Mesut Ozel, 2005), (Bhagyavati, Wayne C. Summer s and Anthony DeJoie, 2004), (DifferenceBetween, 2010)2.5 Comparison between WPA and WEPWPA (Wi-Fi Protected Access) is the solution for the WEP vulnerability, has some critics done for the WEP, the WPA has numerous enhancements over WEP. WPAs TKIP encryption algorithm has fully enhances the WEPs RC4 encryption algorithm. TKIP make the data encryption more economic and replace the RC4 vulnerability. WPA has made the key management became much more easier examine with WEP, because the WEPs key require enter one by one to the wireless client, if the company has more than thousands users then the network administrator need to enter more than thousands keys into the users computer. If the key is hacked by unauthorized user, then network administrator need to change key for entire companys computers. On the other hand, WPA no needs so troublesome, WPA only needs to enter one master key, and then WPA will generate key according with the hierarchy of master key, after that WPA will assig n the key to the clients and the key is generated in 48-bit of IV size. Even the company got more ten thousands users also no need to trouble the network administrator. If one of the key has been hacked by unauthorized user, TKIP just need to generate a new key then network administrator can info the wireless client to change the key.WPA has EAP to demonstrate the wireless user. WEP is using MAC address to authenticate the wireless user and some of the wireless devices MAC address can be forged. If the wireless devices MAC address has been forged by unauthorized user then the unauthorized user can easier to connect the wireless network without known by the network administrator. Network administrator also wont announce the wireless network is infiltrated by the unauthorized user until the wireless user report there is a missing MAC address. WPA is using EAP to authenticate the wireless user and the EAP for each wireless client is hard to forge by unauthorized user. If the EAP of t he client is forging, but the unauthorized user still need wireless clients private key just can access the wireless network.WEP dont have error checking for the data content, and this will cause the circle of the data. If cant prevent replay attacks and will cause the wireless network crash. WPA has inserted the MIC into TKIP and IV sequence mechanism this is to prevent replay attacks in the wireless network. MIC and IV sequence mechanism support for the existing wireless infrastructures not require installing new wireless device. Adding MIC and IV sequence mechanism without install new wireless device, adding these two methods can increase the wireless security and also without increase the installation cost of wireless device. match WPA with the WEP, WPA has solved a lot of WEP vulnerabilities. This make WPA is more secure liken with WEP because WEP only is basic security for the wireless network it doesnt provide any protection for the wireless network. WEPs security methods c an let a small enterprise to setup a small wireless network. For the big company, WEPs security methods are hard preventing the unauthorized access from outsider.2.6 Comparison between WPA and RSNFor now, never the less, RSN (Robust Security Network) is the strongest wireless security protocol for the wireless network. RSN provide stronger data encryption algorithm and all advantages of WPA. The RSN data encryption algorithm method is using AES (Advanced Encryption Standard) to encrypt the data. What advantages WPA have all included in RSN, expect the RSN data encryption algorithm is more advance.For WPA require rise for the software and firmware of the wireless device for the existing wireless network infrastructure, but the RSN doesnt support existing wireless network infrastructure, require upgrading the wireless device in order to implement AES. Implement RSN into the existing wireless network infrastructure require extra cost for just advertise the hardware.RSN need large amo unt of processing resources in order to protect the wireless network. Mean that implement RSN will reduce the wireless network performance by processing the data transfer or manipulate the wireless client.2.7 Table of Comparison between WEP, WPA and RSNBelow is summary of the comparability between WEP, WPA and RSNFeatures of MechanismWEPWPARSNEncryption Cipher MechanismRC4RC4 / TKIPAES / CCMPCCMP / TKIPEncryption Key Size40 bits128 bits128 bitsEncryption Key ManagementNone802.1x802.1xEncryption Key Per PacketConcatenatedMixedNo needEncryption Key ChangeNoneFor Each PacketNo needIV Size24 bits48 bits48 bitsAuthenticationWeak802.1x EAP802.1x EAPData IntegrityCRC 32 ICVMIC (Michael)CCMHeader IntegrityNoneMIC (Michael)CCMReplay Attack PreventionNoneIV SequenceIV Sequence(Halil Ibrahim BulBul, Ihsan Batmaz and Mesut Ozel, 2005)Chapter 3 Conclusion3.1 Achievement of Objectives3.1.1 To increase the security level of the wireless network.In chapter 2.2 until 2.4, the different wireless securities provide different service.3.1.2 To avoid the data or information inside the server or computer been hacked by unauthorized user.In chapter 2.1, the type of the unauthorized user that can infiltrates the wireless network and chapter 2.2 and 2.4 the methods to prevent hacking.3.1.3 To increase the safety of the data transfer between server and computer.In chapter 2.2 until 2.4, increase the safety of the wireless access point of wireless network.3.1.4 To add extra encryption method to encrypt the packet need to be transfer.From chapter 2.2 until 2.4, the extra encryption methods that can hide the data detail.3.1.5 To prevent unauthorized user to shut down whole system though the wireless access point.In chapter 2.2 until 2.4, the methods to prevent the unauthorized user to connect with wireless access point.3.2 Research ConclusionA research has been carried out to finish this seminar report by studying the type of the unauthorized access, concept of the wireless security an d how efficiency is the wireless network security by determine the wireless security method. Now wireless has already became widely use by company or enterprise, even at blank space also can using wireless to connect to internet for home purpose like surfing the internet. The reason why so many people like to use wireless network compare with wired network, is because the structure of wireless network is more neat and easy to manage.At the time wireless just came out to the market, the security for the wireless still breakable by hacker or cracker but need a lot of resources to break the security of wireless network. Because last time, wireless network just introduced, the hacker or cracker lack of technology and technique to break the wireless network. Still after few years, the technology and technique to break the wireless security can found in internet. At that time the wireless network has sound the alert and organizations are finding the solution for solve the wireless securi ty problem. But now, the new technology of wireless security has out to market and the security methods are easy to install. So, now wireless security is not a problem.In the report got mentioned is RSN can be the most trusty wireless security for the wireless network. But it still has certain problem like higher cost. Installation for the RSN needs to change whole wireless network infrastructure. WPA got a lot of security methods that cant compare with RSN but WPA still dependable just like RSN. Doesnt mean the expensive item is the good item. As long as the item is reliable then that item is a good item.