Modeling and simulation of wireless communication networks of VNU-IS.

We also examine the need for securing wireless access points (APs), the radio frequency (RF) methods that are used to transmit data over the airwaves, [r]

analyzing Monte Carlo for evaluating research stages, they have concluded that onecan achieve long-term strategy by combining moving average crossover strategy withCANSLIM method of William Oneil (Iavnov & Beyoglu, 2008)”.

(Mehdi Majafi, Farshid Asgari,Using CANSLIM Analysis for Evaluating Stocks of theCompanies Admitted in Tehran Stock Exchange, Journal of American Science 2013)

Modeling and simulation of wireless communication networks of VNU-IS.

Group sciences: Trần Hoàng Anh

Nguyễn Văn SơnNguyễn Văn Dũng

Lê Tự Quốc ThắngClass: MIS2015A

Sciences Advisors: Associate Prof Lê Trung Thành

MSc Lê Duy Tiến

CHAPTER 1: INTRODUCTION TO WIRELESS LAN 1.1 Introduction[1]

Communication systems that rely on cabling are inherently faster, more reliable,and more secure than wireless systems Installing a cabling infrastructure can beexpensive Furthermore, if the network traverses public highways, it is subject toregulation and requires the services of a licensed operator Wireless communicationhas the advantage of mobility and obviates the need for cabling, but the radiofrequency spectrum is also heavily regulated Nevertheless, the allocation ofunlicensed parts of the spectrum has facilitated the growth in wireless local areanetworks (WLANs) The European Telecommunications Standards Institute(ETSI)published the first WLAN standard, HiperLAN/1, finalised in 1995, and followed byHiperLAN/2 in 2000 However, it is the IEEE 802.11 WLAN standard that hasbecome the most widely accepted Portable devices such as laptops, personal digitalassistants (PDAs) and even mobile phones have 802.11 chipsets built in as standard.Furthermore, wireless infrastructure equipment (access-points) is relativelyinexpensive WLAN technology has progressed at a rapid pace The original IEEE802.11 standard supported data rates up to 2 Mb/s In 2010, devices capable of 54Mb/sare commonplace Furthermore, devices that utilize MIMO (multiple inputs, multipleoutputs) technology, which can support up to 300 Mb/s, are growing in popularity The802.11 standard has been very successful in incorporating advances in modulationtechniques while maintaining interoperability with legacy schemes New modulationschemes, however, do not replace subsequent schemes 802.11 can select any scheme

from the current set of modulation schemes in order to optimise frame transmission Inthis way, wireless devices can link rate adapt according to the channel conditions.802.11 has not been without its problems, especially with regard to security WLANsare particularly vulnerable to eavesdropping, unauthorised access and denial of servicedue to their broadcast nature The original 802.11 standard had no security provisions

at all, neither authentication, encryption or data integrity Some access-point vendorsoffered authentication of the client’s physical address The standard was amended in

1999 to support a basic protection mechanism Wired equivalent privacy (WEP) usedcryptographic methods for authentication and encryption The security flaws in WEP,however, have given rise to a complete research field In 2001, Fluhrer, Mantin, andShamir showed that the WEP key could be obtained within a couple hours with just aconsumer computer[2] The authors highlighted a weakness in RC4’s key schedulingalgorithm and showed that it was possible to derive the key merely by collectingencrypted frames and analysing them Sincethen, more sophisticated WEP attacks havebeen developed Along with advances in computing power, the WEP key can berecovered in seconds A further vulnerability with WEP is that the pre-shared key iscommon to all users on the same SSID Any user associated with an SSID, therefore,can decrypt packets of other users on the same SSID These problems have largelybeen resolved with the deprecation of WEP and the introduction of enhanced securitymethods As with the introduction of new modulation techniques, interoperability is anissue The current security methods rely on modern cryptography techniques which areonly available on new devices On legacy devices, interim solutions have beenadopted

1.2 I EEE 802 Standard [2]

The Institute of Electrical and Electronic Engineers (IEEE) is a large non-profit,professional society concerned with technological research and development Itsstandards board oversees the development of IEEE standards and is accredited by theAmerican National Standards Institute (ANSI) Project802 was initiated in1980 withthe aim of defining asset of standards for local area network (LAN) technology Thestandards cover the data link and physical layers of the International Organization forStandardization (ISO) open system interconnection (OSI) seven layer reference model.The data link layer is concerned with the reliable transfer of data frames over the

physical channel It implements various forms of error control, flow control andsynchronisation In the 802 reference model, the data link layer comprises two sub-layers, the logical link control (LLC) sub-layer and the medium access control (MAC)sub-layer

Figure 1.1: shows the 802 reference model [3]

Data link layer Logical link control (LLC)

Media access control(MAC)Physical layer Physical medium

Figure 1.2: Wireless LANs

802.2 Logical link control

( LLC )

LLC is defined in the IEEE 802.2 standard Its primary function is to provide aninterface between the MAC layer and the higher layers (network layer) It performsmultiplexing functions in order to support multiple upper layer protocols Furthermore,

it is responsible for flow control and error control Both connectionless andconnection-orientated frame delivery schemes are supported LLC is unconcerned withthe specific details of the LAN medium itself That is the responsibility of the MACsub-layer which is primarily concerned with managing access to the physical channel.The physical layer of 802 is responsible for the transmission and reception of bits,encoding and decoding of signals and synchronisation (preamble processing) Thephysical layer hides the specifics of the medium from the MAC sub-layer The first 802standards were wired LANs Carrier sense multiple access with collision detect(CSMA/CD) based LANs (802.3) are the most widely used Token bus (802.4), tokenring (802.5) and fibre distributed data interface (FDDI) were also defined Wirelessnetwork standards emerged in the 1990s IEEE 802.11 defined a wireless LANtechnology that operates in license free bands 802.11 is commonly referred to as Wi-

Fi 802.11 employs a CSMA protocol similar to 802.3 (and Ethernet) However,instead of using collision detection, it uses collision avoidance Wireless personal areanetworks (PANs) are covered by 802.15, where 802.15.1specifiestheBluetoothstandardand802.15.4 defines Zigbee.IEEE802.16isawirelessmetropolitan area network (MAN) also known as WiMAX Table 1.1 shows asummary of some of the 802 standards

1.2.1 The 802.11 Working Group [4]

The IEEE 802.11 was formed in July 1990 to develop CSMA/CA, a variation ofCSMA/CD (Ethernet)−based wireless LANs The working group produced the first802.11 standard in 1997, which specifies wireless LAN devices capable of operating

up to 2 Mbps using the unlicensed 2.4−GHz band Currently, the working group hasnine basic task groups and each is identified by a letter from a to i Following are thecurrent 802.11 task groups and their primary responsibilities:

 802.11a Provides a 5−GHz band standard for 54−Mbps transmission rate

 802.11b Specifies a 2.4−GHz band standard for up to 11−Mbps transmissionrate

 802.11c Gives the required 802.11−specific information to the ISO/IEC

10038 (IEEE 802.1D) standard • 802.11d Adds the requirements anddefinitions necessary to allow 802.11 wireless LAN equipment to operate inmarkets not served by the current 802.11 standard

 802.11e Expands support for LAN applications with Quality of Servicerequirements.• 802.11f Specifies the necessary information that needs to beexchanged between access points to support the P802.11 DS functions

 802.11g Develops a new PHY extension to enhance the performance and thepossible applications of the 802.11b compatible networks by increasing thedata rate achievable by such devices

 802.11h Enhances the current 802.11 MAC and 802.11a PHY with networkmanagement and control extensions for spectrum and transmit powermanagement in 5−GHz license exempt bands

 802.11i Enhances the current 802.11 MAC to provide improvements insecurity

1.2.2 The 802.11 Standard Details [4]

The 802.11 standard specifies wireless LANs that provide up to 2 Mbps oftransmission speed and operate in the 2.4−GHz Industrial, Scientific, and Medical(ISM) band using either frequency−hopping spread spectrum (FHSS) ordirect−sequence spread spectrum (DSSS)[5] The IEEE approved this standard in

1997 The standard defines a physical layer (PHY), a medium access control (MAC)layer, the security primitives, and the basic operation modes

The Physical Layer

The 802.11 standard supports both radio frequency− and infrared−basedphysical network interfaces However, most implementations of 802.11 use radiofrequency, and we only discuss the radio frequency−based physical interface here.

802.11 Frequency Bandwidth

802.11 standard−compliant devices operate in the unlicensed 2.4−GHz ISMband Due to the limited bandwidth available when the electromagnetic spectrum isused for data transmission, many factors have to be considered for reliable, safe, andhigh−performance operation These factors include the technologies used to propagatesignals within the RF band, the time that a single device is allowed to have anexclusive transmission right, and the modulation scheme For these reasons, FCCregulations require that radio frequency systems must use spread spectrum technologywhen operating in the unlicensed bands

Spread Spectrum Technology

The 802.11 standard mandates using either DSSS or FHSS In FHSS, the radiosignal hops within the transmission band Because the signal does not stay in one place

on the band, FHSS can elude and resist radio interference DSSS avoids interference

by configuring the spreading function in the receiver to concentrate the desired signal,and to spread out and dilute any interfering signal

Direct−Sequence Spread Spectrum (DSSS)

In DSSS the transmission signal is spread over an allowed band The data istransmitted by first modulating a binary string called spreading code A random binarystring is used to modulate the transmitted signal This random string is called thespreading code The data bits are mapped to a pattern of "chips" and mapped back into

a bit at the destination The number of chips that represent a bit is the spreading ratio.The higher the spreading ratio, the more the signal is resistant to interference Thelower the spreading ratio, the more bandwidth is available to the user The FCCmandates that the spreading ratio must be more than 10 Most products have aspreading ratio of less than 20 The transmitter and the receiver must be synchronizedwith the same spreading code Recovery is faster in DSSS systems because of theability to spread the signal over a wider band

Frequency−Hopping Spread Spectrum (FHSS)

This spread spectrum technique divides the band into smaller subchannels ofusually 1 MHz The transmitter then hops between the subchannels sending out shortbursts of data for a given time The maximum amount of time that a transmitter spends

in a subchannel is called the dwell time In order for FHSS to work correctly, bothcommunicating ends must be synchronized (that is, both sides must use the samehopping pattern), otherwise they lose the data FHSS is more resistant to interferencebecause of its hopping nature The FCC mandates that the band must be split into atleast 75 subchannels and that no subchannel is occupied for more than 400milliseconds Debate is always ongoing about the security that this hopping featureprovides Since there are only 75 subchannels available, the hopping pattern has to berepeated once all the 75 subchannels have been hopped HomeRF FHSSimplementations select the initial hopping sequence in a pseudorandom fashion fromamong a list of 75 channels without replacement After the initial 75 hops, the entiresequence is repeated without any replacement or change in the hopping order Anintruder could possibly compromise the system by monitoring and recording thehopping sequence and then waiting till the whole sequence is repeated Once thehacker confirms the hopping pattern, he or she can predict the next subchannel thathopping pattern will be using thereby defeating the hopping advantage altogether.HomeRF radios, for example, hop through each of the 75 hopping channels at a rate of

50 hops per second in a total of 1.5 seconds, repeating the same pattern each time,enabling a hacker to guess the hopping sequence in 3 seconds Nevertheless, thistechnique still provides a high level of security in that expensive equipment is needed

to break it Many FHSS LANs can be colocated if an orthogonal hopping sequence isused Since the subchannels in FHSS are smaller than DSSS, the number of colocatedLANs can be greater with FHSS systems The most commonly used standard based onFHSS is HomeRF

The MAC Layer

The MAC layer controls how data is to be distributed over the physicalmedium The main job of the MAC protocol is to regulate the usage of the medium,and this is done through a channel access mechanism A channel access mechanism is

a way to divide the available bandwidth resource between subchannels—the radiochannel—by regulating the use of it It tells each subchannel when it can transmit and

when it is expected to receive data The channel access mechanism is the core of theMAC protocol With most wired LAN using the Carrier Sense Multiple Access withCollision Detection (CSMA/CD) it was a logical choice for the 802.11 Working Group

to apply the CSMA/CD technology when developing the MAC layer for the 802.11standard

The working group chose the Carrier Sense Multiple Access with CollisionAvoidance (CSMA/CA), a derivative of CSMA/CD, as the MAC protocol for the802.11 standard CSMA/CA works as follows: The station listens before it sends Ifsomeone is already transmitting, it waits for a random period and tries again If no one

is transmitting, then it sends a short message This message is called theready−to−send message (RTS) This message contains the destination address and theduration of the transmission Other stations now know that they must wait that longbefore they can transmit The destination then sends a short message, which is theclear−to−send message (CTS) This message tells the source that it can send withoutfear of collisions Upon successful reception of a packet, the receiving end transmits

an acknowledgment packet (ACK) Each packet is acknowledged If anacknowledgment is not received, the MAC layer retransmits the data This entiresequence is called the four−way handshake

1.2.3 802.11 Security [4]

IEEE 802.11 provides two types of data security authentication and privacy.Authentication is the means by which one station verifies the identity of anotherstation in a given coverage area In the infrastructure mode, authentication isestablished between an AP and each station When providing privacy, a wireless LANsystem guarantees that data is encrypted when traveling over the media

There are two types of authentication mechanisms in 802.11: open system orshared key In an open system, any station may request authentication The stationreceiving the request may grant authentication to any request, or to only those fromstations on a preconfigured user−defined list In a shared−key system, only stationsthat possess a secret encrypted key can be authenticated Shared−key authentication isavailable only to systems having the optional encryption capability

The 802.11 standard mandates the use of Wired Equivalent Privacy (WEP) forproviding confidentiality of the data transmitted over the air at a level of security

comparable to that of a wired LAN WEP is a security protocol, specified in the IEEEwireless fidelity (Wi−Fi) standard that is designed to provide a wireless LAN with alevel of security and privacy comparable to what is usually expected of a wired LAN.WEP uses the RC4 Pseudo Random Number Generator (PRNG) algorithm from RSASecurity, Inc to perform all encryption functions A wired LAN is generally protected

by physical security mechanisms (for example, controlled access to a building) that areeffective for a controlled physical environment, but they may be ineffective forwireless LANs because radio waves are not necessarily bounced by the wallscontaining the network WEP seeks to establish protection similar to that offered bythe wired network's physical security measures by encrypting data transmitted over thewireless LAN This way even if someone listens in to the wireless packets, thateavesdropper will not be successful in understanding the content of the data beingtransmitted over the wireless LAN

1.2.4 Operating Modes [4]

The 802.11 standard defines two operating modes: the ad hoc and theinfrastructure mode To understand how an 802.11 wireless LAN operates, let'sunderstand the basic terminologies used to describe the two modes

Terminologies

The terminologies describing the two operating modes include a station, anindependent basic service set (IBSS), a basic service set (BSS), an extended service set(ESS), an access point (AP), and a distribution system (DS) Each of these is discussed

in the paragraphs that follow

An 802.11 Station

An 802.11 station is defined as an 802.11−compliant device This could be acomputer equipped with an 802.11−compliant network card

Basic Service Set (BSS)

A BSS consists of two or more stations that communicate with each other

An Access Point (AP)

An AP is a station in an 802.11 wireless LAN that routes the traffic between thestations or among stations within a BSS The AP can simply be a routing device with802.11 capabilities An AP must have a network address, it must act like a regularstation on the network, and it must be addressable by the other stations on the network

An AP periodically sends beacon frames to announce its presence, it provides newinformation to all stations, authenticates users, manages transmitted data privacy, andkeeps stations synchronized with the network.

Independent Basic Service Set (IBSS)

A BSS that stands alone and is not connected to an AP is called an independentbasic service set (IBSS)

Distribution System (DS)

A distribution system interconnects multiple APs, forming a single network Adistribution system, therefore, extends a wireless network The 802.11 standard doesnot specify the architecture of a DS, but it does require that a DS must be supported by802.11−compliant devices

Now that we know the basic terminologies, let's look at the operating modes of

an 802.11 wireless LAN

802.11 Ad−Hoc Mode

When a BSS−based network (two or more stations connected with each otherover wireless) stands alone and is not connected to an AP, it is known as an ad−hocnetwork An ESS is formed when two or more BSSs operate within the same network

An ad−hoc network is a network where stations communicate only peer−to−peer Anexample of a wireless LAN operating in ad−hoc mode would be a LAN with twocomputers communicating with each other using a wireless link

1.3 WIRELESS LANs [4]

With the growing use of computers and the popularity of the Internet, it hasbecome viable to deploy LANs in places where we never thought we would need aLAN Today, LANs are being used in industrial manufacturing, offices, smallbusinesses, and at homes Wireless networking has taken LAN connectivity a stepfurther Now, with wireless networking, LANs have become far more flexible thanthey used to be Wireless LANs are easier to build than conventional wired LANs andprovide mobility to LAN users Wireless LANs are being used to connect mobiledevices, such as personal digital assistants (PDAs) and laptop computers, withstationary computers, such as desktop computers Wireless networking equipment isalso being used to connect separate buildings as well as extending the reach of the

Internet and the virtual private networks (VPNs) across several miles in remote areaswhere wired infrastructure is sparse.

1.3.1 Benefits of Wireless LANs

The primary advantage that wireless LANs have over wired networks is thatthey do not require wires and can be set up quickly in areas where wiring costs can beprohibitive The advent of wireless LANs has provided us with a greater level offlexibility on how we configure our computing equipment and environment than thewired LANs You no longer need separate modems, black−and−white printers, colorprinters, scanners, CD−ROM readers/writers, and other devices for every computer inyour home or office You also do not need to go through the hassle of keeping multiplecopies of files when sharing a document

When deciding whether a wireless network is right for you, you should firstmake sure that you do indeed need a LAN Though LANs provide some very usefulservices, they incur installation and maintenance costs To justify your need for aLAN, you should have at least one computer, and one or more of the following shouldapply to you:

 You want to share files across computers

 You intend to share a printer among computers

 Only one Internet connection is available, and you want to share it across two ormore computers

 You intend to share a new type of device that connects to a LAN and make itsservices available to all the computers on the given LAN—for example, acomputer controlled telescope

 You are willing to spend a decent amount of money to build a network

 Your workstations and other network devices need to be mobile and not tieddown to a particular location

 Physical limitations prohibit running network cables and drops

 Lease or other restrictions do not allow for installation of a wiring plant

 You need to deploy networks in open spaces where you expect a lot of foottraffic, and network wires and equipment would cause additional safety issue

 You temporarily need a LAN, for example, at a research site

In today's computing environments, devices, data, and resources are oftendistributed across multiple points on a network and are accessible from any authorizedworkstation in that network Wireless LAN takes these capabilities to the next level byadding mobility to the workstations and network devices Within a wireless LAN, theworkstations are not limited to a single position in the building but can be movedaround while they continue to function Powerful portable computers and networkdevices can be carried around a building or campus while they continue tocommunicate with mission−critical servers and other computers on the rest of thenetwork, sharing information.

Deployment Scenarios

Wireless LANs can be deployed in many different deployment scenarios Eachdeployment scenario has a different set of needs In this section we restrict our focus tosmall office home office (SoHo), enterprise, and Wireless Internet Service Providers(WISP) scenarios

Small Office Home Office (SoHo)

Small office home office (SoHo) deployment generally involves either a homeLAN, a LAN at a home−based office, or a LAN at a small business Wireless LANsare rapidly becoming networks of choice for these uses because of their low cost andlack of wiring needs Setting up wired LANs requires complex wiring generallyrunning to a central point, which is not only costly but in some cases, such asapartments or older homes, almost impossible

In SoHo environments, the number of computers in a LAN is typically verysmall These LANs normally contain between 2 and 10 computers They are normallyused to share files, printers, and data backup devices Nowadays it is also verycommon for SoHo networks to share a single Internet connection Under mostcircumstances, these networks do not require high security The speed requirement isnominal, and the budget is small Therefore, for the SoHo environment, a suitableLAN would be one that is not too complex, has a reasonable level of security, providesthe ability to connect with the Internet, and does not require a major investment

In a SoHo or a home network there may be several computers, a color printer, ablack−and−white laser printer, a scanner, several CD−ROM readers, a CD−ROMwriter, and a modem (see Figure 4.1) Using a wireless LAN, these resources can be

shared efficiently, and you do not need to purchase and install every device for everycomputer You can scan a picture from the scanner connected to the desktop in yourchild's bedroom to the file server (a computer on the LAN with a high−capacity sharedhard disk) in your home office that also has the color printer attached it Then you go

to the family room and use the imaging software on your notebook to edit and enhancethe picture while you recline in your favorite chair and watch TV surrounded by yourloved ones After completing your first draft, you print the file on the printer attached

to the server in your office and review it You then email the picture to your partnerthrough the Internet−sharing device and cable modem; you also leave a note for yourassistant with the file name When your assistant comes in the next day, he or sheopens the file that you saved on the server from his or her workstation and makes thefinal changes Over the weekend your friends come over with their laptops and802.11b Wi−Fi cards and you play network games over the wireless LAN

Figure 1.3: A SoHo wireless LAN setup [4]

1.3.2 Enterprise

Enterprise networks are generally comprised of a larger number of computers,security systems, file−storage and archiving systems, many workstations and laptops,several servers, multiple printers and scanners as well as presentation systemsparticipating in a network In industrial complexes and manufacturing plants, theremay be machinery that needs to communicate with central servers Enterprisenetworks are typically divided into several workgroups The security requirements arevery high, the users need to be authenticated, the data and resources have to be

protected not only from outsiders but there is also the need to have proper accesscontrol for authorized users The speed and bandwidth requirements are also high, andthe network needs to be properly segmented to reduce the network traffic Anenterprise network can also span across multiple floors, multiple buildings, andmultiple locations There may be several Internet and VPN connection lines linking anetwork with other parts of the enterprise network There is also the need for coveringthe complete office area without any dead zones (an area without a network signal) aswell as allowing the users to roam freely between floors, in the campus, and acrosslocations.

Wireless LANs provide the opportunity for enterprises to provide greatermobility to their computer users as well as to lower costs for connecting work areasacross buildings and floors (see Figure 4.2) There is no longer a need to run expensivecabling between floors and buildings This is even more useful in industrial andwarehouse situations, where there is an even greater need for mobility for monitoringand data−gathering devices such as inventory scanners Automobile rental companieshave long used wireless networks to check in and check out cars In offices, wirelessnetworks open the possibility of configuring more flexible workspaces Manyorganizations using the wireless LANs provide roaming offices to their employees Inroaming offices, employees do not have fixed offices but use the available space on aper−need basis In project−oriented workplaces, knowledge workers may need to work

in several workgroups during the course of the same day Using wireless LANs, theseworkers can get together and collaborate without losing productivity Knowledgeworkers no longer need to be tied to their desks to access the data they need Theparticipants in the meetings can bring their portable computing devices to themeetings Wireless networking is also changing the structure of meetings Participantsoften "chat" in smaller groups and carry out side "conversations" and exchangeinformation privately using their portable devices connected to the network withoutdisturbing the main meeting There are now 802.11b−based wireless presentationdevices coming on the market that allow corporate users to prepare presentations ontheir workstations and then deliver them without having to deal with the wires onprojectors that are permanently attached to wireless receivers One can expect thesereceivers to be integrated in the projectors as time passes We are all familiar with

going into a meeting and then waiting for the presenter to connect their computers tothe projectors and fiddle with the projectors until they get started.[4]

Figure 1.4: Enterprise wireless LAN setup

1.3.3 Wireless LAN Security Requirements

Security of a LAN is often dictated by the physical properties of the medium ituses for communication, the methods used to transmit the data, the protocols that areused to control the security of the data transmitted, and the policies that a LANenforces to ensure authorized use For example, private wired LANs are consideredsecure networks as long as they are not connected to an outside network (for example,the Internet), the LAN equipment and the wiring are physically secured, onlyauthorized personnel are allowed access to the network, and the network securitypolicies are strongly enforced Wireless LANs use airwaves to transmit the data andare considered inherently insecure because their data transmission medium is notphysically bound like their counterpart, the wired LANs Transmitted over theairwaves, the data in a wireless LAN, which spreads in all directions, allows its usersthe freedom to move about However, this also means that adversaries do not require aphysical connection to hack into the wireless LAN Instead, he or she needs to bepresent in the physical range where radio signals can be intercepted For example, if awireless LAN emits a radio signal that reaches up to a radius of one mile, all hackers

within the one−mile radius can easily intercept the signal and possibly conduct anattack on the network A standalone wired LAN (one that is not connected to anoutside network) is far more secure when compared with a standalone wireless LAN.Wireless LAN security can be compared to wired LAN security by using the example

of old cordless phones that did not securely communicate with their base stations Forexample, assume that your neighbor and you both have one of the old cordless phonesthat did not encrypt the signals between the handset and the base station Every timeyou pick up the phone to make a phone call, provided that your and your neighbor'sphone were using the same frequency channel, you will be able to eavesdrop on yourneighbor's conversation Wireless LANs are, therefore, inherently insecure andappropriate measures must be taken to ensure a high−performance and secure wirelessLAN

To secure a wireless LAN, both operational security (see Chapter 5, "NetworkSecurity") and data security must be enforced The security issues of wireless LANsare similar to those of the wired LANs, and in this chapter, we discuss only the issuesthat relate to operational security and the data security issues of the wireless LANs.For more information on wired LAN security

1.3.4 Wireless LAN Operational Security Requirements

Operational security of the wireless LANs deals with the security primitivesthat provide a flawless operation of a wireless LAN Operational security must beimplemented to avoid any threats that can affect the day−to−day operation of awireless LAN Most such threats are possible due to poorly configured wireless LANsetup, the inherent radio frequency−based transmission medium, the technologies andthe protocols used to transmit the data, or insufficient user authentication In thissection, we look at the general security requirements that are necessary to ensure theoperational security of a wireless LAN We also examine the need for securingwireless access points (APs), the radio frequency (RF) methods that are used totransmit data over the airwaves, link−level security that allows wireless equipment tooperate in a wireless LAN, and wireless LAN authentication We also talk about themost common known attacks on wireless LANs

Wireless Access Point (AP) Security

Most wireless LANs operate in infrastructure mode (see Chapter 2, "WirelessLANs") where a wireless access point (AP) coordinates communication among itsusers by acting as a hub and transmitting data received from one user to another Forexample, let's assume a wireless LAN that consists of two users (Alice and Bob) withcomputers equipped with wireless LAN adapters (along with necessary software anddrivers) and an access point In this example, when user Alice sends a message to userBob, Alice's wireless LAN adapter transmits the data to the AP, which in turn looks atthe data packet that is intended for Bob, and transmits the data to Bob The use of APs

to route all the traffic among its users makes a wireless LAN less reliable, as all theusers on a given wireless LAN share the same AP This may result in a single point offailure, where anything happens to the AP For example, if an AP gets too busy or it ishacked, it affects the performance of the entire network In addition to thesingle−point−of−failure APs, most APs that are available today can be managed using

a wireless connection This management feature, though extremely useful, allows anadversary to attempt to break into the security of an AP and possibly take over itsoperation

The number and types of attacks on wireless APs has been growing steadily,and will continue to do so as they become more popular and widespread indeployment These attacks are easy to launch and some can be difficult to detect onyour network via traditional means The most commonly known attack on an AP isconducted by a wireless LAN adapter that constantly sends messages to an AP, making

it so busy that it cannot reply to the messages sent by real users of a network Thisattack is known as a denial−of−service (DoS) or flood attack, as the AP is flooded withbad requests from the rogue wireless LAN adapter making the AP too busy to servicegenuine requests from authorized users Besides flooding attacks, there are otherattacks—for example, AP administration attacks, in which an AP is highjacked by anadversary who then controls all traffic through the AP In scenarios where an APconnects a wireless LAN to a wired LAN, more advanced attacks can be launched thattarget the wireless LAN as well as the wired LAN to which the wireless LAN isconnected

Therefore, it is important to use APs that include measures to defeat the knownattacks For example, a secured wireless LAN must contain APs that have built−in

authentication mechanisms for authenticating both the network users and the userswho are allowed to manage the AP features Carefully designed APs also containprimitives for securing against DoS More advanced APs come with a built−in routerand a firewall to prevent unauthorized traffic to enter the wireless LAN.

Radio Frequency (RF) Method

The data in a wireless LAN travels over the airwaves by using radio frequency

as the carrier Using radio frequency as the carrier means the transmitting LAN device

—for example, a wireless LAN adapter—superimposes the data on a predefined radiofrequency and then transmits it over the air The receiving LAN device separates thedata from the carrier wave, converts it into digital signal, and interprets accordingly.The security of the data transmitted over the air can be affected in many ways, some ofwhich include: jamming the radio frequency, which makes a wireless LAN inoperable,and eavesdropping on the authentication of the data, which reveals the userinformation (the data security in a wireless LAN is discussed later in this chapter) Atypical wireless LAN has a range of up to 300 meters per AP Under mostcircumstances and depending on the placement of the AP, just like cordless phones, thewaves carrying the signals can easily penetrate through the walls It is, therefore,important that the APs be placed at or near the center of a wireless LAN site to reducethe distance that the airwaves can travel

The method used to transmit the data over the airwaves is also of primeimportance when considering the security of a wireless LAN There are many differentmethods used today to transmit the data in a wireless LAN The most common aredirect−sequence spread spectrum (DSSS) and frequency−hopping spread spectrum(FHSS) FHSS is considered more secure and resilient to attacks compared to DSSS

In FHSS, the channel at which data is transmitted keeps switching, whereas in DSSSthe data is transmitted at a fixed channel (For more information on radio frequencymethods, see Chapter 2.)

When choosing a wireless technology, it is important to choose a technologythat provides the best RF security primitives The most current available wireless LANequipment—for example, 802.11−standard devices—utilizes the DSSS method

Link−Level or Network Adapter Authentication

Many wireless LANs authenticate users based on link−level authentication, inwhich a network adapter in a wireless LAN communicates with an AP or with anotheradapter that identifies itself using its media access control (MAC) address MACaddresses are 48 bits long, expressed as 12−hexadecimal digits (0 to 9, plus A to F,capitalized) These 12−hex digits consist of the first 6 digits (which should match thevendor of the Ethernet interface within the station) and the last 6 digits, which specifythe interface serial number for that interface vendor These addresses are usuallywritten hyphenated by octets (for example, 12−34−56−78−9A−BC) By industrystandards, MAC addresses are burnt into and printed on the network adapters used tocommunicate in a wireless If configured properly, most wireless LAN APs aredesigned so that they can authenticate a user based on the MAC identifiers that arepreprogrammed in the AP by the administrator That means that APs let in only thosenetwork adapters, and hence users, that identify themselves with known MACaddresses The MAC−based authentication is considered complex and cumbersomebecause it requires every AP in a network to have the MAC address of every adapterthat might use the AP services MAC−based authentication is also considered weakbecause of the availability of LAN adapters that can be reprogrammed to use adifferent MAC address In such a case, a hacker acquires a wireless LAN adapter that

is programmable and reprograms the adapter to use a MAC address that is known by anetwork he or she wants to attack The hacker then conducts an attack by bringing his

or her computer equipped with a rouge LAN adapter within the radio range of the AP.The LAN adapter with the forged MAC address leads the AP into believing that it is apreviously authorized network adapter and successfully gains access to the LAN

MAC−based authentication should be used only as a supplementaryauthentication method If MAC−based authentication is used, the network becomesvulnerable to such rogue wireless LAN adapters, which may impersonate anauthorized wireless LAN adapter to gain access to the network

Network Authentication

If a communication link is successfully established between two wireless LANdevices (for example, an AP and an adapter), the next step by a user is to establish anetwork session by authenticating himself or herself to the network (AP or anauthentication server that an AP uses) Unfortunately, most currently available wireless

LAN technologies do not include a robust mechanism for network authentication.Most network technologies—for example, 802.11−standard devices—only allow aservice set identifier (SSID)−based authentication, in which each AP is assigned aunique identifier consisting of letters and numbers and broadcasts this identifier toshow its presence All wireless LAN devices use this identifier to communicate withthe AP.

The SSID−based authentication is extremely weak and only provides APidentification The SSIDs are easily programmable on most APs An attack on APs,known as rogue AP attack, is the most popular attack that involves an adversaryplanting an AP in a wireless LAN with the SSID set to the one that is used by thenetwork users If the network relies only on the SSID of an AP for its authentication,the rogue AP successfully gains access to all the incoming traffic from wireless LANadapters that is addressed to the intended AP More information on authenticationmechanisms used in 802.11 is provided in 802.11 WEP Authentication, later in thischapter

1.3.5 Wireless LAN Data Security

"Network Security," data in transit in an insecure medium must always beprotected using encryption primitives Encryption−based data security is even moreimportant in wireless LAN, because without encryption the data is available forexamination to all authorized users and anyone who can receive the RF signals

Most attacks on data security in a wireless LAN are conducted by analyzing theLAN traffic If the data is not transmitted in encrypted form, anyone can easilyeavesdrop upon, alter, or damage it The data security of wireless LANs is furtherdegraded by the fact that most wireless LAN equipment today does not have securityfeatures enabled by default A user has to manually configure the security parameters,which also inhibits the use of encryption in wireless LANs for data security

The encryption parameters that are important to consider when choosing awireless technology include the security strength of the encryption technology used toencrypt the transmitted data and the key size that the encryption algorithm uses It isalso important to keep up with the wireless LAN community to learn the new datasecurity threats and the solutions to defeat them

CHAPTER 2: SIGNAL PROPAGATION MODEL

IN WIRELESS LAN NETWORKS 2.1 IEEE 802.11 Standard family [6]

12Equation Section 2First WLAN (Wireless Local Area Networks) experimentusing infrared links creating a local network in a factory was carried out by IBM in

1979, this technology was not ready; and the LAN explosion began mainly thanks tothe important emergence of the PC’s around 1983 In 1980 in order to create standards

to integrate different technologies and make them work together, the IEEE startedworking in the 802 family standards (at the same time that the ISO carried out the OSImodel) predicting that this first explosion of the technology could last the next decades

as show in Figure 2.1 There is also important mention that the FCC deregulated theband of 2.4-2.5 GHz giving chance to develop in this band in 1985 Wi-Fi is aimed atuse within unlicensed spectrum This enables users to access the radio spectrumwithout the need for the regulations and restrictions that might be applicableelsewhere The downside is that this spectrum is also shared by many other users and

as a result the system has to be resilient to interference

Figure 2.1: The relationship between the various components of the 802 family and their place in the OSI model

The IEEE 802 family is a series of specifications for local area network (LAN)technologies, which specifications are focused on the two lowest layers of the OSImodel because they incorporate both physical and data link components All 802networks have both a Medium Access (MAC) and a Physical (PHY) component TheMAC is a set of rules to determine how to access the medium and send data, but thedetails of transmission and reception are left to the PHY In 1997 after almost twentyyears of development of wired LAN networks, the IEEE faced up a new challengepredicting the incredible use of laptops, and after the smartphones In that moment, the

IEEE 802.11 standard was born, aiming to provide a reliable, fast, inexpensive, robustwireless solution that could grow into a standard with widespread acceptance, usingthe regulated ISM band from 2.4-2.5 GHz; it wanted to appear identically to wiredLANs With the invention of the 802.11n and the adoption of the MIMO technology,

in 2007 we have another big step forward in the used technology; the same as in the

2012 when thanks to the use of only the 5GHz band the data rates improvedramatically and the use of the Wi-Fi connections focus on small cells with greatperformances

Figure 34.2: The performance of the different standards(IEEE 802.11)

As it is shown in Figure 2.2, there has been an important evolution in theperformance of the different standards From the 802.11b to the 802.11 g there is a firstimprovement of the Data Rate, thanks to the new technique OFDM and also the bettermodulation that could be used From the 802.11g to the 802.11n there is a muchbigger improvement, the fact of using the new frequency band of 5 GHz, the MIMOtechnique which allows in this case to have 4 antennas sending signal and other 4

antenna receiving and the Channel Bonding technique permitting to combine two overlapping channels of 20 MHz in one of 40 MHz for getting better data rates The802.11ac exploits more efficiently the features of the 802.11n: the OFDM technique,uses a more dense modulation, amplifies the channel bonding technique for gettingbigger channel widths and also the MIMO is used with more antennas, and the variantMU-MIMO is incorporated in the DL; obtaining in this case for the 5GHz band datarates much more bigger Finally we know so little about the 802.11ax, but by theinformation about the data rates obtained; it exceeds by far the ones got by the802.11ac.

2.2 RF signal propagation in Wireless LAN networks

2.2.1 Complex Modulation [6]

Since digital radios are no longer dealing with analog information, they do nothave to be based on modulations that support analog signals They merely have totransit 1’s and 0’s This can be done simply with two phase or amplitude states: onestate representing a binary 1, the other representing a 0 In order to transmit data faster,you need more transitions Luckily, because of the number of discrete phase anglesavailable (theoretically 360 but practically far less) and the number of amplitude statesavailable (theoretically infinite, but again practically far less), a carrier transition canrepresent more than one bit If four distinct carrier states are available, 2 bits can berepresented by each transition, eight states yield 3 bits, and so forth

BiPhase Shift Keying (BPSK) phase modulates the carrier with two distinctphase shifts, 180 degrees opposed, it can represent 1 bit per transition Figure showsthis concept using signal states at 0 and 180 degrees There is no reason why the initialphase state must be 0 So long as the phase states are 180 degrees out of phase, anytwo states could be used 45 and 225 degrees are common states used in BPSK radioequipment

Quadrature Phase Shift Keying (QPSK) is the next logical step up themodulation complexity curve As shown in Figure below, QPSK uses four distinctphases, each separated by 90 degrees It can represent two bits per transition, but inreturn requires more signal power at the receiver in order to recover the transmittedinformation accurately As previously discussed, there is no reason why one state must

be 0 degrees As in BPSK, an initial state of 45 degrees is commonly used

Further increases in efficiency can come from adding even more phase states.Doubling the number of phase states in QPSK yields 8 PSK, which uses eight distinctphases separated by 45 degrees, and can represent three bits per transition

As spectrum became more congested and the amount of information increased,even 8PSK proved insufficient to provide enough channel capacity in many cases Thislimitation was overcome by using the carrier’s amplitude to convey additional bits So

in addition to modulating the phase, engineers started modulating the amplitude as

well This is known as QAM, or Quadrature Amplitude Modulation and is a fancyname for a simple process If you take the two phase states of BPSK, and add twodistinct amplitude states to each, you have QAM This concept is illustrated in Figurebelow The signal is a basic BPSK signal with 0 and 180 degree phase states, but noweach phase state is also transmitted with two unique amplitudes.

By adding two distinct amplitude shifts to a QPSK signal you get 8 QAM,which has eight distinct phase/amplitude states Each of these states can represent 3bits per transition, the same as for 8 PSK But wait, there’s still more! 16 QAM hasfour phase states with four amplitude states, can represent 4 bits per transition, 32QAM can represent 5 bits, 64 QAM can represent 6 bits, and 256 QAM, which hassixteen phase states and sixteen unique amplitude states, can represent 8 bits pertransition All of these modulations are commonly used in modern equipment In factsome modern point-to-point microwave equipment uses 512 QAM

spaced apart at precise frequencies so as to provide “orthogonality.” The center of themodulated carrier is centered on the edge of the adjacent carriers This techniqueprevents the independent demodulators from seeing frequencies other than their own.The benefits of OFDM are high spectral efficiency, great flexibility to conform toavailable channel bandwidth, and lower susceptibility to multipath distortion This isuseful because in a typical terrestrial

propagation environment, there are signal reflections (i.e the transmitted signal arrives

at the receiver from various paths of different length) that cause distortion of thereceived signal As always, there is a tradeoff: OFDM is more susceptible tointerference, especially from narrowband devices, and it requires extremely stableoscillators since it can tolerate little frequency drift Once again this is a modulationtechnique that has been known for many years, but has only recently become feasiblefor consumer grade equipment due to the falling cost and rising complexity of digitalcircuitry and computing power In OFDM, each of the orthogonal carriers can beindependently modulated with a BPSK or QAM signal Because they are treated asindependent channels, the selected modulation on each channel can be tailored to thefading environment of the propagation path Implementing this flexibility addscomplexity to the system, but in return allows the maximum throughput to beaccomplished because it can dynamically accommodate the frequency selective fading

of the channel If a certain subcarrier occupies a faded frequency, it can be assigned alower order modulation If the subcarrier is unfaded, it can operate at the maximummodulation complexity Current consumer equipment implementations of OFDM like802.11a and 802.11g do not implement this complexity These standards use acommon modulation on all subcarriers Manufacturers of proprietary solutions offervarying levels of complexity based upon the anticipated use of the hardware OFDMcomes in many flavors, depending on the manufacturer and the intended use of the

equipment Just like all the other technologies we’ve discussed, the implementationtrade-offs are selected by the standards body or equipment designer in order tomaximize the equipment’s utility in a given market space OFDM, because of itsflexibility and high spectral efficiency is being considered as the technology for 4thgeneration cellular systems, and is being used in more and more standards-based andproprietary data communications products It is also the basis for wired ADSLtechnology and some HDTV transmissions standards.

2.2.3 Frequency Bands

By law, the relation between the standard 802.11 and the frequency bands isdirect, without a deregulated frequency band there is no possibility to create a standardworking on these frequencies

That is why in 1985, the FCC deregulated the spectrum from 2.4 GHz – 2.5GHz for the ISM communities [7] Almost fifteen years later the first version of 802.11was working on that band, the same happened with the 5 GHz band some years later,and actually the majority of the versions of the standard 802 are working on these twobands

The 2.4 GHz band is divided in 11 or 13 channels of approximately 20 -22 MHz(the ones available also depend on the laws of the country), but the useful ones arethose not affected by overlapping, ideally the 1, 7 and 13 for Europe or the 1,6 and 11for USA

Figure 2.3: the 2.4GHz frequency band separated in the 14 channels

In Figure 2.3 there is represented the 2.4GHz frequency band separated in the

14 channels, we can see clearly that some combinations such as 1,6,11 or 1,7,13 do notoverlap It is very important to understand why almost every AP is transmitting in one

of this channels and not using the others; the common sense could give us the advice

to transmit in other channels in order to have a partial overlapping (for examplechannels 1 and 3) instead of a total overlapping (two AP’s transmitting on channel 6)