Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks

LIVING IN THE JUNGLE: LEGITIMATE USERS IN LEGITIMATE, INSECURE WIRELESS NETWORKS
Abstract— Security in wireless networks has been much
debated in recent years. Although the general understanding of
the technologies that provide secure networks has reached very
high levels, the fact remains that the security of some networks
currently in use is below standard. It is not at all unusual for a
legitimate user to have to access a legitimate, insecure network.
These connections multiply the risks involved in data
transmission for legitimate users, since the security provided by
the infrastructure is insufficient. This article describes the risks
and protection options that a legitimate user of a legitimate,
although insecure wireless network, can resort to. This document
analyses the environments in which a legitimate user may be at
risk, exposed to attacks from malicious network users, and the
practices that help to increase security for your work within the
network. A monitoring tool has been developed to provide
assistance in this task, by allowing the user to monitor network
activity, and thereby gaining greater security.
Terms used— WEP, WPA, WPA2, Computer security, Wireless
network risks, TKIP, AES, Wireless network protection.
I.INTRODUCTION
HE IEEE 802.11[1]
standard, published in 1997,
marked the dawn of wireless networks. Computer networks
that employ this technology, also known as WIFI, have seen a
consistent growth in size and number. Wireless networks have
continued to multiply despite the security problems they
involve, which were discovered at the time of their creation.
More recent developments in wireless security, such as the
IEEE 802.11i standards and the WPA and WPA2
specifications, have made it possible to bring the security of
wireless networks up to the same level as that of their wired
counterparts. Nonetheless, insecure wireless networks abound,
and in many cases, users, particularly if they are outside of
their habitual place of work, have no option but to make
legitimate use of such networks.
{0>E<}0{>T<0}
This document studies what a legitimate user of a
legitimate, insecure network can do to assess whether he/she is
at risk, thus obtaining the necessary elements to take an
informed decision on whether to continue using the network,
and minimising the risks involved in any course of action
taken. These elements can allow a user to ascertain whether a
network has been compromised or whether other network
users are acting inappropriately or in a way that represents a
security hazard.
We have developed a monitoring tool by way of illustration

for this article and to serve as proof of concept. This
instrument uses Centrino laptop computers with Intel
Pro/Wireless 2200BG chipsets. These devices were chosen for
their capacity to offer a clear presentation of the work carried
out, although other technologies can be used for the same
purpose.
II.WIRELESS NETWORK SECURITY MODELS
There are three security models currently co-existing in the
real world: IEEE 802.11 (WEP [Wireless Equivalent
Privacy]), WPA (Wireless Protected Access) and IEEE
802.11i (WPA2 [Wireless Protected Access 2]).
A. The IEEE 802.11 (WEP[2]) standard
The IEEE 802.11 provides the following security options:
- Client authentication through PSK (Pre-Shared Key) or no
authentication
- Communication encryption and message integrity through
use of WEP, which uses the RC4 algorithm with 40 and 104-
bit keys.
The 802.11standard allows, as extra security features, the
possibility of not disclosing the name of the wireless network
(SSID [Service Set Identifier]) and/or filtering clients
connecting to the network through the hardware address of the
device seeking access (MAC address).
This security model soon became insecure[3] as a result of
the discovery of a number of security deficiencies in the
implementation and use of the RC4[4] algorithm. Moreover,
the design of the extra security features made them insecure,
and it was a simple task for an attacker to discover the SSID of
a wireless network or of a valid MAC address, which could
then easily be mimicked or "spoofed".
B. Wifi Alliance – WPA[5]
By the year 2001, the security model defined by the IEEE
802.11 standard was deemed completely unsafe, and IEEE
started work on a new secure wireless network standard,
which would become known as IEEE 802.11i[6]. In the
Living in the jungle: Legitimate users in legitimate,
insecure wireless networks
Alejandro Martín, Rodolfo Bordón Villar, José María Alonso, Antonio Guzmán
1

interim period before this standard was approved, the Wifi
Alliance, a group of companies sharing an interest in secure
wireless technologies, defined the WPA (Wireless Protected
Access). WPA certifies wireless devices that include tested
security technologies, such as TKIP [Temporal Key Integrity
Protocol] [7] or MIC [Michael][8].
C. IEEE 802.11i (Wifi Alliance - WPA2[9])
Once the IEEE 802.11i had been approved, Wifi-Alliance
certified it under the name WPA2. IEEE 802.11i and WPA2
technologies provide improved security mechanisms for client
authentication and communication encryption.
EAP [Extensible Authentication Protocol][10] was the
chosen authentication protocol. This allows virtually any
method of authentication, such as passwords, digital IDs for
users or hardware, tokens, etc. It also allows using RADIUS
[Remote Authentication Dial-In User Service] to validate
credentials by means of the 802.1x[11] protocol. For extra
security, EAP can be operated through an SSL
communications channel created with a digital server
certificate. This security feature, known as PEAP (Protected
EAP), allows the entire EAP transaction to be encrypted.
In addition to EAP, a shared key authentication method is
also supported. This mechanism, known as WPA2-PSK (or
WPA-PSK), has nevertheless proved a weak point for the
protocol, since its strength depends on the password chosen
and on the policy on password change. A weak password
implies weak security.
TKIP is used as the data encryption protocol in both WPA
and WPA2. In the latter, however, it is only used as a
backward compatibility option, given that AES (Advanced
Encryption Standard[12]) is the chief encryption protocol in
WPA2. Security in these systems is dependent on security in
the transmission and processing of the encryption keys. It has
been proven that in a WPA-PSK or WPA2-PSK environment,
an attacker who succeeded in capturing the entire key
exchange can gain access to the content of the communication.
III. INSECURE WIRELESS NETWORKS
In view of what has been laid out above, the following
wireless network architectures are currently considered
insecure:
- Open networks: Networks with no authentication and/or
no data encryption protocol.
- WEP networks: There is a wide variety of resources for
gaining unauthorised access to this type of networks, which
prey on RC4 security flaws. There is ample documentation on
procedures for cracking WEP passwords[13] and there are
even studies on how they can be obtained in less than sixty
seconds[14].
- WPA-PSK and WPA2-PSK networks: If an attacker who
is not authenticated in the network captures the authentication
frames of another client and the access key is not strong
enough, he/she can easily compromise the security of the
entire network through a dictionary or brute force attack[15]
[16]. Access point simulation attacks also allow attackers to
deceive a client in order to obtain the authentication frames.
IV. WHY ARE INSECURE NETWORKS STILL IN USE?
Even though there is widespread awareness of secure
network architecture, insecure networks still exist. This
section lays out the causes for their persistence.
- Obsolete hardware: Not all hardware currently in use is
compatible with secure wireless technologies. It is easy to find
access points, routers and WLAN cards that do not provide for
WPA or WPA2. Such networks are most commonly found in
home environments or in small and medium companies with
low IT systems management maturity.
- High compatibility: In some wireless networks, the
prevailing functional element of design is not security, but
offering service to a large number of users who may demand
access from a wide range of devices and operating systems, eg
mobile devices, laptop computers, desktop computers,
mp3/mp4 devices, etc. In such networks, where connectivity
takes precedence over security, the architecture tends to be
open or WEP, due to its compatibility with most wireless
devices. These networks are often found in hotels, airports,
conference centres, etc., where the users have free access or
pay only for the time they use the connection.
- Financial reasons: Private individuals and small
companies usually cannot afford secure wireless technologies
such as RADIUS servers, which allow implementing secure
authentication systems, like for instance PEAP-TLS or PEAP
with passwords. In these environments, shared-key
authentication systems, ie WEP, WPA-PSK or WPA2-PSK
are the most widely used.
- Unawareness: The last reason for the persistence of
insecure networks lies in the fact that those who design them
may not be aware of the risks and hazards they involve, and
lack the expertise needed to implement a secure network. Such
networks still represent a large percentage of all networks
currently in operation.
2

V. SECURITY HAZARDS
The hazards to which a wireless networks user is exposed
arise from the potential attacks to which he/she is open. These
affect the three main pillars of security: confidentiality,
integrity and availability. Wireless technology is susceptible to
all the hazards that affect conventional LAN networks, with
the addition of further hazards as a result of its inherent
characteristics:
- Traffic sniffing/analysis[17]: An attacker can capture all
the data traffic flowing through a network to which a
legitimate user is connected. This operation does not require
the attacker to be connected to the network, since there are
programmes that allow setting the WLAN card to
"promiscuous mode" or "monitoring mode", depending on
whether or not the computer is connected to the network, in
order to capture and process all traffic. If the legitimate user's
communications are not securely encrypted, any sensitive
information he/she exchanges through the network may be
captured.
- Session hijacking: This is possible when the credentials
for connecting to a wireless network are sent unencrypted.
This type of security is usually offered in wireless networks
such as those in internet hotspots, where the client is validated
through his/her physical address. The attacker captures the ID
credentials and "spoofs" the physical address of the legitimate
client to make use of the connection.
- Access point spoofing: In open wireless networks where
authentication involves filtering MAC addresses of the devices
seeking access, an attacker can set up an access point with the
same SSID and MAC address. Any users accessing this
network instead of the legitimate network will provide the
attacker with the credentials of the legitimate network.
- Man-in-the-middle attack: This hazard, which is more
serious than those described above, involves an attacker
placing himself between the client and the access point,
masquerading as the legitimate access point to the client and
as the legitimate client to the access point. The attacker
intercepts all traffic flowing in both directions, thereby being
in a position to capture sensitive information even if the user is
using encrypted communication. This attack method can be
implemented in open connections, connections with MAC
address filtering and in networks with WEP or WPA/WP2-
PSK encryption. In order to carry out this attack successfully,
the attacker must be connected to the network before
commencing the attack.
- Information manipulation: An attacker may, in addition
to monitoring the network for different purposes, intercept the
traffic flowing through it, modify it, and then forward it to its
intended addressee. Thus, the integrity of the communication
is compromised through manipulating the communication of a
legitimate user with its addressee.
Denial of service: Another potential hazard for legitimate
users of legitimate networks is being denied access to the
network. This is usually a symptomatic attack resulting from
the weakness of the infrastructure and in most cases it is
indicative that the network is under attack for different
purposes.
VI. HAZARDS MATRIX
Point IV above contains a description of the different types
of insecure networks which a legitimate user can connect to.
These are: open, WEP, WPA/PSK and WPA2/PSK with weak
keys. The table below shows where each of the attacks
described in point V can be successful.
Open WEP WPA-PSK WPA2-PSK
Traffic sniffing/
analysis
X X1
X2
X2
Session hijacking X X3
X3
X3
Access point
spoofing
X X4
X4
X4
Man-in-the-middle X X1
X2
X2
Information
manipulation5 X X
Denial of service X X X X
Figure 1: Matrix of insecure network hazards
(1) The user needs to have the WEP password (legitimately or
by cracking it)
(2) The attacker needs to have previously cracked the
WPA/WPA2[18] password and captured all the packets
exchanged in the password stage between the client and the
access point. There is a proof of concept for this with the
CommView for WiFi chipset, which supports WPA and
WPA2 deciphering in PSK key mode using the Temporary
Key Integrity Protocol (TKIP) or CBC-MAC Advanced
Encryption Standard / Counter Protocol (AES/CCMP). This
requires providing the WPA/WPA2 password. In order to
decipher traffic encrypted in WPA, CommView for WiFi must
be in operation and capturing data during the password
exchange stage. Passwords are exchanged through the EAPOL
(EAP over LAN) protocol, and therefore all EAPOL packets
need to be captured in full.
(3) This involves capturing and deciphering the network
traffic.
3

(4) This involves obtaining the WEP/WPA-PSK/WPA2-PSK
passwords so that they may be requested from the victim
users, thereby allowing them to log on correctly. Their traffic
can then be diverted.
(5) WPA and WPA2 use MIC (Message Integrity Code) to
monitor message integrity. This method, also known as
Michael code, has some well-known shortcomings in its
design, since it is invertible and not clash-free. Nonetheless,
Jianyong Huang, Willy Susilo and Jennifer Seberry expose the
difficulty of actually taking advantage of these weaknesses in
their article "Observations on the Message Integrity Code in
IEEE 802.11 Wireless LANs"[19].
VI. ASSESSMENT OF NETWORK SECURITY
This section describes the procedures that should be
followed to evaluate the security and risks associated to any
wireless network.
A. Wireless security model used
As may be seen in the matrix above, the hazards affecting a
wireless network depend on its security model. Therefore, the
first step for assessing network security is establishing
whether an insecure model is in use, ie open, WEP, WPA-PSK
or WPA2-PSK. To do this, the monitoring tool checks the
characteristics of the network to which the user is connected.
Figure 2: Security model of the network to which the user is
connected
B. Strength of the network key
Once the security model of the wireless network has been
established, it is possible to determine the strength of the key
being used. In WEP networks, the length or complexity of the
password is not a determining factor, since simplicity to crack
such keys depends on the traffic captured and not the strength
of the key. Thus, the strength of any WEP key is always
LOW. In WPA and WPA2 networks, however, the method for
cracking the key is based on dictionary or brute force attacks.
The longer and more complex a WPA or WPA2 key is, the
greater the security it provides. These two factors allow us to
evaluate WPA and WPA2 key strength. A completely random
and dispersed key that is 63 characters long, offers the
maximum possible strength, while a password shorter than 8
characters or which may be found in dictionaries is the
weakest possible key.
The time used to crack a WPA or WPA2 key varies
according to the method used and the calculation capacity.
Using dictionary text files and one single computer will only
achieve a few hundred tries per second, while using pre-
calculated tables and specially-designed tools[16] achieves
several tens of thousands of tries per second. This explains the
importance of the length and complexity of the password used.
The chart below shows the number of possible combinations
according to the length and complexity of the key.
Figure 3: Strength of WPA/WPA2 passwords (Combinations
axis in logarithmic scale with base 10)
C. Network neighbours
The existence of hazards for an insecure network does not
depend on whether the potential attackers are connected to the
network or not. However, as may be seen in the Hazards
Matrix, many of these hazards require the attacker to be
logged on, which means that a network with no users
4

connected is a more secure environment. Furthermore, the
likelihood of an attacker appearing depends on many factors,
but the number of neighbours is a key element in this respect.
Knowing the number and characteristics of a network's
neighbours helps to determine its risk level. In order to do this,
the monitoring programme detects the computers logging on
and off in real time and their public characteristics, including
their physical address, IP address and the name they are using.
This requires analysing the network traffic.
Figure 4: Detecting network neighbours
Maintaining this list of neighbours allows us to know who
shares our environment. It also provides information on
networks that are in our physical vicinity and the computers
connected to them. Nevertheless, this has not proved to be a
reliable, useful method for practical risk analysis.
D. Anomalous behaviour
Monitoring and analysing network traffic allows detecting
anomalous behaviour patterns and raising an alarm when
somebody is making improper or dangerous use of the
network. With this aim, the following can be detected by
monitoring the elements mentioned above and the network
traffic:
- Alert 1: MAC spoofing: An attacker can access a network
that employs MAC address filtering using the MAC of a
legitimate user, which he/she obtains through network traffic
capturing. The monitoring tool detects instances of various IPs
using a single MAC, which allows sending warnings for MAC
spoofing attacks. This would imply the intrusion of an attacker
into the network.
- Alert 2: MAC and IP spoofing: In some environments,
not only MAC addresses are filtered, but a firewall also checks
the computer's IP address. This situation can always be
detected if two computers share an IP address but have
different names. This is indicative of an illegal inclusion in the
network and therefore the presence of an attacker.
- Alert 3: Packet injection: In a network whose security
model is based on WEP, an attacker may be monitoring the
traffic with a view to cracking the WEP password. This
requires capturing a minimum amount of traffic, which is
currently in the region of 80,000 packets. Hence, an attacker
needs to wait for sufficient traffic to build up. However, there
are certain techniques for illegally injecting traffic into the
network in order to generate the necessary number of packets
quickly. There are a number of techniques used to generate
such traffic. The monitoring tool allows us to detect illegal
injections denoting the presence of an attacker.
- Man-in-the-middle attack: These attacks may be
performed by MAC spoofing, which would trigger alerts 1 or
2, or by modifying the ARP tables, which would indicate that
more than one IP address are being used with one single MAC
address. Both cases would prompt alerts 1 or 2.
Figure 5: Alert system
VII. CONCLUSIONS AND FUTURE WORK
The use of insecure networks always involves a risk. This
article simply evaluates this risk in order to offer legitimate
users the most comprehensive information on the potential
hazards associated to a particular network.
5

There is no scarcity of well-documented solutions to secure
wireless networks from the point of view of the network
architect, and the network user also has methods at his/her
disposal to ensure that connections are secure, such as Virtual
Private Networks (VPN).
Virtual private networks allow establishing a secure channel
between the network client and the server. This solution is
common in companies employing a mobile workforce and
among users of insecure wireless networks who are concerned
about security. However, there are certain environments where
it is not possible to implement these secure solutions.
Virtual private networks use special connection ports.
Those based on PPTP (Point to Point Tunneling Protocol) or
L2TP (Layer2 Tunneling Procol) for instance, require the
wireless network not to disable the PPTP server and IKE
(Internet Key Exchange) ports, which are used to establish the
connection between client and server. In most pay-per-use
wireless networks, these ports are disabled, and therefore it is
not possible to establish this type of connections.
Another solution for tackling insecurity is provided by
virtual private networks operating over the http-s protocol.
These connections, known as VPN-SSL, are easier to establish
in most pay-per use wireless networks, although they cannot
be used in networks where either SSL connections routing or
the Bridging http-s service have been configured, since this
implies utilisation of the digital certificates.
In conclusion, there are certain environments where a
secure connection through a legitimate, insecure wireless
network cannot be assured, due to the setup of the network or
to the fact that the user does not have access to a virtual
private network server. The aim of this article is therefore to
provide legitimate users with as much information as possible
in order that they may suitably appraise the risks involved.
We are currently working on a quantitative scheme that will
allow evaluating the risks associated to a particular connection
according to the factors that have been described in this
article, ie security model, strength of credentials, network
neighbours and hazards. The latter would be evaluated
according to their seriousness, ease and probability of
appearance.
The final aim is to offer legitimate users the highest
possible degree of assurance in legitimate connections to
insecure wireless networks.
REFERENCES
[1] “IEEE Standard for Local and Metropolitan Area Networks: Overview
and Architecture”, IEEE Computer Society,
http://standards.ieee.org/getieee802/download/802-2001.pdf
[2] WEP
[3] “Weaknesses in the Key Scheduling Algorithm of RC4”, Scott Fluhrer1,
Itsik Mantin2, and Adi Shamir,
http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf
[4] “A Stream Cipher Encryption Algorithm "Arcfour”” , K.Kaukonen,
R.Thayer, http://www.mozilla.org/projects/security/pki/nss/draft-
kaukonen-cipher-arcfour-03.txt
[5] “WPA”, Wifi-Alliance, http://www.wi-fi.org/knowledge_center/wpa/
[6] “Establishing Wireless Robust Security Networks: A Guide to IEEE
802.11i”, Pauline Bowen, Joan Hash and Mark Wilson, NIST.
[7] “802.11 Security Series. Part II: The Temporal Key Integrity Protocol”,
Jesse Walker, http://cache-
www.intel.com/cd/00/00/01/77/17769_80211_part2.pdf
[8] “Michael: an improved MIC for 802.11 WEP,”, Ferguson, N., IEEE
802.11 doc 02-020r0, http://grouper.ieee.org/groups/802/11/
[9] “WPA2”, Wifi-Alliance, http://www.wi-fi.org/knowledge_center/wpa2/
[10]“EAP, Extensible Authentication Protocol”, Networksorcery,
http://www.networksorcery.com/enp/protocol/eap.htm
[11]“802.1X-2004 - Port Based Network Access Control“, IEEE Computer
Society, http://www.ieee802.org/1/pages/802.1x-2004.html
[12]“AES Proposal: Rijndael”, Joan Daemen, Vincent Rijmen,
http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf
[13] “A Key Recovery Attack on the 802.11b Wired Equivalent Privacy
Protocol (WEP)”, Adam Stubblefield, John Joannidis and Aviel D.
Rubin, http://www.cs.jhu.edu/~rubin/courses/sp04/wep.pdf
[14]“Breaking 104 bit WEP in less than 60 seconds”, Erik Tews and Ralf-
Philipp Weinmann and Andrei Pyshkin.
http://eprint.iacr.org/2007/120.pdf
[15] “Weakness in Passphrase Choice in WPA Interface” , Robert
Moskowitz, http://www.wifinetnews.com/archives/002452.html
[16] “CoWPAtty: Ataque por diccionario sobre claves WPA/WPA2”, Robert
Moskowitz,.http://www.wirelessdefence.org/Contents/coWPAttyMain.h
tm
[17] “Intercepting Mobile Communications: The Insecurity of 802.11”,
Nikita Borisov, Ian Goldberg, David Wagner,
http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf
[18] “Analysis of the 802.11i 4-Way Handshake” Jianyong Huang, Willy
Susilo and Jennifer Seberry. (2004) Analysis of the 802.11i 4-way
handshake , Proceedings of the 3rd ACM workshop on Wireless security
[19] “Observations on the Message Integrity Code in IEEE802.11Wireless
LANs”, Jianyong Huang, Willy Susilo and Jennifer Seberry,
http://www.uow.edu.au/~jennie/WEB/WEB04/SeberryObser.pdf
AUTHORS
6

Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Destaque

Destaque (9)

Semelhante a Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks

Semelhante a Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks (20)

Mais de Chema Alonso

Mais de Chema Alonso (20)

Último

Último (20)

Living in the Jungle: Legitimate users in Legitimate Insecure Wireless Networks