Question

Why is anonymity different in TWN and WLAN?

Why is WEP an ideal candidate for an FMS attack?

Answer 1

Wireless networks have become common place in the past several years in homes and offices.
Wireless networks have had a significant impact in our society by enabling:
• Individuals to transport laptops and other devices to and from meetings in office
buildings, increasing employee productivity.
• Devices within close range to synchronize without a physical connection.
• Mobile users to receive email, text messages, etc. while on the move.
• Connection to the internet, throughout a home, without the time consuming and difficult
task of running cable through the structure of the home.
There are several different sets of communication standards, enabling wireless networking in
these different scenarios, for different types of devices. In the home and office, laptops utilize
Wireless Local Area Network (WLAN) technologies to connect to wired networks, experiencing
the full capabilities of network and internet access. Devices may synchronize themselves over
very short ranges to other devices or networked desktops, using the Bluetooth standard. Mobile
devices like smart phones and personal digital assistants (PDAs) communicate, using cellular
technology. In this document, we have chosen to limit our discussion to the first type of wireless
technology, the Wireless Local Area Network (WLAN) technologies.
We begin or discussion of WLAN technologies in Section 2 by discussing the functionality and
current standards that apply to WLANs. Once this foundation has been laid, we describe the
vulnerabilities of these networks in Section 3. In Section 4, we explain how, when a network is
vulnerable, you can detect that it is under attack. In Section 5, the possible defenses for attacksdiscussed. In Section 6, legal implications, which may help mitigate attacks are explored.
Finally, we close in Section 6, looking to the future of WLANs.The Wired Equivalent Privacy (WEP) standard was introduced with the 802.11 standards,
but by 2001 a number of weaknesses had been discovered in the standard, leading to the
adoption of new standards (WPA). The cryptographic weakness in WEP was, in part,
intentional. At the time of WEP’s introduction, cryptographic keys for export to
international markets was limited to 40 bit keys. To further compound the weakness
presented by short keys, the WEP standard uses a single, static shared key without a
dynamic key update method. Some WEP implementations include longer keys of 128,
152, or 256 bits, but these are non-standard and therefore incompatible.
2.2.2.WiFi Protected Access (WPA)
The WiFi Protected Access (WPA) standard, addresses all deficiencies found in the WEP
standard. This standard was introduced by the WiFi Alliance in 2003 to bridge the
security gaps of WEP8
, prior to the formal adoption of the 802.11i (WPA2) standard.
WPA is a subset of the 802.11i standard (WPA2). The WPA security standard is designed
to secure all versions of 802.11 devices, including 802.11a, 802.11b and 802.11g,
described above.
WPA can frequently be installed on WiFi certified devices as a software upgrade. Access
Points (AP) require a software upgrade. Client workstations require a software upgrade
to their network interface card (NIC) and possibly an additional upgrade to their
operating system (OS). Enterprises may choose to use a Remote Authentication Dial-In
User Service (RADIUS) authentication server. In homes, by utilizing a shared password
mode, users may avoid the additional setup and support of a RADIUS authentication
server.WPA supports a strong encryption algorithm and user authentication. The WPA standard
employs Temporal Key Integrity Protocol (TKIP) for encryption, using 128 bit keys that
are dynamically generated.
In a corporate environment, keys are generated leveraging the 802.1X authentication
protocol with Extensible Authentication Protocol (EAP). The 802.1X protocol, adopted
by the IEEE in August of 2001, is a network access control method used on both wired
and wireless networks. The 802.1X protocol’s use of EAP, enables the support of a
variety of user credential types, including username/password, smart cards, secure IDs, or
any other type of user identification. Clients and Access Points (AP) authenticate against
the RADIUS server which validates client access to the network, as well as, enabling
connected clients to know they are talking to valid APs once they are on the network.
In a home environment, “pre-shared keys” (PSK) or passwords are used to provide TKIP
encryption.
In the WPA standard, if enterprise security is employed, a user supplies credentials to the
RADIUS server which authenticates the user, or if enterprise security is NOT employed,
supplies a manually entered password on the client device and Access Point. Once a user
is authenticated, a unique master or “pair-wise” key is created for the session. TKIP
distributes the key to the client and Access Point (AP), using the pair-wise key to
generate unique data encryption keys to encrypt every data packet that is sent during the
session. A Message Integrity Check (MIC), when enterprise security (RADIUS) is
employed, prevents a “man in the middle” alteration of packets by requiring both the
sender and receiver to compute and compare the MIC, assuming an attack and discarding
the packet if the MIC doesn’t match.4.3. WLAN Scanners
Two tools that appear to be most commonly used by hobbyists and WarDrivers are Net
Stumbler and Kismet23. Net Stumbler appears to be the most popular scanner used on
Microsoft Windows. Net Stumbler works by sending 802.11 probes that actively scan by
sending out requests every second and reporting on the responses. AP’s by default, respond to
these probes, but can be configured not to and to stay silent. We installed Net Stumbler on a
Windows XP machine and captured signal strengths at a coffee shop in Seattle.
Figure 1: Available Networks in range Figure 2: Signal Strength for the "victrola"
network
Net Stumbler also has integrated support for a GPS unit allowing a WarDriver to easily build
a wireless hot-spot map. As a bit of a social experiment we drove about the Capitol Hill