Network Security through Wireless Location Systems

Introduction

When we use wireless networks, our goal is to grant network access with stations mobility and flexibility. The stations must be capable of access the network while moving freely around the access area, without losing connection, and the network physical infrastructure must support the addition of new wireless devices and the disconnection of them without any physical impact.

Because of the behavior of the signal propagation, however, when we compare wireless networks with wired ones, we identify that there are some differences in the management and security aspects that must be considered.

In wired networks we can easily confine the physical network inside a room or building, according to the network connection points (switch ports and cables). Also, it is easy to segregate different subnets in the same building, in separate rooms or areas using routers and/or firewalls.

When we have a minimal IP address organization (subnet oriented), it is easy to determine the physical location of a station, only analyzing the IP address information.

In wireless networks, the physical coverage area is difficult to define due to the microwave signals behavior. The reflection, refraction, diffraction, scattering, attenuation and multi-path, distribute the coverage area with non-uniform patterns. The network access area is defined by the obstacles that the microwave signal encounters in the environment.

This means that the network physical access area definition is not possible in a easy way, and a wireless station can capture the network signals even outside the building.

Related to segregation, besides the fact that the WLAN (Wireless Local Area Networks) IEEE802.11 uses multiplexed channels to deliver different networks in the same environment, the responsibility of channel selection relies on the wireless station. This means that the network manager can not control the subnet in which a client tries to connect.

Because of the mobility, the wireless stations can be in any place inside the coverage area. This means that only by analyzing network data, it is not possible to locate the device. A malicious stations can be anywhere inside (or outside) the building.

In order to conceive a wireless network with the minimum of security, the IEEE presents some mechanisms to achieve device authentication and data privacy in IEEE802.11 networks. The data privacy is achieved by one of the mechanisms IEEE (1999), IEEE (2003), IEEE (2004):

• •

  WEP: Wired Equivalent Privacy. It is a symmetric cryptography protocol (same key to cypher and decipher the data) base in the RC4 algorithm;

• •

  WPA: Wireless Protected Access. Based in the WEP algorithm, but with temporal keys - TKIP (Temporal Key Integrity Protocol). Can be used with an initial pre-shared-key (PSK) or with 802.1x protocol;

• •

  WPA2: or IEEE802.11i. It uses the AES cryptography algorithm, which is much more robust than WEP and WPA. It also can be used with a PSK or 802.1x.

WEP was proven by Fluhrer (2001) to have security vulnerabilities based on weak keys generated by the cryptography algorithm. The WPA tries to overcome this vulnerabilities through TKIP, changing the shared secret from time to time. It is possible to break WPA by capturing the authentication packets and discovering the first key (pre-shared key) through brute force Moskowitz (2003).

Because WPA2 uses AES, it is considered the more robust cryptography protocol for IEEE802.11 networks.

The authentication can be made trough the protocols Gast (2002):