Introduction
Users connect to a centralized access point (AP), which serves as a hub for other clients and a cable connection, or clients link in an ad-hoc peer-to-peer mode, which is how wireless networks (LANs) work. By transmitting a Service Set Identifier (SSID) at a predetermined rate, generally ten times per second, APs make it easier for users to identify them. However, the broadcast time may be customized by the AP administrator. Simply said, the SSID is the identity of the AP that clients may use to join the wireless connection. The list of SSIDs for the accessible APs is visible to clients using wireless network interface cards (NICs) (Tanenbaum and Feamster). The user can then choose an AP from the list. The client can connect to the network and utilize the network resources allowed by that AP without requiring authentication if the AP is unprotected; otherwise, authentication is needed. APs are often defaulted to being unsafe. When adding the AP to the network, controllers must activate security. The mechanisms that are used by the bluetooth as well as the policies in the protocol are discussed in the sections below. Additionally some of the aspects of error control and flow are also tackled within this protocol.
Mechanism and Policies of the Protocol
Mechanisms of the protocol
The media access control protocol used by IEEE 802.11 wireless LANs is known as Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA). The working mechanism is completely different even if the name sounds similar to Ethernet’s Carrier Sense Multiple Access with Collision Detection (CSMA/CD) (Gulasekaran and Sankaran 40). WiFi systems utilizes half-duplex shared media arrangements, in which every station uses the similar radio channel for transmission and reception.
Since a station cannot hear while it is transmitting, it is difficult to detect a collision in a radio system. As a result, the developers of the 802.11 standards created a collision prevention system known as the Distributed Control Function (DCF). A WiFi station will only transmit when the channel is clear, according to DCF. Every broadcast is acknowledged, so if a station doesn’t get one it believes there was a collision and attempts again after a random waiting period. As traffic volume grows or when mobile stations can’t hear one another, crashes will happen more frequently.
Policies of the protocol
As long as resources and goals allow, information technology is committed to ensuring as much ubiquitous wireless coverage as feasible in public areas. The Chief Information Officer, in collaboration with other university administrators, will choose which wifi areas be installed and maintained first using the following criteria:
- The number of people using a university facility; Public Service Areas that are often used by sizable user groups will be given first preference.
- A requirement for the space’s services as stated by an educational or academic institution’s mission.
The central management authority for all 802.11x wireless LAN systems used by the University will be Information Technology (IT) (Tanenbaum and Feamster). A division of Information Technology, which will also be responsible for overseeing spectrum management inside the boundaries of the Lawrence and Edwards campuses as well as any other remote site or office that is directly connected to the campus network.
Communication Guidelines
The descriptions of these standards are given below.
802.11a and 802.11b
The 802.11 committees approved the 802.11a and 802.11b specifications in 1999. Despite being approved by the council simultaneously, the 802.11a and 802.11b rules are incompatible. In its communication, the 802.11a standard can handle 54Mbps of data. The 5GHz frequency, which allows eight simultaneous channels at a distance of up to 50 meters, was utilized to send data. Using the 2.4 GHz band, the 802.11b standard allows for 14 communication channels and 11Mbps of data over a distance of up to 100 meters.
802.11g
The IEEE 802.11g guideline was added to the list of wireless transmission standards in 2003. Similar to the 802.11a standard, the 802.11g standard allows 54Mbps of data connection while using the 2.4 GHz band, unlike the 802.11b standard. There are 14 channels available, with a coverage area of up to 100 meters, the same as the 802.11b standard. While incompatible with the 802.11a standard, the 802.11g standard is comparable with the 802.11b standard.
Security Guidelines
All 802.11 devices have security procedures built into them because the 802.11 committees understood the value of communication security while using open airwaves for communication (Tanenbaum et al.). For devices that accept the 802.11 standards, three security standards have so far been approved. WiFi Protected Access (WPA), Wired Equivalent Privacy (WEP), and WiFi Protected Access 2 (WPA2) (802.11i). The following is a summary and description of these standards.
Wired Equivalent Privacy (WEP)
The 802.11 standards included the Wired Equivalent Privacy (WEP) standard, however, by 2001 several flaws had been found in the requirement, resulting in the adoption of other standards (WPA). WEP’s cryptographic flaw was partially on purpose. When WEP was first introduced, 40-bit keys were the maximum size for cryptographic keys that could be exported to other countries (Tanenbaum and Feamster). Short keys’ vulnerability is exacerbated by the WEP standard’s use of a single static common key without a key generation update mechanism. Longer keys, 128, 152, or 256 bits long, are included in certain WEP implementations, however, these are non-standard and incompatible.
WiFi Protected Access (WPA)
All of the flaws in the WEP standard are fixed by the WiFi Protected Access (WPA) standard. The WiFi Alliance created this standard in 2003 to remedy the security holes in WEP8 before the 802.11i (WPA2) standard was formally adopted. A variant of the 802.11i standard is WPA (WPA2). All 802.11 device versions, including the previously mentioned 802.11a, 802.11b, and 802.11g, are protected by the WPA security standard. On WiFi-certified devices, WPA is typically available as a system update. The software for Access Points (AP) must be updated. The network interface card (NIC) software on client workstations has to be updated, and perhaps the operating system as well (OS). A Remote Authentication Dial-In User Service (RADIUS) authorization server is an option for businesses. Users can avoid the extra deployment and support of a RADIUS authorization server in homes by using a shared password option (Tanenbaum and Feamster). WPA offers both user authentication and a powerful encryption method. The Temporal Key Integrity Protocol (TKIP), which uses 128-bit keys that are produced dynamically, is used by the WPA standard for encryption.
Extensible Authentication Protocol (EAP) and the 802.1X authentication protocol are used in a corporate context to create keys (EAP). Both wireless and wired networks employ the network access control mechanism known as the 802.1X protocol, which was accepted by the IEEE in August 2001. A variety of user credential types, such as secure IDs, smart cards, usernames/passwords, or any other kind of user identification, may be supported by the 802.1X protocol thanks to the usage of EAP. To confirm client access to the network and to let connected clients know they are communicating with legitimate APs once on the network, clients and Access Points (AP) both authenticate against the RADIUS server.
Pre-shared keys (PSK) or credentials are utilized to offer TKIP encryption in a domestic setting. In the WPA standard, a user must either provide access to the RADIUS server, which authenticates them, if enterprise security is used, or manually input their password on their user device and Access Point if enterprise security is not (Tanenbaum and Feamster). A distinct master or “full set” key is generated for the session after a user has been authenticated. To produce specific data encryption keys for each data packet delivered during the session, TKIP distributes the pair-wise key to the user and Access Point (AP). When organizational security (RADIUS) is used, a Message Integrity Check (MIC) prevents “man in the middle” packet tampering by forcing both the transmitter and recipient to calculate and compare the MIC, supposing an attack, and rejecting the packet if the MIC doesn’t match.
WiFi Protected Access 2 (WPA2 (802.11i))
A superset of WPA is the WiFi Protected Access 2 (WPA2) standard, often known as 802.11i. It consists of PSK authentication for domestic settings and 802.1X/EAP identification for corporate settings. In addition, the Advanced Encryption Standard (AES) encryption method has been included. To provide ad hoc networking safety between client workstations, it has been included. Using keys with a bit size of 128, 192, or 256, provides encryption. All WiFi devices currently on the market, including WPA devices, are completely compatible with the WPA2 protocol. In 2004, this standard was approved.
Error and Flow Control Methods
The goal of error control is to make sure that every frame gets delivered to its destination, ideally in the correct order. It needs three things, which are described below, in order to guarantee delivery.
Acknowledgement
The “acknowledgement with retransmission” model is typically used to provide reliable delivery, in which the receiver sends a specific ACK frame back to the sender to confirm proper frame reception. For wrongly received frames, the receiver in some systems will additionally send back a negative ACK (NACK). As a result, it instructs the sender to send a frame again immediately after a timeout expires.
Timers
Recovery from a lost frame, which results in a failure to request an ACK or NACK, is one issue that basic ACK/NACK methods fall short of solving. What transpires if ACK or NACK is misplaced? Retransmission timers are employed to transmit frames again in the event that there is no ACK. Set a timer to expire at a certain point after the ACK ought to have been received when we transmit a frame. Retransmit the frame if the timer reaches 0 instead.
Sequence Number
Frame duplication is possible with retransmission. Each frame has to have a sequence number added in order to eliminate duplication and allow a receiver to distinguish between new and old frames.
Flow Control
It deals with slowing down the sender’s pace to match the receiver’s speed. There are two methods for controlling flow:
Feedback-based flow control
The recipient provides feedback to the sender, granting permission to communicate further data or at the very least requiring the sender to provide an update on the recipient’s condition.
Rate-based flow control
Without utilizing feedback from the receiver, the protocol contains a built-in mechanism that restricts the rate at which the sender may communicate data. The different flow control techniques share a common interface that has clear guidelines for when a sender may send the subsequent frame. These kinds of constraints sometimes forbid sending frames until the receiver has given consent, either explicitly or implicitly. All data carried through wireless networks can be passively observed if authentication and encryption methods are not employed, and unauthorized users can get access to the network to conduct additional attacks or siphon off bandwidth. Given that not all identification and encryption mechanisms are safe, the techniques should be chosen with caution.
WPA
The WiFi Alliance introduced WiFi Protected Access, a better security standard, in 2002. (WPA). This protocol was created as a temporary fix until the 802.11i standard was adopted and incorporates a portion of the 802.11i security standard (Suharyanto). Protection researchers discovered a vulnerability in WPA when short phrase-only keys are used, even though it offers more security than WEP. The problem is not with the protocol itself, but rather with the fact that many WPA-enabled products let users set up short keys that are simple to crack (Antonioli and Payer).
Strong WPA keys should resist brute-force dictionary assaults by having over 21 alphanumeric elements that make up absurd words. Additionally, RC4 encryption, on which WPA is built, makes it vulnerable to a packet-forging attack. Nevertheless, WPA should be regarded as offering more than enough security for the majority of users.
WPA2
Whereas most users find WPA to be secure enough, WPA2 is the recognized security protocol that fully implements the 802.11i security standard. It was introduced in 2004 and uses the Advanced Encryption Standard (AES) to provide corporate and government-grade security. Unlike WPA, it is not vulnerable to packet-forging attacks (Thandeeswaran et al.).
802.11x
Businesses should think about installing complete 802.11x solutions to safeguard their data. A user and a back office RADIUS server can use dynamic WEP and mutual authentication with 802.11x. If reciprocal authentication is employed, this offers access verification that is more reliable and secure than MAC addressing and removes vulnerability to man-in-the-middle attacks.
Added encryption and authentication for end-to-end encryption
Only data flowing via wireless connections are encrypted and authenticated using authentication and encryption protocols like WEP, WPA, and WPA2. Sensitive information on the wired network, however, might be made public if a hacker enters the wireless connection without authority and the WLAN network links to it. To lessen this risk, extra authentication and encryption should be employed to encrypt the data end-to-end, such as that offered by Secure Sockets Layer (SSL), Transport Layer Security (TLS), and/or Virtual Private Networks (VPNs) (Zacker).
Use Straightforward-to-Configure Gadgets
Wireless networks and gadgets that are improperly configured are the sources of many security attacks. This is directly related to how challenging it is for the typical user to set up their systems appropriately (Tanenbaum and Feamster). At the touch of a button, products like the Buffalo AirStation and Linksys routers that feature SecureEasySetup can be utilized to secure entry points and devices.
Establish and Uphold Security Regulations
The chance of successful assaults on wireless networks can be decreased by using well-defined policies for granting or restricting wireless access. Turning off wifi connectivity while not at home or during off-peak hours is one such rule.
Establish a separate wifi network just for workplace guests. Only allow connections from gadgets with strong signals, such a wireless network wouldn’t interact with the wired network.
A poor signal indicates that the device trying to connect to the wireless connection is far away and probably not in the actual building since the signal strength of a wireless connection is inversely related to the range of the device to the access point.
- Make use of the most robust WEP, WPA, or WPA2 keys.
- Ad hoc networks shouldn’t be permitted, including those that enable wireless peer-to-peer communication between gadgets.
- It should be forbidden to install unauthorized access points on a network without permission.
- Gadgets should be set up such that they only permit connections to recognized wireless networks, not the ones with the highest signal.
- Prevent dual-homed (i.e., Ethernet and wireless) devices from being present on the network.
Use Solutions for Intrusion Detection
Intrusion detection tools can be used to monitor the wireless network for improper or unusual activities. Products from companies like Red-M, AirDefense, and AirMagnet guard against rogue APs, wireless phishing like Evil Twin attacks, inadvertent associations, and other known and unknowable risks. Additionally, the majority of Intrusion Detection (ID) solutions enable endpoint control, centralized administration, and the identification of dangerous setups (Palattella et al.).
Explain Protocol Filters
Inappropriate or unusual traffic can be restricted or blocked using protocol filters. In particular, creating a protocol filter might prevent the usage of unusually large Internet Control Message Protocol (ICMP) packets, which are frequently used in Denial of Service (DoS) assaults.
Relaying and Multiplexing Aspects
There are two routes that the development of wireless connectivity seems to be taking. Future 802.11 standards exist. 802.11n, the next generation, has already started. In addition, new technologies are developing that offer wireless networks substantially wider area coverage. This new standard, 802.16, is also known as WiMax. Wireless technology, which Bluetooth and WiFi both rely on, employs radio waves at certain frequencies to enable communication between capable devices. One of the ways that WiFi and Bluetooth are alike is this (Tanenbaum and Feamster). The primary distinction between WiFi and Bluetooth is how they are used and how strong or far they can transmit signals. Another resemblance between Bluetooth and Wifi is that both establish networks, however, Bluetooth is designed for extremely short distances and often has a weaker signal. When a Bluetooth headset goes too far away from your mobile phone, signals frequently stop working since Bluetooth transmissions are typically only effective for 10 to 15 feet from the host equipment to the “moving” device.
However, certain technologies have a significantly wider range; for example, some high-quality headsets, provided there is no interfering signal, have a reliability range of up to 60 feet. You can connect your laptop to your mobile phone, if it has Bluetooth capabilities, and browse the Internet on the computer without using a WiFi network as long as the PC has Bluetooth capabilities. However, Bluetooth-enabled devices are required, as opposed to WiFi-enabled ones.
Conclusion
While WiFi creates a Wireless Local Area Network, or WLAN, and is meant to connect computers and servers and can often provide “space” for a greater number of devices, Bluetooth creates a Personal Area Network or PAN. Wireless Fidelity, or WiFi. Common household appliances can cause a lot of interference for both broadcasts. Around power plants, transformers, and power lines, Bluetooth and WiFi performance can suffer as well. Any system or equipment that produces a lot of power uses a lot of it or has RF technology that can obstruct wireless transmission and reception. The protocol follows the structure that was outlined in class.
Works Cited
Ali, M. Zulfiker and Jelena Misic. Protocol Enhancements And Performance Analysis Of WiFi Networks. 2021.
Gulasekaran, Susinder Rajan and Sundar Gandhi Sankaran. Wi-Fi 6 Protocol and Network. Artech House Publishers, 2021.
Palattella, Maria Rita, et al. Ad-Hoc, Mobile, and Wireless Networks. Springer Nature, 2019.
Zacker, Craig. CompTIA Network+ Practice Tests. John Wiley & Sons, 2021.
Thandeeswaran, R., et al. Managing Security Services in Heterogenous Networks. CRC Press, 2020.
Suharyanto, C. E. Potential Threat Analysis Hypertext Transfer Protocol and Secure Hypertext Transfer Protocol of Public WiFi Users (Batam Case). 2019, Web.
Antonioli, Daniele and Mathias Payer. “On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats.” 2022 IEEE Security and Privacy Workshops (SPW), 2022.
Tanenbaum, Andrew S., and Nickolas Feamster. Computer Networks. Pearson Education, 2019.