Anda di halaman 1dari 103

SHEFFIELD HALLAM UNIVERSITY

Faculty of Arts, Computing, Engineering and Sciences


Identifying and analyzing the impact of security threats in
Wireless Local Area Network (WLAN)
This dissertation does NOT contain confidential material and ths can !e
made a"aila!le to staff and stdents "ia the li!rar#$
A dissertation s!mitted in %artial flfillment of the re&irements of Sheffield
Hallam Uni"ersit# for the de'ree of Master of Science in Net(or)in' *rofessional$
SU*ERVISED +Y, SU+MITTED +Y,
Dr$ Samir Al-.ha#att Ra)esh Narla
MSc Net(or)in' *rofessional
Date, /0-/1-2//3
1
Ac)no(led'ement
Every good work however big or small is motivated by an inner instinct and urge !any
a times, it is suppressed and doesn"t find e#ternal manifestation $utside inspiration is
essential to give it concrete shape and make the effort come out in a presentable form %
&he satisfaction of the successful completion of any task would be incomplete without
the e#pression of gratitude to the people who made it possible ' acknowledge all those
who have guided and encouraged me in this endeavour
' take this opportunity to e#press my deep sense of gratitude and sincere thanks to my
tutor (r Samir Al)*hayatt who has always been a tremendous source of inspiration and
valuable help in channelling my efforts in the rite direction ' sincerely thank my
university Sheffield +allam ,niversity for providing very good facilities in the library
while doing this pro-ect ' also thank my teaching and non)teaching staff for their co)
operation
' do not forget to e#press my gratefulness to my family for their moral support ' also
wish to thank my friends and tutors who have taken part in the survey, whose valuable
suggestions and constant encouragement helped me in giving completeness to this pro-ect
which would not been possible otherwise
.astly but not the least, ' would like to e#press my gratitude to all those who have
directly or indirectly helped me in times of need during this pro-ect
/
A!stract
0ireless networks are being deployed everywhere from homes, universities to mobile
service providers 0ireless network add a number of benefits when compared to a wire
network 1.A23 0ireless technologies allow users to connect their portable devices to a
network and access the internet without any physical network port 0ireless networks are
gaining more attention because of its ease of deployment 4ut along with these benefits it
also posses a great security risk as the data is transferred by using air as the medium
Safeguarding the information travelling across the wireless networks has become the
primary and essential part of any wireless network Confidentiality, 'ntegration and
Authentication are the main goals of security
&his pro-ect primarily focuses on the various 'EEE 56/11 standards, security goals and
security threats in 0ireless .ocal Area 2etwork 10.A23 0E7 which is the protocol
that was developed to provide confidently and integrity has loop holes in it 8arious
0.A2 data is collected from books, articles, -ournals, students, tutors and professionals
9uestionnaire was uploaded onto the internet to find out the users knowledge about
setting up 0.A2 &hese findings were used to conduct e#periments and find the loop
holes in the network that make them unsecure
&his pro-ect concludes with testing the impact of these security threats that can be
performed on the network if correct settings are not enabled .astly a security framework
is recommended that can be used by different users to secure their 0.A2
:
4ontents
*a'e no
Ac)no(led'ement /
A!stract :
A$/ *ro5ect La#ot ;
A1 'ntroduction ;
A/ .iterature <eview ;
A: <esearch method ;
A= 'nvestigation !ethods and <esults ;
A> 7roposed Security Framework ;
A? Conclusions ;
A; Critical Evaluation ;
6$/
Introdction 5
11 Aims and $b-ectives @
2$/ Literatre Re"ie( 1/
/1 7LAN To%olo'ies 1:
/11 '4SS 1:
/1/ 4SS 1:
/1: ESS 1=
2$2 +asic IEEE 3/2$66 Standards 1?
//1 FreAuency hopping spread spectrum 1F+SS3 1?
/// (irect SeAuence Spread Spectrum 1?
//: 'nfrared 1?
//= 'EEE 56/11b 1;
//> 'EEE 56/11a 15
//? 'EEE 56/11g 15
//; 'EEE 56/11h 15
//5 'EEE 56/11i 1@
2$8 Secrit# Threats in 7ireless Net(or)s 1@
/:1 7assive Attacks /6
/:/ Active Attacks /6
/:: Attacks against the 0E7 /1
/:= $ne way Authentication /1
/:> 0eak *ey /1
/:? <eplay Attacks /1
/:; !an)in)the)!iddle Attack /1
/:5 (enial of Service 1(oS3 //
/:@ Session +i-acking //
/:16 Bamming /:
/:11 <ouge Access 7oints /:
/:1/ 7hysical &hreats /:
=
2$9 :oals of Secrit# /=
/=1 Authentication /=
/=11 $pen Authentication /=
/=1/ Shared *ey Authentication />
/=/ Confidentiality /?
/=: Encryption /?
/== 'ntegrity /;
/=> 8ulnerabilities and Flaws in 0E7 /;
/=>1 <eused and small siCed '8"s /5
/=>/ *ey (istribution /5
/=> 07A /5
8$/ Research Methods :6
8$6 Research 7heel :6
:11 (eductive Approach :6
:1/ 'nductive Approach :6
8$2 ;alitati"e and ;antitati"e Methodolo'# :1
:/1 9ualitative :1
:// 9uantitative :/
8$8 Sam%lin' ::
::1 7robability Sampling :=
::/ 2on)probability Sampling :=
8$9 Sr"e# Desi'n :>
:=1 9uestionnaire :>
:=/ E#periments :?
8$0 Ethical Isses :?
9$/ In"esti'ation Methods and Reslts :@
9$6 Anal#sin' the Data 'athered from the ;estionnaire :@
=11 (ata Collection 7rocedure :@
=1/ Age Droup :@
=1: &ype of ,serE =6
=1= &ype of connection used to connect to the network =1
=1> &echnology currently using =1
=1? ,ser reAuirements associated with wireless =/
=1; 0ireless Standards =/
=15 Awareness of Security threats =:
=1@ 'dentifying and classifying the threatsFattacks =:
=116 Awareness of Authentication 7rocess =>
=111 Authentication 7rotocol =>
=11/ Awareness of Encryption 7rocess =?
=11: Encryption 7rotocol =;
=11= $pen 9uestion =;
9$2 E<%eriments =5
=/1 E#periment 7rocedure =@
>
=// E#periment 1E Configuring the <outer 1Access 7oint3
with default settings
=@
=/: E#periment /E Configuring the Access 7oint with !AC
address filtering
>/
=/= E#periment :E Enabling Security !ode 0E7 >>
=/=1 (ecrypting 0E7 traffic >5
=/=/ Auditing 07AF7S* 2etworks >5
=/=: 'dentifying the Four)0ay handshake ?6
=/== Auditing the 7S* 17re)shared)*ey3 ?6
=/> E#periment =E Enabling 07A/ personal mode ?1
=: Alternative !ethods ?/
0$/ *ro%osed Secrit# Frame(or) ?=
0$6 +asic Re&irements ?=
>11 Deneral ,sers ?>
>1/ 2ovice ,sers ?>
>1: Advanced ,sers ?>
>1= E#pert ,sers ??
=$/ 4onclsions ?5
=$6 4onclsion ?5
>$/
4ritical E"alation ;1
>$6 The Research A%%roach ;1
>$2 Achie"ements ;1
>$8 Lessons Learnt ;1
>$9 *ro5ect Mana'ement ;/
>$0 Ris) Assessment ;:
3$/
References and +i!lio'ra%h# ;=
1$/ A%%endices ;@
Appendi# AE <esearch 7roposal 56
Appendi# 4E 9uestionnaire @/
Appendi# CE 7ro-ect !anagement @?
Appendi# (E Abbreviations @;
?
A$/ *ro5ect La#ot
A$6 Introdction ?4ha%ter 6@,
&his chapter describes the pro-ect layout and its purpose &his chapter also describes the
aims and ob-ectives of the pro-ect
A$2 Literatre Re"ie( ?4ha%ter 2@,
'n this section the theoretical and academic grounding of wireless .A2 security are
discussed 't mainly discusses the work that has been done before, and focuses on the
research topic &he research wheel is considered and relevant information has been
gathered from books, research papers 0.A2 topologies, 'EEE 56/11 standards, various
security threats and goals of security are discussed A critical review of the relevant
literature is presented
A$8 Research Method ?4ha%ter 8@,
&his chapter will discuss the essential tools for doing a research <esearch methodologies
9ualitative and 9uantitative are discussed &o answer the research Auestion, it is
important to gather data from people, sampling techniAues are detailed and the most
suitable techniAues are chosen Also this chapter details the ethical issues that have
considered while collecting the data through Auestionnaire and while conducting
e#periments
A$9 In"esti'ation Methods and Reslts ?4ha%ter 9@,
&his chapter discusses about the methods used to collect the data (ata is collected by
uploading the Auestionnaire onto the internet &he findings from the data are also used to
conduct e#periments and the results are discussed
A$0 *ro%osed Secrit# Frame(or) ?4ha%ter 0@,
For the data collected and the results from chapter =, this chapter proposes a security
framework that can be used to build a secure 0.A2
A$= 4onclsions ?4ha%ter =@,
&he chapter is to give valid conclusion from the knowledge gained and from the data
collected &he ob-ectives at the start of the pro-ect are show how they are achieved
A$> 4ritical E"alation ?4ha%ter >@
&his chapter details my dissertation work that has given me the opportunity to learn and
broaden my thinking in the field of study &his chapter also details the outcomes ' have
gained from this work

;
4ha%ter 6
5
6$/ Introdction,
0ireless local area networks 10.A2s3 deployment has become more economical than
installing a wired network in the present world 0ireless technology because of its
promotion in the marketG allow services and applications to grow at a remarkable pace
8ast 'nternet users are bound to wire network, but the wireless technologies have broken
these boundaries +ome users have services that have been integrated with various
technologies that make life convenient 4luetooth, ultra wide band 1,043, Higbee and
0.A2 are the network services that a home user can benefit from 'n a study by 7ark
and (icoi 1/66:, p?63 it was found that cooperates that have implemented 0.A2 has
increased the productivity, by making the network available ;6 minutes more per day
Computer security deals with implementing security measures for a single computer, to
protect the resources stored on the computer 0hereas network security involves
protecting the resources on the network from unauthorised access and threat control 'n a
recent paper by .EE, Bu)A et al 1/66?3 it states that 0.A2 communication
technologies have a problem with the access point as it cannot control the transmission
range% So, it is necessary to have an authentication process that will allow only
authorised user to use the resources +owever security on wireless network is more
complicated than a wired network Encryption, Authentication and (ata 'ntegrity are the
three basic components of network security
According to Cole et al 1/6653 they state that &he basic internet protocols provide no
confidentiality protection% &his means that a hacker can capture the packets being
transmitted between the Access 7oint 1A73 and work station and can misuse the
information &he 56/11 standard are the widely deployed standards for implementing a
0.A2 4ut the 'EEE 56/11 standards have loop holes that can be e#ploited by the
hacker Constant amendments and various standards have been released by 'EEE 56/11
group to make the 0.A2 secure &his research, e#ploits the various standards available
in the market, study their strength and weakness and produce a framework that will
enable a user to deploy a secured 0ireless .ocal Area 2etwork 10.A23

6$6Aims and O!5ecti"es
Aim, &he aim of this research is to identify the security threats in 0.A2s, analyCe them
and provide the countermeasures that would strengthen the security in 0ireless .ocal
Area 2etworks 10.A2s3
O!5ecti"es, 'n order to achieve my aim of this research the following ob-ectives are
detailed as followE

&o understand the currently available 0ireless .A2 standards
&o identify the key vulnerabilities and flaws in wireless security
@
&o investigate the current use of security enabled standardsFprotocols and their
impact on 0.A2
&o investigate the state)of)the)art security solutions 1framework3 that will
overcome the limitations of security in wireless local area network
16
Chapter /
.iterature <eview
11
/6 .iterature <eviewE
&o identify the information concerned to the research Auestion, it is
important to find and review the reAuired literature ' have used the
following figure by 0iersma and Burs 1/66>, p>=3 throughout my findings
1/
'dentify descriptors
1*eywords or phrases3
relevant to the problem
0rite the review of the
literature
'dentify source such as an
appropriate inde# of
retrieval system
7repare a complete
bibliography
7repare abstracts or
summaries for the reports
containing relevant
information
Separate the reports in order
or into categories of
relevance or importance
.ocate copies of reports to
be viewed
(elete nonrelevent
reports
'dentify titles of
potentially relevant reports
Fi're Flo( chart of acti"ities the re"ie( of literatre 7iersma and Ars ?2//0B %09@
'mplementing the Afd techniAue in the development of the softwa
(eveloping software packageIorganiCation which are developing software packages
should always look for shorter product life cycle and there is always a lot pressure to
develop software with low price with good Auality
'n ever changing technology in the software development industry there is always need
to, shorter product life cycles and ever increasing Competition puts a great pressure for
lower prices at good Auality 'ncreased cut throat competition has forced organiCation to
acAuire competitive advantages by releasing the products in the market place first and
providing the most advanced products to their clients offering under these Conditions,
reducing product development becomes an important competitive strategy 1Carmel,
1@@>3
&o reduce the cycle time without neglecting Auality assurance efforts
approaches to software development need to evolve%17han et al., 1@@>3
$ne task 1software module3 passing from one group to another in the system
development life cycle 1S(.C3 is no more a feasible alternate 1Ahituv and
2eumann, 1@5=3 Companies are increasingly realiCing that the old,
seAuential approach to developing new products simply won"t get the -ob
done% 1&akeuchi and 2onaka, n 1@5?3&o mark e#cellence in this
competitive environment, software development companies should change
there development process to deliver the products with speed ,fle#ibility and
with high Auality
A company can aim for product development at speed by considering a
faster phased approach by incorparting interation mechanisms at more than
one place such as physical pro#imity and more open communication flow
1Cordero, 1@@13 and it can also prototyping as different approach 1*raushaar
and Shirland, 1@5>, Benkins, 1@5: , Alavi, 1@5= 3Another approach is
concurrent approach in which product development process is developed
around cross)functional teams17into and 7into, 1@@6, Durley and Fry,
1@@:,Cordero, 1@@13
The cross-functional teams and concurrent approach
1:
Concurrent approach:- In this approach all the members of the
functional areas are closely tied as a team. All the assignments tied to
team are done concurrently and there are no phases. multi-functional
team members interexchange their views and information regarding
technical and functional challenges and their feasibility, market needs
etc to ensure effective product development and inter functional
needs 1Cordero, 1@@13
e engineering the firms through downsi!ing the teams and forming
cross functional teams ensures the producvity rather than
conventional way of organi!ing the tasks through forming the
traditional hierarchies based teams with professional groups 1*irsch
and Cummings, 1@@?3
"ost of the manufacturing firms tend to use the cross functional
team approach to ensure the lower production cycle time, top #uality
and high user satisfaction 14anker et al., 1@@?3'n the 'nformation
system, the operating teams looks the assignments more of in house
development rather than product development for client 1eg, 4anker et al.,
1@@1 G <ettig, 1@@6G Bones and +arrison, 1@@?3
As mentioned by !c*ay and Anthony 11@@/3, a variation in the concept of
forming teams 'e introducing a core team as a balancing the entire
integrated team 'n this view a small team is formed with cross functional
group 1core team3 will be responsible for undertaking the development of the
software pro-ect from end to end a pro-ect manager will head this core team
and he will be responsible for meeting the pro-ect"s planning and cross
functional activities coordination"s All the members in the core team
structure will be most efficient in sharing the technical and functional
information &his style of the team structure ensures the ma#imum e#tent of
cross functional cooperation and this is very instrumental in attaining
process to deliver the successful software 17into and 7into, 1@@63
0hen a firm e#ecutes this approach, an important issue
1=
0hen an organiCation adopts above approach, an important issue turns into
most effective management of pro-ect teams 1*irsch, 1@@?E +enderson and
.ee, 1@@/3 &he pro-ect management literature highlight"s the importance of
team building to ensure the proper understanding and cooperation among
pro-ect team members 17into and 7into, 1@@63 As &hamhain 11@@63
mentioned, for a team it is always a challenging to develop an integrated
group which understands and work towards the pro-ect ob-ectives as
different member in the team comes from different background and
e#pertise &o over come this challenge if the group has to more organiCed
with pro-ect plans and ob-ectives Selection of working members for such
team should be selected properly so that every should have good
interpersonal skills and work towards the main ob-ective of the pro-ect
1Cordero, 1@@13management should think above the traditional way of
motivating individuals it should reward the team 1$"(ell, 1@5@G Cordero,
1@@13
't is evident that by considering the concepts of cross functional teams and
concurrent approach it is possible to reduce the production cycle time
considerably
9uality
9uality plays a vital role in the providing the competitive position of the any
company Software application developing firms are under tremendous
pressure to provide the solutions on time 7oor product Auality will consume
additional efforts and increase the total production time of the deliverables
'nformation engineering 1'E3 and Software engineering have stressed the
importance of the application of engineering)like discipline in the
development of the software process 'ntegrated computer aided software
engineering 1')CASE3 advocates an automation to increase the
producvitythis will provide the improved methods in developing software
developing process but this will does not aid in improvement in the
understanding the development process &otal Auality management 1&9!3
was adoption from the manufacturing Auality literature was proposed by
some to improve the Auality in the software development activity
1>

*rocess im%ro"ement in soft(are en'ineerin'
According to (unn Software Auality can be defined in terms of fitness for ,seJ% K:, >, and 11L
$"4rien said as A software product can be fit for use if it shows some level of client satisfaction in
the functionality and continuous operation%
9uality can be achieved through a series of integrated tests as below
1 ,nit testing
/ 'ntegration testing
: String testing
= System testing
> Acceptance testing
Folkes and stunbenvoll says that user satisfaction is ma-orly dependent on the person using the
software application Some individuals points that testing is impractical as it is not possible for
developers to do complete testing of every possible case and logic hK1/,1:L Cho 11=3 has
suggested a statistical method to enAuiry the Auality of a software product development based on
acceptance sampling%

$utputs from the software development are compared with the outputs of a
manufacturing process. randomly some software program outputs are selected for
%esting when results of this meets the acceptable #uality level &A'(). %he product is
acceptable. Acceptance sampling approach to make inferences the software product
#uality is not much acceptable K1>Ldunn suggestes that reduction or minimysing the
management risks as an important element of software Auality,product performance and these
approach strongly supports the developing a software application rather then software product

(unnK11L also highlights the reduction of management risk as an element of
software Auality .ate delivery, cost overruns, inadeAuate product
performance,
and a short product life are management risks that must be controlled along
with fitness for use to achieve Auality software &hese management risks
relate
to the process of developing a software application and not the software
product itself &his methods are product oriented K5,11)1:,1?,1;L 7resently
there is no formal method for reAuirements specification and Auality &he
process of finding Auality problems through waiting for system failure is not
currently not advisable given the critical role plays by software developers
K=,@,15Lfinding failures through testing and inspection is not an effective
strategy &he iterative life)cycle and higher order specification 1+$S3
method have been used to combat such issues K>,?L&he above two methods
highlights more on the development of comple# software"s rather than the
less to moderate comple# software developments which can be
mathematically proven 1+$S3 and completely tested !oreover these treats
1?
cannot be minimiCed by addressing the software development after it has
been completed, risk reduction process should be a integral part of the
software development must occur as part K5,11,1:,1?,1@L
&9! techniAues advocates the software development that there is a need to
shift from an product focus which imparts Auality through inspection to a
process focus which introduces Auality into the software development
process ,nfortunately, the application of the &9! tools has a little progress
in the area of the software development many organiCations tries to apply
directly the &9! seven tools1/63 like Auality function deployment 19F(3
and statistical process control 1S7C3 without taking consideration of the
difference in the software development and manufacturing development
TQM techniques in software development
%here is a urge within #uality literature that %'" tools should be
improved for software development process K;,@,1:,/1,//L
&he Software Engineering 'nstitute 1SE'3 framework for Auality closely
follows with the company)wide Auality control 1C09C3 framework which
is the foundation of the Auality strategies used by the Bapanese K/:L &he top
layers of 1SE'3 and 1C09C3 frameworks highlights process Auality and
its improvement CardK//L, and !ills and 7oore K/=L advocates the use of
statistical process control techniAues to asses the stability and capability of
development efforts&he methods
7roposed are based on mean time between failure rates and observed
defects
&his shows the use of attribute% data for control purposes, which is most
elementary form of statistical process control K1>,/>L And detection of
defects was inappropriate for given critical role of software development in
many fields K15L
8ariables% data based identification of characteristics of the product is a
more advanced form of statistical process control K=,1>,15,/>L
1;
9uality function deployment 19F( 3 method is described in the Auality
literature as a instrumental tool in changing the high)level customer
reAuirements into process specifications
process specifications developed during the 9F( using the Critical
characteristics and their specifications K/;,/5L&he voice of the
customer%K/5L, forms the highest level of the company)wide Auality control
framework, provides the very basic deriving the process control,

0ireless technology is being deployed everywhere 0ireless communications is the
process of communicating infor mation in the form of electronic magnetic media in the
free space over the distance, rather than through traditional wired or other physical
conduits 0ireless installations do not use wires when compared to the wired network
1.A23 4ing 1/66/, p13 states that M&he prohibitive cost of building wired network
infrastructure has paved the way for wireless networking on a global scale" Security,
price, reliability and many more are the ma-or factors concerned when deploying a
0.A2 ,sers can move around to different locations and can access the network through
access points 1A73 &he ma-or concern with wireless is protecting the means of bhf# kch-
*arygiannis and 9wens 1/66/3 believe that as airwave is the medium for communication,
this technology is open for the intruders which make them less secure 4ut, as
deployment of wireless is almost everywhere, there are number of security settings and
procedures that make the wireless network secure 0aveform transmitter and the receiver
are the two components found in 0ireless .A2"s additional to or different from those
found in the wired network 1.A23 4ut the transmitters and receivers will vary
depending on the wireless technology and the radio freAuency used
2$6 7LAN To%olo'ies,
56/11 networks can be fle#ible in their design and can be deployed in three types
'ndependent basic service sets 1'4SSs3
4asic service sets 14SSs3
E#tended service sets 1ESSs3
2$6$6 I+SS,
Also called as ad)hoc network, which consists of group of 56/11 stations communicating
directly with one other &his type of network is created when individual client"s devices
form a self contained network without use of access point &here is no pre)planning or
site survey to setup such a network, these are usually small and last long enough for the
communication to happen till the necessary information is shared +uang and .ai 1/66/3
in their paper state that the ad)hoc network is useful when the infrastructure mode is not
15
available &his means that when there is no access points 1A73 to connect to the network,
ad)hoc network is to be considered
2$6$2 +SS,
&his type network consists of 56/11 stations communicating with each other &his
network reAuires specialiCed stations which are known as access points 1A73 &his A7
will act as the central point for the communication for all the stations in the 4SS &his
means that unlike the '4SS, the clients do not communicate with each other directly,
rather they communicate with the intermediate device A7, and the A7 forwards the
frames to the destination stations Figure /1 below shows an infrastructure 4SS 0.A2

Fi're 2$2, +SS 7LAN
1@
A*
User 6 User 8 User 2
2$6$8 ESS,
'n this type of network multiple infrastructure 4SSs can be connected via the uplink
interfaces &hese uplinks interfaces connect the 4SSs to the distributed system 1(S3
&hese collection of 4SSs connected via the (S can be called as ESS Figure /: below
shows a typical ESS 0.A2 <oshan and .eary 1/66>, p/:3 state that M&he uplink of the
(S does not have to be via a wired connection" &he 56/11 specifications leaves the
potential to be wireless, but for the most part of (S links its wired


/6
0ired 2etwork
1(S3
0ired 2etwork
1(S3
User 6 User 8 User 2
User 9
A*
A*
Fi're 2$8, ESS 7LAN
&he main concern with wireless technology is the security +ow secure is their network,
is the ma-or concern for most of the network administrators According to 2orton and
Stockman 1/6663 securing a network does not mean, securing the network against
specific attacks, but securing the whole areas of network"s structure and operations
'EEE has developed standards under the 56/11 umbrella which classify the working of
wireless .A2s &he section below describes the various standards available in the 56/11
and says which is the current technology and best technology to be used
2$2 +asic IEEE 3/2$66 Standards,
0ithin the 'EEE 56/ standards group, a new community was setup to deal with the issues
evolving 0ireless .A2 0eing 11@@?3 argues that the community has started collecting
the data for wireless since 1@@6 Starting from 1@@@, these standards can be considered to
symboliCe, the foundation of wireless standards by the 'EEE For the transportation of
frames defined for !AC operations, the 'EEE 56/11 standard defined three physical
layers &he 7hysical layer operations included another two <adio FreAuency 1<F3
methods called F+SS and (SSS
2$2$6 Fre&enc# ho%%in' s%read s%ectrm ?FHSS@,
F+SS 0.A2s can support 1!bps and /!bps data rates and works at physical layer A
pseudo)random number is selected to toggle between freAuencies, which makes the
station to switch from one freAuency to other freAuency <oshan and .eary 1/66=3 state
that M&he hopping seAuence must hop at a minimum rate of /> times per second and
must contain a minimum of si# channels 1? !+C3% &his means that to minimiCe the
e#tent of collusions, the hopping seAuence has to be broken down into different sets of
length &his techniAue reduces the impact on the interface it is communicating
2$2$2 Direct Se&ence S%read S%ectrm,
,nder 56/11 specifications (SSS is another physical layer &his also works at the data
rate of 1 !bps and / !bps &his <F communication was basically developed to
overcome the -amming signal 4asically speaking the modulation approach under the
spread spectrum uses a higher spectrum bandwidth to communicate information at
relatively lower rates
2$2$8 Infrared,
(iffused infrared 1'<3 is the third physical layer which is supported by the 'EEE 56/11
4ut Dilbert 1/66:, p/@3 makes a point that there is no manufactured eAuipment that
supports the 'EEE '< standard For all the three physical layers 'EEE 56/11 could not
/1
achieve speeds higher that / !bps which was not sufficient for most applications to
function properly So, in order to address these problems 'EEE 56/11 then introduced
56/11 standards in series &he logical layout of the $S' layer and the working of 'EEE
standards are shown in the figure /=

Fi're 2$9, OSI la#ers (ith IEEE standards
//
Application
7resentation
Session
&ransport
2etwork
7hysical
(ata .ogical .ink Control 1..C3
.ink
!edium Access control 1!AC3
56/11
2$2$9 IEEE 3/2$66!,
&he 'EEE 56/11b in 1@@@ introduced first draft on high)rate (SSS 1+<)(SSS3, which
enabled users to operate their 0.A2 up to and including >> !bps and 11 !bps in the
/= D+C to /=5 D+C 'S! band &his is also called as 0iFi 10ireless Fidelity3 &he
56/11b wireless standard specifies the physical and part of data link layer of the $S'
model ,nlike, the 56/11, 56/11b removes F+SS as the data transmission mode
establishes (SSS as the standard transmission technology 't does so because (SSS can
handle weak signal properly 2ichols and .ekkas 1/66/3 believe that some 56/11b
compliment eAuipment offers an optional encryption of 1/5 bit &his states that the data
being transmitted is in encrypted format and would be difficult for the third person to
read the data easily
Few vendors are also manufacturing 56/11b eAuipments with a 2etwork 'nterface Card
12'C3 that provide a uniAue !AC address with a uniAue private and public key &his
would enable the network administrators to configure their access points with the pre)
generated key and can make the network more secure and prevent the attacker from
breaking into the system via !AC address spoofing 4ut, as the 56/11 b devices operate
at the /= D+C band, there is a significant interface from other products operating at the
same range such as microwave ovens, 4luetooth devices and cordless telephones
According to the observations made by Clincy et al 1/66?3 the transmission delay is
caused due to the protocol con-unction and there was also some delay caused due to the
bandwidth &his could be the reason most of the 56/11b being replaced by the 56/11g
networks offering >=!bps bandwidth when compared to 11 !bps bandwidth provided
by the 56/11b
2$2$0 IEEE 3/2$66a
At the same time the 56/11b 1@@@ draft introduced +<)(SSS 7+N, the 56/11a 1@@@
draft introduced the $rthogonal FreAuency (ivision !ultiple#ing 1$F(!3 7+N for the
>D+C band 't operates at the bandwidth of >=!bp and uses $F(! as the multiple#ing
techniAue 56/11a and 56/11b are not interoperable as they operate at different
bandwidths According to !itchell 1/6663 the freAuency range of >D+C is regulated,
which means that 56/11a utiliCes freAuencies that are not used by other commercial
wireless products such as microwave oven and cordless phones 56/11a is sometimes
also referred to as 0i)FiG this is to say that it operates in > D+C band 'n a white paper by
&anCella 1/66/3 the author states even though 56/11a supports much higher rates that
56/11b, the effective transmission distance is much shorter than 56/11b &his means
because of its short range and non overlapping channels this standard can be used in
densely populated areas
2$2$= IEEE 3/2$66'
Approved in Bune /66:, 'EEE 56/11g introduces E<7 to support data rate up to >= !bps
in the /= D+C 'S! band &his standard uses $F(! for modulation which is similar to
56/11a, but the main difference is that it is backward compatible with 56/11b devices,
because 56/11g devices can fall back in data rate to the slower 56/11b speeds 4ut, if
/:
all the devices are 56/11g standard then all the transmission takes place at relatively high
data rates available 0hen 56/11b devices are introduced, the header format will be
rolled back to 56/11b rates, so that the older devices can understand 'n the simulation
study by Clincy et al 1/66?3 they observed that the transfer rates were 15 !bps and not
>= !bps &his indicates that the theoretical value differs when it come to practical
implementation As 56/11g stations will be able to work together and coe#ists with
56/11b networks, this makes 56/11g attractive for the increasing capacity of already
rolled out 56/11b networks !ost of the home based networks are using 56/11g
networks, which makes this mode widely usable
2$2$> IEEE 3/2$66h,
0ith a focus on 56/11a and the > D+C band, (ynamic FreAuency Selection 1(FS3 and
&ransmitter 7ower Control 1&7C3 are defined by the 'EEE 56/11h &he main cause for
applying these schemes is spectrum sharing and efficiency, 9oS support and energy
consumption &o operate its 4SS on a selected freAuency channel, an access point 1A73
needs to know the position of all other freAuency channels which the access point can
access 'n order to select the select a particular channel, the A7 needs collect information
of all other channels as well &his is performed by the standardiCed channel measurement
by the A7 and the other stations As the measurement results of the A7 need not be
reported to other channels, standardiCed is not important 0alke et al 1/66?3 state that
M&cp is difficult task in 56/11 networks% &hey make the above statement because,
within 4SS every station as a part of (CF needs to detect all transmission frames, which
clarifies that there is no peer links between the two stations that are sub-ect to &C7 4ut
to meet the future authoritarian reAuirements, for increased spectrum efficiency and to
reduce interference imposed on other networks, &C7 is standardiCed in 56/11h
2$2$3 IEEE 3/2$66i,
7rivacy and security have become increasingly critical elements with the developing
56/11 standards 'n the legacy 56/11 protocols, there were number of problems in the
algorithms for providing security &he ma-or security enhancements in security with
respect to security encryption and authentication are defined by 56/11i in /66= 'n
56/11 two basic security mechanism were introduced
Entity Authentication, which includes open system and authentication with shared
key
0ired EAuivalent 7rivacy 10E73
4ut both of them were proved to be vulnerable &herefore to enhance the overall security
of 56/11, 56/11i has been developed 56/11i not only introduced key management and
establishment, it also developed encryption and authentication process 56/11i defines
two classes of security for 0.A2 ie <SA and pre)<S2 'n open system authentication,
there is no algorithm defined, it simply authenticates based on the identity, but while
using shared key authentication, a secret key is used for authentication &his key has to be
known at both the sides before authentication process 56/11' provides several forms of
encryption which includes AES)based encryption scheme and a strengthened version of
0E7 encryption
/=
2$8 Secrit# Threats in 7ireless Net(or)s,
&he speed of using 0ireless .A2 for private communications is rapidly increasing As
the wireless .A2 development increases, so does the challenge to provide security to
these networks 0.A2 uses air medium to transfer the data, so when compared to wired
.A2, the security challenges increase 0.A2s security issues are no different form
wired .A2, but there are some distinctive issues when concerned to 0.A2s An
investigation by Dreen et al 1/66:3 identified a number of challenges faced by 0.A2
technologyG these include unclear standards, spotty security, limited range, hidden costs
and lack of interoperability Apart from the conveniences and advantages of cost saving
in wireless .A2s, there are also some inherent risks and vulnerabilities And one of the
most cited problems with 0.A2 is security &here are various attacks that can be
performed against the 0.A2 Curran and Smyth 1/66>3 states that wireless attacks can
be classified in two general attacksE passive and active attacks%
Attac)s
*assi"e Attac)s Acti"e Attac)s
Fi're 2$0, 4lassification of 7ireless Attac)s
2$8$6 *assi"e Attac)s,
'n this type of attack, changes do not occur on the system, the primary purpose of the
attack is to e#amine and record the data 'lyas and Ahson 1/66=3 state that attacker need
not be part of the network to listen the communication &herefore this type of attack of
the communication can be seen and recorded, this states that confidentiality can be
compromised A passive attack therefore attempts to learn or make use of the information
collected, but there is no effect on the system resources Stallings 1/66;3 classifies
/>
Ea"esdro%%in' Traffic
Anal#sis
Mas&erade
Denial-of
ser"ice
Messa'e
Modification
Re%la#
passive attacks as release of message content and traffic analysis A release of message is
easily understood, where as the traffic analysis is to study the patterns &o protect the data
being readable encryption can be used 7assive attacks are hard to identify because there
is no alternation to the data So, its understood that the importance in dealing with passive
attacks is on prevention rather than detection
2$8$2 Acti"e Attac)s,
Active attacks involve altering or destroying transmission data, or creating fraudulent
packets &here are many types of active attacks that can be launched against 56/11
wireless networks and this can impact on authentication, encryption and integrity &here
are several active attacks that be performed and these are listed below
!asAueradeE &ype of attack where one entity act as another entity
<eplayE 'nvolves passive capture of packets and its succeeding transmission to
produce an unauthoriCed effect
!essage !odificationE 'nvolves recording the contents of the message, modifying
the contents of the message, or delaying the transmission to produce an
unauthoriCed effect
(enial)of ServiceE 7revents the use of management services &his can be done by
disabling the network services or simply by overloading the network with
message to degrade the performance
2$8$8 Attac)s a'ainst the 7E*,
&he 0E7 protocol was introduced in the 'EEE 56/11b standard, which acts as an
encryption scheme and called as wired eAuivalent privacy &he basic idea behind 0E7 is
to provide security for 0.A2 networks For both encryption and decryption 0E7 uses
same key, which means it uses symmetric method <C= is the algorithm used by 0E7 to
encrypt the data 0E7 provides data confidentiality at the data link layer of the $S'
model
2$8$9 One (a# Athentication,
&he authentication mechanism provided by 0E7 is one way authentication &his means
that when a client wants to connect to an A7, it has to prove its identity, but there is no
mechanism for the A7 to prove its identity &his would allow a rogue A7 to capture all the
packets originated from the client
2$8$0 7ea) .e#,
0hen the secret key produced with <C= along with '8 appended, and then it produces a
weak key Any third person capturing the packets and analyses them he can break down
the secret key &he solution for preparing a strong key would be by increasing the key
siCe 0hen the key siCe increases, the <C= algorithm along with '8 produce a key which
is big in siCe and would take much greater time to crack the key
/?
2$8$= Re%la# Attac)s,
&he 0E7 protocol does not have a mechanism to perform message authentication &his
would allow the messages which are intercepted to be sent back without any
modifications &his weak authentication allows the hackerFattacker to perform a (oS
attack 4ing 1/66/3 states that MStandard 0E7 supports per)packet encryption but no per)
packet authentication" &his sates that the packets can be reconstructed by the hacker to a
packet know to the hacker &he method to mitigate this weakness is to keep changing the
passwords &his would make the hacker difficult to spoof the packets Biang et al 1/665,
p16/3 in their research proved that 0E7 flaws can allow the attacker to decrypt the
message or insert false information into the message being transmitted
2$8$> Man-in-the-Middle Attac),
A man)in)the)middle 1!'&!3 is a sophisticated attack by the attacker who breaks the
connection between the authorised stations and position himself between the two
authorised hosts &he hacker becomes the man in middle% &he process of getting into
middle of a conversation in wireless network is easier when compared to wired network
'n a white paper by Air(efence 1/6653 it shows that by using SoftA7 software, a hacker
can convert a wireless device into a soft access point, and then can position it the middle
of communicating session After the positioning of the device, the hacker with another
wireless interface connects to the real wireless .A2 &he client is unaware of this and
passes all the information to the A7 through the hacker 2ow the hacker can modify,
insert or delete the information depending on his choice Freeware tools such as wireless
.A2-ack and AirBack can help the hacker to automate the process and launch man)in)the)
middle attack 'f the attacker manages to successfully get into middle of the conservation
he can steal information, high-ack the ongoing session, gain access to private resources
2$8$3 Denial of Ser"ice ?DoS@,
(enial of Service 1(oS3 is a type of attack when the attacker disables, or corrupts the
network which denies the services intended to the authorised user .au et al 1/666,
p//;?3 discuss different (oS attacks
Smurf AttackE Attacker sends a large number of 'nternet control message
7rotocol 1'C!73 traffic to a set of '7 broadcast addresses, the source address of
the broadcast is the client address 0hen the hosts on the network accept the
'C!7 reAuest they reply back with echo reply 'f on the network there are
hundreds of machines, the client is flooded with replies &his type of attack is
called smurf attack
SN2 Flood attackE Also called as &ransmission Control 7rotocol 1&C73 SN2
attacks &his e#ploits the three)way handshake process in &C7 &he attacker
floods the buffer of the server which processes the reAuest connection SN2
flood results in the server not able to process any other incoming connection as
the Aueue is overloaded
/;
,(7 Flood attackE 4ased on ,(7 echo and character services provided by the
systems on the network &o connect to the echo services on the machine, the
attacker makes use of the forged ,(7 packets &hese machines keep on
e#changing charters between them &his attack is called as ,(7 flood attack
2$8$1 Session Hi5ac)in',
Session hi-acking according to Schmoyer, .im and $wen 1/66=3 is one of the serious
threats to 0.A2 !anagement frames which are unauthenticated and the loosely
coupled state machines of 'EEE 56/11i and 'EEE 56/1O can be used to launch the
attack Session hi-acking unites (oS and identifies spoofing attacks 4asically the hacker
tries to terminate the connection between the authorised user and the access point by
sending disassociationFdeauthentication management frame 2ow the hacker uses the
!AC address of the client machine to establish a session with the access point 1A73 &he
above attack has been proved by Dill, Smith and Clark 1/66?, p>3 in their e#periments
&hey have used void11 to carry out (oS attack and ifconfig command to change the
!AC address
2$8$6/ Aammin',
'EEE 56/11 wireless .A2 operates mainly at /= D+C and > D+C freAuency bands
0ith a powerful transmitter an attacker can generate a radio signal which is strong
enough to overpower the weaker signals and dispute the communication 2ichols and
.ekkas 1/66/3 describe two types of -ammersE 1+igh power pulsed full)band -ammers
which can cover the entire freAuency used by targeted signal, / .ow)powered -ammers
that can cover only a part of the freAuency of the targeted signal 4ased on this -amming
can be classified into
8irtual 1!AC .ayer3 BammingE 'n 56/11 !AC uses physical carrier sense and
virtual carrier sense method to access control the channel For transmitting and
receiving data, a duration filed is present in the 56/11 frame 2etwork allocation
vector 12AC3 is maintained on each node that indicates the time the node has to
wait before transmission, the transmission occurs when the value becomes Cero
&he attacker can avoid any node from accessing the channel by setting a large
2A8 value
7+N)layer BammingE !ost of the wireless networks are prone to radio
interference attacks and are not avoided through security mechanism An attacker
can send a -amming signal of 1 bitFsymbol duration, which makes the C<C
computation wrong so that the user is prevented from communicating Curran and
Smyth 1/66>3 state that -amming is a simple techniAue but is a highly effective
method for causing (oS attacks
2$8$66 Ro'e Access *oints,
56/11b uses one way authentication scheme 't uses a shared key scheme for
authentication &his states that the access point can authenticate the user but not the vice
/5
versa 'f a hacker is successful in placing a rough access point between the client and
access point, the hacker can launch a (oS attacks on the clients by hi-acking the session
4ecause a client and an authentication server communicate through A7, it is necessary for
the A7 to support mutual authentication &his would make it easy to detect and isolate the
rough access point
2$8$62 *h#sical Threats,
0ireless .A2 can be bought down by physically damaging or by destruction of the
underlying physical infrastructure 0hen compared to wire .A2, a 0.A2 which is
operating in infrastructure mode depend on number of physical components such as
Access 7oints, 0ireless Adaptors, cables and antennas Any damage to the physical
components can have effect on reducing signal strength, bandwidth, and making it
difficult for the users to access information services 'f the physical attack is very high
there are chances for the whole network to go down 2ichols and .ekkas 1/66/3 point out
infrastructure components are liable to degrade its performance to the conditions of the
environment in which they operate Access 7oints can be obstructed by snow, ice and
distorting the radio signals Antennas mounted on top of buildings or any high pointsG
where there is high wind can skew down the antennas and change the angle of
transmitting signals
2$9 :oals of Secrit#,
&his topic discusses the security features that were defined by 'EEE for 0.A2S to
operate in a secured operating environment 'n order to address the security issues in
0.A2, 'EEE 56/11 has introduced standard 0ired EAuivalent 7rivacy 10E73 that
provides a security mechanism to secure the network from intruders &he primary
purpose of introducing 0E7 was to provide confidentiality, integrity and access control
2$9$6 AthenticationE
'n computer security, authentication is the process of attempting to verify the identity of
the sender of a communication such as a reAuest to log in 't basically provides the
mechanism to differentiate between authoriCed and unauthoriCed users 'EEE 56/11
defines two types of authenticationE open system authentication and shared key
authentication $pen system authentication is the default authentication process but, the
problem with this process is it a null authentication process 'n the shared key
authentication 0E7 key is used for authentication process 4ut 8ibhuti 1/66>3 in her
findings states that in 0E7, there is no secret key e#changed after the authentication this
means, there is no way to tell whether the subseAuent communication is happening with
the authenticated devices Also Chandra 1/6653 states another issue with 56/11
authentications 't is a one way authentication% this means there is no provision for the
work station to authenticate the access point
3/2$66 Athentication
/@
Shared .e# Athentication O%en S#stem Athentication
0ired

2etwork
0ired

2etwork
No identit# Verification Verification !# 7E* )e#
?Non-cr#%to'ra%hic3 ?4r#%to'ra%hic@
Fi're 2$=, Athentication *rocess
2$9$6$6 O%en Athentication,
&o gain speedy access to the network, open authentication can be used &he figure below
describes the open authentication process

Fi're 2$>, O%en Athentication
&he Access 7oint 1A73 authenticates the clientG the client can start transmitting and
receive the data 'f the client is configured with a key that differs from the key configured
on A7, then both the client and A7 will be unable to encrypt and decrypt the message thus
discard the packets
2$9$6$2 Shared .e# Athentication,
&he client and Access 7oint 1A73 are reAuired to have 0E7 enabled and share a common
key <oshan and .eary 1/66=3 described the shared key authentication as followsE
Client sends an authentication reAuest for shared key authentication to the A7
A7 responds with a clearte#t challenge frame
&he clients encrypts the challenge and responds back to the A7
'f the A7 can correctly decrypt the frame and retrieve the original challenge, the
client is sent a success frame
&he client can access the 0.A2
:6
Authentication <eAuest
Authentication <esponse
1Success3
Association <eAuest
Association <esponse
Client A7
0ired
2etwork
0ired
2etwork
Authentication <esponse
1Success3
Client A7
Fi're 2$3, Shared .e# Athentication
&he process behind shred key authentication is similar to that of open authentication, but
the difference in the two schemes is that the client cannot associate in shared key unless
the correct key is configured
2$9$2 4onfidentialit#E
't is important to keep the data confidential while communicating with other devices
Confidential data is transferred by applying encryption methods on the data 't ensures
that certain information is never divulged to unauthoriCed entities (ata is encrypted at
the sender end and decrypted at the receiver end 0E7 uses pre establishedFshared set of
keys and <C= symmetric key is used by 0E7 to encrypt the data <C= uses the shared
key to generate a stream of pseudo)random bytes eAual in length to the target te#t
*rishnan, 8eeravalli and 0ong 1/6653 in their findings states that 0A7 implementation
of <C= is flawed in several ways, which makes the algorithm to be attacked and reveal
the shared key Also the C<C checksum used by 0E7 for integrity is insecure and
modifications of intercepted packets are not prevented &he fundamental goal of 0E7 is
to prevent eavesdropping, which is confidentiality
2$9$8 Encr#%tionE
0E7 uses <C= stream cipher to encrypt the data on the 0.A2 Earle 1/66?, p1@63 show
the 0E7 key encryption process
:1
Authentication <eAuest
Authentication
1Encrypted Challenge3
Authentication
<esponse 1Success3
Authentication
<esponse 1Challenge3
&he defined 0E7 key is stored on to each client and the access point 'f the 0E7 differs
then the connection is broken down $nce the 0E7 keys are entered 0E7 encrypted
conversation to take place A randomiCed key is also applied which uses the /= bit
initialiCation vector 1'83 0E7 key and the '8 key are combined, then by using the <C=
cipher, the key and the '8 are O$<ed with the data to create an encrypted frame &he
encrypted frame is shown belowE
'8 7AN.$A( 'C8

:/
Fi're 2$1, 7E* encr#%tion %rocess Sorce ?EarleB %61/@
Encrypted
'8 *EN '( 7A(
Fi're 2$6/, Encr#%tion Frame
2$9$9 Inte'rit#,
't signifies that there is no unauthoriCed modification of the resources 4asically it assures
that during transmission the message is not modified 56/11 uses 'ntegrity Check 8alue
1'C83 field in the packet and when the packet is transmitted, at the receiver end !essage
'ntegrity Check 1!'C3 is performed on the packet 'f both the values match it indicates
message is not modified, else detect modification &he !'C is reAuired to prevent the bit)
flapping attacks Chandra 1/665, p:;>3 take a different view, the message integrity
mechanism used in 56/11 uses a linear integrity check algorithm 1C<C:/3 and 'C8 does
not protect all the information from modification &his is supported by Stubblefield,
'oannidis and <ubin 1/66=, p::63 the checksum can be easily forged For this reason
<C= cannot be replaced on the base stations, and a very strong cryptographic hash based
!AC cannot replace C<C calculations
2$9$0 Vlnera!ilities and Fla(s in 7E*,
4ulbul, 4atmaC and $Cel 1/6653 in their research have found 0E7 design makes the
system vulnerable in many areas &he /= bit initialiCation vector results in key stream
reuse, which would it easier for the hacker to decrypt the encryption key after capturing
some packets &his is supported by 0inget et al 1/66:3, in their research they found that
encryption keys can be recovered through cryptanalysis C<C 1Cyclic <edundancy Code3
is not cryptographically strong and it cannot be used in the place of !( or hash
functions (ue to this weakness, C<C fails to provide message integrity protection
2$9$0$6 Resed and small siCed IVDs,
'8"s could only provide 1?,;;;,/1? different <C= cipher stream from a given 0E7 key,
this was proved by 4ulbul, 4atmaC and $Cel 1/6653 in their research, this state"s that for
a busy network, this number will not take much time to complete &hereby, the networks
will reuse the '8, which becomes unavoidable after some iteration 2ichols and .ekkas
1/66/3 support the above flaw and points out that the '8 is included in the unencrypted
part of the message &his data is utiliCed by the hacker to produce the key stream for
decryption
2$9$0$2 .e# Distri!tion,
For the authentication to take place, both the client and the A7 have to share the common
0E7 key 't is practically impossible to keep the key secret, because the key is stored on
the client"s machine Any unauthorised user getting hold of the key can misuse them and
can bring down the whole network .i and Daruba 1/6653 take the similar view, stating
that if the device with the 0E7 key is lost or stolen, the only alternative solution is
change the secret key on each client and A7 in the network +ence a time consuming
process
::
2$9$0 7*A,
&o overcome the security flaws identified in the 0E7, 'EEE 56/11i has designed 0i)Fi
7rotected Access 107A3 protocol 07A is a software upgrade for 56/11 bFg .A2 cards
and routers
Enhancement o"er 7E*,
4asically 07A was designed to improve upon the security feature depicts of 07A 0i)Fi
systems which are enabled with 0E7 have proven advantage of using this technology
&hree ma-or improvements were made in 0A7 over 0E7, they are discussed belowE
Athentication,
0eak authentication method used in 0E7, was fulfilled by E#tensible Authentication
7rotocol 1EA73 EA7 is constructed on the more secure public)key encryption system to
ensure that the network can be accessed by authorised users
Data Encr#%tion ?Im%ro"ed@,
&emporal *ey 'ntegrity 7rotocol 1&*'73 was introduced to improve the encryption
methods *eys are scrambled by using a hashing algorithm then by added integrity
feature &*'7 does not reAuire any additional hardware and is the alternative solution to
the weak 0E7 protocol &*'7 uses <C= stream cipher like 0E7 for encryption and
decryption 1/5 bit must be the siCe of the secret key and is called as &emporal *ey 1&*3
A =5 bit initial vector is used as a counter A different <C= key stream is produced by the
involved parties if even though the &* is shared
:=
4ha%ter 8
Research Methods
8$/ Research Methods,
<esearch deign is governed by the notation of Mfitness for purpose" &he purposes of the
research determine the methodology and design of the research 0iersma and Burs 1/66>3
state that M<esearch essentially is an activity, or process, and even though researches
procedures are many and varied, certain general characteristics help define its nature" 'n
order to answer my research Auestion, ' have used different research methods to gather
information &he following chapter e#plains the methods used to collect and analyse the
data

8$6 Research 7heel,
According to Slack 1/6653 in her lecture discussed the two research method (eductive
and 'nductive 'nductive approach deals with collection of data, analyCing this data and a
theory is generated 'n case of (eductive approach the research starts with theory and set
out research AuestionFhypothesis (ata is collected and tested to test the theory
8$6$6 Dedcti"e A%%roach,
't is a theory testing process which starts with an established theory or generaliCation and
seeks to see if the theory applies to specific instances Denerally speaking deductive
approach starts by scanning the theory, collecting the data and then conclusions are
:>
derived from this theory Spens and *ovacs 1/66?3 describe deductive approach as a
theory testing process
8$6$2 Indcti"e A%%roach,
Bohnson 11@@?3 describes the inductive approach as the mirror image of deductive
approach &his approach moves from facts to theory $bservations are the starting point
for this approach and seek to develop theory, but not test it
Slack 1/665, p/3 provide a diagram of the research below, which is shown below
Fi're 8$6, Research (heel Slac) ?2//3B %2@
' have used the (eductive approach for my research because this approach works from
more general to more specific 'n my research the wireless .A2 is the more general
theory and identifying security threats and analyCing them is more specific 4urney
1/6653 refers deductive approach as 0aterfall model
:?
Theor#
H#%othesis
O!ser"ation
?Data 4ollection@
4onfirmation
?Anal#sis@
Fi're 8$2, 7aterfall model for Dedcti"e a%%roach
8$2 ;alitati"e and ;antitati"e Methodolo'#E
<esearch can be classified into two types namelyE 9ualitative and 9uantitative
9ualitative research describes phenomena in words instead of numbers or measures,
whereas 9uantitative research describes phenomena in numbers and measures instead of
words
8$2$6 ;alitati"eE
0ith 9ualitative data one can conserve the chronological flow and see which events led
to which conseAuences and drive fruitful e#planations 't is typically thought of as a
method with a set of procedures for conducting the research &he techniAues primarily
associated with Aualitative methods areE interviews, observations and diary methods
Amaratunga et al 1/66/3 the widely used Aualitative method in research is interview
4asically this approach is followed for the purpose to understand social phenomena
9ualitative research interview deals with the research topic from the interviewee point of
view and understand their viewpoint on the topic &his means Aualitative research relies
mainly on the narrative description 9ualitative researchers subscribe to relativist%
9ualitative research by its nature posses an inductive approach &he research has a great
concern for the impact of the processG because Aualitative researchers for the most part do
research is done in natural setting, and they do not manipulate or intervene the data
&herefore the research design needs to be fle#ible and tolerant for ad-ustments as the
research progresses 9ualitative interview type of research often produces large Auantities
of descriptive information from the notes taken during the interview &his information
needs to be organised and then the data needs to be reduced by obtaining the relevant and
sufficient data for analysis (ata reduction is necessary for the description and
interpretation of the phenomenon under study Smith, &horpe and .owe 11@@:3 state that
MAlong the road of Aualitative research there are also many dilemmas" &hey mean to
state that there is a problem of public access to private e#perience, and have difficulty on
deciding when to impose any interpretive frameworks on it Also, there is a Auestion of
how accurate is the information gathered is or can be
8$2$2 ;antitati"eE
9uantitative research is more closely associated with (eductive approach, reasoning
from general research to specific situations 4ecause of deductive nature, tends to be
more theory based &he four main ways of gathering data in this approach areE
9uestionnaire, interviews, testsFmeasures and observations Smith, &horpe and .owe
11@@:3 believe that the widely used Auantitative date in research is 9uestionnaire
:;
'nformation gathered can be used to describe the general characteristics of the population
+yde 1/6663 describes Auantitative approach to draw a large and representative sample
from the population of interest, and make an attempt to construct a generaliCed behaviour
of the sample 9uantitative researchers subscribe to a positivist% paradigm
9uestionnaires are largely used to mainly for opinion gathering and consumer
preferences Although this looks simple, the layout and design by no means is simple
0iersma and Burs 1/66>3 construct the characteristics of 9uantitative and 9ualitative
<esearch
Fi're 8$8, 4haracteristics of ;antitati"e and ;alitati"e Research 7iersma and
Ars ?2//0B %60@
8$8 Sam%lin',
'n simple terms sampling means the population on which the research will focus
Sampling decisions must take place right at the beginning stage of the research 'deally it
is impossible to survey the whole population ,nless the target population is identified in
advance it would be difficult to carry out the research methods Constraints like time,
:5
9ualitative 9uantitative
'nductive 'nAuiry (eductive 'nAuiry
,nderstanding
Social 7henomena
<elationships,
Effects, Causes
Atheoretical or
Drounded &heory
&heory based
+olistic inAuiry
Focused on
individual 8ariables
Conte#t specific Conte#t Free
$bserver participant
(etached role of
researcher
2arrative description Statistical Analysis
budget should be taken into consideration while choosing the sampling methods Cohen,
!anion and !orrison 1/6613 have identified the key factors in sampling
1 &he sample siCeG
/ the representativeness and parameters of the sampleG
: access to the sampleG
= &he sampling strategy to be used
Slack 1/6653 in her lecture has discussed the following sampling methods
8$8$6 *ro!a!ilit# Sam%lin'
'n this type of sampling the population being selected are known &his type of sampling
is popular in randomised controlled Cones &here is less risk in this type of sampling
Simple <andom SampleE 'n this type of sample, the probability of each member
being selected is entirely independent of the ne#t &his means the selection
process is random and can choose any one from the list
Stratified SampleE 'nvolves dividing the whole population into homogeneous
groups and each group consisting of similar characterises 4ased on the attributes
needed we can divide the population into discrete groups 1strata3
Cluster SampleE 2ormally used in small scale research Carried out in multiple
stages, parameters of the wider population are sharply selected
8$8$2 Non-%ro!a!ilit# Sam%lin'
'n this type of sampling the chances of the wider population being selected for the sample
are unknown &his type of sample avoids representing the wider population and
concentrates on particular group of the wider population
9uota SampleE ,sed for large populations in market research <epresents
significant characteristics of the wider sample, unlike stratified sampling it sets
out to represent these in the proportions in which they are found

7urposive SampleE Sampling method which can be chosen for specific purpose
<esearchers select the cases to be included in the sample based on their needs
Cohen, !anion and !orrison 1/6613 take a different view, as researchers can
choose their needsG this does not pretend to represent the wider population
Snowball SampleE &his type of sampling can be used when the researchers
identify a small group of individuals who have characteristics they are interested
in

:@
Convenience SampleE As the name suggests it involves choosing the nearest
individuals to serve as respondents and continuing that process until the reAuired
sample siCe has been obtained Also called as accidental or opportunity sampling
,pon understanding the research and sampling methods and methodology, ' have chosen
to use (eductive approach for my research, because this approach works from more
general to more specific 'n my research the wireless .A2 is the more general theory and
identifying security threats and analyCing them is more specific And for the collection of
the data, ' have chosen to use the Auestionnaire and e#periments as these both methods
are related to deductive approach As my research seeks to represent significant
characteristics of wider population and divide the groups into homogeneous groups, '
have chosen to use stratified sampling
8$9 Sr"e# Desi'n
Survey design can be classified into two types longitudinal and cross)sectional 0iersma
and Burs 1/66>, p1>@3 state that the two characteristics that distinguish the design are
1 &he point at which data collection takes placeG
/ &he nature of the sample
'n longitudinal design, data collection happens over a period of time and at specified
points (ata collection period can last for short or long duration of time 0hereas in
cross)sectional design involves collection of data at one point in time from a random
sample representing some given population at that time
'n order to answer the research Auestion, certain data needs to be collected to interpret the
results ' have chosen to use Auestionnaire and conduct e#periments
8$9$6 ;estionnaire,
9uestionnaires are the most convenient and certainly the most widely used for data
collection &hey are designed and uploaded onto the internet to collected information
from a known population &he data collected from these Auestionnaires can be used to
interpret the results and draw conclusions about the understanding of the population
+ewson et al 1/661, p=:3 state that M'nternet can be used as a tool for administrating the
Auestionnaire" 'nternet reduces both time and costs associated with producing numerous
hard copies, distributing and collecting data As my pro-ect involves designing a frame
work for building a secure wireless .A2 network, it is important to know the knowledge
of the users using 0.A2 ' have used the following formatE
1 Selected)response or forced)choice, where the participant selects one or two
options
/ $pen ended Auestions, where the participant, can give his point of view and
suggest any recommendations
=6
&he Auestionnaire was prepared in order to collect the understanding the knowledge of
wireless .A2 of the targeted sample Also, the Auestionnaire internet link was sent to
people who have basic knowledge of networking Cohen, !anion and !orrison 1/6613
have classified the Auestionnaire types as structured, semi)structures and unstructured
.arger the siCe of the population, its more structured &he unstructured type is more open
to the respondent and asked to answer or comment on their own terms 0here as the
semi)structures type sets the agenda, but take for granted the response view As discussed
earlier ' have used Stratified Sampling method to do my research &he layout of the
Auestionnaire was very important, as it had to be technical as well as short, so ' could get
as much information as possible ' have followed the structured style, which can be used
to select patterns and make comparisons &he Auestionnaire has several kinds of Auestions
for e#ample dichotomous Auestions 1NesF2o3, multiple choice Auestions, rating scale and
open Auestion where the respondent had to provide the answer heFshe thinks the best '
had to refine the Auestionnaire twice and then uploaded the final draft &o my best view, '
have avoided Auestions that are comple#, irritating, too many open ended and Auestions
that would have negative impression &o make the Auestionnaire more interesting and
easy, the order of the Auestions were started with general information to more specific
that would setup a tone for the later Auestion for the respondent
8$9$2 E<%eriments,
'n e#periments, researchers can use this method to collect data from conducting
e#periments other that verbal kind &he ob-ective of this pro-ect is to build a security
framework for users who are using 0ireless .A2 and have administrative privileges
'nformation gathered from the Auestionnaire was used to conduct e#periments on
wireless local area network, by applying the settings used by the respondents 7atton
11@@6, p/6/3 believes that observational data will enable the researcher to enter and
understand the situation that being conducted through e#periments 4asically an
e#perimental design is the format where the variables are enabled, arranged, positioned
into the e#periment .ot of attention has to be made on variety of details before
conducting the e#periments &he e#periments
&wo laptops with 0i)Fi enabled cards and software tools were used to capture the
packets being transferred on the network ' have used my wireless router at my home to
conduct the e#periments by changing the security settings &he packets captured are
analysed in detail and security flaws were inspected Several settings have been enabled
on the network device, to make the network secure &he purpose of the e#periments is to
find strengths, weaknesses and difficulties in 0.A2 security
8$0 Ethical Isses,
Ethics is the moral and legal code of conduct that has be followed in the research while
obtaining information from other sources Drimshaw 1/661, p=:3 states that MEthics is the
philosophical study of the moral value of human conduct and the rules that govern it"
Clough and 2utbrown 1/66/3 states that ethical standards are designed to ensure that
enAuires will carried out in ways whichE
4estow best possible protection for the researchers and their participants
!ake sure that data is collected with informed consent of participants
=1
7ersonal details of the participants are protected
Several ethical issues have been considered while doing the research !y research deals
with the 'EEE standardsG ' had followed the 4CS professional conduct while collecting
the data
'nformed ConsentE 0hen the Auestionnaire was uploaded to collect the data, the research
participants are informed about their role in the research &he participant is given enough
information of the research and provided contact details to contact if something goes
wrong
4onfidentialit#,
&he identity of the participant is kept secret by not disclosing the data that has been
collected from them &he information gathered is used only for the analysis 'f the
participant is not willing to continue with the research, then heFshe has the right to
withdraw from the research
Data Stora'e,
'nformation collected from the participants is stored in the database that is very secure
and reliable &he results of the e#periments are stored safely in the hard disk and
protected with a password
Anon#mit#,
&he participant"s names are not obtained while answering the Auestionnaire, this keeps
the identity secret
0hile conducting the e#periments on the 0.A2, no unauthoriCed access will be made
on other networks without the permissions of the network administrator &he e#periments
will be conducted in an environment that will not take advantage of the security flaws
=/
4ha%ter 9
In"esti'ation Methods and
Reslts
=:
9$/ In"esti'ation Methods and Reslts,
&his chapter deals with the investigation procedures that have been followed in order to
collect and analyCe the data Section"s =1 will be discussing about the data collected
through the Auestionnaire &his data is analysed and used in the section =/ while
conducting the e#periments
9$6 Anal#sin' the Data 'athered from the ;estionnaire,
As discussed earlier the main ob-ective of the pro-ect to build a framework for setting up
a secured 0.A2 &he aims of the Auestionnaire are to gather the following information
1 Age group
/ &o understand the type of user
: &ype of connection used to connect to the network
= &echnology they are currently using
> ,sers reAuirements associated with wireless
? 0ireless standards currently being used
; Awareness of security threats in their network
5 identifying and classifying the threats
@ Awareness of authentication and encryption techniAues
16 $pinion to improve the security in the network
9$6$6 Data 4ollection *rocedre,
&o gather the data from different people, a Auestionnaire was prepared and uploaded onto
the internet &he target population for the survey was people who had atleast basic
knowledge about wireless network &he survey was uploaded on the Survey!onkey site
1httpEFFwwwsurveymonkeycomF3 &he Auestionnaire contained 15 Auestions &he
Auestionnaire was prepared mostly with dichotomous, multiple, opinion and open
Auestions &he internet link for the Auestionnaire was distributed mostly to students and
tutors related to computersF networking course &he Auestionnaire link was sent through
e)mail to /: peopleG out of which /1 people participated in the interview@1P response
should a great participation 166P was the survey completion results
&he following are the results gathered from the AuestionnaireE
9$6$2 A'e :ro%,
==
&he participants were asked about their age group, because these could reflect their
e#perience 5>;P were in the age group of /1):6, whereas the other =:P were above =6
years &he graph below shows the age group participants

Fi're 9$6, A'e :ro%
9$6$8 T#%e of User,
&he participant had to select their usage of wireless network &he categories were
classified as Deneral, 2ovice, and Advance and E#pert users &he graph below shows
the findings


As the stratified sampling was used to distribute the Auestionnaire, the finding show the
target population are according to the attributes needed 1networking related3 >/P state
themselves as advance users, /=P e#ert users should be participants with age above =6
=>
9$6$9 T#%e of connection sed to connect to the net(or),
7articipants were asked to select the type of connection they use to connect to the
network 0ireless, wired and wireless connections were the options given &he graph
below shows the findings
Fi're 9$2, 4onnection t#%e
'n the findings >;P answering wired and wireless, most of the participants stated they
use wireless network when at home using laptop, whereas use wired network at work or
university
9$6$0 Technolo'# crrentl# sin'E
&he Auestion was stated to choose the technology currently they are using &he multiple
choice Auestion options were 0i)Fi, 0i!a# and asked for any other technology they use
A ma-or number 1; ie 5@>P of the participants choose 0i)Fi whereas the other 16/ P
said 0i!a# An e#pert user also used other technologies like /D and :D

=?
Fi're 9$8, Technolo'#
&he results clearly state that 0i)Fi is the technology currently being used 0i!a# being
the new technology is used by very few users 0i!a# was found to be used by e#pert
user
9$6$= User re&irements associated (ith (ireless,
7articipants were asked to rank the features associated with wireless router to their
preference on a scale of 1)16 &he following table details the data collected
(ow Cost * + , + + - . . , -
Coverage , * + + - , * * - *
eliability + + , , * * - - . -
/erformance * + + , + 0 , , - .
"obility * , , + - + 0 0 1 +
2ecurity * , + + * , * * - -
3lexibility + + + + * * * * * .
4ase of 5se , * + * , + . . 0 *
Fi're 9$9, User re&irements
///P have rated reliability has their highest preference /1=P have rated the low cost
and low cost as their highest preference /;5P think mobility, ease of use as their second
highest preference &he least voted feature the participants think is not very useful is the
fle#ibility &he above results clearly state that, participants are very concerned about the
security in their network 't also shows that participants want to deploy their wireless
network with low cost and have reliability in using the network An advanced user states
that &he overall security is still less than wired network% 0ireless attacks are the
combination of attacks that can be performed on the wired network as well as wireless
network 't is very important to improve the security in wireless networks
9$6$> 7ireless Standards,
&his Auestion was asked to know the wireless standards the participants are using in their
network >;@P said 'EEE 56/11g, =/1P said 56/11b, and :1?P said 'EEE 56/11a,
whereas all the 16P general users did not know the wireless standard being used in their
network /11P choose others and stated they either used 'EEE 56/11n 1draft/3,
56/11bFg or said beyond 56/11g &his clearly states that 'EEE standards are used by all
the participants +igh data rates, enhanced security features make 56/11g the front
runner with >;@P and are widely deployed because of its backward compatible with
56/11b networks &hese networks are widely deployed at home
=;
Fi're 9$0, 7ireless Standards
9$6$3 A(areness of Secrit# threats,
0hen asked about the awareness of security threats in their network ;5P said they are
awareG the other /6P did not have any idea about the threats /1P were identified as the
basic users

Fi're 9$=, A(areness
&he graph also indicates the sample used for data collection is the e#act target population
't was good responses to see that lot of people are aware of security threats in their
network &he following Auestions were asked to understand their technical knowledge
regarding 0.A2
=5
9$6$1 Identif#in' and classif#in' the threatsEattac)s,
7articipants were asked to identity the threats know or come across &he participants
were to choose from number of threats they are aware or not aware 1; participants have
answered this Auestion and the following are the findings
ThreatEAttac) A(are Not A(are
Access Attacks 1; 6
7assword Attacks 1; 6
7ort <edirection 1? 1
!an)in)!iddle 1!'&!3 1; 6
(enial of Service 1(oS3 1; 6
&ro-an +orse 1; 6
Fi're 9$>, Identif#in' threats
166P for Access, 7assword, !'&!, (os and &ro-an horse show that participants are very
much aware of these threats 1 participant was not aware of the port redirection threat and
was found to be a novice user &he findings show Advance and E#pert users have a good
understanding of the threatsFattacks After identifying the threats, participants were asked
to classify the threatsFattacks as .ow, !edium or +igh &he following graph shows the
findings
Fi're 9$3, 4lassif#in' threats
$ut of the 1; participants 12ovice, Advance and E#pert3 >55P have categoriCed access
attacks as a medium attack, >/@P for port redirection and !'&! a medium attack =;P
of the participants have rated password attacks as a high threat &his shows that
passwords attacks are more concerned by the participants 0hereas /@=P have rated
&ro-an horse as their second most concerned threat &he lowest threat participants think is
the man)in)the)middle attack giving it 66>P
=@
0hen asked if they new any counter measure for the above mentioned threats, >55P
have given solution where as other =11P skipped the Auestion 166P of the e#pert users
have given some solution, whereas ;6P of the advanced users answered Few of the
solutions given areE
1 <isk profile assumes 07A1/3 used secure layer / traffic and applies to layer /
only
/ 7ort scanning software
: ,se passwords which is a combination of char, alp and numbers and keep
changing the passwords freAuently
= <un anti)virus program
> <adius server authentication
'n the previous Auestion password attacks have been ranked as number 1 attack &he
findings in this Auestion also show that participants are aware of the counter measures for
the attack
9$6$6/ A(areness of Athentication *rocessE
/6 7articipants answered to this Auestion and 1 participant skipped it 1@ participants said
they are aware of the authentication process in their network and 1 participant answered
no &he participant who is not aware of the authentication process was found to be a
Deneral user
Fi're 9$1, Athentication
@>P speaks for itself *nowing there is an authentication process shows that the
participants have good knowledge about their network
9$6$66 Athentication *rotocol,
0hen asked about the authentication protocol they are using their network @6=P have
answered, other @?P skipped the Auestion >55P said they are using 07A as their
>6
authentication protocol, =1/P for 0E7, 1;P are using the default settings, >@P for the
EA7 and >@P choose others

Fi're 9$6/, Athentication *rotocols
Enabling authentication process in the network makes the network secured from
unauthorised access Authentication checks the identity of the person connecting to the
network 'f the authentication is unsuccessful, then there client is denied access (efault
settings were mainly used by the Deneral users, whereas e#pert and advanced users are
using 07A Few of these users choose others and provide 07A Q <adius as their
authentication process
9$6$62 A(areness of Encr#%tion *rocess,
7articipants were asked if they were aware of encryption process on their network &he
answers were similar to that of authentication process /6 participants choose to answer
and 1 skipped the Auestion @>P answered NES and other >P answered 2$ &he
response is show in the graph below
>1
Fi're 9$66, Encr#%tion
9$6$68 Encr#%tion *rotocolE
@6=P of the participants have answered to this Auestion whereas the other @?P skipped
the Auestion =51P were using 07A as their encryption method, :>:P for 0E7 and
1;?P did not know the data encryption method used in their network &hese 1;?P
users were again found to be Deneral users !ost of the E#pert and few Advance users
were using 07A
Fi're 9$62, Encr#%tion *rotocol
7articipants using authentication process are almost using the encryption methods 4ut
the only difference is the methods they use ;>P of the e#pert and >>P of the advance
users have chosen the other option and give their comments !ost of them used 07A/
personal as their encryption techniAue
9$6$69 O%en ;estion,
6 7articipants were asked if they are currently using any of the /DF:D services provided
by their mobile service provider 166P of the participants have answered the Auestions
and =/1P answered NES and >;@P answered 2$ 7articipants who have answered
>/
7rotocol <esponse 7ercent <esponse Count
07A =51P 16
0E7 :>:P ;
(on"t *now 1;?P /
$ther >@P 1
NES mainly were students !ost of the participants don"t use the services because
services like browsing, e)mail facilities are not implemented entirely ,sers above =6 do
not use high end mobile devices which can support these applications
Fi're 9$68, 2:E8: Ser"ices
2 7articipants were asked to give their comments on what they feel if !obile services
1/DF:D3 are merged with 0i)Fi in future 51P of the participants have answered the
Auestion and 1@P of the participants skipped the Auestion E#pert users have interesting
thoughts of such a merge, one of them said 'n the corporate environment, ' anticipate
seeing a convergence of :D 0iFi where a phone can say make 8o'7 class over the local
0iFi network and this type of device replacing desk phones 4asically dump the 0iFi%
!ost of them think it is the technology of the future and are bit concerned with the
security features associated with them
8 Finally, participants were asked to give their opinion on how to improve the security in
the network 0hile 51=/P have given their opinion, 15>5 skipped the Auestion and they
were mainly 4asic users &he following are the common opinions of the participants
(o not use default settings
,se password policy +ave strong password 1Alphanumeric3
,se 07A/
(isable broadcast
,se <A(',S server authentication
,se encryption to secure data
&ight Authentication policies
4lock attachments in emails
&urn of unnecessary services
<un anti virus applications
Advance and E#pert users have stressed on using 07A/ as the default mode when using
the 0.A2 &he Auestionnaire uploaded onto the internet is shown in Appendi# 4
>:
9$2 E<%eriments,
&o test the security features in the 0.A2, e#periments are conducted and the different
tools are used to gather information 'n this research, ' have conducted the e#periments in
a Cone that is not harmful to any other user and there no security threat &hese
e#periments are conducted at home and all the ethical issues are followed while
collecting and analyCing the data (ata collected from the Auestionnaire was analyCed
and different security features such as '7 address filtering, 7ort filter, !AC address filter,
07A, 0E7 and modes are configured on the network, to check the impact of security
threats in the network 4y conducting the e#periments, it has helped me to create a
security framework for the users, which would make their network more secure
9$2$6 E<%eriment *rocedre,
For conducting the e#periments ' have setup a 0.A2 network at home, so that the
security setting does not affect other users For this ' have used the following tools and
devicesE
1 &wo laptops which has a wireless network card, which can be used to connect to
the network ' will be naming the laptops as .aptop A and .aptop 4 the security
settings are performed by the .aptop A
/ A .inksys /= D+C wireless router with 56/11g standards is used to connect to
the internet
: 4acktrack/ a bootable .inu# C( used for security collection .inu# distribution
= 0ireshark a network analyCer, which helps in capturing the network packets
> 0E7)C<AC*, Cowpatty tools were used
9$2$2 E<%eriment 6, 4onfi'rin' the Roter ?Access *oint@ (ith defalt settin's,
'n this e#periment, the .inksys router is configured with default settings by having the
wireless network mode in mi#ed, for other network device to access the network, SS'(
has been configured &he SS'( name should be same on all the devices which want to
access the network and the wireless channel has been set to /=?; D+C &he figure below
shows the settings
>=
Fi're 9$69, Defalt Settin's (ith SSID
&he access point has been configured with name of rakeshnarla, and the wireless channel
transmission is /=?D+C &he wireless network mode is in mi#ed mode which is a
combination of 4 and D standards
Fi're 9$60, secrit# mode disa!led
&he network security is disabled, which means that the network can be seen and be
accessed by any person who wants to access this access point After applying the settings
on the access point, a search was conducted on .aptop A to check for the available
networks, the figure below shows the networks found
>>

Fi're 9$6=, Net(or)s A"aila!le on La%to% A
For the .aptop 4 to connect to this access point, it had to search for the available
networks &he figure below shows the available network it could connect
>?
Fi're 9$6>, Net(or)s A"aila!le on La%to% +
After searching the available networks, by .aptop 4, ' could find the access point
1rakeshnarla3, it clearly shows that the access point is an unsecured network From the
.aptop 4, ' could connect to the access point, as there is no security mode enabled &o
capture the reAuest from .aptop 4 to connect to the access point, ' have used 0ireshark
to capture the reAuest packet &he figure below shows the screenshot of 0ireshark
0ireshark tool displays the output in : layers
.ayer 1E Source and destination of the packet, the protocol being used and the packet info
.ayer /E 0hen individual packets are selected, the packets can be checked in details,
such as frame type, internet protocol, 'EEE 56/11, flags etc
.ayer :E Shows the ASC'' vales of the selected packet
0ireshark captures the packets on the network and when individual packet is selected to
study its details, its shows type
&he figure below shows the packets captured when there was reAuest from .aptop 4
>;
Fi're 9$63, 4a%tred %ac)ets (hen re&est from La%to% +
&he upper packet highlighted with dark blue colour, represents the reAuest from .aptop 4
to connect to the network &he laptops name is displayed and it as recognised it as a
workstation 'n the second highlighted blue colour, displays the data in the packet &he
flags say that the reAuest is to the server, reAuesting for the connection .aptop 4 could
connect to the access point and utiliCe the network resources 4y means the default
settings on the access point are most unsecured networks &his setting would allow the
attacker gain access to the network, capture the packets and e#tract valuable information
from it
9$2$8 E<%eriment 2, 4onfi'rin' the Access *oint (ith MA4 address filterin',
&he default setting provided in e#periment 1 has a high threat for attack &o improve the
security in the network, !AC address 17hysical3 filtering has been enabled &he access
point was configured to allow only .aptop 4 1!AC addressE 66)1F):4)65)?/)=F3 while
all other reAuest are denied

>5
Fi're 9$61, Roter MA4 address settin's
After doing the above settings, on .aptop A 1!AC addressE 66)14);;)(/)4()/=3 a
search was performed to view the access points available


Fi're 9$2/, A"aila!le net(or)s on La%to% +
0hen tried to connect to the access point 1rakeshnarla3 the following message was
displayed
>@

Fi're 9$26, A"aila!le net(or)s on La%to% +
,nable to connect to the network states that the !AC address filtering is working
properly .aptop 4 could connect to the access point as its !AC address is present in the
filtering table 4ut, by using the 0ireshark Sniffer tool to capture the packets, the
communication between the .aptop 4 and access point could be captured and the !AC
address of .aptop 4 could be recognised &he figure below shows the captured packet
details

Fi're 9$22, 7ireshar) ca%tred *ac)ets
?6
&he !AC address of the .aptop 4 could be found along with the source and destination
address 1Access point3 As many freely available tools are available that can be used to
change the physical address 1!AC3 of the devices, it is not secure to only enable !AC
address filtering on the access point
9$2$9 E<%eriment 8, Ena!lin' Secrit# Mode 7E*,
From the above e#periment, it clearly shows that by applying only !AC filtering the
network is still under attack So, ' order to enhance the security, ' have applied 0E7
encryption with ?= bit and assigned a 0E7 key which has to be used by any client
connecting to the access point &he settings of the router are shown belowE

Fi're 9$28, Ena!lin' Secrit# mode 7E*
0hen .aptop 4 wants to connect to the access point 1rakeshnarla3, it is asked to supply
the 0E7 used for encryption &his enhances the security of the access point &he figure
below shows the 0E7 key reAuest on the .aptop 4 to connect to access point
1rakeshnarla3
?1
Fi're 9$29, 7E* )e# re&est connection
&o study the packets in more detail, ' have used 4acktrack security collection .inu#
distribution software &his 4ack track software works on .inu# platform 0ireshark tool
was used to capture the packets on the access point and it could capture the packets
between access point and .aptop 4
Fi're 9$20, 4a%tred %ac)ets !# 7ireshar) on Lin< *latform
?/
&he first highlighted line shows the reAuest from the .aptop 4 to connect to the A7
1rakeshnarla3 &he second highlighted confirms that the SS'( 1rakeshnarla3 is the access
point 'n order crack the 0E7 keys ' have used 0E7R C<AC* on the .inu# platform
0E7 crack was successful in cracking the ?= bit 0E7 keys used for encryption 't took
661 seconds to crack the encryption key, so ' decided to increase the key length to 1/5
bit key &he figure below shows the settingsE
Fi're 9$2=, 623 )e# 7E*
0E7RC<AC* could even crack this 0E7 key, but has taken ==5 seconds

Fi're 9$2>, 7E*F4RA4. dis%la#in' the %ass(ords
?:
For the ?= bit key to be cracked 0E7RC<AC* took /6>: guesses, but for the 1/5 bit to
cracked it took 1?;55?/ guesses
9$2$9$6 Decr#%tin' 7E* traffic,
After recovering the 0E7 key using 0E7RC<AC*, from the above step, ' have used the
airdecap)ng tool to decrypt the packet data Aircrack)ng tool takes an in libcap file from
the 0E7)encrypted conte#t and the 0E7 key, which generates an output file of
unencrypted conte#t 0hile 0ireshark preserves the integrity of the header information
in unencrypted 0E7 conte#t, airdecap)ng generates a standard Ethernet file with the
unencrypted packet conte#t &he following figure shows the airdecap)ng tool and the
decrypted packetsE
Fi're 9$23, Decr#%tin' 7E* traffic
9$2$9$2 Aditin' 7*AE*S. Net(or)s,
0E7 enabled networks are not very secured, this has been proved by the e#periments
conducted till now &o further enhance the security setting, ' have enabled 07A 10i)Fi
7rotected Access3 on the access point with the encryption algorithm as &*'7 and choose
a avocation% as the shared key password &he figure below shows the setting enable on
the access point
?=
Fi're 9$21, 7*A *re-Shared )e# settin's
0ith the help of 0ireshark, the bacon frames were captured, which clearly shows the
encryption type 1&*'73 and is using 7S* 1pre)shared)key3
Fi're 9$8/, +acon frame
?>
9$2$9$8 Identif#in' the For-7a# handsha)e,
A filter is applied on the packets captured, to display only the four)way &*'7 e#change
frames &he four frames 1layer 13 displayed in the figure below shows the four)way &*'7
e#change 'nspecting the 56/1O authentication information in the first frame 1frame
number =:3, we can inspect the nonce information
Fi're 9$86, For (a# handsha)e ca%tred %ac)ets
'n the ne#t three frames in the authentication process, the A7 and the client station
acknowledges the receipt and content of the frames by e#changing the knowledge of the
7&*
9$2$9$9 Aditin' the *S. ?*re-shared-.e#@,
After ' e#amine the details of the four)0ay handshake and the information being
e#changed, by using 0ireshark, ' have used the Cowpatty tool to perform an offline
dictionary attack on the packets captured from the 07A)7S* network to identify the
poorly selected shared keys &he Cowpatty tool is run on the .inu# platform 0hen the
tool was run with appropriate commands, the shared key avocation% could be cracked by
the tool 't took almost ?6 seconds to crack the key &he figure below shows the details
??
Fi're 9$82, Dictionar# attac) thro'h 4o(%att#
9$2$0 E<%eriment 9, Ena!lin' 7*A2 %ersonal mode,
'n this e#periment, ' have enabled 07A/ in personal mode As the above e#periment
results show the weakness of the 0E7 and 07AF7S*, the last e#periment was conducted
with 0A7/ personal mode Advanced 07A algorithm 1&*'7QAES3 was enabled with a
shared key &he figure below shows the setting on the access point
?;
Fi're 9$88, 7*A2 *ersonal settin's
0ireshark was able to capture the packets, but it was difficult to crack the shared keys
used for authentication and encryption
9$8 Alternati"e Methods,
9uestionnaire was used to connect the data As the ob-ective of this pro-ect is to build a
security framework, it is very essential to gather information from a large population
Conducting the interviews is an alternative method to gather information 4ut because of
time constrain and large population to interview, ' have chosen Auestionnaire 'n the
entire e#periments .inksys /= D+C with 56/11g technology wireless router was used as
the access point As an alternative there are also other routers such as 4elkin, 2etgear and
().ink routers which have 56/11g technology that can be used as an access point to
connect to the internet &he setting up of the routers is almost similar in all the above
mentioned routers 0ireshark is one of the widely available tools on the internet to
capture the packetsG easy usage and good interface made me use this tool $ther
alternative tools to capture the packets are *ismet, 0iCrawl, *arma, ,fasoft sniff,
FakeA7 and AirSnarf &ools that can be used for cracking are Air crack, Cowpatty and
0iFi &ap
?5
4ha%ter 0
*ro%osed
Secrit# Frame(or)
?@
0$/ *ro%osed Secrit# Frame(or),
From the data collected through the Auestionnaire, e#periments and knowledge gained by
doing this pro-ect, ' suggest a security framework for users implementing 0.A2, who
can follow these steps to make their network secure to a large e#tent &he framework is
based for the following usersE Deneral, 2ovice, and Advance and E#pert users
0$6 +asic Re&irements,
4efore the security framework is given out, ' would recommend the following devices
such as .aptopF(esktop, routers and miscellaneous devices that has to be looked in
before setting up a 0.A2
7urchase a laptop that has 0iFi card built into it &he network adapter should
have the 56/11bFg properties For a desktop have an Ethernet network card which
can have a local area connection 1wired3 with the router
0hile consider a wireless router, check the devices such as .aptopF(esktop at the
work and see the technology they support such as 56/11bFg Consider buying a
router with 56/11g technology as it widely available in the market and is
backward compatible with 56/11b devices
7urchase an internet connection that suits you needs depending on the number of
users who will be using the network &he bandwidth would be shared between the
users using the network connection
A general procedure to setup a wireless local area network is given below, which would
mainly useful for the general and novice users
1 !ake sure the internet connection is activate
/ ,se the computer that is directly connected to the modem that is provided by the
'nternet service provider 1'S73
: Connect the modem and the router with an Ethernet cable
= Connect the router and the computer by plugging in the Ethernet cable from the
routers numbered port to the back of the computer
> !ake sure the devices have power supply
? Check with the 'S7 to see if they are providing Static '7 address or (ynamic
address through 1(+C73 server
; 2ormally it is the dynamic address given by 'S7 use the default settings for
(+C7
5 7erform the wireless setup by configuring the wireless network mode, SS'( and
the channel the router will operate in
@ Setup the wireless security with the appropriate security mode and algorithms
used for authentication and encryption
&he setup procedures for various routers can be found atE
.inksysE httpEFFwwwlinksyscomF
4elkinE httpEFFbelkincomF
;6
0$6$6 :eneral Users,
't was observed that general users use the default setting in their network very often
&hey are basically home based users, who use their access point to connect to the
internet &hey do not have any knowledge of authentication and encryption process '
recommend not to use default setting every where when setting up the network ,sing
default will keep the network unsecured ,se password that are strong enough ie
combination of alphanumeric, do not use passwords from dictionaries, because this
would allow the attacker to perform a dictionary attack <un anti virus software, do not
open the attachments, from an unknown sender, this would enable port redirection attack
,sers can use 0E7F07A as their authentication process because it is a home based
network 'f you want to use more than one shared key, then use 0E7 or else 07A along
with AES will keep the network more secured 7hysical attacks can be easily made onto
the access point 1A73, place the A7 in a secured pace Security setting of the network can
be changed through administrative privileges, change the default user name and
password &o bandwidth allocated by the 'S7 well be shared with the users using the
network 4andwidth 1bFw3 allocation degrades as the number of user"s increases &o make
sure the bandwidth is not degradedG do not share the network password with outside
users And to make sure outside users does not use the network create strong passwords
and enable strong authentication techniAues
0$6$2 No"ice Users,
.ess information ' could gather about the novice user A beginner should atleast have
basic networking knowledge 'nformation gathered said they knew about the
authentication and encryption process, but had very less knowledge about the protocols
used for authentication and encryption 0hile setting up the network, do not use the
default settings provided by the manufacture &he user needs to read through the
installation guide and understand the best available settings that would make their
network secure &hese users are mainly home based users and university students, who
use the 0i)Fi networks at the university 0hen using the network, disable the file sharing
option and also disable the remote desktop connection option 4y doing this if there is
any unauthorised user using the network, the unauthorised user will not be able to harm
the files on the computer
0$6$8 Ad"anced Users,
>/P of users who answered the Auestionnaire were advanced users mainly students and
tutors &hey are pretty familiar with the security features in the network setup !ost of
them were still using 0E7 as their authentication protocol ' recommend not using 0E7
as it is vulnerable for attacks by an unauthorised user Enable !AC address filtering, so
which allows the specified !AC addresses to access the A7 0ireless SS'( broadcast can
be disabled, so that other users cannot see the access point, when searched for the
network As 0E7 is not recommended, use 0A7/ which is supposed to have advanced
authentication and encryption methods (o not think only about layer / security, think of
higher level of security (o not use the Auto settings for the authenticationG instead use
the shared key method for the authentication Enable firewall, use antivirus software, and
;1
avoid use of words from the dictionary for the passwords Set the beacon interval at a
value which allows the router to synchronise with wireless devices at a constant interval
0$6$9 E<%ert Users,
8ery familiar with all the security features, can use the 07A/ enterprise mode along with
AES for the authentication Authentication can be more secured by using the <A(',S
server 7lace the <A(',S server in a location that is not easily located by unauthorised
users because physical damage to the device would bring down the whole network A7
isolation can be used to create a separate virtual network for your wireless network
0hen this feature is enabled, each of your wireless clients will be in its own virtual
network and will not be able to communicate with each other &his setting may be
utiliCed if you have guests that freAuently use your wireless network Access restrictions
can be configured on the A7, by choosing the 'nternet access policy Choose the policy
name and enter the !AC address, '7 address of the 7C"s that are allowed access Services
such as &E.2E&, F&7 and 7'2D can be stopped which can reduce the man)in)the)middle
attacks can be mitigated Specified websites can be blocked by ,<. or keywords
;/
4ha%ter =
4onclsion
=$/ 4onclsions,
;:
=$6 4onclsion,
0ireless local area networks 1.A2s3 are becoming ubiAuitous and increasingly relied
upon 7rimarily because 56/11 0.A2 are easy to implement and use, they are
becoming pervasive in the network developments From the user perspective they work
and function similar to the wired .A2, but they involve lot more than that 0.A2 is a
range of technology and not singular implementation &hese ranges of technologies allow
0.A2 to operate in an environment that provides wide range of services and potential
implementations to operate in 4ut from the findings it is clear 'EEE 56/11 standard are
widely deployed in 0.A2 Continuous improvement and development of 'EEE 56/11
standards make the 0.A2 more reliable and secure &oday many vendors offer access
points that support these technologies and provide performance comparable to the wired
network !any people think 56/11 and 0i)Fi seems to be interchangeable, but this is not
true 0i)Fi is an industry)driven certificate for interoperability and is a subset of 56/11
(uring this pro-ect it have been found that wireless network are sub-ected to
threatsFattacks when using the air as medium and also incorporates the threats associated
with wired local area network 1.A23 &hreats can be classified as .ow, !edium and
+igh, but the impact of these threats depends on the attack the network is facing 0idely
deployed 'EEE 56/11b with 0E7 which are said to have enhanced security features like
authentication, confidentiality and integrity, posses many security threats &hrough the
help of the online survey 19uestionnaire3 it was helpful to understand and evaluate the
impact of these threats on the network 0hen e#periments were conducted with the data
gathered from the survey it was found that participant"s deployments of 0.A2 are not
secured enough <oshan and .eary 1/66>, p1:13 state four faces of wireless security asE
Authentication Algorithm, Authentication Framework, (ata privacy Algorithm and (ata
integrity algorithm A secure authentication is needed in 0.A2, this can happen by
shared or open key access 't is important to use an authentication process that is very
much advanced and prevent the attacker from getting an unauthorised access &he shared
key used in 0E7 was easily cracked by using the tools easily available on the internet
'mprovements have been made but not sure how secure the network will be
!any of them are still using 0E7 and the security key needed for authentication was
easily cracked while conducting the e#periments !ostly, Deneral users use default
setting on their access point to connect to the internet, this pose a very high security
threat Attacker can easily get into the network and perform unauthorised activities which
make the network unsecure Active and passive attacks such as (enial)of)Service 1(oS3,
port redirection and access attacks can be easily performed on the network 4uilding a
0.A2 is an easy process, but protecting it from unauthorised users play a vital part
Form the data gathered through Auestionnaire and e#periments, ' recommend a security
framework in Chapter > that can be implemented by the specified user and the network
they want to build

&o sum up, the ob-ectives set at the beginning of the pro-ect has been achieved by the
following processE
;=
;>
O!5ecti"es Methods Used
&o understand the currently available
0ireless .A2 standards
.iterature review
&o identify the key vulnerabilities and
flaws in wireless security
$nline 9uestionnaire and E#periments
&o investigate the current use of
security enabled standardsFprotocols
and their impact
.iterature review, 9uestionnaire and
E#periments
&o investigate the state)of)the)art
security solutions that will overcome
the limitations of security in wireless
local area network
E#periments
4ha%ter >
4ritical E"alation
;6 Critical EvaluationE
&he area of chosen field of study is vast and changing rapidly 't was immense pleasure to
work throughout the pro-ect ' have gained lot of knowledge through this dissertation 't
was an opportunity to e#plore different issues ins and outs of the chosen field
>$6 The Research A%%roach,
&he primary purpose of the research is to evaluate the effect of security threats on the
wireless local area network 4efore the start of the pro-ect, detail information about
0.A2 has been gathered and studied as the chosen area of research is enormous
8arious wireless standards given by 'EEE were studied as constant improvements have
being amended As security is the primary focus of this research, threats related to wire
network were also gathered 2umerous books were available in the library which was
very important for the literature review .itSearch played a vital part in the researchG
numerous articles were accessible through it 'EEE Oplore, AC! (igital library, Emerald
and E2Dnet4ASE are few of the databases to name which helped me in finding latest
articles and -ournals online free of cost
;?
;/ AchievementsE
' am very thankful to have a tutor who has an e#cellent and immense knowledge of the
field of research ,nder his guidance ' have gained plenty of knowledge which helped me
in my research <egular meetings and constant touch through emails made the discussion
more interesting and beneficial 'n order to collect the data from various people,
Auestionnaire was very helpful ' have used surveymoneycom to upload my
Auestionnaire For the e#periments ' have used .inksys router and .inu# platform as the
tool 0ireshark, 0E7RC<AC* and other tools were downloaded from the internet
&hese were interesting tools which help me conduct e#periments with various settings on
the router ' was able easily search for articles and -ournals through the various databases
>$8 Lessons Learnt,
!any lessons were learnt by doing this research &ime management is an critical factor
while writing the dissertation &he following are the lessons learnt from doing this
research
&o critically review the relevant literature
&o select, apply and evaluate the suitable methodology
Conduct a research program and discuss the outcome
(raw valid conclusions from the evidence gathered
>$9 *ro5ect Mana'ement,
*erCner 11@5@, p/3 state that a pro-ect can be considered as a series of activities and tasks
that have the followingE
+ave certain ob-ectives to be completed within certain specification
+ave start and end date
+ave sufficient resources
&he aim of this pro-ect is to study the impact of security threats in 0.A2 and to build a
security framework &o write a good thesis it is very much important to have support
from a tutor who has very good knowledge in the field of study +aving support from the
tutor would broaden the thinking and do an in)depth analysis and to come out with
findings that would support the pro-ect !anaging a pro-ect is very much important &he
pro-ect management pictorial is given by *erCner 11@5@, p>3 asE
;;
Fi're >$6, *ro5ect Mana'ement
't is important to manage all the three resources time, cost and performance while doing a
pro-ect ' have allocated enough time on finding the relevant literature before the start of
the pro-ect &ime is the ma-or concern while doing any work &here was very less time to
complete this pro-ect, but with the help and guidance of my tutor this pro-ect completion
was possible ' could utiliCe the resources available at the university library from books,
internet and -ournals Appendi# C shows the pro-ect management process that has been
used throughout the pro-ect
>$0 Ris) Assessment,
Every pro-ect involves risks associated with it <isk management deals with identifying
the risks their impact and risk mitigation techniAues during the course of the pro-ect
According to Cervone 1/66?3 the first step in risk assessment is identifying the risk <isk
identification looks at events within the pro-ect that will have a negative impact on the
pro-ect &hese risks likelihood is then identified 4efore the start and during the course of
the pro-ect ' have identified few risks and found solutions to control these risks
&o conduct the e#periments, data had to be collected from the Auestionnaire uploaded
onto the internet 't was not sure what percentage of the chosen population will answer
the Auestionnaire So in order to get enough information to conduct e#periments, ' have
prepared a Auestionnaire that was easy and interesting to answer As an alternative
;5
TIME 4OST
*ERFORMAN4E
RESOUR4E
S
method to conduct e#periments if response rate of Auestionnaire is low, ' have planned to
use data from previous research papers, -ournals and articles
&o conduct the e#periments different software tools were needed 'nstead of only relying
on 0indows O7 operating system, ' have used .inu# 4ack &rack bootable C( to conduct
the e#periments
&he time available for completing this pro-ect by deadline was another risk factor &o be
successful proper time management was followed and enough data was collected through
various resources 1tutor, library, articles, -ournals etc3
3$/ References and +i!lio'ra%h#,
A!A<A&,2DA, (ilanthi et al 1/66/3 9uantitative and Aualitative research in the built
environmentE application of mi#ed% research approach KonlineL Workstudy, >1113, 1;)
:1 Article from Emerald last accessed on // August /665 atE
httpEFFwwwemeraldinsightcom
4A.2A8ES, !ark and CA7,&', 7eter 1/6613 Introduction to Quantitatie !esearch
"ethods# An inestigatie approach .ondon, Sage
4'2D, 4enny 1/66/3 Wireless local area networks# $he new wireless reolution 2ew
Nork, 0iley)'nterScience
4<N!A2, Alan 1/6653 %ocial !esearch "ethods :
rd
ed, $#ford, $#ford 7ress
;@
4,.4,., +alil 'brahim, 4A&!AH, 'hsan and $HE., !esut 1/6653 0ireless network
securityE comparison of 0E7 10ired EAuivalent 7rivacy3 mechanism, 07A 10i)Fi
7rotected Access3 and <S2 1<obust Security 2etwork3 security protocols KonlineL In# e&
'orensics ()*# +roceedings of the ,st international conference on 'orensic applications
and techni-ues in telecommunications. information. and multimedia and workshop,
Adelaide, Australia, Banuary /665 4elgium, 'CS& 7aper from &he AC! (igital .ibrary
last accesses // August /665 atE
httpEFFportalacmorg

4,<2EN, AAil 1/6653 Inductie / 0eductie research approach KonlineL.ast accessed
/@ !ay /665 atE
httpEFFwwwdrburneynetF'2(,C&'8EP/6SP/6(E(,C&'8EP/6<ESEA<C+
P/6A77<$AC+P/66?6:/665pdf
CE<8$2E, +Frank 1/66?3 7ro-ect risk management KonlineL 12L2 %ystems /
%erices, //1=3, />?)/?/ Article from Emerald last accessed : August /665 atE
httpEFFwwwemeraldinsightcom
C+A2(<A, 7raphul, et al 1/6653 Wireless Networking $#ford, Elsevier
C.'2CN, 8 et al 1/66?3 A <eal)&ime study of 56/11b and 56/11g KonlineL %ystems
and networks communications, ?@)?@ Article from 'EEE Oplore last accessed 1@ August
/665 atE
httpEFFieee#ploreieeeorg
C.$,D+, 7eter and 2,&4<$02, Cathy 1/66/3 A student3s guide to methodology
.ondon, Sage
C$+E2, .ouis, !A2'$2, .awrence and !$<<'S$2, *eith 1/661)4 !esearch methods
in education4 >th ed, .ondon, <outledgeFalmer
C$.E, Eric et al 1/6653 Network %ecurity 'undamentals ,SA, 0iley
C,<<A2, *evin and S!N&+, Elaine 1/66>3 E#posing the wired eAuivalent privacy
protocol weaknesses in wireless networks KonlineL 1 1:3, >@)5: Article from 'EEE
Oplore .ast accessed on /6 !ay /665 atE
httpEFFieee#ploreieeeorgFOploreFguesthome-sp
(<E0, Sue and 4'2D+A!, <osie 11@@;3 $he student skills guide +ampshire,
England, Dower
EA<.E, Aaron E 1/66?3 Chapter 1/ 0ireless .A2 Security KonlineL In# Wireless
%ecurity 5and6ook4 7%A. $aylor / 'rancis 8roup, 151)//? 4ook from E2Dnet4ASE
last accessed /1 August /665 atE
httpEFFwwwengnetbasecom
56
D'.., <upinder, S!'&+, Bason and C.A<*, Andrew 1/66?3 E#periences in passively
detecting session hi-acking attacks in 'EEE 56/11 networks KonlineL A2%W 'roniters
3)9# +roceedings of the :))9 Australasian workshop on 8rid computing and e&search,
>= Article from AC! (igital .ibrary, last accessed /1 August /665 atE
httpEFFportalacmorg
D<EE2, +eather et al 1/66:3 Wi&'i means ;usiness KonlineL Article from 4usiness
0eek, last accessed on /: !ay /665 atE
httpEFFwwwbusinessweekcomFmagaCineFcontentF6:R1;Fb:5:6?61htmTchanUsearch
D<'!S+A0, 4ob 1/6613 Ethical issues and agendas KonlineL !esearch paper from
emerald 1@11F/3 .ast accessed /> !ay /665 atE
httpEFFwwwemeraldinsightcom
+E.(, Dilbert 1/66:3 %ecuring Wireless LANs# A practical guide for network managers.
LAN Administrators. and the 5ome office user KonlineL England, Bohn 0iley and sons
ltd 4ook from 2et.ibrary last accessed 15 August /665 atE
httpEFFnetlibrarycomF
+E0S$2, Claire et al 1/6613 Internet !esearch "ethods# A practical guide for the
social and 6ehaioural sciences4 KonlineL Sage 7ublications .td 4ook from Ebook
library last accessed /: August /665 atE
httpEFFwwwshueblibcomFE4.0ebFpatronF
+,A2D, .ifei and .A', &en)+wang 1/66/3 $n the scalability of 'EEE 56/11 ad hoc
networks4 <online=4 "o6i5oc 3):# +roceedings of the >
rd
A2" international symposium
on "o6ile ad hoc networking / computing .ast accessed 1; August /665 atE
httpEFFportalacmorg
+N(E, *enneth F 1/6663 <ecognising deductive processes in Aualitative research
Konline=4 Qualitatie "arket !esearch# An International ?ournal, :1/3, 5/)/@ Article
from Emerald last accessed on // August /665 atE
httpEFFwwwemeraldinsightcom
.EE, Bu)A et al 1/66?3 A secure wireless .A2 access techniAue for home networks
KonlineL In# @ehicular $echnology conference. :))9. @$2 :))9&spring. IAAA 9>rd,
!elbourne, 8ic, !ay ;)16 /66? !elbourne, 515)5// 7aper from 'EEE Oplore, last
accessed :1 August /665 atE
httpEFFieee#ploreieeeorg
7A<*, Boon S and ('C$', (errick 1/66:3 0.A2 SecurityE Current and Future
KonlineL Internet 2omputing. IAAA, ;1>3, ?6)?> 7aper from 'EEE Oplore last accessed
:1 August /665 atE httpEFFieee#ploreieeeorg
51
7A&&$!, !9 11@@63 Qualitatie ealuation and research methods /nd ed, .ondon,
Sage 7ublication
7<AS'&+SA2DA<EE, 7 and *<'S+2A!,<&N, 7 1/66=3 A new authentication
mechanism for loosely coupled :D)0.A2 integrated networks KonlineL 8ehicular
technology conference, 8&C, !ay 1;)1@ /66= 7ittsburgh, ,SA, /@@5):66: 7aper from
'EEE Oplore, last accessed 1; August /665 atE
httpEFFieee#ploreieeeorgF
.A,, Feli# et al 1/6663 0istri6uted denial of serice attacks KonlineL 'nE Systems,
!an, and Cybernetics, /666 'EEE 'nternational Conference on, 2ashville, &2, $ctober
5)11 /666 2ashville, 'EEE, //;:)//56 7aper from 'EEE Oplore, last accessed /1
August /665 atE
httpEFFieee#ploreieeeorgF
'.NAS, !ohammad and A+S$2, Syed 1/66>3 +andbook of 0ireless .ocal Area
2etworks KonlineL ,@ %ecurity , 4ook from E2Dnet4ASE last accessed /6 !ay /665
atE httpEFFwwwengnetbasecomF

B'A2D, Ni#in et al 1/6653 A mutual authentication and privacy mechanism for 0.A2
security KonlineL Wireless communication and mo6ile computing, 5113, 161)11/ Article
from 'nterScience last accessed /6 August /665 atE
httpEFFwww:intersciencewileycom
*A<ND'A22'S, &om and $0E2S, .es 1/66/3 Wireless Network %ecurity KonlineL
.ast accessed :6 !ay /665 atE
httpEFFscholargooglecoukFscholarTAU0irelessQ2etworkQSecurityShlUenSlr
*E<H2E<, +arold 11@5@3 7ro-ect "anagement# a systems approach to planning.
scheduling and controlling:rd ed, 2ew Nork, 8an 2ostrand <einhold
*<'S+2A2, S77, 8EE<A8A.', 4haradwa- and 0$2D, .awrence 0C 1/66>3
Encyclopedia of 0ireless and mobile communications KonlineL In# wireless LANs
(WLANs)# %ecurity and +riacy 4ook from E2Dnet4ASE last accessed /6 !ay /665 atE
httpEFFwwwengnetbasecomF
.', Biang and DA<,4A, !oses 1/6653 Encryption as an Effective &ool in <educing
0ireless .A2 8ulnerabilities KonlineL In# Information $echnology# New 8enerations.
:))*4 I$N8 :))*4 'ifth International 2onference on. .as 8egas, 28, ,SA, April ;)@
/665 .as 8egas, 'EEE Opolre, >>;)>?/ 7aper from 'EEE Oplore, last accessed /1
August /665 atE
httpEFFieee#ploreieeeorgF
!C2A4, Chris 1/66;3 Network %ecurity Assessment /nd ed, ,SA, $ <E'..N
5/
!'&C+E.., 4radley 1/6663 KonlineL *):4,,a .ast accessed on 1@ August /665 atE
httpEFFcompnetworkingaboutcomFcsFwireless56/11FgFbldefR56/11ahtm
2'C+$.S, <andall * and .E**AS, 7anos C 1/66/3 Wireless %ecurity# "odels.
threats and solutions ,SA, !cDraw)+ill
2$$2A2, 0es and (,4<A0S*N, 'do 1/66?3 'irewall 'undamentals# An
introduction to network and computr firewall security ,SA, Cisco 7ress
2$<&$2, 7eter and S&$C*!A2, !ike 1/6663 Network security fundamentals ,SA,
Sams
*,!A<, <an-it 1/66>3 !esearch methodology# A step&6y&step guide for 6eginners /nd
ed, .ondon, Sage

<$S+A2, 7e-man and .EA<N, Bonathan 1/66>3 *):4,, Wireless LAN fundamentals# A
pratical guide to understanding. designing. and operating *):4,, WLANs 'ndianapolis,
,SA, Cisco 7ress
SC+!$NE<, &imothy, .'!, Nu Oi and $0E2, +enry . 1/66=3 0ireless intrusion
detection and responseE a classic study using man)in)the)middle attack KonlineL Wireless
communication and networking conference, /, 55:)555 Article from 'EEE Oplore last
accessed /1 August /665 atE
httpEFFieee#ploreieeeorgF
S.AC*, Frances 1/6653 7sing the Literature KlectureL +eld on /@ April, @E66am,
Stoddard building, Sheffield +allam ,niversity
S7A2S, *aren ! and *$8ACS, Dyongyi 1/66?3 A content analysis of research
approaches in logistics research KonlineL International Bournal of +hysical 0istri6ution
/ Logistics "anagement, :?1>3, :;=):@6 Article from Emerald, last accessed on //
August /665 atE
httpEFFwwwemeraldinsightcom
S&,44.EF'E.(, Adam, '$A22'(', Bohn and <,4'2, Aviel ( 1/66=3 Akey recovery
attack on the 56/11b 0ired EAuivalent 7rivacy 7rotocol 10E73 KonlineL A2"
transactions on information and system security ($I%%A2), ;1/3, :1@)::/ Article from
&he AC! (igital .ibrary, last accessed /1 August /665 atE
httpEFFportalacmorg
&anCella, Fred 1/66/3 Wireless LAN security C 5ow to protect WLAN% KonlineL .ast
accessed /6 August atE
5:
httpEFFwwwairdefensenetFwirelesslansecurityFwlanRsecurityRwhitepaperhtml
8AC+$2, 4ob and D<AH'A2', <ick 1/6653 Accessing the WAN# 22NA ADploration
companion guide 'ndianapolis, ,SA, Cisco 7ress
8'4+,&', Shivaputrappa 1/66>3 IAAA *):4,, WA+ (Wired A-uialent +riacy)
concepts and @ulnera6ility KonlineL .ast accessed on :6 !ay /665 atE
httpEFFwwwcss-sueduF
0A.*E, 4ernhard +, !A2D$.(, Stefan and 4E<.E!A22, .ars 1/66?3 IAAA *):
Wireless %ystems# +rotocols. "ulti&hop "eshE!elaying. +erformance and spectrum
2oeDistence 0est Susse#, England, 0iley
0E2'D, <aymond 7 11@@?3 Wireless LANs ,nited *ingdom, Academic 7ress .imited
0'2DE&, 2ancy Cam et al 1/66:3 Security flaws in 56/11 data link protocols
KonlineL Wireless networking security, =?1>3, :>):@ Article from &he AC! (igital
.ibrary last accessed /1 August /665 atE
httpEFFportalacmorg
0'E<S!A, 0illiam and B,<S, Stephen D 1/66>3 !esearch "ethods in Aducation 5th
ed, ,SA, 7earson
5=
A%%endices
A%%endi< A,
Research %ro%osal,
SHEFFIELD HALLAM UNIVERSITY
Faculty of Arts, Computing, Engineering and Sciences
5>
Dissertation *ro%osal

Identifying and analyzing the impact of security threats in
Wireless Local Area Network
Modle Ttor S!mitted +#
Dr Frances Slac) Ra)esh Narla
Matthe( Ho(e MSc Net(or)in' *rofessional
Research *rinci%les and *ractice Date, 8/-/0-2//3
Inde<
1 'ntroduction IIIIIIIIIIIIIIIIIIIII III:
/ <esearch 9uestion IIIIIIIIIIIIIIIIIIIIII :
: .iterature <eview IIIIIIIIIIIIIIIIIIIIII =
= <esearch !ethods IIIIIIIIIIIIIIIIIIIIII;
> Ethical 'ssues and 7otential $utcomesIIIIIIIIIIIII16
5?
? <eferences and bibliography IIIIIIIIIIIIIIIIII11
6$ Introdction,
&he research provides a brief study of security threats in 0ireless .ocal Area 2etwork
10.A2s3 and analyCing their impact on the network Also, this research aims to provide
a security solution frame work that can be used by an organiCation or educational
intuitional or any user who wants to setup a 0.A2s &here are several researches done
in this area, but my research aims to analyCe the impact of each identified threat and
provide a countermeasure thus, provide a secured network
+ac)'rond Std#,
0ireless .ocal Area 2etwork is constructed to e#tend .A2s and share some of the
properties of wired network 't was first released in 1@@; of the 56/11 standard
*rishnan, 8eeravalli and 0ong 1/66>3 believe as 0.A2 being a counterpart of wired
network, pose several challenges related to security when two devices are communicating
on 0.A2% 0.A2 security is at link level 56/11 introduced 0ired EAuivalent
7rotocol 10E73 to provide security similar to wired network 4ut 0E7 fails to deploy all
5;
the security goals &his research tends to identity the flaws that make the 0.A2
insecure
2$ Research ;estion, 'n order to identify and analyCe the security threats in
0ireless .ocal Area 2etwork, my research will be based on the AuestionE &o what
e#tent the threats identified in the 0ireless .ocal Area 2etwork 10.A2s3 can have an
impact on the network
Aim, &he aim of this research is to identify the security threats in 0.A2s, analyCe them
and provide the countermeasures that would strengthen the security in 0ireless .ocal
Area 2etworks 10.A2s3
O!5ecti"es, 'n order to achieve my aim of this research the following ob-ectives are
detailed as followE

&o understand the currently available 0ireless .A2 standards
&o identify the key vulnerabilities and flaws in wireless security
&o investigate the current use of security enabled standardsFprotocols and their
impact
&o investigate the state)of)the)art security solutions that will overcome the
limitations of security in wireless local area network
8$ Literatre Re"ie(,
0ireless communications provide users and organiCations a wide range of benefits such
as portability, fle#ibility and lower installation costs 0.A2 does not use wires when
compared to .A2, and uses air interface as a medium for communication 0ireless
clients can access the network through the access points 1A73 $rganiCations use 'EEE
56/11 standards to deploy the wireless infrastructures &hese standards make the
0ireless networks provide the user to communicate with the network without using any
physical medium 4edell 1/661, p:1=3 states 0hile this wireless data technology allow
supreme amount of mobility, it comes at a costE lower data rates% &he author states at a
costE lower data rates% because the data rate when compared to wired network 1.A23 is
very slow, but the cost of installation is less e#pensive as no wires are reAuired +owever,
risks are intrinsic in 0.A2s, *arygiannis and $wens 1/66/3 believes the primary source
of risk in wireless networks is the technology"s underlying communication medium as
airwave is open to intruders which aid to less secure network
55
:oals of Secrit#,
&his topic discusses the security features that were defined by 'EEE for 0.A2S to
operate in a secured operating environment 'n order to address the security issues in
0.A2, 'EEE 56/11 has introduced standard 0ired EAuivalent 7rivacy 10E73 that
provides a security mechanism to secure the network from intruders &he primary
purpose of introducing 0E7 was to provide confidentiality, integrity and access control
AthenticationE in computer security, authentication is the process of
attempting to verify the identity of the sender of a communication such as a
reAuest to log in 'EEE 56/11 defines two types of authenticationE open
system authentication and shared key authentication $pen system
authentication is the default authentication process but, the problem with this
process is it a null authentication process 'n the shared key authentication
0E7 key is used for authentication process 4ut 8ibhuti 1/66>3 in her
findings states that in 0E7, there is no secret key e#changed after the
authentication this means, there is no way to tell whether the subseAuent
communication is happening with the authenticated devices Also Chandra
1/6653 states another issue with 56/11 authentications 't is a one way
authentication%, this means there is no provision for the work station to
authenticate the access point !y research will -ustify whether the protocols
used for authentication is acceptable or not
3/2$66 Athentication
No identit# Verification Verification !# 7E* )e#
?Non-cr#%to'ra%hic3 ?4r#%to'ra%hic@
5@
Shared .e# Athentication O%en S#stem Athentication

4onfidentialit#E 't is important to keep the data confidential while
communicating with other devices Confidential data is transferred by
applying encryption methods on the data 't ensures that certain information is
never divulged to unauthoriCed entities (ata is encrypted at the sender end
and decrypted at the receiver end 0E7 uses pre establishedFshared set of keys
and <C= symmetric key is used by 0E7 to encrypt the data <C= uses the
shared key to generate a stream of pseudo)random bytes eAual in length to the
target te#t *rishnan, 8eeravalli and 0ong 1/6653 in their findings states that
0A7 implementation of <C= is flawed in several ways, which makes the
algorithm to be attacked and reveal the shared key Also the C<C checksum
used by 0E7 for integrity is insecure and modifications of intercepted packets
are not prevented
Inte'rit#, 't signifies that there is no unauthoriCed modification of the
resources 4asically it assures that during transmission the message is not
modified 56/11 uses 'ntegrity Check 8alue 1'C83 field in the packet and
when the packet is transmitted, at the receiver end !essage 'ntegrity Check
1!'C3 is performed on the packet 'f both the values match it indicates
message is not modified, else detect modification Chandra 1/665, p:;>3 take
a different view, the message integrity mechanism used in 56/11 uses a linear
integrity check algorithm 1C<C:/3 and 'C8 does not protect all the
information from modification
&here are some security flaws in the 0E7 making it unusable for high security
applications &he key security threats in wireless network are detailed below
Secrit# Threats in 7ireless Net(or)s,
&he speed of using 0ireless .A2 for private communications is rapidly increasing
0.A2s security issues are no different form wired .A2, but there are some distinctive
issues when concerned to 0.A2s An investigation by Dreen et al 1/66:3 identified a
number of challenges faced by 0.A2 technologyG these include unclear standards,
spotty security, limited range, hidden costs and lack of interoperability $ne of the most
cited problems with 0.A2 is security &here are various attacks that can be performed
against the 0.A2 Curran and Smyth 1/66>3 states that wireless attacks can be
classified in two general attacksE passive and active attacks%
Attac)s
@6
*assi"e Attac)s Acti"e Attac)s
*assi"e Attac)s, in this type of attack, changes do not occur on the system, the primary
purpose of the attack is to e#amine and record the data 'lyas and Ahson 1/66=3 state that
attacker need not be part of the network to listen the communication &herefore this type
of attack of the communication can be seen and recorded, the confidentiality can be
compromised
Acti"e Attac)s, Active attacks involve altering or destroying transmission data, or
creating fraudulent packets &here are many types of active attacks that can be launched
against 56/11 wireless networks and this can impact on authentication, encryption and
integrity &here are several active attacks that be performed and these are listed below
1 Attacks against the 0E7
'8 <euse 7roblem
'ntegrity check value insecurity
*ey management
0eakness in <C= key)scheduling algorithm
/ !an)in)!iddle Attack
: Session +i-acking
@1
Ea"esdro%%in'
Traffic
Anal#sis
Mas&erade Denial-of
ser"ice
Messa'e
Modification
Re%la#
= !AC Address Spoofing
> Bamming
&herefore, this research will be concentrated on the above listed attacks and analyCing
their impact on the network 'n addition to this, my research aims to investigate the
state)of)art solution for 0.A2s and protect them against the security threats
9$ Research MethodsB Tools and Techni&es,
&his following section will outline the approach ' will be using in order to answer my
research Auestion According to Slack 1/6653 in her lecture discussed the two research
method (eductive and 'nductive 'nductive approach deals with collection of data,
analyCing this data and a theory is generated 'n case of (eductive approach the research
starts with theory and set out research AuestionFhypothesis (ata is collected and tested to
test the theory ' will be using the (eductive approach for my research because this
approach works from more general to more specific 'n my research the wireless .A2 is
the more general theory and identifying security threats and analyCing them is more
specific 4urney 1/6653 refers deductive approach as 0aterfall model
@/
Theor#
H#%othesis
O!ser"ation
?Data 4ollection@
4onfirmation
?Anal#sis@
'n the following section ' will be matching the above approach to the ob-ectives set to
accomplish this research
1 !y research begins with understanding the current 0ireless .A2 standards given
out by 'EEE 4y reviewing the relevant literature and understanding these
standards, makes this ob-ective of understanding the current standards will be
accomplished 't is Auite important to gain sufficient knowledge because this is
the ground work for the research
/ 'n order to fulfill my second ob-ective ' will be collecting the data to identify the
vulnerabilities and flaws in wireless security .A2 &o accomplish this ' will be
using Aualitative methods Smith 11@@1, p;13 stats that MAualitative methods is in)
depth interviewing, observations and diary methods" Even though it is a time
consuming process ' strongly believe interviewing is often claimed to be the best
method to collect Auality data As the interviews are aimed to target professional
in the field, ' e#pect to gather information that is valid and up to date data &he
interview is set to follow positivistic approach which means a fairly standardiCed
Auestions whist offering some fle#ibility ' also plan to use audio tape during the
interview, so that it gives an unbiased record of the responses Apart from the
interviews, ' will also prepare a Auestionnaire and upload on to the internet where
the responses collected can be used to analyCe the data
: &o understand the standards and protocols currently used in 0.A2s it is
necessary to review the relevant literature A broad research will be e#ecuted by
searching the relevant topic in the books, internet and research papers to find out
the weakness in them which make the network insecure &he flaws in the
protocols can be verified by using the 7ythagor simulator 1/ &his simulator is an
advanced 0.A2 simulator for the 'EEE 56/11 protocol and all its physical layer
e#tensions 'EEE 56/11a, 'EEE 56/11b and 'EEE 56/11g are supported '
believe this simulation software will provide me accurate information because the
simulator can be used to evaluate the performance of the network $wn protocols
can be implemented because if the $pen Source Code &his would help he
evaluate the impact of these protocols on the network
= ,pon using the simulator the results observed can be used to build a secured
0ireless .A2 4ut ' will not completely rely on the observations taken from the
simulator, because there are several features are not present in this software 't is
not true to base my assumptions by observing the results in the simulator As an
alternative approach ' will use the interview and Auestionnaire posted on the
internet ' will analyCe all the three results ie from simulator, interview and
Auestionnaire and base my assumptions that will provide a secured 0.A2
&he ob-ectives and methods that will be used are mapped in the table below
@:

O!5ecti"es Methods
&o understand the currently available
0ireless .A2 standards
.iterature review
&o identify the key vulnerabilities and
flaws in wireless security
'nterview
&o investigate the current use of security
enabled standardsFprotocols and their
impact
.iterature review and use simulator to
analyCe the data
&o investigate the state)of)the)art
security solutions that will overcome the
limitations of security in wireless local
area network
Survey posted on internet and 'nterviews
Sam%lin' Methods,
For a research it is not possible to survey the whole population &here are several
constrains to sample whole sample Slack 1/6653 considers budget, time and widespread
population as constrains that need to be considered while choosing a sampling method
Sampling is divided into two sub categories 7robability sampling where we know the siCe
of the population and 2on)7robability sampling where the siCe of the population is not
known ' will be using both sampling methods because, in survey 1Auestionnaire on
internet3 data will be collected from large population, but in case of 'nterviews it is a
probability sampling as we know the number of people we are going to interview
Choosing a correct sampling method is very important because there will be assumptions
and conclusions made from these observations
!y research is based on interviews and we can"t predict what results ' will get from the
interview, this relate to 7urposive Sampling Clough and 2utbrown 1/66/, p1613 in her
study stated that 1Fontana and Frey3 thinks, asking Auestions and getting answers is much
harder task than it may seem at first &he spoken or written words have always a residue
of ambiguity, no matter how careful we report or code the answers Net interviewing is a
powerful ways in which we can try to understand other person !y interview structure
will set out an agenda to listen to the interviewee"s idea on the issue and topic ' will be
using my laptop during the interview and a recording device to record the conversation
&aking budget constraints it won"t cost me much asG ' would use interview"s,
Auestionnaire and simulation software to collect the data Simulation software is free for
download and ' -ust need to bare my travel e#penses to go to the interviewee 'n case if it
is not possible to have an interview, ' will be sending an E)mail with the Auestions to the
interviewee and e#pect the reply
@=
' will use the data collected to categoriCe the impact this flaws have on the network as
low, medium and high ' will be using my laptop and use bar, pie and line graphs to show
the impact Snap shots from the simulation software will be used to present the data
0$ Ethical Isses and *otential Otcomes
Drimshaw 1/6613 states that MEthics is the philosophical study of the moral value of
human conduct and the rules that govern it" Each stage of the research process involves
ethical considerations As my research deals with 'EEE standards ' need to follow certain
procedures while collecting the data As my research method is to conduct interviews and
to collect the data, ' am not completely sure that the interviewee will be able to answer all
security related Aueries, because interviewee may follow ethics related to the organiCation
heFshe works $ther problem with interview method is, it may be time consuming
method, because the interviewee will not be available at all time (ata collected form the
Auestioner that was uploaded onto the internet may show diverse results 0hen providing
the conclusion ' have to consider all the 'EEE standards related to my research and see
that they are up to date and meet all the standards
*otential otcomes,
4y performing this research ' will learn information that will help me building a frame
work that can be considered by organiCation and users while building a 0ireless .A2
network Dathering information from people will have an incredible impact on my study
area as ' will interview professionals and learn a lot of latest and upcoming technology
&he gathered data would help in developing a framework and allow others to check how
secured their network is
Ttor, Dr$ Samir Al-.ha#att ?Dissertation@
References and +i!lio'ra%h#
4E(E.., 7aul 1/6613 0ireless crash course 2ew Nork, !cDraw)+ill
4+ADNA&', S,!!E<S, 0ayne s and (EB$'E, Anthony 1/66=3 'nformation security
curriculum development KonlineL 7roceedings of 1st annual conference on information
security curriculum development 7 5/)5; Article from AC! (igital .ibrary last
accessed /5 !ay /665 atE httpEFFportalacmorgFportalcfm
4,<2EN, AAil 1/6653 'nductive S (eductive research approach KonlineL .ast accessed
/@ !ay /665 atE httpEFFwwwdrburneynetF'2(,C&'8EP/6SP/6(E(,C&'8E
P/6<ESEA<C+P/6A77<$AC+P/66?6:/665pdf
C+A2(<A, 7raphul, et al 1/6653 0ireless 2etworking $#ford, Elsevier
@>
C.$,D+, 7eter and 2,&4<$02, Cathy 1/66/3 A student"s guide to !ethodology
Dreat 4ritain, Sage
C,<<A2, *evin and S!N&+, Elaine 1/66>3 E#posing the wired eAuivalent privacy
protocol weaknesses in wireless networks KonlineL 1 1:3, >@)5: Article from 'EEE
Oplore .ast accessed on /6 !ay /665 atE
httpEFFieee#ploreieeeorgFOploreFguesthome-sp
D<EE2, +eather et al 1/66:3 0i)Fi means 4usiness KonlineL Article from 4usiness
0eek, last accessed on /: !ay /665 atE
httpEFFwwwbusinessweekcomFmagaCineFcontentF6:R1;Fb:5:6?61htmTchanUsearch
EAS&E<4N)S!'&+, !ark and &+$<7E, <ichard and .$0E, Andy 11@@13
!anagement <esearchE An 'ntroduction .ondon, Sage
D<'!S+A0, 4ob 1/6613 Ethical issues and agendas KonlineL <esearch paper from
emerald 1@11F/3 .ast accessed /> !ay /665 atE httpEFFwwwemeraldinsightcom
'.NAS, !ohammad and A+S$2, Syed 1/66>3 +andbook of 0ireless .ocal Area
2etworks KonlineL 18 Security 1 4ook from E2Dnet4ASE last accessed /6 !ay /665
atE httpEFFwwwengnetbasecomF
BA<'0A.A, Shefali 1/66=3 Enhancing 0ireless Security with 07A KonlineL <eport
from SBS, department of Computer Science .ast accessed on /> !ay /665 atE
httpEFFwwwcss-sueduF
*<'S+2A2, S77, 8EE<A8A.', 4haradwa- and 0$2D, .awrence 0C 1/66>3
Encyclopedia of 0ireless and mobile communications KonlineL 'nE wireless .A2s
10.A2s3E Security and 7rivacy 4ook from E2Dnet4ASE last accessed /6 !ay /665
atE httpEFFwwwengnetbasecomF
*A<ND'A22'S, &om and $0E2S, .es 1/66/3 0ireless 2etwork Security KonlineL
.ast accessed on :6 !ay /665 atE httpEFFscholargooglecoukFscholarT
AU0irelessQ2etworkQSecurityShlUenSlrU
!ABS&$<, Fran-o 1/66:3 0.A2 security threats S solutions KonlineL .ocal computer
networks 7?>6 Article from 'EEE Oplore .ast accessed on /6 !ay /665 atE
httpEFFieee#ploreieeeorgFOploreFguesthome-sp
!A<&'*A'2E2, $lli E 1/66?3 Complementarities creating substitutes) possible paths
towards :D, 0.A2F0'!AO and ad hoc networks KonlineL 5 1=3, /1):/ Article from
Emerald last accessed on :6 !ay /665 atE httpEFFwwwemeraldinsightcom
@?
S+,2!A2, 0ang et al 1/66:3 0.A2 and its security problems KonlineL 7arallel and
distributed computing, applications and technology 7/=1)/== last accessed on 1> !ay
/665 atE httpEFFieee#ploreieeeorgFOploreFguesthome-sp
S.AC*, Frances 1/6653 ,sing the .iterature KlectureL +eld on /@ April, @E66am,
Stoddard building, Sheffield +allam ,niversity

&AFAH$..', <ahim 1/66>3 &echnologies for the 0ireless Future 0est Susse#, 0iley
8'4+,&', Shivaputrappa 1/66>3 'EEE 56/11 0E7 10ired EAuivalent 7rivacy3
concepts and 8ulnerability KonlineL .ast accessed on :6 !ay /665 atE
httpEFFwwwcss-sueduF
0E.C+, Colonel (onald B and .A&+<$7, !a-or Scott 1/66:3 A surey of *):4,,a
wireless security threats and security mechanisms KonlineL .ast assessed on /= !ay
/665 atE httpEFFwwwitsecgovcnFwebportalFdownloadF;>pdf
Ttor, Dr$ Samir Al-.ha#att ?Dissertation@
A%%endi< +, ;estionnaire
+i, thank you for accepting my invitation to complete the survey on 0ireless .A2
10.A23
&he primary purpose of this survey is to help me to complete my (issertation which is a
part of !asters 7rogramme in 2etworking 7rofessional at Sheffield +allam ,niversity
1,*3 !y dissertation aims in building a Security framework for 0.A2
Nour participation in this study is entirely voluntary All your answers will be treated with
complete confidentiality and information will be kept and reported anonymously
@;
&he survey shouldn"t take more than > minutes to complete &o continue press 2e#t%
below 0ithin the survey press 2e#t% after you have completed a page and (one% at
the bottom of the final one
!any thanks for your participation

*ind regards,
<akesh 2arla
<akesh2arlaVstudentshuacuk
9uestion 1E Dender
!ale
Female
9uestion /E Age
4elow /6
/1):6
:1)=6
Above =6
9uestion :E &ype of user
Deneral
2ovice
Advanced
E#pert
9uestion =E 0hat is the type of connection you use to connect to the internetT
0ireless
0ired and wireless 14oth3
9uestion >E 0hich of the following technology you currently use
0i)Fi
0i!a#
$ther 1EgE Cellular3
9uestion ?E <ank the following features associated with 0ireless router from the highest
preference to the lowest 1Scale 1)163E
.ow cost
Coverage
<eliability
@5
7erformance
!obility
Security
Fle#ibility
Ease of use
$ther 17lease Specify3
9uestion ;E 0hat wireless standards are currently in use in your networkT
'EEE 56/11a
'EEE 56/11b
'EEE 56/11g
(on"t know
$ther 17lease Specify3
9uestion 5E Are you aware of security threatsFattacks affecting your networkT
Nes
2o
9uestion @E 7lease select the threatsFattacks you are aware from the following
Attac) A(are Not A(are
Access Attacks
7assword Attacks
7ort <edirection
!an)in)the)!iddle 1!'&!3
(enial of service 1(oS3
0orms
&ro-an +orse Attacks
$ther 17lease Specify3
9uestion 16E 0ould you classify threat as
Attac) Lo( Medim Hi'h
Access Attacks
7assword Attacks
7ort <edirection
!an)in)the)!iddle
1!'&!3
(enial of service 1(oS3
0orms
&ro-an +orse Attacks
@@
9uestion 11E Are you aware of any counter measure to the threatsT
9uestion 1/E Are you aware of authenticating process while using your wireless networkT
Nes
2o
9uestion 1:E 0hat is the authentication protocol used in your networkT
EA7
0E7
07A
(efault Settings
$ther 17lease Specify3
9uestion 1=E 's the data encryption option enabled on your networkT
Nes
2o
9uestion 1>E 0hat is the (ata encryption method usedT
07A
0E7
(on"t know
$ther 17lease Specify3
9uestion1?E Are you currently using :D services in your mobile provided by tour service
providerT
Nes
2o
9uestion 1;E 0hat do you feel if services 1/DF:D3 and wireless 1eg 0iFi3 are merged
together in futureT
166
9uestion 15E 'n your opinion how would you improve the security in your networkT
7lease use the space below to add your comments
&he original Auestionnaire was uploaded onE
httpEFFwwwsurveymonkeycomFsasp#TsmU!0h#!:w41ddts2.&2C$,2AR:dR:d
A%%endi< 4, *ro5ect Mana'ement
161
A%%endi< D, A!!re"iations
AAA Authentication, AuthoriCation, Accounting
16/
AC+ Access Channel
AC* Acknowledgment
A7 Access 7oint
AS Authentication Server
4S 4ase Station
4SS 4ase Service Station
40 4andwidth
C(!A Code (ivision !ultiple Access
C'( Connection 'dentifier
(A (estination Address
(+C7 (ynamic +ost Configuration 7rotocol
(S (istributed System
(SSS (irect SeAuence Spread Spectrum
F(! FreAuency (ivision !ultiple#
F,& Fi#ed ,ser &erminal
+CS +eader Check SeAuence
'EEE 'nstitute of Electrical and Electronics Engineers
'7 'nternet 7rotocol
'< 'nfrared
.A2 .ocal Area 2etwork
!AC !edium Access Control
!'!$ !ultiple 'nput !ultiple $utput
$F(! $rthogonal FreAuency (ivision !ultiple#ing
$S' $pen System 'nterconnect
7C 7ersonal Computer
7+N 7hysical .ayer
777 7oint)to)7oint 7rotocol
9oS 9uality of Service
<F <adio FreAuency
SA Source Address
S$+$ Small $ffices and +ome $ffices
S&A 56/11 Station
0A< 0ireless Authentication 7rotocol
0iFi 0ireless Fidelity
0i!a# 0orldwide interoperability for !icrowave Access
0.A2 0ireless .ocal Area 2etwork
02D 0ireless 2e#t Deneration
0< 0ireless <outer
16: