A Technical Seminar Report On

WI-FI
Submitted to Jawaharlal Nehru Technological University for the partial Fulfillment of the Requirement for the Award of the Degree of Bachelor of Technology In Computer Science & Engineering By RAKESH KUMAR. N (07D01A0591)

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING ST.MARYS COLLEGE OF ENGINEERING AND TECHNOLOGY DESHMUKI Approved by A.I.C.T.E Affiliated to JNTU, HYDERABAD 2007-2011

INDEX
1. Introduction..........1

2. Importance of Wi-Fi...3

3. Dependability ......4

4. Vulnerabilities at the physical layer.........12

5. Vulnerabilities at the Mac layer..15

6. Future....20
7. Conclusion....22

8. References.....23

1. INTRODUCTION
Wi-Fi short for wireless fidelityis the commercial name for the 802.11 products that have flooded the corporate wireless local area network (WLAN) market and are becoming rapidly ingrained in our daily lives via public hotspots and digital home networks. It is a trademark of the Wi-Fi Alliance, founded in 1999 as Wireless Ethernet Compatibility Alliance (WECA), comprising more than 300 companies, whose products are certified by the Wi-Fi Alliance, based on the IEEE 802.11 standards (also called Wireless LAN (WLAN) and Wi-Fi). Wi-fi is a wireless technology that uses radio frequency to transmit data through the air.A Wi-Fi enabled device such as a PC game console, mobile phone, MP3 player or PDA can connect to the Internet when within range of a wireless network connected to the Internet. The coverage of one or more interconnected access points called a hotspot can comprise an area as small as a single room with wireless-opaque walls.There are three types of wireless technology, the 802.11b, the 802.11a, and the 802.11g. The first two are more commonly used, compared to the last one. The difference of the first two is that the 802.11a is newer compared to the other and is about five times faster than the 802.11b. The advantage of the 802.11g technology is that it is backwards compatible with both the 802.11a and the 802.11b technology. And this is a big step forward in the wireless networking world.

Figure showing WiFi Zone

2. IMPORTANCE OF WIFI

WIFI gives you an extremely large amount of freedom because you can basically use it from anywhere. From your couch to your local shopping mall, wireless fidelity can always lend a helping hand. Also, WIFI is not restricted to certain groups. No matter who you are, you can use it. And, on top of its convenience, WIFI is fast, reliable, and easy to use. In the corporate enterprise, wireless LANs are usually implemented as the final link between the existing wired network and a group of client computers. This gives these users wireless access to the full resources and services of the corporate network across a building or campus setting. Wireless Fidelity is important to the wireless LAN world, because it is securely tested to assure operability of equipment of the same frequency band and feature. WIFI is the certification logo given by the WIFI Alliance for equipments that passes the tests for compatibility for IEEE 802.11 standards. The WIFI Alliance organization, is a nonprofit organization that promotes the acceptance of 802.11 wireless technology and they ensures all WIFI certified 802.11 based wireless networking equipments works with all other WIFI certified equipments of the same frequency. The WIFI Alliance works with technicalgroups like the IEEE and other companies that are developing new wireless networking equipments.

3. DEPENDABILITY
5

WiFi is becoming rapidly ingrained in our daily lives via public hotspots and digital home networks. However, because a technologys dependability requirements are proportional to its pervasiveness, newer applications mandate a deeper understanding of how much we can rely on WiFi and its security promises. Authentication and confidentiality are crucial issues for corporate WiFi use, but privacy and availability tend to dominate pervasive usage. So far, WiFi hasnt had the best track record: researchers and hackers easily defeated its first security mechanism, Wired Equivalent Privacy (WEP). Although the 802.11i standard addresses this failure and the larger issues of confidentiality and authentication, no ongoing standardization effort handles WiFi availability, and problems with robustness mean that a successful attack can block a network and its services, at least for the attacks duration. Another oft-neglected aspect of 802.11 networks is privacynot payload confidentiality but node activity monitoring. This kind of monitoring has value on its own (for example, for contrasting user identification and location), but it also has a strong link to dependability in attacks targeted at a specific node. To our knowledge, no current practical or theoretical framework handles WiFi dependability issues. Moreover, no previous work has analyzed WiFi security from this viewpoint. Most research examines WiFi confidentiality and authentication by explaining the problems related to native 802.11 security and showing how inadequate such mechanisms are. The same effort hasnt been put into analyzing a wireless networks availability and robustness: in fact, many denial-of-service (DoS) attacks against WLANs are known, but so far only one research effort describes the actual implementation of two DoS attacks and possible countermeasures. We present an overview of WiFi vulnerabilities and investigate their proximate and ultimate origins. The intended goal is to provide a foundation to discuss WiFi dependability and its impact on current and future usage scenarios. Although a wireless networks overall security depends on the network stack to the application layer, this report focuses on specific vulnerabilities at the physical (PHY) and data (MAC) layers of 802.11 networks.

The OSI Layer

HOW DOES IT WORK? Wireless Internet Access has four components that form its structure: high-speed access, a networking gateway, a wireless network and a wireless customer. The customer connects wirelessly through the wireless network to the gateway, it then launches their internet 7

browser, authenticates through the gate-way by entering a coupon code or purchasing time and the user has high-speed internet. The four components are: 1) High-speed access which is also known as broadband is an internet connection which is generally faster than dial up service. Examples of high-speed internet access are ISDN, cable modem, DSL, and also satellite services. 2) Network Gateway is between your high-speed access connection and the wireless network, it acts like a gate. This gate will prevent people from accessing your wireless network unless you know about it, the gateway also allows managing tools as well. These can include authentication, network monitoring, and other services such as printing and voice over IP. 3) Wireless local area network is a system of connecting PC's and other devices within the same physical proximity using high-frequency radio waves instead of wires. Wireless networks work as long as your wireless ready device is within range. 4) Wireless customers are people who have a PC and a wireless adapter which means they can access the internet wirelessly. The wireless adapter can be built in or it can be an external device plugged into your computer. ADDING WI-FI TO A COMPUTER One of the best things about WiFi is how simple it is. Many new laptops already come with a WiFi card built in -- in many cases you don't have to do anything to start using WiFi. It is also easy to add a WiFi card to an older laptop or a desktop PC . Here's what you do:

Buy a 802.11a, 802.11b or 802.11g network card. 802.11g has the advantage of higher speeds and good interoperability on 802.11b equipment.

For a laptop, this card will normally be a PCMCIA card that you slide into a PCMCIA slot on your laptop. Or you can buy a small external adapter and plug it into a USB port.

For a desktop machine, you can buy a PCI card that you install inside the machine, 8

or a small external adapter that you connect to the computer with a USB cable.

Install the card Install the drivers for the card Find an 802.11 hotspot Access the hotspot.

A hotspot is a connection point for a WiFi network. It is a small box that is hardwired into the Internet . The box contains an 802.11 radio that can simultaneously talk to up to 100 or so 802.11 cards. There are many WiFi hotspots now available in public places like restaurants, hotels, libraries and airports . You can also create your own hotspot in your home, as we will see in a later section. CONFIGURING WIFI On the newest machines, an 802.11 card will automatically connect with an 802.11 hotspot and a network connection will be established. As soon as you turn on your machine, it will connect and you will be able to browse the Web, send email, etc. using WiFi. On older machines you often have to go through this simple 3-step process to connect to a hotspot:

Access the software for the 802.11 card -- normally there is an icon for the card down in the system tray at the bottom right of the screen.

Click the "Search button" in the software. The card will search for all of the available hotspots in the area and show you a list.

Double-click on one of the hotspots to connect to it.

On ancient 802.11 equipment, there is no automatic search feature. You have to find what is known as the SSID of the hotspot (usually a short word of 10 characters or less) as well as the channel number (an integer between 1 and 11) and type these two pieces of information in manually. All the search feature is doing is grabbing these two pieces of information from the radio signals generated by the hotspot and displaying them for you.

SECURITY

WiFi has had, and continues to have several security issues. In September of 1999 WEP (Wired Equivalent Privacy) was the standard for wireless PCs. WEP is used in the physical and data link layers, and was designed to give wireless LANs the same security that wired LANs had. WEP provided security by encrypting the data while it traveled from one end point to the other. Unlike wired LANs whos networks are usually inside of a building where its protected wireless LANs are more vulnerable due to the fact that the data travels over radio waves which are much easier to intercept. Another reason WEP is vulnerable is because in some corporations the managers do not change the shared keys for months or years at a time. That is way too long for the key to be in use, with that much time the key can get into the wrong hands, which could be disastrous for the corporation. In 2002 the wireless LANs security was upgraded when Wi-Fi Protected Access (WPA) was introduced. WPA had several improvements like better encryption, and it also used the RADIUS-based 802.1X, which authorizes the user to gain access to the ISP provider. Also the setup for WPA was much simpler than the setup for WEP. WPA came in two types, Enterprise which was used for corporations, and also Personal which was used for home users. In June of 2004 802.11i was completed and became the new and current standard for Wi-Fi. 802.11i is also known as Wi-Fi Protected Access 2(WPA2). WPA and WPA2 have several of the same qualities, but WPA2 upgraded its encryption of data with the Advanced Encryption Standard (AES). There is a problem with AES however, and the problem is that this could require hardware upgrades for many wireless LANs. WPA2 is compatible with WPA products, and consumers can upgrade to WPA2 easily. However WPA2 is not compatible with the original Wi-Fi standard WEP. Also like WPA, WPA2 has two versions, WPA2 Enterprise is for corporations, and WPA2 Personal is for the home users. Many corporations today use a Virtual Private Network (VPN) to send and receive important information. Virtual Private Networks use the internet to send and receive information by creating a tunnel connecting the two end users. VPN encrypts the data to keep any hackers from stealing the information while it is being sent. To use a VPN the two end users must be using the same authentic protocol or it will not work. The authentic 10

protocol gives only certain users access to certain information. There are several other ways to protect your wireless computer and the information that is stored on it. One of the first things you should do is to change the default information on your wireless router. The reason for this is that many hackers have gained access to the default information from the different companies who create the wireless PCs, which makes it easier for them to get into your computer information. You should also have strong passwords on your wireless computers to keep the hackers from getting into your sensitive data. Another way to protect yourself is to download firewalls onto your computer. Firewalls monitor, and restrict the traffic that comes in and out of your computer. Downloading anti-virus software onto your computer is another way to protect your computer. You should update your anti-virus software often, because within one month there are at least 10 to 50 new viruses, or worms that the anti-virus software is not capable of protecting your computer against. If you take your personal wireless computer out in public you should turn off your file sharing. Keeping your file sharing on is an easy way for hackers to get into your system. Also when you are not on your computer, you should turn it off. This is the surest way to keep hackers out of your computer files. They cant get into the system if its not on. There are several other ways that you can protect your sensitive data, but these are a few simple things that everyone should do to protect themselves, and their data.

WI-FI SECURITY WiFi hotspots can be open or secure. If a hotspot is open, then anyone with a WiFi card can access the hotspot. If it is secure, then the user needs to know a WEP key to connect. WEP stands for Wired Equivalent Privacy, and it is an encryption system for the data that 802.11 sends through the air. WEP has two variations: 64-bit encryption (really 40-bit) and 128-bit encryption (really 104-bit). 40-bit encryption was the original standard but was 11

found to be easily broken. 128-bit encryption is more secure and is what most people use if they enable WEP. For a casual user, any hotspot that is using WEP is inaccessible unless you know the WEP key. If you are setting up a hotspot in your home, you may want to create and use a 128-bit WEP key to prevent the neighbors from casually eavesdropping on your network. Whether at home or on the road, you need to know the WEP key, and then enter it into the WiFi card's software, to gain access to the network.

The Wi-Fi Alliance recently announced Wi-Fi Direct, a new peer-to-peer protocol that will enable direct connections between Wi-Fi client devices, allowing users to do everything from syncing data between a smartphone and a laptop to displaying pictures on a flat screen television or printing them on a wireless printerall without requiring the user to join a traditional Wi-Fi network. The WFA intends to finalize the specification by the end of 2009, and to begin certifying products in mid-2010. In the meantime, many chip manufacturers (and Wi-Fi Alliance member companies) are offering their own pre-specification solutions, including Atheros Direct Connect, Intel My WiFi Technology, and Marvell Mobile Hotspotall of which should be easily upgradeable to the final specification next year. In fact, interoperability with legacy devices is a key benefit of the protocol: not only will Wi-Fi Direct generally require just a simple software upgrade, but only one of the connecting devices (not both) has to be certified to the new specification. Any Wi-Fi CERTIFIED a or g device out there can make Wi-Fi Direct connections with devices that have been certified to the protocol, says Wi-Fi Alliance marketing director Kelly Davis-Felner. And Davis-Felner says its crucial to understand that Wi-Fi Direct is significantly different from (and much more secure than) ad hoc mode. It has WPA2 security protections in place, and should be quite a bit easier to enable and use than ad hoc historically has been and of course we expect it to be much more widely deployed, she says. 12

4. VULNERABILITIES AT THE PHY LAYER

WiFi uses a single narrow-band radio channel on a public frequency. Radio communications are typically multiplexed and based on some combination of space, frequency, time, and codingWiFi exploits the first three. Current WiFi networks rely on two different basic coding techniques: the Direct Sequence Spread Spectrum (DSSS), 13

which 11b and 11g devices use, and Orthogonal Frequency Division Multiplexing (OFDM), which 11a and 11g devices use. Nodes on the same frequency share a single channel, which the 802.11 MAC layer serializes through random access and contention mechanisms. These characteristics allow for several attacks, which well discuss in more detail in the following subsections

Interception
Its not surprising that an attacker can intercept a radio communication, but the threats relevance clearly depends on the nature of the leaked information. Most cryptographic protocols address content eavesdropping but pay little attention to privacy issues. The 802.11 standard never uses mechanisms for preventing traffic analysis, so its fairly easy to infer the number of talking nodes, their identities and whos talking to whom. This lets an attacker violate user privacy. The prologue of any content-eavesdropping attack is channel selection. Unfortunately, the limited number of channels and frequencies in WiFi devices make this step trivialmoreover, any 802.11 device has built-in capabilities to scan and report activity on all available channels. In general, todays narrow-band radio technologies cant hide communication. We must therefore accept that interception is easy, especially because radio coverage area cant be delimited precisely. Physical anti-interception techniques arent fit for common WiFi usage scenarios.

Injection
Radio transmission, cant be confined in a restricted area, so WiFi relies on logical access control mechanisms for authorized access. However, this heavily limits the validity of well-established security tools such as firewalls and network intrusion detection systems, so authorized traffic is instead validated as it flows over the wireless link. In practice, though, this activity constrains the upper network layers in their attempt to provide specific 14

security mechanisms. As a solution, the MAC level could provide data source authentication for every transmitted frame by identifying the source as a specific node or as a member of a trusted group.

Jamming
Radio communications are subject to jamming, which is cheap and easy to do in a narrow-band channel such as the one WiFi devices occupy. Jamming can make corporate WLANs unavailable, which is certainly annoying, or even block a residential phone network or hospital medical infrastructure, which is much scarier. The WiFi nodes themselves can easily detect a jam because each station already monitors channel quality for AP and bit-rate selection, but locating the actual attacker is a different story.

Locating mobile nodes

Wandering through a wireless world, an attacker can easily track MAC addresses and build a database that lists wireless nodes, their locations, and their movements, even for wearable devices such as PDAs. Although a wireless nodes exact position might be hard to get, its much easier to detect its presence in a large area. If the device is a personal one, this could even help someone track the device owners location.

Hijacking
Man-in-the-middle attacks are a traditional threat against access control solutions. Although its easy for attackers to intercept wireless traffic and inject an attack, it isnt trivial to hijack a wireless channel. The attacker must ensure that the two victims cant talk directly, thus the targets must either lie outside each others radio range or be desynchronized. An attacker can try to jam the receiver while still being able to access the 15

transmitted trafficfor example, by using directional antennas or a set of two probes near the sender and the receiver.

Energy
Batteries are a key enabling factor for mobility in radio networks, but a limited energy supply can easily become a perfect target for availability attacks. Although breakthroughs in energy production technology will hopefully mitigate this problem, the short-term impact on security is twofold: power-conservation features and their protection become vital, and any security mechanism must be carefully evaluated against its energy cost.

5. VULNERABILITIES AT THE MAC LAYER

Although it inherits the underlying PHY layers insecurity, the 802.11 MAC layer adds some peculiar weaknesses of its own. Its dangerous features are that it implements a 16

shared channel and must synchronize among different parties, making it much more complex than Ethernet. These three broad categories leave the network open to several different vulnerabilities.

Shared channel
When many nodes use the same channel, their traffic must be distinguishable accordingly, 802.11 networks use a MAC address as a static station identifier. A shared channel also implies a shared bandwidth, thus transmission speed lowers if several nodes use it simultaneously. It might seem that limiting the number of users per cell would guarantee an adequate bandwidth per node, but this doesnt really work because the 802.11 MAC layer allows the coexistence of many independent cells on the same physical channel, each with its own nodes. The 802.11e standard deals with providing quality of service over WiFi networks via traffic prioritization mechanisms, but these mechanisms rely fully on the existing MAC layer, its rules, and, more important, its vulnerabilities. As such, the proposed quality-of-service mechanisms dont enforce availability.

Synchronization
Anything thats simple in a wired environment (such as network cables plugged into wall sockets) must be emulated with special frames in the wireless world, which can lead to problems when synchronizing state transitions between two or more entities. As in any system in which two or more parties must remain synchronized to work, a successful desynchronization forced by an attacker leads to a system malfunction.

Upper levels
Applications that deal with personal information are extremely vulnerable to data capture and disclosure. At first glance, home banking might seem to be the most sensitive application, but most banks provide secure access through their SSL channels. The real issue here is privacymost services typically arent protected in the network stacks upper layers and carry information that attackers can use to profile and track potential victims. 17

Vulnerabilities typically narrow the available bandwidth, and a narrow channel incurs delays that can hurt real-time servicesas noted earlier, multimedia streams in particular are very sensitive to delays in packet delivery because they directly affect quality of service.

Lab experience
The analysis weve presented so far raises a key question: how real are the threats weve outlined? To answer that question, we built some attack tools that exploit a few of the vulnerabilities discussed here and tested them against a small WiFi network in our labs. Every test had three key objectives: to understand whether the attack could really be implemented from commercial off-the-shelf components, to determine the actual effects on WiFi activity, and to figure out how to isolate the attack with an intrusion detection module. All the attacks we tested use off-the-shelf hardware and open source device drivers, and are fairly easy to do.Under some attack conditions, the target network was completely blocked for the tests whole duration. A packet capture engine could detect almost all the attacks, and all of them introduced various anomalies in network behavior.

MAC-level jamming
Our version of the jamming attack consisted of a special test mode already available in the devices we used, which gave us continuous transmission regardless of MAC-level access rules. This caused constant collisions with every other station in the cell, which was then totally blocked. Because colliding stations back off and dont transmit for some time. The tests have shown that a 10 percent jamming period was enough to halt transmission in a cell.The jamming effect spanned across three adjacent WiFi channels, but

18

this attack didnt require packet injection techniques and thus was hardly detectable with a network-layer intrusion detection system.

Multimedia performance
By forging the appropriate frame (for example, an empty data frame with the power management bit set), we could make AP believe that the victim was in power-save mode so that it could start buffering traffic for it. This caused delays in traffic delivery, which especially hurt our real-time trafficin fact; we could stop a Real-Time Protocol (RTP) flow with this attack. Of course, the victims precise behavior depends on the power-save modes device driver implementation. But some drivers always react upon receipt of the traffic information map (TIM is a part of every beacon frame and announces the presence of buffered traffic) and tell the AP that theyre not in power-save mode, thus mitigating the attacks effects. Other drivers ignore the TIM if the station isnt in powersave mode and thus suffer the attacks whole effects.

Potential applications
AndyDavidson,seniordirectorofsoftwareengineeringatAtheros,saysWiFiDirectis ultimatelyaboutenablingconnectionsonthefly.Ifyouresittingathome,obviously, youhaveallyourowndevicesconnectedtoyouraccesspointbutifaguestcomesover andhasaWiFiphone,andwantstoshowyousomepicturesfromit,itwouldbeniceif theycouldeasilyshowthepicturesonyourTV,hesays. That kind of functionality, Davidson says, opens up a wide variety of potential applications. WiFiforwirelessInternetaccessisobviouslyverypopular,buttoalsobeabletouseit tosharefiles,tosharephotographs,toprintdocumentstobeabletopushapresentation tothepeopleyourepresentingtoalloftheseusages,Ithink,arejustgoingtomake WiFitechnologyallthemoredesirable,hesays. 19

IntelseniorproductmanagerGaryMartzsaysWiFiDirectwilldriveafundamentalshift inthewaymostpeopleuseWiFi.WiFiDirectisthespecificationthatsgoingtotake WiFi from just being a networking technology to being a mass market consumer technologyforconnectingyourdeviceswithouteverhavingtoknowwhatanSSIDis, orwhatWPA2securityis,orwhatWiFiProtectedSetupis,hesays. Still,MartzsaysitwillinevitablytakesometimeforWiFiDirecttoreachtheenterprise. Consumersaregoingtogrowtoloveit,andthenyouregoingtoseeanevolutionjust as with a lot of new technologies in the corporate spacewhere it flows from the consumertosmallandmediumbusinesses,andthenthecorporateITmanagerputssome milesonitinvalidation,andthentheyllstarttorollitout,hesays.

Enterprise security
Tothatend,Martzsays,thespecificationplacesapremiumonsecurity.Wedeveloped WiFiDirecttohaveseparatesecuritydomains,soyourwirelessLANconnectionisa separatesecuritydomainfromyourWiFiDirectnetwork,hesays.Andthecorporate ITmanagercanmanagethatcrossoverdoeshewanttoallowthatcrossover,ordoeshe wanttofirewallit? TheITmanagersanswertothatquestion,inevitably,dependsupontheapplication.In thecaseofallowingaguesttothecorporateenvironmenttohaveaccesstoaprinter, thosesecuritydomainsaregoingtobefirewalled,sothathecansecurelyprovideprint capabilitiestoavisitorwithoutcompromisinganythingonhiscorporatewirelessLAN, Martzsays. For consumers,though,therealconcerniseaseofuse.SameerBidichandani, senior director of technology strategy at Marvell, says WiFi Directs simplicity is a key 20

strength,particularlyfortheaverageconsumerwhodoesntknowthedifferencebetween anAPandaclient.Easeofuseisahugefactorhere,andeaseofusedrivesvolume,he says.Asitgetseasiertouse,morepeoplebuyanduseitandlikeitandthatshowthe industryasawholebenefits. Finally,Bidichandanisays,anotherkeybenefitoftheprotocolliesinthesimplefactthat itssoftware,nothardware.Everydevicethatweveshippedintheembeddedspacethat goesintocellphones,gamingplatforms,MP3playersorevenprintersandpluggedin gamingplatforms,canbenefitfromthiswithjustasoftwareupgrade,hesays.

21

6. FUTURE
Originally, Wi-Fi was just a hack so that people could connect a notebook to a network via wireless using a spectrum that didn't have to be paid for. No one expected it to grow so fast, and to become used so widely. The fact that it has spread like wildfire has caused many kinds of technology companies, from wireless cell phone providers to network hardware manufacturers, to rethink their businesses Thus far, weve made it clear that WiFi isnt ready for critical applications, mainly because of its intrinsic robustness problems. But next-generation wireless networks need modern security features, and WiFi will have to provide extensions and changes to maintain its supremacy among the various wireless data technologies. Jamming attacks have so far gone unstopped, and their effects are devastating. Researchers have suggested various approaches to prevent them, but a recent approach to detecting them is to monitor the channel and share what each node sees, to create a global view of the network. Any approach that improves wireless networks anonymity could also help with robustness: the traffic related to a specific node would be more difficult to select and jam. At the physical level, a new radio technology that can greatly help with robustness problems is ultra wide band (UWB).UWB could potentially exploit its extreme large bandwidth to hide communication channels by frequency hopping, which makes interception harder and jamming at least more manifest.UWB offers a key security property: In general, knowledge of exact locations can help prevent man-in-the-middle attacks, and inconsistencies between a nodes actual position and the one the peer perceives can point out the presence of an attacker in the middle. .

The main research issue is how to design a robust secure wireless channel, but this field lacks both theoretical and practical literature. The general problem here is how to identify and reject fake events at the MAC level. The MAC layer can quickly identify malicious 22

events by making security mechanisms aware of specific wireless information, such as frequency, location, or distance. We can easily extend some 802.11 frames to carry additional pieces of information. When trying to generalize the approach to detecting fake MAC-level events, the natural direction is to extend classic intrusion detection techniques for typical wireless mechanisms. In general, anomaly-based intrusion detection techniques are the most likely to be widely applied to wireless networks because they can detect new and previously unknown attacks. Anomaly detection is especially important in wireless networks because theyre used with mobile nodes and in many different scenarios that have different security policies. Anomaly detection typically uses data-mining techniques and requires cooperation among all the nodes in the network, especially for traffic monitoring and event correlation.

7. CONCLUSION
23

Wi-Fi is a disruptive technology that came unexpectedly and has been growing by leaps and bounds, mainly because it is inexpensive and fills a need..The vulnerabilities in wireless systems tend to be numerous because of the inherent lack of physical security.Despite all the security issues currently present, wireless networks are the future; however, people will fear using them if they perceive a substantial threat to their privacy or to sensitive information. It is the administrator's responsibility to make legitimate clients feel safe and confident in the use of a service. Security can never be perfect, especially in large networks, but reliance on mechanisms that are known to be broken is lazy and carries the danger that one's supposedly secure network becomes a playground for those who only know how to download the latest security breaking tool from the web.As Wi-Fi grows up, it is getting better, more secure, and faster. Clearly, vendors and the Wi-Fi Alliance have listened to the users' need for security. Naturally, we advocate more research that ultimately builds robust and opaque wireless channelssuch features will help WiFi become a fundamental building block for critical applications. Research is ongoing in the use of WiFi technology in industrial environment.

24

8. REFERENCES
Dependability in Wireless Networks:Can We Rely On WiFi? IEEE Security & Privacy,vol.5,no.1,January/February 2007,pp.23-29. IEEE 802.11 Wikipedia www.how stuffs work.com Vikram Gupta, Srikanth Krishnamurthy and Michalis Faloutsos, Denial of service Attacks at the MAC Layer in Wireless Ad Hoc Networks.

25