Introduction
Wireless networks have become an integral part of everyday communication and internet access worldwide. The inherent openness of wireless communications leaves such networks vulnerable to various security threats. Wireless security aims to address these vulnerabilities and make wireless networks safe for use. This paper provides an in-depth review of wireless security issues and various solutions proposed in academic research.
Wireless Network Vulnerabilities
Some key vulnerabilities of wireless networks include:
Lack of strong authentication: Most early wireless networks used weak or no authentication mechanisms. This allowed unauthorized clients to connect to the network easily.
-Weak or no encryption: Early wireless networks either used no encryption or weak encryption standards like WEP which were quickly broken. This left the wireless traffic exposed to eavesdropping and integrity attacks.
Man-in-the-middle attacks: As wireless networks lack strong authentication, attackers could pose as legitimate access points to intercept and manipulate wireless traffic in man-in-the-middle attacks.
Denial of service: Wireless networks are vulnerable to DoS attacks like de-authentication frames or radio jamming due to their broadcast nature. Attackers can disrupt access to legitimate users.
Insider attacks: Compromised client devices on the wireless network can be used to attack other clients or the internal wired network the wireless access point is connected to.
Rogue access points: Unauthorized access points set up by attackers mimic legitimate networks to steal credentials or infect connecting devices with malware.
These vulnerabilities stem from open wireless medium, lack of physical security protections, and weaknesses in early security protocols. Strong authentication, robust encryption, and intrusion prevention techniques are needed to secure wireless networks.
Wireless Security Protocols
To address the vulnerabilities, various security protocols have been developed and standardized over the years:
WEP (Wired Equivalent Privacy): The original security protocol for 802.11 wireless networks. WEP uses RC4 stream cipher for encryption but has weaknesses like weaker IV implementation that allow practical decryption attacks.
WPA (Wi-Fi Protected Access): An intermediate protocol that improved on WEP. WPA uses temporal key integrity protocol (TKIP) to fix weaknesses in WEP encryption and RC4. Provides stronger encryption but has vulnerabilities.
WPA2: The current recommended standard that improved security over WPA. Uses CCMP encryption based on AES cipher and stronger authentication with pairwise master key (PMK) and robust secure network (RSN) framework. Resistant to known attacks on WPA and WEP.
WPA3: The latest standard approved in 2018 that aims to replace WPA2. Adds 192-bit security suites, opportunistic wireless encryption (OWE) for open networks, simplified passphrase-to-PSK derivation and Simultaneous Authentication of Equals (SAE) for strong authentication.
These protocols successively addressed flaws and strengthened encryption, authentication and key management in wireless networks over the years. WPA2 is widely implemented but continues to face new potential attacks, motivating further updates like WPA3.
Wireless Intrusion Detection and Prevention
Even with strong encryption protocols, wireless networks remain exposed to active attacks. Wireless intrusion detection and prevention systems have been developed to monitor networks for malicious traffic:
Anomaly-based IDS: Models normal network behavior and flags anomalous activity like unusually high traffic, de-authentication frames etc. Less accurate than signature-based but detects novel attacks.
Signature-based IDS: Looks for patterns or signatures of known attacks in traffic via deep packet inspection. More accurate but cannot detect new attacks without signature updates.
Integrated WIPS: Can function both as an IDS to detect and as a prevention system by automatically blocking rogue/misconfigured devices. Combines centralized monitoring and enforcement capabilities.
Machine learning-based approaches: Use techniques like one-class classifiers trained on only legitimate traffic or unsupervised clustering to profile normal behavior and outliers. More adaptive to evolving threats.
IDS help detect probes, DoS attacks, ARP poisoning, man-in-the-middle attacks and insider threats on wireless networks. When combined with automatic prevention, WIPS strengthen the overall security posture. Ongoing challenges include high false alarms, signature evasion and privacy concerns.
Access Control and Authentication Techniques
Access control and user authentication are critical foundations for wireless security:
MAC address filtering restricts connectivity based on device MAC addresses but is not very secure or scalable. Easily bypassed.
802.1x/EAP provides strong mutual authentication of clients and network using protocols like PEAP, LEAP, TLS or TTLS. Integrates with backend user databases but increases complexity.
Captive portals authenticate users via web login before allowing full network access. Widely used in public Wi-Fi hotspots but not very secure alone.
Certificate-based authentication issues client digital certificates signed by a trusted certification authority for strong two-factor authentication. Provides Non-repudiation but difficult to manage at scale.
SIM/USIM cards integrate authentication with cellular networks but rely on proper provisioning and increase costs. Primary for carrier Wi-Fi offload.
PSK/SSID hiding obfuscates network details but not a long term solution due to lack of strong user authentication.
Proper access control tailored to environment goals remains an open challenge along with usability, backward compatibility and centralized management needs. Multi-factor authentication combining techniques shows promise.
Governance, Risk Management and Compliance
Comprehensive wireless security governance is required for compliance and risk management:
Regulatory compliances like HIPAA for healthcare regulate network and data security including wireless networks. Penalties for non-compliance.
Framework and standards like NIST, ISO 27001 provide guidance on security best practices, risk assessments, audits and reviews for operational resilience.
Network segregation using VLANs, firewall rules and separate SSIDs for guest and internal access isolates untrusted devices and traffic.
Encrypted backhaul protects wireless controller/access point management traffic from attacks when deployed centrally.
Device Hardening removes unnecessary services, applies security patches, changes default credentials to limit attack surface.
Regular vulnerability assessments and wireless security audits help identify gaps, test controls and ensure policies are followed.
User awareness and training promotes secure behaviors like avoiding public networks for sensitive access.
A holistic governance approach integrating people, processes and technologies is necessary for sustained wireless network protection. Oversight and continuous monitoring also required for evolving threats.
Research Challenges and Directions
While wireless security has improved tremendously, research continues towards strengthening resilience against advanced persistent threats:
Physical layer security leverages inherent characteristics of wireless channels like fading, interference for communication confidentiality without using crypto. Shows promise but challenges remain.
Moving target defenses like randomizing protocols obfuscate network configurations to thwart reconnaissance. Needs integration with current protocols and backwards compatibility.
Blockchain networks distribute trust and authentication without centralized authorities but require scalable consensus and management. Early stage research.
Post-quantum cryptography based on lattice or multivariate problems provides future-proof security when quantum computers break current public key methods. Standards still maturing.
Federated and decentralized access control sharable across domains using attribute-based encryption, anonymous credentials or similar technologies can ease management of guest users and IoT access. Interoperability challenges remain.
Artificial intelligence methods like deep learning for advanced IDS/IPS pattern anomalous behavior better than signatures but vulnerability to adversarial attacks and privacy issues require attention.
Ongoing developments aim to balance usability, performance, cost of ownership and future security needs as new threats emerge. Collaborative open research helps accelerate standards and best practices.
Conclusion
Wireless networking has evolved tremendously but inherent vulnerabilities persist requiring layered defenses. This paper discussed key wireless threats, protocols developed in response, and ongoing access controls, monitoring, intrusion prevention techniques, governance practices and research directions towards achieving sustainable network protection. While much progress has been made, active threats continue necessitating diligent administration and technological improvements hand in hand with user awareness. A holistic, defense-in-depth approach incorporating people, processes and technologies remains essential to securing the wireless domain.
Andrew Stroud