TREN TECHNOLOGY WIRELESS ACCESS POINT (WAP)AND SECURITY WAP
Posted by Slamet | Posted in network | Posted on 16.43
Trends in computer networks today is not just a cable network using communication media such as computer networks at first. Computer networks have grown into a network without a cable / wireless (wireless). Computer access to the network no longer connected with cables, but with the access point or often referred to as Internet hot spot. This network can also cover a wider area.
Wireless network not only supports the computer (laptop) only, However the PDA and smartphone support Wi-Fi facilities can also be connected to this wireless network that can support personal mobility.
Keywords: Service Set ID (SSID), Wired Equivalent Privacy (WEP), MAC Address and Extensible Authentication Protocol (EAP), Personal Digital Assistant (PDA)
1. INTRODUCTION
1.1. Background
The development of wireless networks in Indonesia quite rapidly, especially in large kotakota like Jakarta, Surabaya, and Bandung. Usage of wireless networks are generally with a access point in hotels, malmal, cafes or other public places are usually visited by upper middle class. They just bring a laptop or PDA to the area to get wireless access. Of course, laptops and PDAs which they take to support wireless network technologies, such as Centrino technology for laptops.
The problems that arise with the access point is security (security). Currently, access rights may still be provided free free (free). But for the next few years these privileges will not be given away for free. That means anyone who has access must be managed. And security systems need to be applied so that others can not mengkases network.
The wireless network has a security level is worse when compared with the cable network, this is mainly due to the communication media memalui conducted air so vulnerable to security problems. Several techniques are used to provide security on wireless network security, especially among users and the access point. However, these techniques still have weaknesses that can be used by others.
1.2. Purpose
The purpose of this paper are:
Discusses trends wireless network
Discuss the security of wireless network access point
2. WIRELESS NETWORK
Wireless Network or a wireless network is the computer network where users connect to the network does not use a cable like that used in normal computer networks. Communication between users with wireless networks dilalakukan via electromagnetic waves in radio frequency (around 2.4 GHz). This wireless communication between users (laptop, PDA, etc.) with a device called the Access Point. Access Point, which will connect the user with real computer network.
Today there are several international standards that have been issued for the wireless network. The standards are: IEEE 802.11a, IEEE 802.11b, OpenAir, HiperLAN, Bluetooth, and HomeRF. Among these international standards, the IEEE 802.11b standard is the standard most widely used, one reason is the IEEE 802.11b standard provides a communication band is wider than the other standards.
Existing wireless networks can form ad-hoc peer-to-peer, where users can communicate directly with other users via the network without a computer (Access Point) that connects them. Another form is a complex network of (complex network), users associated with computer networks via Access Point as an intermediary. Both forms of wireless networks can be described as shown below.
wireless access
Figure 1 Wireless Peer-to-Perr
2.jpg
Figure 2 Complex Network
In this paper, which will be discussed is a complex computer network because the network uses the Access Point which will be discussed security side, whereas the ad-hoc network of peer-to-peer does not use the Access Point.
3. WIRELESS ACCESS POINT
Wireless Access Point is a device used to connect users with common computer network. Access Point is receiving data from the user in the form of radio frequency waves, and then forward it to the cable networks, contrary Access Point also send data from the network to the user in the form of radio waves. The image of the Access Point can be seen in the picture below
3.jpg
Figure 3 Wireless Access Point
In a computer network environment may consist of one or more Access Points that identifies a network. Since the Access Point is, Äúgerbang free, Au is directly related to the user, the Access Point also features a variety of security techniques in order to connect the user can be done with good care. This means that it is possible that the user only really be right that the network access and communication between the Access Point and the user can be done safely.
4. WIRELESS ACCESS POINT SECURITY
Between the Access Point area with a local user with the possibility of interference from the highest security of wireless networks. This area is free areas, where data communication is via radio frequency so that the share of security problems can occur here.
In general, the existing security problems in the area between the user's Access Point is: authentication and eavesdroping (wiretapping). Access Point must be able to determine whether a user is trying to build a connection to the network have access rights or not and also try to communicate user degnan done safely.
So far, there are several techniques used to support the Access Point security, among others: Service Set ID (SSID), Wired Equivalent Privacy (WEP), MAC Address, and Extensible Authentication Protocol (EAP) which will be discussed further in this chapter. In general, these techniques do not stand alone, but combined with other techniques.
4.1. Service Set ID (SSID)
Service Set ID is a unique 32 character menidentitifkasikan a wireless network. If there is a network of some Access Point, the Access Point is to identify the same network, in other words the Access Point has the same SSID. Users must know the SSID Access Point is relevant if you want to connect. If we buy the Access Point, by default accesspPoint has been configured by the manufacturer. This initial configuration allows access points to distribute (broadcast) SSID any particular time interval.
SSID broadcasts allows each user within the scope of access point can know the network SSID so that users who are not entitled to access, can access the network. This is a special weakness for the access point.
To overcome these weaknesses, we recommend the initial configuration of the manufacturer changed, especially disable SSID broadcast so that the user must know the SSID of accesspPoint if you want to connect to the network concerned.
4.2. Wired Equivalent Privacy (WEP)
Wired Equivalnet Privacy (WEP) is so called in order to pick the WEP security level equivalent to the wired network (cable network). As we know the cable network has a sufficient level of security and better than the wireless network. WEP is used for secure transfer of data through encryption method and dekrsipsi, besides WEP can also be used for user authentication through WEP protocols. WEP uses the RC4 algorithm is a cryptographic algorithm chiper stream. The message is encrypted before sent and an Integrity Check will check if there is a change in the message sent.
To mengenkripsikan a message or data used secret key and initial vector (IV). This key length of 64 bits to 128 bits, while the IV is a random value or the user can also input the length of 24 bits. The scheme of this algorithm can be seen in the picture below.
4.jpg
Figure 4 Scheme RC4 algorithm
In the method of WEP, the secret key is distributed to all users who have access rights (shared key). This key is usually the same for all users and is valid for life or for a long time. Such methods are often called the static shared key method. As already mentioned above, WEP can also be used for user authentication through WEP protocols. The mechanisms are as follows:
Access Points generate a random value called, Äúchallenge, Au. Challenge is transmitted (broadcast) to the user. Users within the access point is built with a network connection will accept the challenge. On the user side, the challenge will be encrypted with a key (shared key) which he had. This process is of course without the consent of the user and automatically run by the existing system on his computer. After the encrypted challenge is then sent back to the access point. Then the access point would be to authenticate the encrypted challenge is to determine whether the user is allowed to send chllenge connect with the network or not.
This WEP method has at least two weaknesses, namely in terms of key management and ciphertext attck. As already described above, in general, apply WEP static key management. One key for all users and valid forever. This is caused if there is a real user does not have access rights to know the key (shared key), then he dapt to connect to the network freely and is free for valid keys. Kelamahan can be overcome by applying a dynamic key management. Dynamically within a certain time interval, generating a key access point and then sent to users with authentication to the network.
WEP is vulnerable to attack ciphertext attack. If a bug can get two ciphertext that is sent using the RC4 algorithm, for example, c1 and c2, so he could get the key (shared key) is used to describe the ciphertext. The process is as follows:
In chiper stream algorithm, ciphertext is the result of xor the message with the key (bit stream). C = P xor K. If the two ciphertext yagn-xor obtained in a didapt xor will be his second plaintext.
C1 xor C2 = (P1 xor K) xor (P2 xor K)
C1 xor C2 = (P1 xor P2) xor (K xor K)
C1 xor C2 = P1 xor P2
If you get the bits of the corresponding in-xor C1-P1's with will get the key (shared key). These weaknesses can be overcome by using an initial vector (IV) which changes each time data transmission, although it uses the same key. Thus, although a bug can get two ciphertext, but if the IV is used to encrypt the message is not the same, these bugs will not get the key.
4.3. MAC Address
MAC Address is a unique 12-digit hexadecimal address that identifies the user network interface card. List of users who has access to the network are stored in the Access Control List (ACL). If there are users who are trying to establish connections with the network access point checks the MAC address of the user, then check whether the MAC address in the ACL or not, if there is then the user is allowed access to the network and if not then the connection request is rejected.
This method has a weakness, especially on the MAC address itself and stored in the ACL. MAC addresses can be changed, so if anyone can steal the data of MAC addresses in the ACL, it can configure its MAC address with MAC addresses in the ACL so that he gets access rights for free. Kelamahan This may be overcome if the data stored in the ACL is indigo hash of the MAC address, so even though there are people who can steal the data on the ACL, it can not configure its MAC addrerss accordance with the MAC address in the ACL.
4.4. Extensible Authentication Protocol (EAP)
Extensible Authentication Protocol (EAP) is an additional security protocol layer 2 (MAC address) is located at the authentication stage of the process acts as a layer of security and the last third of the wireless network. International standards governing security are governed by the IEEE 802.1X standard. Based on the 802.1X standard, the steps that occur when a mobile device to request access to ppoint (AP) are as follows:
AP request information from the user authentication
Restore user authentication information is requested
AP continues received authentication information to the RADIUS server (Remote Access Dial-In User Service).
Having obtained authorization from the RADIUS server, the user is allowed to make connections and data transmission.
There are four common EAP methods used at present, namely: EAPMD5, Cisco LEAP or EAP, EAP-TLS, and EAP-TTLS:
4.4.1. EAP-MD5
EAP is an EAP MD5 uses the MD5 encryption algorithm to make a hash of the username and password. However, this algorithm still has shortcomings, which are not able to produce a dynamic WEP key, so that by doing ciphertext attack foreign users will be able to get the WEP key being used. Another weakness is the lack of assurance that users are already sending the proper authentication information to the right place. It could be user submitted information intercepted in the middle of the road without knowing it.
4.4.2. LAEP (EAP-Cisco)
The EAP was developed by Cisco and an increase from EAP MD5. In this protocol was introduced pembangkita dynamic WEP key to be able to prevent ciphertext attack. It also introduced mutual authentication feature, which is 2-way authentication between the user and the AP to prevent eavesdropping of data occurs. Another new addition features included in the LEAP is support for session timeouts. With this feature in the event of a timeout on RADIUS servers, then the AP will automatically send user authentication information again, of course with a different encryption key.
4.4.3. EAP-TLS
EAP authentication on developed by Microsoft is no longer using the input regular username and password, but had to use X.509 certificates to handle authentication. In general, the data contained in X.509 certificates is as follows:
Version
Serial Number
Signature Algorithm Identifier
Issuer Name
Validity Period
Subject Name
Subject Public Key Information
In general, the mechanism is similar to EAP LEAP.
4.4.4. EAP-TTLS
EAP dikembangakan by Funk Software is a development of the EAP TLS. EAP authentication is used on dual authentication, using certificates and also a username and EAP password.Cara of this work is that information derived by penggguna will be sent via a number of specific challengeresponse mechanisms.
5. CONCLUSION
Communication on the wireless network using electromagnetic waves at radio frequencies. This communication occurs in the area between the access point to users (laptop, PDA, etc.). Degree of security of media communication with worse air than through the medium of communication cables. Therefore, the security factor in the wireless network needs to be noted.
In general, the access point security consists of security, authentication and security from eavesdropping (eavesdroping). To support this security used several techniques, among others: Service Set ID (SSID), Wired Equivalent Privacy (WEP), MAC Address, and Extensible Authentication Protocol (EAP). These techniques are used to provide a standard level of security. There are still some kelamahan from the use of these techniques can be used by other people who have no right so that these techniques need to be reviewed or may apply other techniques that better communication through wireless networks become more secure.
source : http://ariefms.wordpress.com/2007/09/27/tren-technology-dan-security-wap/
Wireless network not only supports the computer (laptop) only, However the PDA and smartphone support Wi-Fi facilities can also be connected to this wireless network that can support personal mobility.
Keywords: Service Set ID (SSID), Wired Equivalent Privacy (WEP), MAC Address and Extensible Authentication Protocol (EAP), Personal Digital Assistant (PDA)
1. INTRODUCTION
1.1. Background
The development of wireless networks in Indonesia quite rapidly, especially in large kotakota like Jakarta, Surabaya, and Bandung. Usage of wireless networks are generally with a access point in hotels, malmal, cafes or other public places are usually visited by upper middle class. They just bring a laptop or PDA to the area to get wireless access. Of course, laptops and PDAs which they take to support wireless network technologies, such as Centrino technology for laptops.
The problems that arise with the access point is security (security). Currently, access rights may still be provided free free (free). But for the next few years these privileges will not be given away for free. That means anyone who has access must be managed. And security systems need to be applied so that others can not mengkases network.
The wireless network has a security level is worse when compared with the cable network, this is mainly due to the communication media memalui conducted air so vulnerable to security problems. Several techniques are used to provide security on wireless network security, especially among users and the access point. However, these techniques still have weaknesses that can be used by others.
1.2. Purpose
The purpose of this paper are:
Discusses trends wireless network
Discuss the security of wireless network access point
2. WIRELESS NETWORK
Wireless Network or a wireless network is the computer network where users connect to the network does not use a cable like that used in normal computer networks. Communication between users with wireless networks dilalakukan via electromagnetic waves in radio frequency (around 2.4 GHz). This wireless communication between users (laptop, PDA, etc.) with a device called the Access Point. Access Point, which will connect the user with real computer network.
Today there are several international standards that have been issued for the wireless network. The standards are: IEEE 802.11a, IEEE 802.11b, OpenAir, HiperLAN, Bluetooth, and HomeRF. Among these international standards, the IEEE 802.11b standard is the standard most widely used, one reason is the IEEE 802.11b standard provides a communication band is wider than the other standards.
Existing wireless networks can form ad-hoc peer-to-peer, where users can communicate directly with other users via the network without a computer (Access Point) that connects them. Another form is a complex network of (complex network), users associated with computer networks via Access Point as an intermediary. Both forms of wireless networks can be described as shown below.
wireless access
Figure 1 Wireless Peer-to-Perr
2.jpg
Figure 2 Complex Network
In this paper, which will be discussed is a complex computer network because the network uses the Access Point which will be discussed security side, whereas the ad-hoc network of peer-to-peer does not use the Access Point.
3. WIRELESS ACCESS POINT
Wireless Access Point is a device used to connect users with common computer network. Access Point is receiving data from the user in the form of radio frequency waves, and then forward it to the cable networks, contrary Access Point also send data from the network to the user in the form of radio waves. The image of the Access Point can be seen in the picture below
3.jpg
Figure 3 Wireless Access Point
In a computer network environment may consist of one or more Access Points that identifies a network. Since the Access Point is, Äúgerbang free, Au is directly related to the user, the Access Point also features a variety of security techniques in order to connect the user can be done with good care. This means that it is possible that the user only really be right that the network access and communication between the Access Point and the user can be done safely.
4. WIRELESS ACCESS POINT SECURITY
Between the Access Point area with a local user with the possibility of interference from the highest security of wireless networks. This area is free areas, where data communication is via radio frequency so that the share of security problems can occur here.
In general, the existing security problems in the area between the user's Access Point is: authentication and eavesdroping (wiretapping). Access Point must be able to determine whether a user is trying to build a connection to the network have access rights or not and also try to communicate user degnan done safely.
So far, there are several techniques used to support the Access Point security, among others: Service Set ID (SSID), Wired Equivalent Privacy (WEP), MAC Address, and Extensible Authentication Protocol (EAP) which will be discussed further in this chapter. In general, these techniques do not stand alone, but combined with other techniques.
4.1. Service Set ID (SSID)
Service Set ID is a unique 32 character menidentitifkasikan a wireless network. If there is a network of some Access Point, the Access Point is to identify the same network, in other words the Access Point has the same SSID. Users must know the SSID Access Point is relevant if you want to connect. If we buy the Access Point, by default accesspPoint has been configured by the manufacturer. This initial configuration allows access points to distribute (broadcast) SSID any particular time interval.
SSID broadcasts allows each user within the scope of access point can know the network SSID so that users who are not entitled to access, can access the network. This is a special weakness for the access point.
To overcome these weaknesses, we recommend the initial configuration of the manufacturer changed, especially disable SSID broadcast so that the user must know the SSID of accesspPoint if you want to connect to the network concerned.
4.2. Wired Equivalent Privacy (WEP)
Wired Equivalnet Privacy (WEP) is so called in order to pick the WEP security level equivalent to the wired network (cable network). As we know the cable network has a sufficient level of security and better than the wireless network. WEP is used for secure transfer of data through encryption method and dekrsipsi, besides WEP can also be used for user authentication through WEP protocols. WEP uses the RC4 algorithm is a cryptographic algorithm chiper stream. The message is encrypted before sent and an Integrity Check will check if there is a change in the message sent.
To mengenkripsikan a message or data used secret key and initial vector (IV). This key length of 64 bits to 128 bits, while the IV is a random value or the user can also input the length of 24 bits. The scheme of this algorithm can be seen in the picture below.
4.jpg
Figure 4 Scheme RC4 algorithm
In the method of WEP, the secret key is distributed to all users who have access rights (shared key). This key is usually the same for all users and is valid for life or for a long time. Such methods are often called the static shared key method. As already mentioned above, WEP can also be used for user authentication through WEP protocols. The mechanisms are as follows:
Access Points generate a random value called, Äúchallenge, Au. Challenge is transmitted (broadcast) to the user. Users within the access point is built with a network connection will accept the challenge. On the user side, the challenge will be encrypted with a key (shared key) which he had. This process is of course without the consent of the user and automatically run by the existing system on his computer. After the encrypted challenge is then sent back to the access point. Then the access point would be to authenticate the encrypted challenge is to determine whether the user is allowed to send chllenge connect with the network or not.
This WEP method has at least two weaknesses, namely in terms of key management and ciphertext attck. As already described above, in general, apply WEP static key management. One key for all users and valid forever. This is caused if there is a real user does not have access rights to know the key (shared key), then he dapt to connect to the network freely and is free for valid keys. Kelamahan can be overcome by applying a dynamic key management. Dynamically within a certain time interval, generating a key access point and then sent to users with authentication to the network.
WEP is vulnerable to attack ciphertext attack. If a bug can get two ciphertext that is sent using the RC4 algorithm, for example, c1 and c2, so he could get the key (shared key) is used to describe the ciphertext. The process is as follows:
In chiper stream algorithm, ciphertext is the result of xor the message with the key (bit stream). C = P xor K. If the two ciphertext yagn-xor obtained in a didapt xor will be his second plaintext.
C1 xor C2 = (P1 xor K) xor (P2 xor K)
C1 xor C2 = (P1 xor P2) xor (K xor K)
C1 xor C2 = P1 xor P2
If you get the bits of the corresponding in-xor C1-P1's with will get the key (shared key). These weaknesses can be overcome by using an initial vector (IV) which changes each time data transmission, although it uses the same key. Thus, although a bug can get two ciphertext, but if the IV is used to encrypt the message is not the same, these bugs will not get the key.
4.3. MAC Address
MAC Address is a unique 12-digit hexadecimal address that identifies the user network interface card. List of users who has access to the network are stored in the Access Control List (ACL). If there are users who are trying to establish connections with the network access point checks the MAC address of the user, then check whether the MAC address in the ACL or not, if there is then the user is allowed access to the network and if not then the connection request is rejected.
This method has a weakness, especially on the MAC address itself and stored in the ACL. MAC addresses can be changed, so if anyone can steal the data of MAC addresses in the ACL, it can configure its MAC address with MAC addresses in the ACL so that he gets access rights for free. Kelamahan This may be overcome if the data stored in the ACL is indigo hash of the MAC address, so even though there are people who can steal the data on the ACL, it can not configure its MAC addrerss accordance with the MAC address in the ACL.
4.4. Extensible Authentication Protocol (EAP)
Extensible Authentication Protocol (EAP) is an additional security protocol layer 2 (MAC address) is located at the authentication stage of the process acts as a layer of security and the last third of the wireless network. International standards governing security are governed by the IEEE 802.1X standard. Based on the 802.1X standard, the steps that occur when a mobile device to request access to ppoint (AP) are as follows:
AP request information from the user authentication
Restore user authentication information is requested
AP continues received authentication information to the RADIUS server (Remote Access Dial-In User Service).
Having obtained authorization from the RADIUS server, the user is allowed to make connections and data transmission.
There are four common EAP methods used at present, namely: EAPMD5, Cisco LEAP or EAP, EAP-TLS, and EAP-TTLS:
4.4.1. EAP-MD5
EAP is an EAP MD5 uses the MD5 encryption algorithm to make a hash of the username and password. However, this algorithm still has shortcomings, which are not able to produce a dynamic WEP key, so that by doing ciphertext attack foreign users will be able to get the WEP key being used. Another weakness is the lack of assurance that users are already sending the proper authentication information to the right place. It could be user submitted information intercepted in the middle of the road without knowing it.
4.4.2. LAEP (EAP-Cisco)
The EAP was developed by Cisco and an increase from EAP MD5. In this protocol was introduced pembangkita dynamic WEP key to be able to prevent ciphertext attack. It also introduced mutual authentication feature, which is 2-way authentication between the user and the AP to prevent eavesdropping of data occurs. Another new addition features included in the LEAP is support for session timeouts. With this feature in the event of a timeout on RADIUS servers, then the AP will automatically send user authentication information again, of course with a different encryption key.
4.4.3. EAP-TLS
EAP authentication on developed by Microsoft is no longer using the input regular username and password, but had to use X.509 certificates to handle authentication. In general, the data contained in X.509 certificates is as follows:
Version
Serial Number
Signature Algorithm Identifier
Issuer Name
Validity Period
Subject Name
Subject Public Key Information
In general, the mechanism is similar to EAP LEAP.
4.4.4. EAP-TTLS
EAP dikembangakan by Funk Software is a development of the EAP TLS. EAP authentication is used on dual authentication, using certificates and also a username and EAP password.Cara of this work is that information derived by penggguna will be sent via a number of specific challengeresponse mechanisms.
5. CONCLUSION
Communication on the wireless network using electromagnetic waves at radio frequencies. This communication occurs in the area between the access point to users (laptop, PDA, etc.). Degree of security of media communication with worse air than through the medium of communication cables. Therefore, the security factor in the wireless network needs to be noted.
In general, the access point security consists of security, authentication and security from eavesdropping (eavesdroping). To support this security used several techniques, among others: Service Set ID (SSID), Wired Equivalent Privacy (WEP), MAC Address, and Extensible Authentication Protocol (EAP). These techniques are used to provide a standard level of security. There are still some kelamahan from the use of these techniques can be used by other people who have no right so that these techniques need to be reviewed or may apply other techniques that better communication through wireless networks become more secure.
source : http://ariefms.wordpress.com/2007/09/27/tren-technology-dan-security-wap/
Comments (0)
Posting Komentar