Tribhuvan University

Institute of Science and Technology

Bachelor in Computer Science and Information Technology (BSC CSIT)
7Th Semester
Network Security (CS-416 )
Unit-4: Wireless Network Security 6hrs

Instructor
Tekendra Nath Yogi
Tekendranath@gmail.com
 Contents
• Unit 4: Wireless Network Security (6 Hrs.)

– 4.1. Wireless Security

– 4.2. Mobile Device Security

– 4.3. IEEE 802.11 Wireless LAN Overview

– 4.4. IEEE 802.11i Wireless LAN Security

6/19/2025 By: Tekendra Nath Yogi 2

 4.1. Wireless Security
• Some of the key factors contributing to the higher security risk of wireless
networks compared to wired networks include:

– Channel

– Mobility

– Resources

– Accessibility

6/19/2025 By: Tekendra Nath Yogi 3

 Cont’d…
• Channel

– Wireless networking typically involves broadcast communications,

which is far more susceptible to eavesdropping and jamming than wired
networks

– Wireless networks are also more vulnerable to active attacks that exploit
vulnerabilities in communications protocols

• Mobility

– Wireless devices are far more portable and mobile than wired devices

– This mobility results in a number of risks

6/19/2025 By: Tekendra Nath Yogi 4

 Cont’d…
• Resources

– Some wireless devices, such as smartphones and tablets, have

sophisticated operating systems but limited memory and processing
resources with which to counter threats, including denial of service and
malware

• Accessibility

– Some wireless devices, such as sensors and robots, may be left

unattended in remote and/or hostile locations

– This greatly increases their vulnerability to physical attacks

6/19/2025 By: Tekendra Nath Yogi 5

 Cont’d…
• Wireless Networking components: wireless environment consists of three
components that provide point of attack

Figure: Wireless networking components

6/19/2025 By: Tekendra Nath Yogi 6

 Cont’d…
• The wireless client can be a cell phone, a Wi-Fi–enabled laptop or tablet, a
wireless sensor, a Bluetooth device, and so on.

• The wireless access point provides a connection to the network or service.

Examples of access points are cell towers, Wi-Fi hotspots, and wireless
access points to wired local or wide area networks.

• The transmission medium, which carries the radio waves for data transfer, is
also a source of vulnerability.

6/19/2025 By: Tekendra Nath Yogi 7

 Cont’d…
• Wireless Network Threats:

– Accidental Association

– Malicious Association

– Ad-hoc networks

• Non-traditional networks

• Identity theft (MAC spoofing)

• Man in- the Middle Attack

• Denial of service (DoS)

• Network Injection

6/19/2025 By: Tekendra Nath Yogi 8

 Cont’d…
• Accidental association

– Company wireless LANs in close proximity may create overlapping

transmission ranges

– A user intending to connect to one LAN may unintentionally lock on to

a wireless access point from a neighboring network

• Malicious association

– A wireless device is configured to appear to be a legitimate access point,

enabling the operator to steal passwords from legitimate users and then
penetrate a wired network through a legitimate wireless access point

6/19/2025 By: Tekendra Nath Yogi 9

 Cont’d…
• Ad hoc networks

– These are peer-to-peer networks between wireless computers with no

access point between them

– Such networks can pose a security threat due to a lack of a central point
of control

• Nontraditional networks

– Personal network Bluetooth devices, barcode readers, and handheld

PDAs pose a security risk in terms of both eavesdropping and spoofing

6/19/2025 By: Tekendra Nath Yogi 10

 Cont’d…
• Identity theft (MAC spoofing)

– This occurs when an attacker is able to eavesdrop on network traffic and

identify the MAC address of a computer with network privileges

• Man-in-the-middle attacks

– This attack involves persuading a user and an access point to believe

that they are talking to each other when in fact the communication is
going through an intermediate attacking device

– Wireless networks are particularly vulnerable to such attacks

6/19/2025 By: Tekendra Nath Yogi 11

 Cont’d…
• Denial of service (DoS)

– This attack occurs when an attacker continually bombards a wireless

access point or some other accessible wireless port with various protocol
messages designed to consume system resources

– The wireless environment lends itself to this type of attack because it is

so easy for the attacker to direct multiple wireless messages at the target

• Network injection

– This attack targets wireless access points that are exposed to nonfiltered
network traffic, such as routing protocol messages or network
management messages

6/19/2025 By: Tekendra Nath Yogi 12

 Cont’d…
• Securing Wireless Transmissions: The principal threats to wireless
transmission are eavesdropping, altering or inserting messages, and disruption.
• To deal with eavesdropping, two types of countermeasures are appropriate:
1. Signal-hiding techniques
• Turn off SSID broadcasting by wireless access points
• Assign cryptic names to SSIDs
• Reduce signal strength to the lowest level that still provides requisite
coverage
• Locate wireless access points in the interior of the building, away from
windows and exterior walls
2. Encryption
• Is effective against eavesdropping to the extent that the encryption keys
are secured
6/19/2025 By: Tekendra Nath Yogi 13
 Cont’d…
• Securing Wireless Access Points: The main threat involving wireless
access points is unauthorized access to the network

• The principal approach for preventing such access is the IEEE 802.1x
standard for port-based network access control

– The standard provides an authentication mechanism for devices wishing

to attach to a LAN or wireless network

– The use of 802.1x can prevent rogue access points and other
unauthorized devices from becoming insecure backdoors.

6/19/2025 By: Tekendra Nath Yogi 14

 Cont’d…
• Securing Wireless Networks:

– Use encryption

– Use antivirus, antispyware software and a firewall

– Turn off identifier broadcasting

– Change the identifier on your router from the default

– Change your router’s pre-set password for administration

– Allow only specific computers to access your wireless network

6/19/2025 By: Tekendra Nath Yogi 15

 Mobile Device Security
• Mobile devices have become an essential element for organizations as part
of the overall network infrastructure

• Prior to the widespread use of smartphones, network security was based

upon clearly defined perimeters that separated trusted internal networks
from the untrusted Internet

• Due to massive changes, an organization’s networks must now

accommodate:
– Growing use of new devices

– Cloud-based applications

– Deperimeterization

– External business requirements

6/19/2025 By: Tekendra Nath Yogi 16

 Cont’d…
• Security Threats: Major security concerns for mobile devices:

– Lack of physical security controls

– Use of untrusted mobile devices

– Use of untrusted networks

– Use of untrusted content

– Use of applications created by unknown parties

– Interaction with other systems

– Use of location services

6/19/2025 By: Tekendra Nath Yogi 17

 Cont’d…
• Lack of physical security controls
– The security policy for mobile devices must be based on the assumption
that any mobile device may be stolen or at least accessed by a malicious
party
• Use of untrusted mobile devices
– The organization must assume that not all devices are trustworthy
• Use of untrusted networks
– The security policy must be based on the assumption that the networks
between the mobile device and the organization are not trustworthy
• Use of untrusted content
– Mobile devices may access and use content that other computing
devices do not encounter
6/19/2025 By: Tekendra Nath Yogi 18
 Cont’d…
• Use of applications created by unknown parties

– It is easy to find and install third-party applications on mobile devices

and this poses the risk of installing malicious software

• Interaction with other systems

– Unless an organization has control of all the devices involved in

synchronization, there is considerable risk of the organization’s data
being stored in an unsecured location, plus the risk of the introduction of
malware

• Use of location services

– An attacker can use location information to determine where the device

and user are located, which may be of use to the attacker

6/19/2025 By: Tekendra Nath Yogi 19

 Cont’d…
• Mobile Device Security Strategy:

Figure: Mobile Device Security Elements

6/19/2025 By: Tekendra Nath Yogi 20
 Cont’d…
• Principal elements of a mobile device security strategy fall into three
categories:

– Device security
– Client/server traffic security, and

– Barrier security

6/19/2025 By: Tekendra Nath Yogi 21

 Cont’d…
• Device Security: Secure both corporate and users devices before granting
access:

– Access: Require PIN/password, auto-lock devices, etc.

– Data: Encrypt data, enable remote wipe, enforce SSL, and keep software
updated.

– Apps: Use approved apps only, with whitelisting.

– Storage: Restrict cloud sync and local storage of sensitive data.

– Features: Disable cameras, location services, and educate users on

content risks.

6/19/2025 By: Tekendra Nath Yogi 22

 Cont’d…
• Traffic Security: Secure all data in transit between mobile devices and the
network:

– Encryption: Use SSL, IPv6, or VPN for all traffic.

– Authentication: Implement strong, two-factor authentication for both

device and user.

– Access Control: Limit device access to only necessary organizational

resources.

6/19/2025 By: Tekendra Nath Yogi 23

 Cont’d…
• Barrier Security: Protect the internal network from unauthorized or risky
mobile access:

– Firewalls: Apply mobile-specific rules to limit data and app access.

– Intrusion Detection: Use tighter IDS/IPS rules for mobile traffic.

– Network Segmentation: Isolate mobile device traffic from critical

systems.

6/19/2025 By: Tekendra Nath Yogi 24

4.3. IEEE 802.11 Wireless LAN Overview
• IEEE 802 Protocol Architecture:

6/19/2025 By: Tekendra Nath Yogi 25

 Cont’d…
• The General format of the IEEE 802 MAC Protocol Data Unit (MPDU) is
as shown in figure below:

Figure: General IEEE 802 MAC Protocol Data Unit (MPDU) Format

6/19/2025 By: Tekendra Nath Yogi 26

 Cont’d…
• IEEE 802.11 Network Components and Architectural Model:

Figure: IEEE 802.11 Extended Service Set

6/19/2025 By: Tekendra Nath Yogi 27
 Cont’d…
• IEEE 802.11 Terminology

6/19/2025 By: Tekendra Nath Yogi 28

 Cont’d…
• IEEE 802.11 Services:

6/19/2025 By: Tekendra Nath Yogi 29

 Cont’d…
• Distribution of Messages Within a DS: The two services involved with the
distribution of messages within a DS are:

– Distribution: The primary service used by stations to exchange MPDUs

when the MPDUs must traverse the DS to get from a station in one BSS
to a station in another BSS

– Integration

• Enables transfer of data between a station on an IEEE 802.11 LAN

and a station on an integrated IEEE 802.x LAN

• Takes care of any address translation and media conversion logic

required for the exchange of data

6/19/2025 By: Tekendra Nath Yogi 30

 Cont’d…
• Association-Related Services --Transition types based on mobility:
– No transition: A station of this type is either stationary or moves only within
the direct communication range of the communicating stations of a single
BSS
– BSS transition: A station movement from one BSS to another BSS within
the same ESS
• In this case, delivery of data to the station requires that the addressing
capability be able to recognize the new location of the station
– ESS transition : A station movement from a BSS in one ESS to a BSS
within another ESS
• Maintenance of upper-layer connections supported by 802.11 cannot be
guaranteed
• Disruption of service is likely to occur
6/19/2025 By: Tekendra Nath Yogi 31
 Cont’d…
• To deliver a message within a DS, the distribution service needs to know the
identity of the AP to which the message should be delivered in order for that
message to reach the destination station.

• Three services relate to a station maintaining an association with the AP

within its current BSS:

– Association: Establishes an initial association between a station and an

AP

– Reassociation: Enables an established association to be transferred from

one AP to another, allowing a mobile station to move from one BSS to
another

– Disassociation: A notification from either a station or an AP that an

existing association is terminated
6/19/2025 By: Tekendra Nath Yogi 32
 4.4. IEEE 802.11i Wireless LAN Security
• There is an increased need for robust security services and mechanisms for
wireless LANs.
– Wired Equivalent Privacy (WEP)
• The privacy portion of the 802.11 standard
• Contained major weaknesses
– Wi-Fi Protected Access (WPA)
• A set of security mechanisms that eliminates most 802.11 security
issues
• Based on the current state of the 802.11i standard
– Robust Security Network (RSN)
• Final form of the 802.11i standard
• Complex
6/19/2025 By: Tekendra Nath Yogi 33
 Cont’d…
• Elements of IEEE 802.11i: Service and protocols

6/19/2025 By: Tekendra Nath Yogi 34

 Cont’d…
• Elements of IEEE 802.11i: Cryptographic algorithms

6/19/2025 By: Tekendra Nath Yogi 35

 Cont’d…
• IEEE 802.11i Phases of Operation : Five Phases of RSN

Figure: IEEE 802.11i Phases of Operation

6/19/2025 By: Tekendra Nath Yogi 36
 Cont’d…
• Discovery:

– An AP uses messages called Beacons and Probe Responses to advertise

its IEEE 802.11i security policy.

– The STA uses these to identify an AP for a WLAN with which it wishes
to communicate.

– The STA associates with the AP, which it uses to select the cipher suite
and authentication mechanism when the Beacons and Probe Responses
present a choice.

6/19/2025 By: Tekendra Nath Yogi 37

 Cont’d…
• Authentication:

– During this phase, the STA and AS prove their identities to each other.

– The AP blocks non-authentication traffic between the STA and AS until

the authentication transaction is successful.

– The AP does not participate in the authentication transaction other than

forwarding traffic between the STA and AS.

6/19/2025 By: Tekendra Nath Yogi 38

 Cont’d…
• Key generation and distribution:

– The AP and the STA perform several operations that cause

cryptographic keys to be generated and placed on the AP and the STA.

– Frames are exchanged between the AP and STA only.

6/19/2025 By: Tekendra Nath Yogi 39

 Cont’d…
• IEEE 802.11i Keys for Data Confidentiality and Integrity Protocols

6/19/2025 By: Tekendra Nath Yogi 40

 Cont’d…
• Protected data transfer:

– Frames are exchanged between the STA and the end station through the
AP.

– As denoted by the shading and the encryption module icon, secure data
transfer occurs between the STA and the AP only; security is not
provided end-to-end.

6/19/2025 By: Tekendra Nath Yogi 41

 Cont’d…
• Connection termination:

– The AP and STA exchange frames.

– During this phase, the secure connection is torn down and the
connection is restored to the original state.

6/19/2025 By: Tekendra Nath Yogi 42

 Cont’d…

Figure: IEEE 802.11i Phases of Operation: Capability Discovery, Authentication, and Association
6/19/2025 By: Tekendra Nath Yogi 43
 Thank You !

6/19/2025 By: Tekendra Nath Yogi 44