Internetworking Security at the Wireless Cafι

Technical Communication TS 5004

Capella University

Tim Burke

12/14/2007

 

 

 

 


 

Abstract

Wireless connectivity is a new technology and it is here to stay. No longer tethered by wire and an inherent level of security, privacy and safety is often taken for granted. People bring their laptop computers to the coffee shop or cafι where they are able to connect wirelessly to the Internet. But, are they surfing in a web of unscrupulous spammers, hackers and crackers? What level of security is provided to the cafι patron or should there be signs posted “Internet SURFERS beware”?   

With the boom in wireless networking and proliferation of public access points there are security risks which are pervasive and under estimated by the public. Even, the business proprietor may be unaware of the security risk, or might see this wireless connection as a new revenue stream for the business by legally harvesting usernames, passwords and other personal data.

By explaining the basic operation of wireless communication and showing some of the tools used to capture information as it is broadcast from device to device, the non technical user may better understand the steps to mitigate this risk.

 

 

 

 

 

 

 

 

 

 

 

Table of Contents

Popularity of wireless communication………………………………………………………….      4

Magnitude of crime and security breach………………………………………………………..     6

Ethernet – TCP/IP protocol OSI Model………………………………………………………...    7

Figure 1 Wireless network communication protocol……………………………………………      8

802.11 – 802.16 Wireless protocol……………………………………………………………...     10

Figure 2 Wireless Internet Cafι – Surfing the Internet………………………………………….    11

Hijacking – Man in the Middle and other techniques…………………………………………...     12

Figure 3 Wireless Internet Cafι – Infiltrated by imposter access point…………………………     12

Sniffers analyzing packets of data……………………………………………………………….    13

Figure 4 Sniffer showing readable user name and password……………………………………     14

Figure 4a Wireless network detection software…………………………………………………    15

Public access point with acceptable use policy………………………………………………….    16

Open connections – Legal vulnerability…………………………………………………………     16

SSL – Secure Socket Layer……………………………………………………………………..   16

Figure 5 Using SSL to hide user name and password…………………………………………...    17

VPN – Virtual Private Network……………………………………….………………………...   17

Conclusion……………………………………………………………………………………….   18

References....…………………………………………………………………………………….. 19

 

 

 

 

 

 

 

Popularity of wireless communication

How popular is wireless communication? Cell phones, personal digital assistant (PDA), notebook Personal Computer (PC), tablet PC and other wireless devices can be found almost anywhere today. Global communication is a reality and wireless takes us there. Six million people worldwide in 2003 had a cellular phone and the estimate then was there would be 1.3 billion cell phone users by 2006 (Minoli, 2002), and wireless demand continues to grow. Emerging trends during 2005 indicated that in the North America notebook PC owner was dramatically increasing their wireless connections to the Internet.

At least one-third of North Americans (U.S. & Canada) have accessed the Internet wirelessly in the past 30 days – significantly higher than rates seen in 2004. The U.S. and Canada also have some of the highest rates of Wi-Fi awareness and usage, as roughly two in five that have heard of Wi-Fi technology have actually used it to access the Internet (European Travel Commission, 2007, para. 61).

The freedom and ease to move about with these communication and storage devices is attracting those individuals, who might not otherwise have an interest to: connect to the Internet, use a computer, send email, or carry out financial transactions online, are now getting connected to this wireless technology. They discover a convenience and find these high tech gadgets are making their lives easier.  Today the telephone, which was invented in the late 1800’s by Alexander Graham Bell (Bell, Alexander Graham, 2007), can be flipped in half and put into a pocket. The idea of having a telephone with you at all times plus the ability to accept or place a call when and wherever you please is more than convenience; it is real power. Almost instantly information can be shared.  It is a new mindset, and we have to learn how to use and not abuse it. This power is addicting.

Businesses are creating public access points or Hot Spots calling them Wi-Fi zones and marketing this connectivity to customers, who seek a connection to the Internet. By providing this service to the customer, the hospitality and travel industries look to create loyalty and meet the demands of the mobile clientele. The use of wireless information technology is growing at exponential rates. Initially, wireless communication and its development was centered on voice communication but has greatly expanded to include data. In the United States, the growth rate of wireless cellular service has seen a compounded growth rate of 40% compared to 5% for regular telephone service since 1981 (Minoli, 2002). 

A recent survey completed by the RSA Security Inc., found that:

Public hotspots continue to proliferate in the many places where people seek connectivity, such as coffee shops, airports and hotels:

There is no stopping the human need for communication and with faster and easier methods to share information it is likely that we will be experiencing more opportunity to find ourselves at the Wireless Internet Cafι. The businesses in order to take advantage of this new market of mobile information system users advertise their Wi-Fi and available Hot Spots.  A Hot Spot is a public access point for connection to the Internet via a wireless network provided by an organization or business, and these connection access points are purposely left in an unsecure state in order to allow easy connection by the patron. Businesses see this offering as one more marketing advantage to get this new market into their establishments. The hospitality and travel industries strongly market this convenience to the travel business employee who needs to stay connected to their company’s data systems while travelling. Cafιs and coffeehouses provide Hot Spot connections to allure mobile computer users with added convenience of surfing the Internet or checking email while enjoying the cuisine and refreshment the businesses provide to their patrons. Hot Spots are also located in Wireless Internet Cafιs that serve as public connections for communities where it is too costly for each user to subscribe to an ISP for connecting.

Magnitude of crime and security breach

The level of lost or stolen personal identity according to some recent estimates is 73 million identity records and in one much publicized incident a laptop computer holding the records of 26 million US military service records was taken (Computers and Information Systems, 2006). This laptop computer was later recovered and the data was untouched by the thieves who perhaps did not realize the importance of the data on the computer’s hard drive (Computers and Information Systems, 2006).

If security breach includes the loss of one’s personal information and is an increasingly common, how do we protect ourselves and mitigate the risk? Analysis of the problem indicates that where our personal information is stored, and how it is used by us represents the sphere of vulnerability to having our identity stolen. The value of a notebook PC is a decreasing asset because over time, new technology will replace the capability and power of this device with one which has more power and capability at a lower cost, according to Moore’s law (Intel Corporation, n.d.). It is the data on a storage device that has the real value. This data is our confidential financial, medical, and personal history. This information gets us connected to our assets which typically are appreciating in value. Because of the open and seemingly abundant opportunity to communicate and connect wirelessly, our security is compromised and the risk is not apparent. If you connect to your bank at the Wireless Internet Cafι, are you making a safe connection or are you putting your identity at risk?       

Ethernet – TCP/IP protocol OSI model

Ethernet has become the de-facto network protocol because of the success and popularity of the Internet. It is also the base from which the Hot Spot at the Wireless Internet Cafι operates. This protocol sets rules on how information is made available and then transported between computers engaging in communication. This communication takes place at seven different layers and each computer corresponds with the other on that same level. Figure 1 shows this layer to layer correspondence in the Open System Interconnection (OSI) reference model developed by the International Organization for Standardization (Lammie, 2005).   This is known as Data Encapsulation (Lammie, 2005) and a brief view of how it works is needed in order to realize the potential of security risk when we use a network connection. The hacker understands how the data packets are assembled and as a result is able to make changes to allow data packets to flow through their rogue device and mine your data.    

The top level or layer seven is the application layer. Here computer users experience the information they seek. It is the web page displayed in the Internet’s browser window, or an application which is directly connected to the other computer as with a Telnet session, or a Remote Connection. Layer six moving down the stack is the Presentation Layer which is responsible for translating file data into the correct formats so that graphics are displayed correctly or sound files can be heard.  The Session Layer (five) is used to control the program connection so that all data acquired is handled independent of each application and the data is kept separate between applications. These top three layers form the stack area related to the user’s application.

The fourth layer is the Transport Layer; it is this layer that is responsible for segmenting and reassembling the data. It can provide a logical connection between the host and destination computer and depending on the data requirements can establish a reliable connection so that data is retransmitted if the original data is not received. This layer provides the flow control of the data.

 How this information is routed between computers is the responsibility of the Network Layer. It is this third layer that determines which is the best path between computers and establishes this path or circuit. The IP address of the source and the destination devices become part of the packet. These addresses identify the logical addressing used to route the information between computers and through networks.  The IP address of the source and destination never change in the packet. It is this addressing that identifies the communicating devices much like the cell phone number identifies a specific phone.

The Data Link Layer is the second layer and is responsible in moving the data to and from network devices by converting the message to some type of energy, but not before completing the encapsulation process and marking the data frame with a physical address for both the source and destination of those devices which exist in the same physical environment.  As the data frame moves from network to network the source and destination addresses change in order to complete the flow of data between networks.  The physical address or Media Access Control (MAC) address within the data framing changes to accommodate the entry and exit points of the specific network connections.

The final step in the encapsulation process is handled by Layer one or the Physical Layer. Here the message is converted to bits of energy for transmission across various media to be received by a remote and similar device.  In the Wireless Internet Cafι the medium is air so transmission of these energy bits is broadcast via radio waves and can be received by any device which is listening.

 

802.11 – 802.16 Wireless protocol

In the wireless Ethernet environment, the 802.11 protocol was developed to establish the rules which govern just how these Bits, Frames, Packets and Segments are transmitted and secured.  The transmission of these TCP/IP packets is done through the air by the wireless device broadcasting radio waves. These radio waves travelling through the air can be picked up by anyone close enough to hear the signal. So there is an issue with privacy if the signal is available to all in the Wireless Internet Cafι. Figure 2 shows the connection of Cafι customers connecting wirelessly to the Hot Spot access point for communication through the Internet to various web servers.

“A security solution without ensuring privacy is no solution at all!” (Miller, 2003, p. 54) as explained in Stewart Miller’s book Wi-Fi Security, but at the public Hot Spot there is no privacy by the virtue that it is public. WiMAX is a new wireless technology designated as the 802.16 protocol. It was developed to provide greater distance for transmission, faster connections and lower cost, but in the public Hot Spot privacy is still a gaping hole. Wireless is here to stay and according to Julie Coppernoll, director of Intel’s WiMAX program, “The next generation will live in an always-connected world.” (Haley, 2007, p. 58).  

 

 

Hijacking - Man in the Middle and other techniques

The perpetrator of identity theft will use various techniques to hide and avoid detection. Other tools are used so the packets of data can be captured and deciphered as they pass through the rogue access point (McClure, Scambray, & Kurtz, 2005). Because there is no security authenticating the Wi-Fi client to the Hot Spot access point, the public access point is vulnerable to the Man-in-the-Middle attack and Replay attack (Ciampa, 2005). Figure 3 shows how an unsecured wireless access point network can trick unsuspecting users.  

No security is configured to check and verify the authenticity of the wireless client’s relationship with wireless access point the level of trust is high by default and so, there is no distinction between a rouge access point and the legitimate public Hot Spot. The information is sent though through the rogue access point because the hacker has tricked the devices and cloaks the rogue device as a legitimate network access point by changing the MAC address or other manipulation of the encapsulated data.   

Sniffers analyzing packets of data

How do these packets get captured? The term used to describe this type of program is known as a Sniffer. This program captures the complete frames as the travel through a network. Any transmission of packets which are captured can be stored on the hard drive of the packet sniffing computer. These data packets will contain all information transmitted to and from the communicating computers and is a copy of your computing session (McClure, Scambray, & Kurtz, 2005). This means any text that you sent will be available for viewing. If you connect to an email account your user name and password are transmitted and may be in plain text. Figure 4 is a packet sniffing session showing a connection to an email account. The user name and password are visible.    

Many systems do not use encryption to hide the username and password data.  Plain text is a gift. With the information easily obtained in plain text for username and password plus tracing of all of the web server connections, personal security is breached in the matter of just a few minutes. The RSA survey was undertaken using the same tools available to the hacker. Figure 4a identifies several wireless networks and is one of the tools used by hackers to evaluate target networks.  

The survey was carried out with a laptop computer and commercial software. The laptop and software scanner detected both broadcasting and non-broadcasting APs in the 802.11a, b and g frequencies. When devices were detected the software identified the channel, service set identifier (SSID) and other network information before disconnecting from that source. The software had no way of capturing or retaining the data content of sessions detected.  (Marketing Charts, 2007, para. 15)

It is interesting to note that the RSA Security Inc. included the disclaimer that the software did not capture or retain data, by their choice.

 

 

 

Public access points with Acceptable Use Policies

Some Wireless Internet Cafιs recognize there are vulnerabilities to Hot Spot connections and in an effort to notify their Internet surfing customer and minimize their associated security risk liability often present a login home page that serves notice to the Wi-Fi customer about their acceptable use policy. This includes a warning about the inherent security risk and the prohibition of capturing data.

Open connections - Legal vulnerability

To create a public hot spot the wireless access point device broadcasts its SSID and with the security mechanisms turned off. You accept the risk by connecting and the liability. There is no protection from sniffers. Since this access is a public invitation the packets may be sniffed legally even if the packet sniffer does not agree to the Acceptable Use Policy of the business. They are not using the Wireless Internet Cafι network. They are just capturing packets travelling through the air in a space designated as public Wi-Fi. There is legal protection for networks that are private and any capture of data packets would be a crime.

SSL – Secure Socket Layer

In order to protect your identity, do not access any accounts which use plain text to authenticate the user. Limit your access to accounts which authenticate users using a security mechanism although Man-in-the-Middle or Replay capture may still provide enough information for the hacker to decode the security encryption (McClure, Scambray, & Kurtz, 2005).  Secure Socket Layer (SSL) is one method for encryption protection. Figure 5 is a capture shot of a user account using SSL to connect for authentication, notice that user name and password are not readable and plain text.

This SSL method is commonly seen when using a web browser; it is the lock that appears on the browser and the communication protocol changes in the address/location bar to “https://” from the original “http://”.

VPN – Virtual Private Networks

Virtual Private Network (VPN) uses a different method to cloak the data so that it cannot be captured and viewed. This method requires that both ends of the communication link be set up in advance of the first connection and the predetermined define security keys are in place.

 

Conclusion

Without protection of a security method the wireless Internet cafι user is exposed to become a victim of identity theft. Even with some level of security in place the risk is reduced but not totally eliminated. The decision to use a hot spot connection is often made because of convenience or status. The risk needs to measure against the perceived benefit. The probability to fall victim using a public wireless access point may be high, and the associated cost with rebuilding and recovering one’s identity in terms of time and money spent can be great. Be proactive and make smart choices when it comes to making that connection in the Wireless Internet Cafι. Know that no one is protecting your personal data, and that responsibility is yours and yours alone. You can only take steps that may lower the risk, but it will never be a zero percent probability unless your computer stays turned off and in its case.  

 

 

 

 

 

 

 

 

 

 

References

Bell, Alexander Graham. (2007). Desktop Encyclopζdia Britannica. Chicago: Encyclopζdia Britannica.

Ciampa, M. (2005). Security + Guide to Network Security Fundamentals. Boston: Thomson Learning, Inc.

Computers and Information Systems. (2006). Encyclopζdia Britannica. Retrieved October 23, 2007, from Encyclopζdia Britannica Online: http://www.britannica.com/eb/article-257856

European Travel Commission. (2007, November 30). New Media Review - Provided by the European Travel Commission. Retrieved December 4, 2007, from European Travel Commission: http://www.etcnewmedia.com/review/default.asp?SectionID=10

Haley, F. (2007, November). Wi-Fi on Steroids. Black Enterprise, Retrieved December 4, 2007, from ProQuest database, 38(4),  58.

Intel Corporation. (n.d.). Moore's Law: Made real by Intel Innovation. Retrieved December 4, 2007, from Intel Corportation: http://www.intel.com/technology/mooreslaw/

Lammie, T. (2005). Chapter 1: Internetworking. CCNA: Cisco Certified Network Associate Study Guide. San Francisco, London: Sybex,Inc.

Marketing Charts. (2007, June 15). Wireless Adoption Leaps, Advance Encryption Gains Ground. Retrieved November 19, 2007, from www.marketingcharts.com: http://www.marketingcharts.com/interactive/wireless-adoption-leaps-advanced-encryption-gains-ground-678

McClure, S., Scambray, J., & Kurtz, G. (2005). Hacking Exposed (5th Edition). New York: McGraw-Hill Osborne.

Miller, S. (2003). Issues in Wireless Security. Wi-Fi Security. McGraw-Hill Professional Publishing.

Minoli, D. (2002). Hotspot Networks: Wi-Fi for Public Access Locations. New York : McGraw-Hill Professional Publishing.