Security at the Wireless Cafι
Technical Communication TS 5004
Wireless connectivity is a new technology and it is here to stay. No longer tethered by wire and an inherent level of security, privacy and safety is often taken for granted. People bring their laptop computers to the coffee shop or cafι where they are able to connect wirelessly to the Internet. But, are they surfing in a web of unscrupulous spammers, hackers and crackers? What level of security is provided to the cafι patron or should there be signs posted Internet SURFERS beware?
With the boom in wireless networking and proliferation of public access points there are security risks which are pervasive and under estimated by the public. Even, the business proprietor may be unaware of the security risk, or might see this wireless connection as a new revenue stream for the business by legally harvesting usernames, passwords and other personal data.
By explaining the basic operation of wireless communication and showing some of the tools used to capture information as it is broadcast from device to device, the non technical user may better understand the steps to mitigate this risk.
Table of Contents
Popularity of wireless communication . 4
Magnitude of crime and security breach .. 6
Ethernet TCP/IP protocol OSI Model ... 7
Figure 1 Wireless network communication protocol 8
802.11 802.16 Wireless protocol ... 10
Figure 2 Wireless Internet Cafι Surfing the Internet . 11
Hijacking Man in the Middle and other techniques ... 12
Figure 3 Wireless Internet Cafι Infiltrated by imposter access point 12
Sniffers analyzing packets of data . 13
Figure 4 Sniffer showing readable user name and password 14
Figure 4a Wireless network detection software 15
Public access point with acceptable use policy . 16
Open connections Legal vulnerability 16
SSL Secure Socket Layer .. 16
Figure 5 Using SSL to hide user name and password ... 17
VPN Virtual Private Network . ... 17
Conclusion . 18
References.... .. 19
Popularity of wireless communication
How popular is wireless communication? Cell phones,
personal digital assistant (PDA), notebook Personal Computer (PC), tablet PC
and other wireless devices can be found almost anywhere today. Global
communication is a reality and wireless takes us there. Six million people worldwide
in 2003 had a cellular phone and the estimate then was there would be 1.3
billion cell phone users by 2006
At least one-third of North
Americans (U.S. & Canada) have accessed the Internet wirelessly in the past
30 days significantly higher than rates seen in 2004. The U.S. and Canada
also have some of the highest rates of Wi-Fi awareness and usage, as roughly
two in five that have heard of Wi-Fi technology have actually used it to access
The freedom and ease to move about with these
communication and storage devices is attracting those individuals, who might
not otherwise have an interest to: connect to the Internet, use a computer,
send email, or carry out financial transactions online, are now getting connected
to this wireless technology. They discover a convenience and find these high
tech gadgets are making their lives easier.
Today the telephone, which was invented in the late 1800s by Alexander
Businesses are creating public access points or Hot
Spots calling them Wi-Fi zones and marketing this connectivity to customers,
who seek a connection to the Internet. By providing this service to the
customer, the hospitality and travel industries look to create loyalty and meet
the demands of the mobile clientele. The use of wireless information technology
is growing at exponential rates. Initially, wireless communication and its
development was centered on voice communication but has greatly expanded to
include data. In the United States, the growth rate of wireless cellular
service has seen a compounded growth rate of 40% compared to 5% for regular
telephone service since 1981
A recent survey completed by the RSA Security Inc., found that:
Public hotspots continue to proliferate in the many places where people seek connectivity, such as coffee shops, airports and hotels:
There is no stopping the human need for communication and with faster and easier methods to share information it is likely that we will be experiencing more opportunity to find ourselves at the Wireless Internet Cafι. The businesses in order to take advantage of this new market of mobile information system users advertise their Wi-Fi and available Hot Spots. A Hot Spot is a public access point for connection to the Internet via a wireless network provided by an organization or business, and these connection access points are purposely left in an unsecure state in order to allow easy connection by the patron. Businesses see this offering as one more marketing advantage to get this new market into their establishments. The hospitality and travel industries strongly market this convenience to the travel business employee who needs to stay connected to their companys data systems while travelling. Cafιs and coffeehouses provide Hot Spot connections to allure mobile computer users with added convenience of surfing the Internet or checking email while enjoying the cuisine and refreshment the businesses provide to their patrons. Hot Spots are also located in Wireless Internet Cafιs that serve as public connections for communities where it is too costly for each user to subscribe to an ISP for connecting.
Magnitude of crime and security breach
The level of lost or
stolen personal identity according to some recent estimates is 73 million
identity records and in one much publicized incident a laptop computer holding
the records of 26 million US military service records was taken
If security breach
includes the loss of ones personal information and is an increasingly common,
how do we protect ourselves and mitigate the risk? Analysis of the problem
indicates that where our personal information is stored, and how it is used by
us represents the sphere of vulnerability to having our identity stolen. The
value of a notebook PC is a decreasing asset because over time, new technology
will replace the capability and power of this device with one which has more
power and capability at a lower cost, according to Moores law
Ethernet TCP/IP protocol OSI model
Ethernet has become the
de-facto network protocol because of the success and popularity of the
Internet. It is also the base from which the Hot Spot at the Wireless Internet
Cafι operates. This protocol sets rules on how information is made available
and then transported between computers engaging in communication. This
communication takes place at seven different layers and each computer
corresponds with the other on that same level. Figure 1 shows this layer to
layer correspondence in the Open System Interconnection (OSI) reference model
developed by the International Organization for Standardization
The top level or layer seven is the application layer. Here computer users experience the information they seek. It is the web page displayed in the Internets browser window, or an application which is directly connected to the other computer as with a Telnet session, or a Remote Connection. Layer six moving down the stack is the Presentation Layer which is responsible for translating file data into the correct formats so that graphics are displayed correctly or sound files can be heard. The Session Layer (five) is used to control the program connection so that all data acquired is handled independent of each application and the data is kept separate between applications. These top three layers form the stack area related to the users application.
The fourth layer is the Transport Layer; it is this layer that is responsible for segmenting and reassembling the data. It can provide a logical connection between the host and destination computer and depending on the data requirements can establish a reliable connection so that data is retransmitted if the original data is not received. This layer provides the flow control of the data.
How this information is routed between computers is the responsibility of the Network Layer. It is this third layer that determines which is the best path between computers and establishes this path or circuit. The IP address of the source and the destination devices become part of the packet. These addresses identify the logical addressing used to route the information between computers and through networks. The IP address of the source and destination never change in the packet. It is this addressing that identifies the communicating devices much like the cell phone number identifies a specific phone.
The Data Link Layer is the second layer and is responsible in moving the data to and from network devices by converting the message to some type of energy, but not before completing the encapsulation process and marking the data frame with a physical address for both the source and destination of those devices which exist in the same physical environment. As the data frame moves from network to network the source and destination addresses change in order to complete the flow of data between networks. The physical address or Media Access Control (MAC) address within the data framing changes to accommodate the entry and exit points of the specific network connections.
The final step in the encapsulation process is handled by Layer one or the Physical Layer. Here the message is converted to bits of energy for transmission across various media to be received by a remote and similar device. In the Wireless Internet Cafι the medium is air so transmission of these energy bits is broadcast via radio waves and can be received by any device which is listening.
802.11 802.16 Wireless protocol
In the wireless Ethernet environment, the 802.11 protocol was developed to establish the rules which govern just how these Bits, Frames, Packets and Segments are transmitted and secured. The transmission of these TCP/IP packets is done through the air by the wireless device broadcasting radio waves. These radio waves travelling through the air can be picked up by anyone close enough to hear the signal. So there is an issue with privacy if the signal is available to all in the Wireless Internet Cafι. Figure 2 shows the connection of Cafι customers connecting wirelessly to the Hot Spot access point for communication through the Internet to various web servers.
A security solution
without ensuring privacy is no solution at all!
Hijacking - Man in the Middle and other techniques
The perpetrator of identity
theft will use various techniques to hide and avoid detection. Other tools are
used so the packets of data can be captured and deciphered as they pass through
the rogue access point
No security is configured to check and verify the authenticity of the wireless clients relationship with wireless access point the level of trust is high by default and so, there is no distinction between a rouge access point and the legitimate public Hot Spot. The information is sent though through the rogue access point because the hacker has tricked the devices and cloaks the rogue device as a legitimate network access point by changing the MAC address or other manipulation of the encapsulated data.
Sniffers analyzing packets of data
How do these packets
get captured? The term used to describe this type of program is known as a
Sniffer. This program captures the complete frames as the travel through a
network. Any transmission of packets which are captured can be stored on the
hard drive of the packet sniffing computer. These data packets will contain all
information transmitted to and from the communicating computers and is a copy
of your computing session
Many systems do not use encryption to hide the username and password data. Plain text is a gift. With the information easily obtained in plain text for username and password plus tracing of all of the web server connections, personal security is breached in the matter of just a few minutes. The RSA survey was undertaken using the same tools available to the hacker. Figure 4a identifies several wireless networks and is one of the tools used by hackers to evaluate target networks.
was carried out with a laptop computer and commercial software. The laptop and
software scanner detected both broadcasting and non-broadcasting APs in the
802.11a, b and g frequencies. When devices were detected the software
identified the channel, service set identifier (SSID) and other network
information before disconnecting from that source. The software had no way of
capturing or retaining the data content of sessions detected.
It is interesting to note that the RSA Security Inc. included the disclaimer that the software did not capture or retain data, by their choice.
Public access points with Acceptable Use Policies
Some Wireless Internet Cafιs recognize there are vulnerabilities to Hot Spot connections and in an effort to notify their Internet surfing customer and minimize their associated security risk liability often present a login home page that serves notice to the Wi-Fi customer about their acceptable use policy. This includes a warning about the inherent security risk and the prohibition of capturing data.
Open connections - Legal vulnerability
To create a public hot spot the wireless access point device broadcasts its SSID and with the security mechanisms turned off. You accept the risk by connecting and the liability. There is no protection from sniffers. Since this access is a public invitation the packets may be sniffed legally even if the packet sniffer does not agree to the Acceptable Use Policy of the business. They are not using the Wireless Internet Cafι network. They are just capturing packets travelling through the air in a space designated as public Wi-Fi. There is legal protection for networks that are private and any capture of data packets would be a crime.
SSL Secure Socket Layer
In order to protect
your identity, do not access any accounts which use plain text to authenticate
the user. Limit your access to accounts which authenticate users using a
security mechanism although Man-in-the-Middle or Replay capture may still
provide enough information for the hacker to decode the security encryption
This SSL method is commonly seen when using a web browser; it is the lock that appears on the browser and the communication protocol changes in the address/location bar to from the original http://.
VPN Virtual Private Networks
Virtual Private Network (VPN) uses a different method to cloak the data so that it cannot be captured and viewed. This method requires that both ends of the communication link be set up in advance of the first connection and the predetermined define security keys are in place.
Without protection of a security method the wireless Internet cafι user is exposed to become a victim of identity theft. Even with some level of security in place the risk is reduced but not totally eliminated. The decision to use a hot spot connection is often made because of convenience or status. The risk needs to measure against the perceived benefit. The probability to fall victim using a public wireless access point may be high, and the associated cost with rebuilding and recovering ones identity in terms of time and money spent can be great. Be proactive and make smart choices when it comes to making that connection in the Wireless Internet Cafι. Know that no one is protecting your personal data, and that responsibility is yours and yours alone. You can only take steps that may lower the risk, but it will never be a zero percent probability unless your computer stays turned off and in its case.
Bell, Alexander Graham. (2007). Desktop Encyclopζdia Britannica. Chicago: Encyclopζdia Britannica.
Ciampa, M. (2005). Security + Guide to Network Security Fundamentals. Boston: Thomson Learning, Inc.
Computers and Information Systems. (2006). Encyclopζdia Britannica. Retrieved October 23, 2007, from Encyclopζdia Britannica Online: http://www.britannica.com/eb/article-257856
European Travel Commission. (2007, November 30). New Media Review - Provided by the European Travel Commission. Retrieved December 4, 2007, from European Travel Commission: http://www.etcnewmedia.com/review/default.asp?SectionID=10
Haley, F. (2007, November). Wi-Fi on Steroids. Black Enterprise, Retrieved December 4, 2007, from ProQuest database, 38(4), 58.
Intel Corporation. (n.d.). Moore's Law: Made real by Intel Innovation. Retrieved December 4, 2007, from Intel Corportation: http://www.intel.com/technology/mooreslaw/
Lammie, T. (2005). Chapter 1: Internetworking. CCNA: Cisco Certified Network Associate Study Guide. San Francisco, London: Sybex,Inc.
Marketing Charts. (2007, June 15). Wireless Adoption Leaps, Advance Encryption Gains Ground. Retrieved November 19, 2007, from www.marketingcharts.com: http://www.marketingcharts.com/interactive/wireless-adoption-leaps-advanced-encryption-gains-ground-678
McClure, S., Scambray, J., & Kurtz, G. (2005). Hacking Exposed (5th Edition). New York: McGraw-Hill Osborne.
Miller, S. (2003). Issues in Wireless Security. Wi-Fi Security. McGraw-Hill Professional Publishing.
Minoli, D. (2002). Hotspot Networks: Wi-Fi for Public Access Locations. New York : McGraw-Hill Professional Publishing.