Wireless Communication Fundamentals

Questions and Answers

What does GSM stand for in wireless communications?

• Generic System for Mobile Communications
• Global System for Mobile Communications (correct)
• Global Standard for Mobile Communication
• General System for Mobile Communications

What is represented by BSSID in a wireless network?

• Basic Service Set Identifier (correct)
• Base Station Service Identifier
• Broadband Service Set Identifier
• Binary Service Set Identifier

Which of the following best describes bandwidth in a wireless network?

• The maximum distance between two access points
• The speed at which devices connect to the network
• The total number of users on the network
• The data transfer rate measured in bits per second (correct)

What role does an Access Point (AP) serve in a wireless network?

It connects wireless devices to wired networks. (D)

What is an SSID in the context of wireless networks?

Service Set Identifier (D)

What technique does MIMO-OFDM primarily influence in wireless communication services?

Channel robustness (D)

Which wireless technology is primarily associated with utilizing techniques such as DSSS, FHSS, and OFDM?

Wi-Fi (C)

What is a key advantage of using a wireless network compared to a wired network?

Flexible mobility for users (C)

Which of the following is a characteristic of Direct-sequence spread spectrum (DSSS)?

Uses a pseudo-random noise code for signal protection (B)

What type of equipment can create interference with Wi-Fi networks?

Microwave ovens and similar devices (B)

What is the main purpose of the shared key authentication process in wireless networks?

To authenticate a wireless station before allowing network access (C)

Which type of antenna is designed to radiate signals in all directions?

Omnidirectional Antenna (D)

What encryption method is associated with the highest security level in wireless networks?

Wi-Fi Protected Access 3 (WPA3) (D)

What does the 802.1X standard primarily facilitate in a wireless network?

Centralized authentication of wireless clients (A)

What is a potential risk associated with using a parabolic grid antenna?

Weak security against eavesdropping (B)

What role does the SSID play in a Wi-Fi network?

It acts as a name tag for the Wi-Fi network visible to users. (C)

Which statement about the service set and SSID is true?

The SSID can be shared among different access points for seamless connectivity. (B)

What is a major security risk associated with using default SSIDs?

They can easily be identified by unauthorized users. (A)

In an open system authentication process, what happens during the 'Unchallenged Acceptance' stage?

The AP accepts the authentication request without verification. (B)

How does the use of WEP encryption relate to open system authentication?

WEP can be enabled to exchange encryption keys after initial authentication. (C)

What encryption algorithm does WEP primarily utilize for securing wireless communications?

Rivest Cipher 4 (RC4) (A)

Which of the following is a significant flaw of WEP encryption?

It relies on a single shared key that is rarely changed. (C)

What role does the Initialization Vector (IV) play in the WEP encryption process?

It acts as a digital salt to differentiate packets. (B)

What is a major limitation of the CRC-32 checksum used in WEP?

It cannot detect alterations made by a third party. (A)

Which key length is used in a 128-bit WEP encryption setting?

104-bit key (D)

What is a main reason WEP is vulnerable to dictionary attacks?

The small IV space allows for the creation of a decryption table. (A)

What feature does WPA introduce to enhance security compared to WEP?

Implementation of a Message Integrity Check (MIC). (A)

How does the IV in WEP impact encryption security?

It is sent as part of the cleartext, making it predictable. (B)

What is a limitation of the WEP protocol regarding key management?

Lack of built-in provisions to update keys regularly. (A)

What is the significance of Temporal Keys (TKs) in the TKIP mechanism of WPA?

TKs are derived from the pairwise master key during EAP authentication. (B)

What is the primary function of the Michael Integrity Check (MIC) in TKIP?

To ensure the data has not been tampered with during transfer (C)

How does WPA2 enhance the security compared to WPA?

By replacing TKIP with AES and introducing CCMP (C)

Which vulnerability does TKIP address in comparison to WEP?

The predictable Initialization Vector (IV) (A)

What mechanism does TKIP use to prevent replay attacks?

A sequence counter (B)

In which mode does WPA2 use a central authentication server for access control?

WPA2-Enterprise (B)

What is the interval for changing the temporal keys in TKIP?

Every 10,000 packets (B)

What main issue arises from using weak passwords in WPA PSK?

It makes the PSK vulnerable to password-cracking attacks (C)

What does the per-packet key mixing in TKIP involve?

Combining a master key, MAC address, and sequence number (B)

Which of the following is a characteristic of WPA2-Personal?

Uses a single Pre-Shared Key for network access (B)

What allows attackers to inject malicious traffic in a network under TKIP?

Predictability of the group temporal key (GTK) (B)

Flashcards

GSM

Global System for Mobile Communications, a universal system used for mobile data transmission in wireless networks worldwide.

Bandwidth

The amount of data that can be transmitted over a connection, often measured in bits per second (bps).

Access Point (AP)

A device that connects wireless devices to a wired or wireless network, using standards like Bluetooth and Wi-Fi.

SSID (Service Set Identifier)

A unique identifier for a wireless local area network (WLAN), like a nametag for the network.

ISM Band (Industrial, Scientific, and Medical)

A set of frequencies used by industrial, scientific, and medical communities, often used for wireless networks.

Association

A process that binds a wireless device to an access point (AP) using radio waves.

OFDM

A digital modulation technique that splits a signal into multiple carrier frequencies that are orthogonal (at right angles) to each other.

MIMO-OFDM

Combines OFDM with multiple antennas to enable a wireless device to send and receive data simultaneously on several channels.

DSSS

A spread spectrum technique that multiplies the original data signal with a pseudo-random noise-spreading code, providing protection against interference or jamming.

FHSS (Frequency-hopping spread spectrum)

A spread spectrum technique where a radio signal rapidly switches between frequencies.

What is an SSID (Service Set Identifier)?

A unique identifier used to identify and locate Wi-Fi networks. It's what you see on your phone or laptop as the name of a Wi-Fi network. All devices on the same Wi-Fi network share the same SSID.

What is a Service Set?

A group of wireless devices that are connected to the same Wi-Fi network and share the same SSID. Imagine it as a 'club' where all members share a common name.

Open System Authentication Process

The process in which a wireless client sends a request to the access point (AP) to authenticate and connect to the network. The AP responds with confirmation, allowing the client to join the network.

Non-Secure Access Mode

A feature allowing connections to an AP without the need for a specific SSID. Clients can connect using the configured SSID, a blank SSID, or an SSID set to "any".

What is a BSSID (Basic Service Set Identifier)?

A unique identifier assigned to each access point (AP) within a Wi-Fi network. Even if multiple APs share the same SSID, they will have distinct BSSIDs.

What is WEP?

WEP (Wired Equivalent Privacy) is an outdated encryption algorithm for wireless networks. It is vulnerable to attacks and easily cracked.

How does WEP use a shared key for security?

WEP relies on a shared key, a secret string of characters known to both the wireless device and the access point. This key is used for both authentication and encryption.

How does WEP's RC4 stream cipher work?

The RC4 stream cipher in WEP generates a pseudo-random stream of bits to scramble data by XORing it with the actual data.

What is a major weakness of WEP?

WEP is vulnerable to attacks because it uses a short 24-bit IV (Initialization Vector) that is often reused and can be used to crack the encryption. This makes it easy for attackers to decrypt communications.

Why is WEP unsuitable for modern wireless networks?

Although WEP provides confidentiality, it's easily compromised due to its design flaws, making it unsuitable for protecting sensitive data.

Centralized Wi-Fi Authentication

A type of WiFi authentication where a central server (RADIUS) manages the process, distributing keys to both the access point (AP) and the clients trying to connect.

WPA (Wi-Fi Protected Access)

A wireless encryption standard offering improved security over WEP. Designed to counter weaknesses in WEP, it uses a stronger encryption algorithm and more robust authentication.

WPA2 (Wi-Fi Protected Access 2)

A wireless encryption standard offering enhanced security with an even stronger encryption algorithm and improved key management compared to WPA. It's considered the current gold standard for Wi-Fi security.

WPA3 (Wi-Fi Protected Access 3)

A wireless encryption standard that is the latest and most secure version. It introduces a new authentication protocol (SAE) and stronger encryption, making it more robust against attacks.

Directional Antenna

A type of antenna that focuses radio waves in a specific direction, improving signal strength and reducing interference. This is useful for long-range transmissions.

WEP's Vulnerability to Dictionary Attacks

WEP is vulnerable to dictionary attacks as it relies on a password, making it easy to crack using a decryption table generated from a password list.

WEP's Vulnerability to DoS Attacks

WEP is vulnerable to DoS attacks as the associate and disassociate messages are not authenticated, allowing attackers to repeatedly disconnect clients from the network, causing denial of service.

WEP's Short IV Vulnerability

WEP uses a short IV (Initialization Vector) value, which is only 24 bits long. This short IV value leads to repeated keystreams used for data protection, making the network vulnerable to various attacks.

WEP's One-time Cipher Limitation

The RC4 algorithm used in WEP was designed for one-time use but is applied to multiple messages, leading to keystream reuse and vulnerability.

WEP's Key Scheduling Algorithm Vulnerability

WEP's key scheduling algorithm (KSA) makes the first few bytes of plaintext easily predictable, increasing the risk of attacks. The IV value is not explicitly revealed to the network, making it easily reusable with the same secret key by multiple devices.

TKIP (Temporal Key Integrity Protocol)

A security protocol used in WPA as a replacement for WEP, offering stronger security by changing encryption keys for every packet.

Per-packet key mixing

An algorithm that uses a master key, device's MAC address, and a packet sequence number to generate a unique encryption key for each packet.

Message Integrity Check (MIC)

A 64-bit code added to each packet, ensuring data integrity during transmission. The receiver compares its own calculated MIC with the received one.

Sequence Counter

Keeps track of the order packets are sent, preventing attackers from replaying intercepted packets to gain access to the network.

WPA2-Personal

Utilizes a single Pre-Shared Key (PSK) for all devices on the network, making it easy to set up but vulnerable to password-cracking attacks.

WPA2-Enterprise

Offers a more secure option used in businesses, involving a central authentication server (RADIUS) to verify each device's credentials.

Lack of Forward Secrecy in WPA

An attack where an attacker captures a PSK and can decrypt all packets encrypted with that key, making it essential to use strong passwords.

Vulnerability to Packet Spoofing and Decryption in WPA

Clients using WPA-TKIP are vulnerable to attacks that allow attackers to hijack TCP connections or decrypt transmitted data.

Guessing of IP Addresses in WPA

An attack where attackers can guess the IP address of the subnet, injecting small packets that degrade network performance.

Study Notes

Wireless Network Concepts

• A wireless network uses radio-frequency technology and electromagnetic (EM) waves for data communication, eliminating the need for multiple wired connections.
• Wireless networks operate at the physical layer of a network structure.
• Technologies like Wi-Fi (IEEE 802.11) provide wireless access within a range of an access point.
• Wireless networks offer advantages like easy installation and flexible connectivity in difficult-to-wire areas; however, they may have security concerns and bandwidth limitations.

Wireless Terminology

• GSM: Global System for Mobile Communications, a global mobile data transmission standard.
• Bandwidth: The amount of information transmitted over a connection, measured in bits per second (bps).
• Access Point (AP): Connects wireless devices to a wired or wireless network, acting as a bridge between wired and wireless.
• BSSID (Basic Service Set Identifier): The MAC address of an AP, defining a Basic Service Set (BSS). Users typically aren't aware of the specific BSS.
• SSID (Service Set Identifier): A unique name for a wireless network (WLAN), allowing a user to select it from the available networks. All devices on the same WLAN must use the same SSID.
• ISM Band: A set of frequencies used by industrial, scientific, and medical applications.
• Hotspot: A public area with Wi-Fi access for users to connect to the internet.
• Association: The process of connecting a wireless device to an access point (AP).
• OFDM (Orthogonal Frequency-Division Multiplexing): A digital modulation method that splits a signal into multiple orthogonal frequencies, increasing data rates and sharing bandwidth.
• MIMO-OFDM (Multiple-Input Multiple-Output Orthogonal Frequency-Division Multiplexing): A technique improving spectral efficiency in 4G and 5G wireless communication by reducing interference.
• DSSS (Direct-Sequence Spread Spectrum): A spread spectrum technique adding a pseudo-random noise (PN) code to protect against interference and jamming.
• FHSS (Frequency-Hopping Spread Spectrum) / FH-CDMA (Frequency-Hopping Code-Division Multiple Access): A method rapidly switching a carrier among many frequency channels for securing communications by preventing interception or jamming.

Wireless Network Types

• Extension to a Wired Network: Adding APs to extend the range and functionality of an existing wired network by bridging wireless devices with the network. Types of APs include software-based and hardware-based.
• Multiple Access Points: Using multiple APs that overlap to enable seamless roaming between overlapping areas.
• LAN-to-LAN Wireless Network: Connecting multiple LANs wirelessly for data exchange.
• 3G/4G Hotspot: A portable device providing Wi-Fi access through a cellular signal.

Wireless Standards

• SSID: A 32 alphanumeric-character unique identifier for a WLAN, crucial for network identification and connection.
• Service Set: A group of devices connected to the same Wi-Fi network with the same SSID.
• Wi-Fi Authentication Modes: Methods such as open system authentication (least secure), shared key authentication (uses a secret key), and centralized authentication (typically requiring a RADIUS server). Open authentication has no real security; should not be used on private or business networks.

Wireless Encryption Algorithms

• WEP (Wired Equivalent Privacy): An older encryption standard, easily crackable due to vulnerabilities in its keys and IVs.

• WPA (Wi-Fi Protected Access): An improved security protocol using Temporal Key Integrity Protocol (TKIP) for stronger encryption.

• WPA2 (Wi-Fi Protected Access 2): A further enhancement using AES and CCMP, more secure than WPA.

  • WPA2-Personal and WPA2-Enterprise for different authentication methods. Personal uses a shared key, while Enterprise provides individual device authentication through RADIUS servers.

• WPA3 (Wi-Fi Protected Access 3): The latest standard using the Simultaneous Authentication of Equals (SAE) protocol for enhanced security against offline attacks.

Wireless Threats

• Access Control Attacks:

  • WarDriving: Discovering WLANs by sending probe requests or listening.
  • Rogue Access Points: Unauthorized APs placed within a network to gain access.
  • MAC Spoofing: An attacker uses a forged MAC address to impersonate a legitimate AP to gain access.
  • AP Misconfiguration: A security risk from improper AP settings or default configurations.

• Integrity Attacks:

  • Data Frame Injection: Sending forged frames to manipulate the network.
  • Bit-Flipping Attacks: Altering data packets by changing bits.
  • Replay Attacks: Reusing captured frames.

• Confidentiality Attacks:

  • Eavesdropping: Intercepting network traffic without authorization.
  • Traffic Analysis: Inferring information from network traffic patterns.
  • Evil Twin APs: A fake AP mimicking a legitimate network to gain access.
  • Session Hijacking: Taking control of an ongoing network session.

• Availability Attacks:

  • Denial-of-Service (DoS): Flooding the network with traffic to prevent legitimate users from accessing services.
  • Jamming Attacks: Causing interference by broadcasting strong signals that disrupt communications.
  • ARP Cache Poisoning: Manipulating ARP tables to redirect network traffic.

Wireless Antennas

• Directional Antennas: Focusing transmission and reception in特定 directions. Includes Yagi antennas.
• Omnidirectional Antennas: Radiating in all directions equally, like those used in radio stations.
• Parabolic Grid Antennas: Focusing radio signals over long distances.
• Dipole Antennas: A bidirectional antenna using half a wavelength.
• Reflector Antennas: Concentrating EM energy at a focal point.