100 likes | 242 Views
802.11b Vulnerabilities, Ad-Hoc Mode, RF Jamming and Receiver Design. Ritesh H Shukla Graduate Student ECE Dept Under the Guidance of Prof. William R Michalson. 802.11 Overview. What is 802.11, 802.11a, 802.11b and 802.11g
E N D
802.11b Vulnerabilities, Ad-Hoc Mode, RF Jamming and Receiver Design Ritesh H Shukla Graduate Student ECE Dept Under the Guidance of Prof. William R Michalson
802.11 Overview • What is 802.11, 802.11a, 802.11b and 802.11g • Defines the MAC layer and physical layer for wireless data communication between mobile stations in a wireless local area network. • 802.11b finalized in 1999 and is the most successful of all wireless LANs. • 802.11a and 802.11b provide higher data rate. 802.11g products launched only a few months ago. • Three physical layers specified(802.11): • Infrared • Frequency hopping spread spectrum • Direct sequence spread spectrum • 802.11, 802.11b and 802.11 g operate around 2 GHz frequency • 802.11a operates around 5GHz frequency. • CSMA-CA ( Carrier Sense Multiple Access - Collision Avoidance)
Ad-Hoc Mode Vs Infrastructure Mode • All nodes talk to one central access point • Mobility limited to area covered by the access point • The Independent base station mode has no central access point. • Only Single hopping of data
802.11 Neither Secure nor Robust • Protocol designed to be a commodity which is commercially successful. • List of different Attacks • MANAGEMENT FRAMES ARE NOT AUTHENTICATED! • Denial of Service • Flooding (CSMA/CA) • De-authentication • RF interference based attacks • Insertion Attack • Man In the Middle Attacks • Insert a New Access Point in the network • Route all traffic through your node • Encryption attack • Collecting data and decrypting the information contained, made possible due to the weakness in the WEP Encryption specified in 802.11.
Primary Privacy Issue • Medium Accessible to All • “Sniffing” • Protection? • The only protection against “sniffing” is an optional encryption of data called WEP (wired equivalent privacy). • But the protocol is flawed and data can be decrypted. The weakness is well documented and has been published for every one to read. Decrypted Date Hacking Tools on a PDA
Node B Node A Jammer Jamming Physical Layer Communication • Step 1:Jammer senses the network and waits. • Step 2:Jammer’s synchronized receiver transmits fake data for a small time duration • Result expected: • The frame appears corrupted at the receiver (CRC Check fails) • The Jammer is stealthy.
Receiver Design • Receiver design and performance can play an important role in hidden node problem. • The requirements on the jammer to have a high probability of success depends on the overall noise rejection of the receiver and its behavior in the presence of a signal spread using the same spreading sequence.
Down conversion to Base band • A Zero IF receiver with two stages of down conversion is being simulated based on the Intersil’s Prism™ wireless lan solution for 802.11x Target Receiver Design
Conclusion • 802.11 wireless is a highly successful protocol, which is not designed to be robust or secure. • Ad-Hoc mode possible with only a single hop of data. • Knowledge of spreading sequence could make jamming present wireless networks easy and the source of jamming difficult to detect. • Understanding of the behavior of wireless receivers under the proposed jamming technique requires comprehensive simulation and actual testing of the results.