Perceptions of Wi-Fi Security Requirements: A Stratified View

1. Perceptions of Wi-Fi Security Requirements: A Stratified View Merrill Warkentin Xin (“Robert”) Luo Mississippi State University

2. The authors Samuel Luo !

3. Overview • Growth in Access Points – the problem • Existing and emerging protocols • Security threats • Perception of Wi-Fi security threats • Research plan • Discussion

4. Access Points Found 1 = Sept 2002 4 = June 2004 Total AP found in WWD4: 228,537 (Worldwide Wardrive,2004)

5. Existing & Emerging Protocols • 802.11, 802.11a, 802.11b, 802.11g • Four standards for Wireless LANs • Ranging from 1M to 54M bit/sec. • EAP – Extensible Authentication Protocol • 802.11e • QoS (quality of service) • 802.11h • Power usage and transmission power • 802.11n • Improve the bandwidth • 802.11f • inter access point • 802.11s • Mesh networking • 802.11r • fast roaming

6. Security Protocols: WEP and WPA • WEP • relies on unchanging, shared encryption keys • addresses confidentiality instead of authentication • WPA (early version of the 802.11i) • includes Temporal Key Integrity Protocol (TKIP) and 802.1x mechanisms • provide dynamic key encryption and mutual authentication • poorly chosen short human-readable passphrases can be cracked with a robust dictionary attack offline and without access to the network.

7. Interoperable Protocols • Interoperability problem • Cisco’s proprietary version of 801.1x authentication--the Lightweight EAP (LEAP) • doesn’t function with a variety of hardware clients • Protected EAP (PEAP) • combining an administrator-specified authentication and confidentiality protocol with EAP • Adoption problem • most organizations reluctant to embrace standards that have yet to be standardized

8. Security Threats • Viruses and Trojans • Eavesdropping • Man-in-the-middle attacks • Denial of Service attacks

9. Top Seven 802.11 Security Problems • Easy Access • Rogue Access Points • Unauthorized Use of Service • Service/Performance Constraints • MAC Spoofing, Session Highjacking • Traffic Analysis and Eavesdropping • Higher Level Attacks Source: Bitpipe

10. IEEE 802.11i Security Protocol • ratified in June 2004 • WPA2 with Advanced Encryption Standard (AES) • address all known WEP deficiencies via a new mode called CCM • provide confidentiality and integrity • bring stronger encryption • reduce key management overhead • minimize the time spent computing key schedules (Cam-Winget, 2003)

11. Wi-Max • broadband wireless connections over long distances • used for • "last mile" broadband connections • hotspot and cellular backhaul • high-speed enterprise connectivity • based on IEEE 802.16 standard • provides metropolitan area network connectivity at speeds of up to 75 Mb/sec • can transmit signals as far as 30 miles (average = 3-5 miles) Source: Intel

12. Stakeholder Groups • executive-level (top) management • IT Directors (CIO, CSO, Netword Admins) • staff, end users • other stakeholders? (external) Research Question: “Do they have the same perceptions of Wi-Fi security?”

13. Perceptions of Wi-Fi Security • Is it safe? Who can read? How to use? • Each stakeholder group has influences. • Who views as secure? • How does this influence actions?

14. Research Plan • investigate similarities and dissimilaritiesin terms of perception of wireless security issues among stakeholder groups • discuss implications of any differences • research methodology • lit review, develop research hypotheses • survey – pilot study (at MSU) • deans, directors, IT directors, faculty, staff, students • survey – hospitals, hotels, cafes, etc.

15. Stakeholder Discussion