5 - WLANs Flashcards
Hidden Terminal
When a node cannot ‘hear’ that another node is busy due to being out of range
Exposed Terminal
When the node is busy transmitting, and unable to transmit due to fear of collision
Wireless cards employ what sort of transmission?
Half-Duplex
Definition of MACA
Multiple Access with Collision Avoidance
MACA employs what type of sensing? (2)
- Physical Channel Sensing
- Virtual Channel Sensing
Sender and receiver nodes must send what before sending data?
Control frames, which reserves the medium for communication
Collision Avoidance Communication (5)
- Request to Send (RTS)
- Replies with Clear to Send (CTS)
- Any node that receives RTS, and should not transmit until indicated time has lapsed
- Any node that receive RTS but not CTS knows it isn’t close enough to receiver to interfere, so can still transmit
- After data received, it sends an ACK
What if not CTS arrives at sender?
Assume a collision and start binary exp back-off
Term employed to select an AP
Scanning
Scanning Method (4)
- mobile client node send Probe frames
- all APs in range reply with Probe Response Frame
- Mobile node selects an AP and sends an Association Request frame
- AC responds with an Association Response frame
P.L Attack
Saturate wireless network with RF noise
D.L Attacks (2)
- Two-sided AP learns about MAC address, hackers copy MAC address and transmit loudly from other side of the wall
- Configure wireless card to masquerade as AP, easily attack victim
Black-Hole Attacks
Complete termination of communication stream
Grey-Hole Attacks
Selectivity drop or transmit a victim’s packets
N.L Attack
Performing DoS attacks such as ICMP floods, file transfers
Factors for Wireless Network Encryption (3)
- Need for privacy
- Ease of Use
- Government Regulations
Forms of Network Encryption
- WEP (Wired Equivalent Privacy)
- WPA, WPA2, 802.11i(WiFi Protected Access)
WEP method
Shares a secret key between mobile station and AP
WEP Criteria (5)
- Optional
- “Reasonably Strong” Encryption
- Self-Synchronising
- Computationally Efficient
- Conform to government regulations
WEP Encryption (4)
- Employs secret key of 40 or 104 bits
- Secret keys concatenated with 24-bit IV to form 64/128 bit encryption (silver/gold wireless card)
- Inputted to pseudo-random number generator, RC4 alg (stream cipher)
- Data XOR with key stream to produce cipher text
WEP Decryption
- Cipher text XOR key stream to produce data and ICV
Issues with WEP Encryption (4)
- Passive attack is subject to statistical analysis
- Active attacks inject new traffic
- Active attacks to decrypt traffic, by confusing AP
- Dictionary Build attacks, by analysing traffic
RC4 Vulnerabilities (2)
- Single change in cipher text changes plain text message
- Eavesdropping two cipher texts encrypted with the same key stream, we can obtain the XOR of the plaintext leading to statistical attacks to recover plaintexts
WEPs IV Problems
- IEEE 802.11 b/g doesn’t specify how often the IV should change, two wireless network cards inserted at the same time will both be initialised to zero
- Short 24 bit length guarantees the reuse of the same key stream under standard conditions (exhausted after 5 hours)
