Wi-Fi

INTRODUCTION

Wi-Fi or Wireless Fidelity refers to the technology surrounding the radio transmission of internet protocol data from an internet(HIGH SPEED) connection wirelessly to a host computer. It is a wireless connection between your computer and the internet connection in your house. Today the majority of laptop computers sold are Wi-Fi enabled.At home & public area. A Wi-Fi network can be used to connect computers to each other, to the Internet, and to wired networks.

Wi-Fi for "Wireless Fidelity", is a set of standards for wireless local area networks (WLAN) based on the IEEE 802.11 specifications. Wi-Fi is the wireless way to handle networking. It is also known as 802.11 networking and wireless Network.Wi-Fi networks use radio technologies called IEEE 802.11b or 802.11a to transmit data from the internet connection to the host.

802.11 has several specifications :

1. 802.11 Applies to wireless LANs . 802.11 provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum or direct sequence spread spectrum. 2. 802.11a is an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS. 3. 802.11b is an extension to 802.11 that applies to wireless LANS and provides 11

Mbps transmission in the 2.4 GHz band. 802.11b uses only DSSS. 4. 802.11g applies to wireless LANs and provides 20+ Mbps in the 2.4 GHz band. 802.11 wireless networks operate in one of two modes- ad-hoc or infrastructure mode. The IEEE standard defines the ad-hoc mode as Independent Basic Service Set (IBSS), and the infrastructure mode as Basic Service Set (BSS).

MODS:

802.11 wireless networks operate in one of two modes- ad-hoc or infrastructure mode. The IEEE standard defines the ad-hoc mode as Independent Basic Service Set (IBSS), and the infrastructure mode as Basic Service Set (BSS).

In ad hoc mode, each client communicates directly with the other clients within the network.

In infrastructure mode, each client sends all of its communications to a central station, or access point (AP).

HOW WI-FI WORKS?

If you want to understand wireless networking at its simplest level, think about a pair of walkie-talkies that you might purchase at Market. These are small radios that can transmit and receive radio signals. When you talk into a Walkie-Talkie, your voice is picked up by a microphone, encoded onto a radio frequency and transmitted with the antenna. Another walkie-talkie can receive the transmission with its antenna, decode your voice from the radio signal and drive a speaker

The two basic components of a Wi-Fi network are a computer device outfitted with a low-power radio and another radio-equipped gadget known as an access point, which is wired to the Internet or a local network. The two communicate with each other over a free slice of the radio spectrum reserved for consumer use and inhabited by microwave ovens and cordless phones. first of all devices called laptop or home pc or any network which want to access internet or connected to their network to another office network. They want to insert wi-fi card which card give facilities to access wireless networking. they first of all connected to the access point which give the connection Gate to connect to the internet after that signals go to the computer server which is wired connected to the access point .and computer server connected to internet server. Which provide the internet facilities to computer or they also using another office network through transmitter. Now the question is that how they converted signal to transmit data? in that In the small figure you saw that computer data combined with addressing and codes for

security. And this combined signals send to transmitter and in the last antenna convert them into radio waves.

Our wireless Wi-Fi network gives instant and convenient access to the internet at cafes and meeting room hotspots through out Brindabella Bussiness park as well as the airport terminal direct internet access is provided by approved internet service providers with a variety of global roaming providers supported where approved and arranged by tenants, IT departments and with layers of security suiting every requirement, wireless networking is also available directed into tenancies to access your business applications and emails at even higher speeds And utilizing tenants own interest gateways. The Wi-Fi infrastructure is operated and managed by Camberra international airport

SECURITY
Because wireless is a shared medium, everything that is transmitted or received over a wireless network can be intercepted. Encryption and authentication are always considered when developing a wireless networking system. The goal of adding these security features is to make wireless traffic as secure as wired traffic. The IEEE 802.11b standard provides a mechanism to do this by encrypting the traffic and authenticating nodes via the Wired Equivalent Privacy (WEP) protocol. The IEEE 802.11 standard defines the following mechanisms for wireless security: a. Authentication through the open system and shared key authentication types b. Data confidentiality through Wired Equivalent Privacy (WEP) Open system authentication does not provide authentication, only identification using the wireless adapter's MAC address. Open system authentication is used when no authentication is required. Some wireless APs allow the configuration of the MAC addresses of allowed wireless clients. However, this is not secure because the MAC address of a wireless client can be spoofed. Shared key authentication verifies that an authenticating wireless client has knowledge of a shared secret. This is similar to preshared key authentication in Internet Protocol security (IPsec). The 802.11 standard currently assumes that the shared key is delivered to participating STAs through a secure channel that is independent of IEEE 802.11. In practice, this secret is manually configured for both the wireless AP and client. Because the shared key authentication secret must be distributed manually, this method of authentication does not scale to a large infrastructure mode network (for example, corporate campuses and public places,

such as malls and airports). Additionally, shared key authentication is not secure and is not recommended for use.

WIRED EQUIVALENT PRIVACY (WEP)

WEP utilizes RC42, a symmetric algorithm known as a stream cipher, for encryption. A symmetric algorithm is one that relies on the concept of a single shared key (as opposed to a public key) that is used at one end to encrypt plaintext (the data) into ciphertext (the encrypted data), and at the other end to decrypt it - convert the ciphertext back to plaintext. Thus, the sender and the receiver share the same key, and it must be kept secret. Stream ciphers encrypt data as it is received, as opposed to block ciphers that collect data in a buffer and then encrypt it a block at a time. Stream ciphers are tempting to use for applications requiring hardware implementation (i.e. wireless LAN cards), because they can be implemented very efficiently in silicon.

WEP VULNARABILITIES
Not long after WEP was developed, a series of independent research studies began to expose its cryptographic weaknesses. Even with WEP enabled, third parties with a moderate amount of technical know-how and resources could breach WLAN security. Three key difficulties were identified: 1. WEP uses a single, static shared key. It remains the same unless a network administrator manually changes it on all devices in the WLAN, a task that becomes ever more daunting as the size of the WLAN increases. 2. At the time of its introduction, WEP employed a necessarily short 40-bit encryption scheme. The scheme was the maximum allowed by US export standards at that time. In 1997, the US government deemed the export of data cryptography to be as threatening to national security as the export of weapons of mass destruction. By necessity, Wi-Fi security had to be weak if the specification was to be adopted as an international standard and if products were to be freely exported. 3. Other technical problems contributed to its vulnerability, including attacks that could lead to the recovery of the WEP key itself. Together, these issues exposed that WEP was not sufficient for enterprise-class security.

VIRTUAL PRIVATE NETWORKS (VPNs)

Virtual Private Network technology (VPN) has been used to secure communications among remote locations via the Internet since the 1990s. A familiar and already widely used technology in the enterprise, it can readily be extended to Wi-Fi WLAN segments on existing wired networks. Although VPNs were originally developed to provide point-to-point encryption for long Internet connections between remote users and their corporate networks, they have recently been deployed in conjunction with Wi-Fi WLANs. When a WLAN client uses a VPN tunnel, communications data remains encrypted until it reaches the VPN gateway, which sits behind the wireless AP. Thus, intruders are effectively blocked from intercepting all network communications. Since the VPN encrypts the entire link from the PC to the VPN gateway in the heart of the corporate network, the wireless network segment between the PC and the AP is also encrypted. This is why VPNs have been recommended to help secure Wi-Fi. While VPNs are generally considered an enterprise solution, integrated products that offer VPN pass-through connections, firewalls and routers are available to accommodate telecommuters who work from home. Although they provide excellent security, VPNs are not self-managing. User credentials and, often, VPN software must be distributed to each client. However, when properly installed, VPNs extend the high level of security they provide on wired networks to WLANs. In fact, some Wi-Fi vendors themselves have utilized VPNs in networks to secure their own internal WiFi networks.

Wi-Fi PROTECTED ACCESS

Wi-Fi Protected Access is a specification of standards-based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN systems. Designed to run on existing hardware as a software upgrade, Wi-Fi Protected Access is derived from and will be forwardcompatible with the upcoming IEEE 802.11i standard. When properly installed, it will provide wireless LAN users with a high level of assurance that their data will remain protected and that only authorized network users can access the network. Wi-Fi Protected Access had several design goals, i.e.,: be a strong, interoperable, security replacement for WEP, be software upgradeable to existing Wi-Fi CERTIFIED products, be applicable for both home and large enterprise users, and be available immediately. To meet these goals, two primary security enhancements needed to be made. Wi-Fi Protected Access was constructed to provide an improved data encryption, which was weak in WEP, and to provide user authentication, which was largely missing in WEP. Enhanced Data Encryption through TKIP To improve data encryption, Wi-Fi Protected Access utilizes its Temporal Key Integrity Protocol (TKIP). TKIP provides important data encryption enhancements

including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through these enhancements, TKIP addresses all WEPs known vulnerabilities. Enterprise-level User Authentication via 802.1x and EAP WEP has almost no user authentication mechanism. To strengthen user authentication, Wi-Fi Protected Access implements 802.1x and the Extensible Authentication Protocol (EAP). Together, these implementations provide a framework for strong user authentication. This framework utilizes a central authentication server, such as RADIUS, to authenticate each user on the network before they join it, and also employs mutual authentication so that the wireless user does not accidentally join a rogue network that might steal its network credentials.

ADVANTAGES AND DISADVANTAGES OF Wi-Fi :

Advantages of Wi-Fi .Many reliable and bug-free Wi-Fi products on the market. .competition amongst vendors has lowered prices considerably since their inception. . Easy Access and easy to install.

Disadvantages of Wi-Fi
The 802.11b and 802.11g flavors of Wi-Fi use the 2.4 Ghz spectrum, which is crowded with other devices such as Bluetooth, microwave ovens, cordless phones, or video sender devices, among many others. This may cause a degradation in performance. Other devices which use microwave frequencies such as certain types of

cell phones can also cause degradation in performance. Power consumption is fairly high compared to other standards, making battery life and heat a concern.

Not always configured properly by user. Commonly uses WEP (Wired Equivalent Privacy) protocol for protection, though has been shown to be easily breakable. Newer wireless solutions are slowly providing support for the superior WPA (Wi-Fi Protected Access) protocol, though many systems still employ WEP

Basic WI-FI(802.11) Security

Three well-known methods to secure access to an AP are built into 802.11 networks. Three basic methods are widely available and may be sufficient for some deployments:

Service set identifier (SSID) Media Access Control (MAC) address filtering Wired Equivalent Privacy (WEP)

SSID(Service set identifier)

Network access control can be implemented using an SSID associated with an AP or group of APs(as access point). The SSID provides a mechanism to segment a wireless network into multiple networks serviced by one or more APs. Each AP is programmed with an SSID corresponding to a specific wireless network. To access this network, client computers must be configured with the correct SSID. A building might be segmented into multiple networks by floor or department. Typically, a client computer can be configured with multiple SSIDs for users who

require access to the network from a variety of different locations. Because a client computer must present the correct SSID to access the AP, the SSID acts as a simple password and, thus, provides a measure of security. However, this minimal security is compromised if the AP is configured to broadcast its SSID. When this broadcast feature is enabled, any client computer that is not configured with a specific SSID is allowed to receive the SSID and access the AP. In addition, because users typically configure their own client systems with the appropriate SSIDs, they are widely known and easily shared. APs be configured with broadcast mode disabled, which is referred to as closed mode.

MAC (Media Access Control)Address Filtering

While an AP or group of APs can be identified by an SSID, a client computer can be identified by the unique MAC address of its 802.11 network card. To increase the security of an 802.11 network, each AP can be programmed with a list of MAC addresses associated with the client computers allowed to access the AP. If a client's MAC address is not included in this list, the client is not allowed to associate with the AP. MAC address filtering along with SSIDs provides improved security, but is best suited to small networks where the MAC address list can be efficiently managed. Each AP must be manually programmed with a list of MAC addresses, and the list must be kept up-to-date. In practice, the manageable number of MAC addresses filtered is likely to be less than 255 clients. In addition, MAC addresses can be captured and spoofed by another client to gain unauthorized access to the network. wireless transmIEEE

IEEE 802.11i Standards-Base Wireless security:

802.11i is a new security standard being developed by the IEEE Taskgroup i (TGi). 802.11i addresses the weaknesses of WEP-based wireless security. Scripting tools exist that can be used to take advantage of weaknesses in the WEP key algorithm to successfully attack a network and discover the WEP key. The industry and IEEE are working on solutions to this problem through the TGi working group. Substantial components of the 802.11i standard have already been released or announced and products are beginning to appear in the market. The 802.11i standard addresses the user authentication and encryption weaknesses of WEP-based wireless security.

The components of 802.11i include the already- released IEEE 802.1X port-based authentication framework, the Temporal Key Integrity Protocol (TKIP), the Advanced Encryption Standard (AES) encryption algorithm (to replace WEPs RC4 encryption), key hierarchy and management features, and cipher and authentication negotiation. 802.11i addresses the security requirements of AP-based or Basic Service Set [BSS] and ad hoc or Independent BSS [IBSS] 802.11 wireless networks. The formal completed 802.11i standard is expected in the second half of 2003. Meanwhile, because of important security requirements of 802.11 wireless networks, a subset of the 802.11i standard has been released under the auspices of the Wi-Fi Alliance. Formerly called WECA, the Wi-Fi Alliance is a nonprofit organization that certifies interoperability of 802.11 products and promotes 802.11 as the global, wireless LAN standard. A strong supporter of the Wi-Fi Alliance, Dell Is a member of its board of directors and is very active in Wi-Fi Alliance committees. In November 2002, the WiFi Alliance announced WPA, which is based on those components of the 802.11i standard that are stable and may be deployed on existing 802.11 network and client equipment with a software upgrade. When it is released, 802.11i will be backwardcompatible with WPA. In fact, the final standard will be adopted by Wi-Fi as WPA, version 2. Wi-Fi expects to begin certifying WPA solutions in the first quarter of 2003, and these solutions will begin appearing in the market shortly thereafter. The initial release of WPA addresses AP-based 802.11 networks. Ad hoc (or peer-to-peer) networks will be addressed in the final standard. The following components of 802.11i are included in the initial WPA release:

802.1X authentication(legally valid/ity) framework

TKIP Key hierarchy and management Cipher and authentication negotiation

In the context of an 802.11 wireless network, 802.1X is used to securely establish an authenticated association between the client and the AP. Generally, the scenario would be as shown in Figure 6. The user of an 802.11 wireless client system requests access to an AP. The AP passes the request to a centralized authentication server that handles the authentication exchange and, if successful, provides an encryption key( convert text into code: to convert a text into code or cipher

2. computing encode computer data: to convert computer data and messages to something incomprehensible by means of a key, so that it can be reconverted only by an authorized recipient holding the matching key to the AP. The AP uses the key to securely transmit a unicast session or multicast/global encryption key to the client. Prior to the WPA announcement, WEP was the only encryption method supported by the 802.11 standard, but upcoming TKIP solutions will replace WEP. At this point, the client has access to the network, transmissions between the client and AP are encrypted, and the user may log on to the network domain. During the session, new keys are generated between the client and AP referred to as dynamic WEP key exchange to help mitigate exposure to WEP attacks.

802.1X does not require a specific protocol for authentication. Instead, it specifies that the Extensible Authentication Protocol (EAP) will be used. EAP is an encapsulation protocol that allows different authentication protocols to be selected and used.

Effectively, EAP serves as a conduit for other authentication protocols. There are four main authentication protocols:

MD5 One-way authentication to network using a password. Cisco Lightweight Authentication Extension Protocol (LEAP) Cisco proprietary username-based authentication. EAP-Transport Layer Security (TLS) IETF-standardized authentication. Public Key Infrastructure (PKI) certificate-based authentication of both the user (or client system) and the authentication server. EAP-Tunneled TLS (TTLS) and Protected EAP (PEAP) PEAP and TTLS are similar approaches that are based on TLS extensions. These approaches can be used with higher-layer authentication protocols (such as MS-CHAPv2) and do not require certificates on the client.

Key Hierarchy and Management:

WPA provides for more-secure and better key creation and management. This capability helps to safeguard against known key attacks. Client keys received via 802.1X key messages are used to derive base keys that are, in turn, used to derive perpacket keys. The master and base keys are not used to directly encrypt the data traffic.

Cipher and Authentication Negotiation:

WPA improves interoperability by requiring APs to announce their supported ciphers and authentication mechanisms. Clients wishing to authenticate to the AP via WPA can receive this announcement and respond appropriately via a policy-based decision. In addition, the client can now choose the most secure cipher and authentication mechanism that it and the AP both support.

Conclusion

Here we discussed on the wi-fi technology how wi-fi works.what is importance of this technology and also their advantage or disadvantage of this technology.The basic WiFi(802.11) security solutions that are available SSID, MAC address filtering, and WEPare soon to be strengthened by replacing important components of WEP with WPA via software upgrades to the wireless client systems and APs. This solution will provide suitable security for both small home or business networks and larger networks. 802.1X- and/or VPN-based solutions provide more scalable solutions for large enterprise networks orequire more robus security. Because no one of these approaches addresses all environments and situations.

ACKNOWLEDGEMENTS:

We hope that we have provided the gist of Wi-Fi , which we have collected from edited version of book with title Amazon and written by Gary C .Kessler is an associate professor and director of wireless networking major at Champlain college in Washington, an independent writer. Also we are very much thankful to our guiding faculty.

Wi-Fi technology B.tech 6th semester report conclusion:

This Wi-Fi technology B.tech 6th semester report focuses on the Wi-Fi technology.Wi-Fi (802.11) security solutions are available SSID,MAC address filtering ,and WEP and to be strengthened by replacing important components of WEP with WPA via software upgrades to the wireless client systems and APs.This provides security for both small home or business networks and larger networks and also provides scalable solutions for large enterprise networks or networks which require robust security.

Wireless Standards - 802.11b 802.11a 802.11g and 802.11n

802.11 In 1997, the Institute of Electrical and Electronics Engineers (IEEE) created the first WLAN standard. They called it 802.11 after the name of the group formed to oversee its development. Unfortunately, 802.11 only supported a maximum network bandwidth of 2 Mbps - too slow for most applications. For this reason, ordinary 802.11 wireless products are no longer manufactured.

802.11b IEEE expanded on the original 802.11 standard in July 1999, creating the 802.11b specification. 802.11b supports bandwidth up to 11 Mbps, comparable to traditional Ethernet. 802.11b uses the same unregulated radio signaling frequency (2.4 GHz) as the original 802.11 standard. Vendors often prefer using these frequencies to lower their production costs. Being unregulated, 802.11b gear can incur interference from microwave ovens, cordless phones, and other appliances using the same 2.4 GHz range. However, by installing 802.11b gear a reasonable distance from other appliances, interference can easily be avoided. Pros of 802.11b - lowest cost; signal range is good and not easily obstructed Cons of 802.11b - slowest maximum speed; home appliances may interfere on the unregulated frequency band 802.11a While 802.11b was in development, IEEE created a second extension to the original 802.11 standard called 802.11a. Because 802.11b gained in popularity much faster than did 802.11a, some folks believe that 802.11a was created after 802.11b. In fact, 802.11a was created at the same time. Due to its higher cost, 802.11a is usually found on business networks whereas 802.11b better serves the home market. 802.11a supports bandwidth up to 54 Mbps and signals in a regulated frequency spectrum around 5 GHz. This higher frequency compared to 802.11b shortens the range of 802.11a networks. The higher frequency also means 802.11a signals have more difficulty penetrating walls and other obstructions. Because 802.11a and 802.11b utilize different frequencies, the two technologies are incompatible with each other. Some vendors offer hybrid802.11a/b network gear, but these products merely implement the two standards side by side (each connected devices must use one or the other). Pros of 802.11a - fast maximum speed; regulated frequencies prevent signal interference from other devices Cons of 802.11a - highest cost; shorter range signal that is more easily obstructed

802.11g In 2002 and 2003, WLAN products supporting a newer standard called 802.11g emerged on the market. 802.11g attempts to combine the best of both 802.11a and 802.11b. 802.11g supports bandwidth up to 54 Mbps, and it uses the 2.4 Ghz frequency for greater range. 802.11g is backwards compatible with 802.11b, meaning that 802.11g access points will work with 802.11b wireless network adapters and vice versa. Pros of 802.11g - fast maximum speed; signal range is good and not easily obstructed Cons of 802.11g - costs more than 802.11b; appliances may interfere on the unregulated signal frequency 802.11n The newest IEEE standard in the Wi-Fi category is 802.11n. It was designed to improve on 802.11g in the amount of bandwidth supported by utilizing multiple wireless signals and antennas (called MIMO technology) instead of one. When this standard is finalized, 802.11n connections should support data rates of over 100 Mbps. 802.11n also offers somewhat better range over earlier Wi-Fi standards due to its increased signal intensity. 802.11n equipment will be backward compatible with 802.11g gear. Pros of 802.11n - fastest maximum speed and best signal range; more resistant to signal interference from outside sources Cons of 802.11n - standard is not yet finalized; costs more than 802.11g; the use of multiple signals may greatly interfere with nearby 802.11b/g based networks.