Norwich University David Crawford School of Engineering

1
Secure Wireless Communications Deployment Tool
Natalie Deslandes Nathan Bailey Senior Project
Presentation December 8, 2003
Norwich University David Crawford School of
Engineering
2
Presentation Outline

• Project Motivation and Goals
• Technical Background
• Wireless Networks
• Ray Tracing
• Proposed Work
• Project Benefits

3
Project Motivation

• Increased popularity of wireless networks
• Wireless signals can be intercepted outside the
  building (big security problem)
• Ray tracing can predict the strength of wireless
  signals in and outside of a building
• Ray tracing results can be used to determine the
  best locations to place wireless network
  equipment to avoid signals getting outside the
  building

4
Project Goals

• To learn more on current wireless network
  security flaws and solutions
• To perform measurements of wireless signals in
  and outside the Partridge building
• To create a ray tracing model of the Partridge
  building and verify ray tracing predictions
  against measurements
• To design a software tool based on ray tracing
  that optimizes the location of wireless network
  equipment for max inside coverage and minimal
  outside leakage of wireless signals
• To verify that it works

5
Technical BackgroundWireless Networks

• Wireless Networks
• IEEE 802.11 first draft standard completed in
  1997, still being augmented
• They serve mainly as an extension to an existing
  wired networks

6
Wireless Network Overview
7
Equipment from ARL
8
Wireless Access Points

• It is a station that transmits and receives data
  through frequencies.
• Wireless Ethernet Port
• The Ethernet cable is connected to the access
  point instead of the computer to allow access.

9
Wireless Network Card

• Hardware device in a client computer (most often
  a card that fits in a PCMCIA Type II slot in a
  notebook computer) that communicates with an
  Access Point via radio signals (i.e., without
  wires).
• Wireless Client Adapter".

10
IEEE 802.11 Standard

• Summary table
• II. Security

11
Security

• Security option
• Wired Equivalent
• Privacy (WEP)
• 128 Bit encryption

12
Vulnerabilities

• Eavesdropping (Netstumbler, Ethereal, Bogus AP)
• DoS
• WEP cracking

13
Eavesdropping

• Netstumbler

14
Eavesdropping (contd)

• Ethereal

15
Eavesdropping (contd)

• III. Bogus AP

16
DOS

• "flooding" a network with packets, thereby
  preventing legitimate network traffic
• Transmitting with a transmitter (ie. Cordless
  phone) at the frequency of 2.4 G Hz

17
WEP Cracking

• Using a bogus access point to gather information
  on the key.
• Dictionary-building attack that, after analysis
  of about a day's worth of traffic, allows
  real-time automated decryption of all traffic.
• WEPCrack (software)

18
Protection

• Firewalls
• IDS
• IEEE 802.11 i

19
Firewalls

• Zone Alarm

20
Intrusion Detection Systems

• Ethereal
• Used in
• Monitoring
• traffic

21
IEEE 802.11 i

• The encryption method Advanced Encryption
  Standard (AES) looking to fix the WEP problems
  in the 802.11 a and b.

22
Measurement System
To be moved
Stationary
23
Diagnostic Software

• Recorded Data
• Signal Strength
• Transmit Rate
• Receive Rate
• Distance according
• to blueprints

24
Spectrum Analyzer
25
Technical BackgroundRay Tracing

• Requires an ASCII floor plan of the building
• Computes the geometrical paths (bouncing off
  walls)
• Computes the electromagnetic properties of the
  paths

26
Ray TracingGeometrical Engine
27
Ray TracingElectromagnetic Engine
28
Optimization of Parameters
29
Proposed Work

• Measurements in Partridge
• Ray Tracing Partridge Model
• RT/MS Comparisons and Parameter Optimization
• Access Point Map
• Coverage Map

30
Measurements

• AP fixed at a few locations
• Laptop moved to several positions (both inside
  and outside Partridge first floor )
• AP and laptop positions carefully measured with
  respect to building blue prints
• Few test measurements to verify procedures
• Massive measurements done in a few days

31
Model of Partridge
32
RT/MS Comparison

• Create a calibration curve between diagnostic
  software readings and spectrum analyzer power
  values
• Run RT on corresponding AP and laptop positions
• Extract RT peak power predictions for each
  measurement case
• Tabulate the MS and RT data and examine the
  results

33
Comparison with Measurements
34
Optimization of RT Parameters

• Verify that measurement and RT power predictions
  are within 3 dB
• If not, use the optimization procedures defined
  during summer 2003 by running the optimization of
  the RT floor plan material electromagnetic
  properties
• Repeat until 3 dB tolerance is met

35
Coverage Map

• Add an option for 100 receiver locations look up
  file and a loop in the ray tracing program
• Add a save to file in the RT to produce a data
  file with receiver position and peak power
• Create a MATLAB script that reads in the data
  file and the floor plan file and produces a 2D
  (position) top view color map of the power levels

36
Power Coverage Maps
37
Access Point Map

• Construct a command file to run the current RT
  engines to compute the peak power for 5 to 10
  relevant receiver locations and a single AP
  location.
• Augment the command file to move both x and y
  coordinates of the AP. Define error criterion to
  be used.
• Adjust the MATLAB engines to accommodate more
  receiver locations and access points.

38
Access Point Map
39
Proposed Work Timeline
40
Project Benefits

• To raise awareness and find solutions to WLAN
  security issues
• To report on the exact leakage of WLAN signals
  outside a typical office building
• To use summer research results in optimization
  for a useful and accurate AP deployment tool
• To help ARL and others considering the deployment
  of WLANs

41
Questions ?