International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 1

ISSN 2229-5518

Studding and Analyzing Wireless

Networks Access points

Arafat Al-dhaqm, Majid Bakhtiari, Essa Alobaidi, Abdulalem Saleh

Abstractthe purpose of this mini project is to enable the reader to understanding affairs and status of the wireless network in the Perdagangan area (PA) and in the Bangunan Sultan Bazar JB area (BSBJA) in Malaysia. We used wardriving to collect and analyze data to know the encryption technology, authentication scheme, configuration, transmissions speed, network topology and manufacturers which used in these wireless networks. In addition, advantage and disadvantage of the technologies and mechanisms which used to configure the access points of the W ireless.

.

Index Terms --- Authentication, Configuration, Transmissions, Speed, Network Topology, Manufacturers

—————————— ——————————

1 INTRODUCTION

Nowadays wireless networks are the most popular way to connect people to the internet in companies, e-markets, cafes and in homes. Therefore, it must be secured against the mali-

cious users who try to damage the confidentiality, authentici- ty and privacy of it. Although, wireless networks are protect- ed and powered by encryption technologies such as WEP / WPA encryption, but several tools were developed to analyze and crack the encryption keys by setting the wireless adapter to monitoring mode, where it can gather the packets of the targeted wireless access point from the air and start to ana- lyze them and trying thousands of decryption keys to crack the key, and it works fine. The problem is the wireless adapter can sniffed and collected the packets from the air, so if the proper cracking tools, compatible wireless adapter and little experience are available the attacker can crack the en- cryption key of any wireless access point that uses WEP or WPA encryption keys.

2 Field survey

This is the first time that the data collected in the PA by war- driving. The data which collected about wireless networks

————————————————

Arafat Mohammed Rashad Aldhaqm is currently pursuing master’s degree program in computer science (Information Security) in Uni- versity Technology Malaysia. E-mail: arafat_aldoqm@yahoo.com

Dr. Majid Bakhtiari, Senior Lecturer Faculty of Computer Science & Information System UNIVERSITY TECHNOLOGY MALAYSIA Skudai, 81310Johore MALAYSIA. E-mail:bakhtiari.majid@gmail.com

, bakhtiari@utm.my.

Essa Zaki Abdulrazzak Alobaidi is currently pursuing master’s degree program in computer science (Information Security) in University Tech- nologyMalaysia. E-mail: essazk@hotmail.com

Abdulalem Ali Mohammed Saleh is currently pursuing master’s degree

program in computer science (Information Security) in University Tech- nology Malaysia. E-mail: alm_aldolah@yahoo.com
were different in term of their network topology, Configura- tion, authentication, encryption, channels, manufactures and radio types. During the wardriving, 99 and 111 access points captured in the morning and afternoon respectively. The tools which used during the wardriving were Wireless laptop (802.11b/g) card and Wlan scanning software called vistum- bler 9.4 (www.vistumbler.net), we did not try to decrypt or intercept any data transmitted, owing to that it is not good ethics, and if they catch you, surely you will be in a critical situation. Figure1 show the data which collected morning in PA. Figure2 show the data which collected after noon in PA. Figure3 show the PA by Google earth.

Figure1: Morning Data Collected in PA

IJSER © 2013 http://www.ijser.org

International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 2

ISSN 2229-5518



Figure2. Night Data Collected in PA
Table1: Equipment Manufactures in PA
Figure3. PA by Google earth

4 Manufacturers

This part deals with the physical concept of these networks in the PA. The table1 and figure4 below shows the total number of different equipment manufacturers, percentage used. Equipment’s from 19 different manufacturers were detected in this area, but unfortunately 37% of equipment manufacturer were unknown. The first five of the manufacturers were as (D-link corporation ,Cisco-Linksys LLC, Green packet Bhd, Belkin International Inc, Tp-Link Technology Co) respectively. The D-link Corporation is the market leader in this area and the (Cisco -Linksys LLC) came in the second rank and so on for other manufacturers.

5 Default Configuration

Networks with default configuration are very dangerous, be- cause the attackers can use these default configurations to at- tack wireless networks easily. The default SSID means that the administrator of the access points has not changed the name of the router. This also may be an indirect indicator of the fact that the administrator account is still using the de- fault password. The internet is full of information about de- fault passwords which are used by different types of net- works equipment, and if the attacker knows the origin of the equipment he will be able to take complete control over such a network. The figure4 below shows 8% of access points in this area use default SSID, and 92% of access points use with- out SSID, this result lead us to believe that most of the people of this area uses a good configuration, because as mentioned in previous paragraph that the default configuration may
cause dangerous situations.

IJSER © 2013 http://www.ijser.org

International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 3

ISSN 2229-5518

8% Default SSID

Open authenti cation

WPA-persona l a uthe nticati on

WPA2-pe rs onal authenti cation

14%
92%
15%
71%

Figure4:- Default Configuration in PA.

6 Network Topology

Wireless networks are either made up access point infrastruc- ture connection or AdHoc node-to-node connections.
In general, the figure5 shows 100% of wireless network access
points in the PA are infrastructure network; there was no AdHoc network connection detected. Around 90% of the net- work worldwide use access point’s infrastructure. In my point of view, the Infrastructure networks are better than the AdHoc

Network, owing to the
Figure6:-Authentication Mechanism in PA.

8.0 Encryption Technologies

The most important factor in wireless networks is the secure the access points. So here before any analysis, let me to give some information about encryption technologies (WEP, WAP, WAP2) briefly. WEP encryption was designed to insure the confidentiality of the data at network layers. It uses the RC-4 encryption algorithm that has key size 40 or 120 bit. The prob- lem with the WEP is that the initialization vector IV address
AdHo c
0%
Infras truct ure
100%
serious threats on the
AdHoc networks.
space is too small, and they are not recommended it is due to
the serious security flaws. WPA encryption based on the tem- poral key integrity protocol (TKIP). The length of the initiali- zation vector (IV) equal 48 bits. WPA does not directly utilize the master keys. Instead it constructs a hierarchy of derived keys to be utilized in the encryption process. WPA dynamical- ly cycles keys while transferring data (regularly changed), so it is better and stronger than the WEP encryption, and the at- tacker has short time to carry out his attack. WPA2, encryp-
tion based on the advanced encryption standard (AES). The
Figure5:- Network Topology in PA.

7 Authentication Technologies

During wardriving in the PA, the Vistumbler program cap- tured data about the authentication scheme which the wire- less networks use, and authentication scheme such as (OPEN,WPA-PERSONAL,WPA2-PERSOANL) authentication, open authentication mean that there were no any authentica- tion use to check the client entity or process that wants to connect to network . The figure6 below shows almost of wire-

default configuration utilizes the advanced encryption stand- ard (AES) and the counter mode CBC MAC protocol (CCMP). WPA and WPA2 are stronger than the WEP encryption, but the surprising is that the administrators of these networks al- ready have knowledge about this weakness in WEP and use it in a higher percentage not only in this area but in most of the areas!

n o n e

1 0 %

less networks in this area use open authentication, 71% of ac-
cess points use open authentication, 15% of access points use WPA-Personal authentication and also 14% of access points use WPA2-Personal authentication .

t k i p

1 3 %

c c m p

1 6 %

w e p

6 1 %

Figure7: Encryption Percentage in PA.

IJSER © 2013 http://www.ijser.org

International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 4

ISSN 2229-5518


Looking at figure7 above, 61% of access points use wep en- cryption, and 13% use WPA(TKIP), and 16% of AP use wpa2(CCMP), also 10% of the access point without any en- cryption. Here the popular encryption technology in this area is WEP encryption; however, it is very weak. In this situation any attacker can attack these networks wireless easily by using
a small knowledge and a little tool.

9.0 Radio Types (802.11)

During wardriving in PA the software Vistumbler captured two types of 802.11 protocols (802.11n, 802.11g). The figure8 below shows the radio types which I collected in this area. Only 13% of access point uses the 802.11n, whereas 87% of AP
uses 802.11g.
Figure10: Data collected in BSBJA.
This is the additional work (effort personal), another data col- lected from other place called BSBJA to compare it with data in the main area. Below data which collected during war- driving. More than 300 access points collected.
802.1
1g
87%
802.1
1n
13%

11 Comparison Data in the Both Areas

11.1 Network Equipment Manufacturers

The data which collected on network equipment manufactur- ers in PA were different significantly from data that collected in the BSBJA. The table2,figure11 and figur12 bellow shows the total number of different equipment manufacturers which detected in both areas and the percentage use for each manu- facturers, and which manufactures is the most famous and
most common in these areas. In total, equipment from 51 dif-
Figure8:- Radio Types in PA.

10.0 Channels Use

The graph below shows the channels that the access point’s uses and which is the most popular among these channels. Actually, the channel6 is the most famous among these chan- nels and channel 1 in second in ranks, also channel 11 in third ranks. More than 36% of access points use channel 6, 31% of AP use channel 1, 20% of AP use channel 11 and the other

channels are least popular.


ferent manufacturers was detected in both areas. At the PA, equipment from 19 different manufacturers was detected, and at the BSBJA, equipment from 32 different manufacturers was also detected. First five manufactures were found be the most widespread in both area (D-link corporation ,Cisco-Linksys LLC,Green packet Bhd, Belkin International Inc, Tp-Link Technology Co) respectively. Equipment from 41 manufactur- ers was in an unknown case in PA, and 110 equipments were an unknown manufactures in BSBJA. So the manufacturer D- link Corporation is leader in the market in both areas.

20 %

1%

9%

3 6%

31 %

1 %

1%

1%

channel 1 channel 2 channel 3 channel 4 channel 6 channel 9 channel 10

CHA NNEL 11

25
20
15 20
10
5 10 7 7 5 3 3 2 2 1 1 1 1 1 1 1 1 1
0
Figure9: Channels in PA

Figure11: Equipment Manufacturers in PA.

IJSER © 2013 http://www.ijser.org

International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 5

ISSN 2229-5518

4 9 11.2 Default Configuration or Network SSID in Both Areas.

3 2

2 6

1 9 1 5 1 3

1 0 9 7 5 4 5 4

3 3 3 3 3 3 2 2 1 1 1 1 1 1 1 1 1 1 1 1

… … … … …

…I …

… … … … I…

R S L Y

K D Y

O C N P

E P L C

O IC R E

P K M C D E

TE A

G EX R

G A N JI R

R CS O

KR L

V ET H R R

T IR

O SY K

N O N O LT

O LE N I G O

W O I

B IN

A N TE R

A O O

O IN L

U TN G

C T, W

C K C O L LA

L E E R N C

A C N

K O F

O U C

S N C

W O E M 2

K IN A TI

O P W M O

RI S A O

U O YM R

W U TR P

O O A

B N O 8%

NI -L

P A N

TE E N

E G IN

H M TR S

O ET

B C M R H

BE ET

A IP C

L- O N N K

N ST H W TG K

M C W N

LE O P SH

N 4 3

D SC E R C

I SY C S

E EN EL

EN O EL

TE IS N C

EW A

R TE TE

TI H TE K N B H C

N R C N B

IC G

K U C I C

HZ Z L W

B IO TE U

NI IN

IQ E A U

NE EN E

C N R

O A

NI -L

LE TP B

B T LT R

U A A

X &

SH SH Z

M LU

O C

I SU R

A IS

W

Figure11:- Equipment Manufacturers in BSBJA.

9 2%

Default SSID


Figure13: Configuration in the PA
8%
57%
35%

Default SSID

Without default

SSID

Invisibale SSID

Figure14:- Configuration in BSBJA
Looking at the two figure13, figure14 above, 35% of the access points in the BSBJA retained their default configuration, and this is different from the situation at PA which was better - only 8% of the access points uses the default SSID, on the other hand, the BSBJA was better in different configuration 8% of access points were invisible their default SSID whereas, no any access points in the PA use the invisible SSID. 57% of access points without default configuration in the BSBJA, whereas
92% without default configuration in the PA. This gave us an impression that the configuration in the PA is better than the configuration in the BSBJA. On the other hand, in order to avoid attacks, one of the best ways of protecting a network against Wardriving or sniffing is to disable broadband spreading of the network identifier SSID as we see in the BSBJA, 8% of the networks, their SSID were invisible. The ad- ministrators should define the SSID instead of using the de- fault. In addition, it is not good to use an SSID related to the company's name, department, or any other information relat- ed to the owner of the network. The SSID could be a generic name meaningful only to the administrators or to other users in order to identify the access points for those who need con-
nect.
Table2: Equipment Manufactures in Both Areas

IJSER © 2013 http://www.ijser.org

International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 6

ISSN 2229-5518

11.3 Network Topology in Both Areas

In general, the Data which collected in both areas are

around 97% of wireless network were composed of AP access point’s manufacturer ’s connections and 3% of Wireless network were composed of AdHoc connection in the BSBJA. 100% of wireless network access points are infrastructure connection in the PA.

OPEN WPA-PERSONAL WPA2-PE RSONAL

14%
15%
71%

Figure17: Authentication Percentage in BSBJA.

11.7 Encryption Technologies

As mentioned in previous paragraphs, that the protection data

is a very important field to prevent the corruption data and malicious users. This section will compare which area has a good encryption than other. Figure18 and figure19 below dis- play the percentage of encryption in both areas.

11.4 Authentication Schemes

As part of the security, an authentication scheme is a very im-
portant part to protect data and prevent attacks on the net- work layers. Here I will compare the authentication which uses in both areas, and also which area is better than the other authentication. Figure16 and figure17 below are showing us this difference between the authentication schemas in both areas. Around 71% of the access points use open authentica- tion in both areas, 15% of the access points use the WPA- Personal authentication in both areas too, also 14% of the ac- cess points use the WPA2-Personal authentication in both are- as, but there is one of the access points which uses the WPA- Enterprise authentication in the BSBJA. Basically, open au- thentication is not recommended, due to the serious weakness and flaws in it. Finally, almost all of the access points uses are open authentication in the both areas. Actually, I have a big question for the administrators in these areas who installed the access points. Why have they used the weak authentica- tion so far?

t k i p

1 3 %

c c m p

1 6 %

Figure18: PA.

n o n e

2 3 %

n o n e

1 0 %

w e p

6 1 %

OPEN WPA-PERSONAL WPA2-PE RSONAL WPA-ENTERPRICE

14% 0%
15%

C C M P

1 6 %

T K I P

1 3 %

W E P

4 8 %


71%
Figure16: Authentication percentage in the PA
Figure19: BSBJA
Through these figures above, 61% of the access points were in the PA, 48% of the access points in the BSBJA uses WEP en-

IJSER © 2013 http://www.ijser.org

International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 7

ISSN 2229-5518

cryption, 13% of the access points in the both areas use WPA (TKIP), and 16% of the access points use WPA2 (CCMP) in both areas too, also I found 23% of the access points in BSBJA were without any type of encryption, as well as 10% of the

these data and compared it. Figure22 and figure23 below shows that almost all access points in both areas uses 802.11g protocol this mean that the transmission speed for these net- works are
access points in the PA without any encryption. This means that the encryption in the PA is better than the encryption in the BSBJA, owing to more than 20% of the access points in the BSBJA were without any encryption.

11.5 Channels

As compare to channels from the graphs below in both areas,
we can see that they were shared in many channels.
The figure20 and figure21 below shows the channel 06 which is the most popular among of other channels, it has many ac- cess points than the other channels in both areas, this is be- cause they are often used by these channels as the default when they are configure to the access point equipment. Chan- nel 1 came in second rank; also the channel 11 came in third rank respectively. And the others channels were different from each other. This comparison show us which channel is most common in both areas and overcrowded.
802. 11n 802. 11g
12%

88%
802.11g 802.11n 802.11b
0%
very fast,
54mbp/s.
Figure22:- Radio Type in PA.

15%

2 0 %

1 %

9 %

3 6 %

3 1 %

1 %

1 %

1 %

c h a n n e l 1 c h a n n e l 2 c h a n n e l 3 c h a n n e l 4 c h a n n e l 6 c h a n n e l 9

c h a n n e l 1 0

C H A N N E L 1 1

85%
Figure20: channels in the PA.
Figure23: Radios Type in BSBJA.

1 %

1 7 %

3 %

6 %

1 %

1 %

3 2 %

2 8 %

2 %

4 %

1 % 4 %

c h a n n e l 1 c h a n n e l 2 c h a n n e l 3 c h a n n e l 4 c h a n n e l 5 c h a n n e l 6 c h a n n e l 7 c h a n n e l 8 c h a n n e l 9

c h a n n e l 1 0

c h a n n e l 1 1 c h a n n e l 1 3

12.0 Recommendations

We know that there is not yet completed ways to protect
against attacks on wireless networks, but prevention is better than cure. Therefore, to reduce the possibility of access to wireless networks, I recommend the following:
1- I highly recommend modifying and hiding or disa- bling the SSID network identifier when the wireless network is setup; do not let it be a default SSID.
2- If you have been using the WEP encryption technol- ogy so far, you must change it now and replace it to
WPA, WPA2 encryption technologies, owing to the
Figure21: channels in the BSBJA.

11.6 Radio Types

During wardriving in both areas, the program vistumbler cap-
tured many types of radio type (802.1n, g, and b), which the wireless networks used. These two graphs below display

WEP encryption are very weak and any attacker can exploit it easily.
3- Do not use the channel 6 when you planning to a new
network, due to the fact that is always overcrowded as I mentioned in the channels section.

IJSER © 2013 http://www.ijser.org

International Journal of Scientific & Engineering Research Volume 4, Issue 1, January-2013 8

ISSN 2229-5518

4- Limit the MAC address to connect to the network and use a virtual private network for added security.

13.0 Conclusion

During wardriving in both areas, 99 and 111 access points
which collected in the PA respectively, and 343 access points in the BSBJA, almost all it were infrastructure connection. These access points are different in terms of authentication, encryp- tion, configuration, manufacturers, channels, transmission speed and radio type. Unfortunately, almost of these wireless networks have a poor security. More than 65% of the access points use the weak security standard such as an open authen- tication and wep encryption which are not recommended, whereas 15% were distributed among other authentications and encryption standard (WAP, WAP2) and 20% did not have any type of encryption. In addition, there is 15% of the access point which uses the default SSID. Among types of wireless network equipment which the manufacturers used in both areas were D-Link Corporation and Cisco-Linksys respective- ly. On the other hand, channel 6 is the most popular channel in both areas, which is usually preset by the manufacture. On the other hand, more than 85% of Wi-Fi equipment in both areas uses the wireless network card (802.11g) protocol which allows speed up to 54mbps. Only 15% of all equipment uses the 802.11n protocol.

14.0 References

[1] www.vistumbler.net

IJSER © 2013 http://www.ijser.org