Wireless network security

Wire-line networks have been used for years in high security environment and the Data Security over wire-line network is assumed to be given.

A wireless network has all of the properties of a wire-line network (except, of course, the wire), and thus security measures taken to ensure the integrity and security of data in the wire-line network environment are applicable to wireless networks as well. The primary difference between a wire-line network and a wireless network is at the physical layer (wire versus airspace) and all other network strengths and weaknesses remain.

Given the obvious reliance of wire-line networks on the wire, anyone gaining access to that wire can damage the network or compromise the integrity and security of information on it. Physical access to network wires needs to be protected.Unfortunately, the vast amount of wire inherent in most networks provides many points for unauthorized access. Network traffic can be intercepted and decoded with commonly available tools once one has physical access to the network.

Wireless networks can take advantage of all of the security measures available on wire-line networks, and then add additional security features not available in the wire-line world. As a result, wireless networks can be as secure, and in fact more secure, than their wire-line counterparts.

Tikona Secure Wireless Network 

Tikona Secure Wireless Network uses Standard Protocols and technologies in a Hierarchical implementation .In order to make Tikona Wireless Network highly Secure, Advance Multi-Layer Security Techniques, that are not available in the wire-line world, have been developed and deployed.

Some of the mechanism adopted for wireless Security on Tikona Wireless broadband Networks are described below. Please note that this is not exhaustive list and is given below to give you an idea of Wireless Broadband Security in general.

Strong Encryption over Wireless network 

Tikona Secure Wireless Network uses Most Advance Wireless Protected Access II (WPA2) encryption along with Advance Encryption System (AES) to connect between Two Wireless End Points.

WPA2 is a pervasive, global standard widely adopted in highly secure environments. WPA2 helps protect networks against hacker threats such as man-in-the-middle attacks, authentication forging, reply, key collision, weak keys, packet forging, and brute-force/dictionary attacks.

Use of AES ciphers with 128 bit Key and a 48 bit Initialization Vector makes WPA-2 AES encryption scheme unbreakable. Data and header Integrity is maintained thru CCMP while Key Management is done thru 802.1x EAP-TTLS. Tikona Secure Wireless Network does not use Pre-Shared Keys thus making the EAP-TTLS Encryption key transfer a highly Secure Process.

Advance Encryption Standard (AES): The Unbreakable Encryption

Advanced Encryption Standard (AES) is a specification for the encryption of electronic data. AES is the best known and most widely used block cipher. In the case of AES-128, there is no known attack which is faster than the 2^128 complexity of exhaustive search.

AES was announced by National Institute of Standards and Technology (NIST) in the United States, as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a five-year standardization process in which fifteen competing designs were presented and evaluated before it was selected as the most suitable. It became effective as a Federal government standard on May 26, 2002 after approval by the Secretary of Commerce. It is available in many different encryption packages.

AES is the first publicly accessible and open cipher approved by the National Security Agency (NSA) for top secret information.In June 2003, the U.S. Government announced that AES may be used to protect classified information. The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level.

Data and Header Integrity

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol or CCMP (CCM mode Protocol) is an encryption protocol that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard.

CCMP is the standard encryption protocol for use with the WPA2 and provides the following security services.

  • Data Confidentiality; ensures only authorized parties can access the information
  • Authentication; provides proof of genuineness of the user
  • Access control in conjunction with layer management

CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. CCMP uses CCM that combines CTR for data confidentiality and CBC-MAC for authentication and integrity. CCM protects the integrity of both the MPDU data field and selected portions of the IEEE 802.11 MPDU header. CCMP is based on AES processing and uses a 128-bit key and a 128-bit block size.

Radio Authentication: Secure Key Distribution Thru EAP-TTLS

Tikona Secure Wireless network uses Standard based techniques to distribute Cipher Keys to Radios instead of using Pre Shared Keys (PSK). PSKs can get leaked and therefore are not suitable to be used in highly secured environments.

Tikona Secure Wireless network employs EAP-Tunnelled Transport Layer Security (EAP-TTLS), an EAP protocol that extends Transport Layer Security.  A Centralized Server is used to Securely Authenticate any New Radio or Element to be connected on the network and provide Cipher Keys to a Pair of Authenticated Radios that requires to be connected.

The secure tunnel provides protection from eavesdropping and man-in-the-middle attack. The Radio’s embedded user’s credentials are never transmitted in unencrypted clear text, thus improving privacy.

Wireless Intrusion Detection and Prevention

Tikona Secure Network NMS is an integrated with specialized algorithms to detect Wireless Intrusion and take pre-defines steps in near real time to mitigate impact of such intrusions. Each Radio deployed over Tikona Secure Network becomes a Scanning device on command to scan the environment and detect any Security Threats. Of course, the NMS is manned by trained expert to raise immediate alert also.

Also you can read -

Tips to secure Wi-Fi network
Personal Router Configuration Guide

Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>