Syahrul Fahmy, Akhyari Nasir and Nooraida Shamsuddin Faculty of Computer, Media and Technology Management TATI University College 24000 Kemaman Terengganu, MALAYSIA
Abstract The rapid growth of I nformation and Communication Technology has made people around the world spending more time on the Internet than ever before. Online activities are carried out on a daily basis from information searching to property purchasing. This trend is on the uprise with commercial I nternet Service Providers offering affordable wireless broadband connection to all, including in rural areas. In some countries, free Internet access is given to residents through hotspots such as Kampung WiFi in Malaysia. Although this means more people can connect to the information highway, it raises the issue of I nformation Security and Privacy how secure are these networks? This paper aims to demonstrate the vulnerability of Kampung WiFi networks in order to amplify awareness among its Internet users with regards to security and privacy. Background of Kampung WiFi is presented in Section I while Section II presents wireless network implementation technologies namely WLAN, WMAN, WWAN. Review of classic network attacks including Malicious Associations, Identity Theft, Man-I n-The- Middle, Network I njection, Caffe Latte and Denial-of-Service is presented in Section III and Section IV demonstrates wireless network attacks using Cain & Abel, Wireshark and NetworkMiner. Finally, conclusion is made in Section V. It is hoped that this paper will highlight the importance of IT security and privacy in Kampung WiFi. Keywords- Kampung WiFi, I T Security, I nformation Privacy
I. INTRODUCTION The Kampung WiFi program was launched by the Ministry of Information, Communications and Culture in 2010 to bridge the digital divide between rural and urban communities in Malaysia [1]. It is a joint effort between the Communications & Multimedia Commission and several Communication Service Providers (CSPs). The cost of setting up Kampung WiFi varies from RM 15,000 RM 30,000 each, depending on technology used i.e. fixed phone line, satellite, etc. Speed is anticipated to be up to 4Mbps within a 50 meter radius with different hardware setup depending to geographical locations. For areas with fixed line access, a router will be placed at a designated location (house, school, etc). In rural areas with limited (or lack of) fixed line access, a satellite tower is erected on high grounds (such as hills) to transmit WiFi signals. Currently there are more than 400 Kampung WiFi in Sarawak, 400 in Sabah, 350 in east-coast Peninsular and 500 in west-coast Peninsular. Three criteria are used for setting up Kampung WiFi: the number of residents; distance to the nearest wireless infrastructure (3G/4G); and the availability of wired infrastructure (fixed lines).
There are more than 16 million Internet users in Malaysia from its population of 26 million (2010 statistics) [2]. Although the figure is impressive, it prompts the question of information security and privacy. According to the Malaysian Computer Response Team, in 2009 alone there were 3,564 computer security incidents; 184,407 spam e-mails; and 1,889,165 incidents of botnet and malware infection [3]. It is anticipated that by the end of 2012, the number of Kampung WiFi will reach 4000. So, are these users aware of the danger that lurks within this service? How adept are they to embrace this new technology? This paper is part of an on-going research effort in Kampung WiFi [4] and aims to demonstrate the vulnerabilities of these networks in order to raise awareness towards information security and privacy.
II. WIRELESS NETWORK This section presents an overview of wireless broadband technology in Malaysia and used in the implementation of Kampung WiFi. Wireless network provides high-speed wireless Internet and can be implemented in three (3) ways; Wireless Local Area Network, Wireless Metropolitan Area Network and Wireless Wide Area Network.
A. Wireless Local Area Network (WLANs) WLAN consists of several elements including the client and access point. The client represents the group of devices within the WLAN that are connected to the single point of aggregation the access point that connects to the Internet or other network infrastructure [5]. WLAN uses radio frequency signals in 2.4 GHz and 5 GHz spectrum as its transmission medium [6]. Wi-Fi or IEEE 802.11 is the set of standards established to define WLANs. A number of different protocols are defined in the 802.11 family of standards, addressing various operating frequencies and maximum throughputs [7], summarized in Table 1. 978-1-4673-1938-6/12/$31.00 2012 IEEE
Table 1: IEEE 802.11 Standards
STANDARD YEAR DATA RANGE RADIO FREQUENCY RANGE 802.11a 1999 54 Mbps 5 GHz Short 802.11b 1999 11 Mbps 2.4 GHz Medium 802.11c 2003 54 Mbps 2.4 GHz Medium
Although the 802.11a was the first standard created in the 802.11 family, 802.11b became the first widely accepted wireless networking standard, followed by 802.11a and 802.11g.
B. Wireless Metropolitan Area Network (WMANs) WMAN is a form of wireless networking that has an intended coverage area, a range of approximately the size of a city [8]. WiMAX (IEEE 802.16) is a wireless digital communication standard intended for WMANs and promises very high data rates, high reliability, good efficiency and lower cost. WiMAX provides a coverage radius of up to 50 km and data rates of up to 70 Mbps.
C. Wireless Wide Area Network (WWANs) WWAN covers a much broader area than Wi-Fi or WiMax, with coverage usually measured on a nationwide or even global basis [9]. WWANs provide broadband data network with a far greater range, using cellular technologies such as GPRS, HSPA, UMTS, and LTE [10] at different speed.
III. CLASSIC NETWORK ATTACKS This section briefly presents several infamous attacks to wireless network including Malicious Associations, Identity Theft, Man-In-The-Middle, Network Injection, Caf Latte and Denial-of-Service.
A. Malicious Associations Malicious Associations [11-13] are wireless devices that are made by attackers to connect to a network through Soft AP (such as laptop) instead of a legitimate Access Point (AP). Using computer programs, these laptops are made to imitate a legitimate AP. Once access is gained, the attacker can obtain passwords, launch attacks on the network, or plant Trojans. Since wireless networks operate at Layer 2, Layer 3 protections such as network authentication and Virtual Private Networks (VPNs) offer no barrier.
B. Identity theft Identity Theft or MAC Spoofing [14-16] occurs when an attacker listens to network traffic and identifies the MAC address of a computer with appropriate privileges. Most wireless systems use MAC filtering to allow authorized computers with specific MAC ID to gain access to the network. 802.11 devices transmit unencrypted MAC address in its headers, and require no special equipment or software to detect it. Anyone with an 802.11 receiver (such as a laptop) and a wireless packet analyzer could obtain the MAC address of transmitting 802.11 devices within range.
C. Man-In-The-Middle Man-In-The-Middle [17-19] allures computers to log into another computer which is set up as Soft AP. Once this is done, the attacker connects to a real AP (through another wireless channel) offering a steady flow of traffic through the attacking computer to the real network. The attacker can then sniff the traffic. Hotspots are particularly vulnerable to any attack since there is little security, if any, on these networks.
D. Network Injection Network Injection [20-22] enables attacker to use APs that are exposed to non-filtered network traffic, specifically broadcasting traffic such as Spanning Tree, OSPF, RIP, and HSRP. The attacker injects bogus networking re-configuration commands that affect routers, switches, and intelligent hubs. A whole network can be brought down in this manner and require rebooting or even re-programming a large number, if not all, intelligent networking devices.
E. Caffe Latte Caffe Latte [23-25] is a method to defeat WEP where the attacker does not necessarily be in the area of the network. Using a process that targets the Windows Wireless Stack, it is possible to obtain the WEP key from a remote client. By sending a flood of encrypted ARP requests, the attacker takes advantage of the shared key authentication and the message modification flaws in WEP. An attacker can use the ARP responses to obtain the WEP key in less than 6 minutes [8].
F. Denial-of-Service Denial-of-Service (DoS) [26-28] occurs when an attacker continually bombards an AP with bogus requests, premature successful connection messages, failure messages, and other commands. The usual reason for performing a DoS attack is to observe the recovery of the wireless network, during which all of the initial handshake codes are re-transmitted by all devices, providing an opportunity for the attacker to record these codes and use various tools to analyze security weaknesses and exploit them to gain unauthorized access to the system. The list of attacks is by no means complete, with new tools are developed and made available on a daily basis either for free or for a small fee. These attacks are just the top of the iceberg and if not addressed properly, may result in catastrophic consequences. Almost all of these attacks can occur in Kampung WiFi. IV. WIRELESS ATTACK SIMU This section presents attack simulat network (similar to Kampung WiFi), carr University College. The objective of this s fold: (1) To demonstrate that wireless atta WiFi are possible; and (2) To establish that affect personal and vital information of the u 40 Personal Computers (PCs) and 3 lapto simulation. The computers are stationary a CCNA Computer Laboratory and General I the Faculty of Computer, Media Management. The laptops are mobile and attacks to the network. All computers are versions of Windows operating system from Windows 7. Different wireless configurations are use different wireless settings that might be u WiFi including using commercial broadband as Celcom and DiGi. The simulation makes use of existing launch attacks to the network. Respondents w they are part of a study to investigate IT sec All respondents are allocated a PC and requ several tasks including (i) Logging into the and send an e-mail; (ii) Logging into their and carry out usual tasks; and (iii) Logging banking account and logging off. Three (3) are used namely Cain & Abel, Wireshark and
A. Cain & Abel Cain & Abel is a password recovery t Operating Systems. It allows the recovery sniffing the network, cracking encrypted Dictionary, Brute-Force and Cryptanalysis VoIP conversations; decoding scramb recovering wireless network keys; revealing uncovering cached passwords; and analyzing [29].
ULATION ions to wireless ried out at TATI simulation is two- acks to Kampung these attacks will users. ops are used in this and located in the IT 2 Laboratory at and Technology d used to launch running different m Windows XP to ed to replicate the used in Kampung d connections such software tools to were informed that curity and privacy. uested to carry out eir e-mail account Facebook account into their internet different software d NetworkMiner. tool for Microsoft of passwords by passwords using attacks; recording bled passwords; g password boxes; g routing protocols
FIGURES 1A & 1B: Obtaining U Acc We were successful in combination for online e-mail Figures 1A & 1B illustrate credentials of two e-m webmail.tatiuc.edu.my were
B. Wireshark Wireshark is a network pro interactively browses the tra network [30]. Features of Wires hundreds of protocols; live cap platform; reading live data from HDLC, ATM, Bluetooth, USB FDDI, and others; and decrypt including IPsec, ISAKMP, Kerb and WPA/ WPA2.
Username-Password for Online E-Mail count
obtaining username-password l accounts using Cain & Abel. results of the attack where mail accounts hosted at obtained. otocol analyzer that captures and affic running on a computer shark include deep inspection of pture and offline analysis; multi- m Ethernet, IEEE 802.11, PPP/ B, Token Ring, Frame Relay, tion support for many protocols, beros, SNMPv3, SSL/TLS, WEP,
FIGURES 2A & 2B: Revealing Comments M
We were successful in revealing com individual Facebook account using Wiresha 2B illustrate results of the attack where the c Sufi Asri were revealed.
C. NetworkMiner NetworkMiner is a Network Forensi (NFAT) for Windows and can be used as a sniffer/ packet capturing tool in order to systems, sessions, hostnames, open ports et any traffic on the network [31]. NetworkM about hosts on the network rather than regarding traffic on the network.
Made on Facebook mments made on ark. Figures 2A & omments made by c Analysis Tool a passive network o detect operating tc. without putting Miner collects data n collecting data FIGURES 3A & 2B: Readin We were successful in read mail account using NetworkMi result of the attack where t successfully displayed. FIGURE 4: Obtaining Username-P
We were also successful password for an online bank ac of the attack where the userna account was successfully obtain
ng Individual e-Mail Account
ding the content of an online e- iner. Figures 3A & 3B illustrate the content of an e-mail was
Password for Online Bank Account l in obtaining the username- ccount. Figure 4 illustrates result ame and password for a CIMB ned. V. CONCLUSION AND FURTHER WORK The Kampung WiFi program aims to bridge the digital divide between rural and urban communities in Malaysia. Currently there are more than 400 Kampung WiFi in Sarawak, 400 in Sabah, 350 in east-coast Peninsular and 500 in west- coast Peninsular. Wireless network provides high-speed wireless Internet and implemented in three (3) ways; Wireless Local Area Network, Wireless Metropolitan Area Network and Wireless Wide Area Network. Attacks to wireless network such as Malicious Associations, Identity Theft, Man-In-The- Middle, Network Injection, Caf Latte and Denial-of-Service, are not uncommon and pre-emptive measures should be taken to minimize if not curb them. This paper has demonstrated the possibility of wireless attacks to Kampung WiFi by means of computer software that can be easily downloaded from the Internet. Results of this demonstration have revealed alarming results including successfully obtaining username-password combination of online e-mail accounts, reading comments made on Facebook; revealing the content of e-mail account; and obtaining username-password combination for online bank account. These are just some potential issues surrounding Kampung WiFi and need to be carefully addressed to ensure the smooth implementation of the program. Cooperation from all quarters is needed. CSPs have to publish clear guidelines on Internet security policy and procedures. Internet users in Kampung WiFi have to be extra-vigilant when using this service and keep abreast with security measures that can be implemented to safeguard confidential information when connecting to the Internet. The Government through MyCert, NGOs, MyCert and other bodies, can help by notifying Kampung WiFi users of security threats from time to time. Works in the near future include empirical study of the awareness level; and IT security modelling for Kampung WiFi. It is hoped that the objectives of the program can be achieved without the expense of confidential information of the users. As Burke once said, better be despised for too anxious apprehensions, than ruined by too confident security.
REFERENCES
[1] Bahagia Jaya Kampung Wifi Pertama. Utusan Malaysia: 12 May 2010. [2] International Communication Union. http://www.itu.int/ Last accessed August 2011. [3] Malaysian Computer Emergency Response Team. http://www.mycert.org.my/ Last accessed August 2011. [4] Akhyari Nasir et. al., Issues Surrounding Kampung WiFi. TATIUC Research and Innovation Exhibition (TARIE 2012). Kuala Terengganu, Malaysia, 18-19 May 2012. [5] Alan Sicher, Randall Heaton, White Paper Of GPRS Technology Overview, Dell, 2002. Retrieved May 2011. http://webpc.ciat.cgiar.org/wireless/documents/2002-gprs_overview.pdf [6] Booz, Allen, Hamilton, White Paper Of Route Diversity Project Wireless Communications Capabilities; Evaluation Of Wireless Fidelity (Wi-Fi) Technology In Support Of ESF #2 Disaster Response Role, Technology And Programs Division (N2), 2007. [7] White Paper Of LTE: The Future Of Mobile Broadband Technology, Verizon Wireless, 2009. Retrieved May 2011. https://www.lte.vzw.com/portals/95/docs/lte%20the%20future%20of%2 0mobile%20broadband%20technology.pdf [8] White Paper Of WIMAX And Thefuture of Wireless Technology; Connecting The New Millennium, Emerging Technology, IJIS Institute. Retrieved May 2011. http://www.ijis.org/docs/wp/ijis_wp_wimax_20070618_final.pdf [9] Karen Scarfone, Cyrus Tibbs, Matthew Sexton, Guide To Securing Wimax Wireless Communications, National Institute Of Standards And Technology, 2010 [10] White Paper Of LTE: The Future Of Mobile Broadband Technology, Verizon Wireless, 2009. Retrieved May 2011. https://www.lte.vzw.com/portals/95/docs/lte%20the%20future%20of%2 0mobile%20broadband%20technology.pdf [11] Vipul Goyal, Virendra Kumar, Mayank Singh. An Efficient Solution for the ARP Cache Poisoning Problem. The First Information Security Practice and Experience Conference (ISPEC 2005), Singapore, April 2005, Lecture Notes in Computer Science, Springer-Verlag. [12] Asthana, N C, and Anjali Nirmal. Urban Terrorism: Myths and Realities. Jaipur: Pointer Publishers, 2009. [13] Vacca, John R. Guide to Wireless Network Security. Springer (2006). [14] Lambert M. Surhone, Mariam T. Tennoe, Susan F. Henssonow (edited by). MAC Spoofing. Betascript Publishing. 2010. [15] Dru Lavigne. BSD Hacks. O'Reilly Media Inc. 2004. [16] Thomas W. Shinder, Thorsten Behrens. The Best Damn Firewall Book Period. Syngress. 2007. [17] V.S.Bagad, I.A.Dhotre. Computer Networks - II. Technical Publications. 2009. [18] Brian L. Stuart. Principles of Operating Systems: Design & Applications. Cengage Learning EMEA, 2008 [19] Jon Erickson. Hacking: The Art of Exploitation. No Starch Press. 2008. [20] Nitesh Dhanjani, Justin Clarke. Network Security Tools. O'Reilly Media, Inc. 2005. [21] Harald Rohde, Dominic A. Schupke. Securing Passive Optical Networks Against Signal Injection Attacks. Proceedings of the 11 th
International IFIP TC6 Conference On Optical Network Design and Modeling ONDM'2007. pp.96~100 [22] Merritt Maxim, David Pollino. Wireless Security. McGraw-Hill Professional. 2002. [23] Bruce Brown. How to Stop E-Mail Spam, Spyware, Malware, Computer Viruses and Hackers From Ruining Your Computer Or Network: The Complete Guide for Your Home and Work. Atlantic Publishing Company. 2010. [24] Ian Barile. Protecting your PC. Charles River Media. 2006. [25] Michael Miller. Is It Safe?: Protecting Your Computer, Your Business, and Yourself Online. Que Publishing. 2008. [26] Jelena Mirkovic, Sven Dietrich, Peter Reiher. Internet Denial Of Service: Attack and Defense Mechanisms. Prentice Hall Professional Technical Reference. 2005. [27] Chin-Tser Huang, Mohamed G. Gouda. Hop Integrity in the Internet. Springer. 2006. [28] Joseph Migga Kizza. Ethical and Social Issues in the Information Age. Springer. 2010. [29] Cain & Abel. http://www.oxid.it/cain.html/ Last accessed February 2012. [30] Wireshark. http://www.wireshark.org/about.html/ Last accessed February 2012. [31] NetworkMiner. http://www.netresec.com/?page=NetworkMiner Last accessed February 2012.