As the federal government considers whether airplane passengers should have inflight wireless Internet access, two University of Missouri-Rolla students are examining the vulnerabilities such networks pose.
"Across the United States, the proliferation of wireless networks is incredible, both in homes and businesses," says Matthew Hendren, a senior in electrical engineering at UMR. "Sadly enough, most people don’t understand either the ease in which an adversary could use their wireless network or the damage that adversary could cause by being allowed to use another’s wireless network."
Because wireless networks, known as 802.11 or Wi-Fi, use radio links instead of cables to connect computers, they are more vulnerable to hackers. Easy-to-buy tools allow hackers to listen in or transmit data on other people’s networks without the owner’s knowledge or permission.
"Attacks can range from disrupting the availability of a network connection to tricking users into submitting their confidential information, such as authentication credentials," says Sandeep Shrestha, a senior in computer engineering. "Because all the data the user is transmitting through the network is ‘floating through the air,’ a malicious entity with the means and time could capture the data, analyze it and use it."
Under the direction of Dr. Ann Miller, the Cynthia Tang Missouri Distinguished Professor of Computer Engineering at UMR, Hendren and Shrestha are looking at the various free tools being used to gain unauthorized access to Wi-Fi networks and developing ways to defend the networks from such attacks. In particular, they are examining MAC address spoofing, a technique used by several of these free tools to defeat the security mechanisms of the networks.
"This is a matter of technology advancing quicker than it was intended," Hendren explains. "Wi-Fi was originally developed without any inherent security measures built in; no encryption was included in the protocol. Since then, many fixes have been added on top of the protocol, such as the use of Wired Equivalent Protocol (WEP) keys and Wi-Fi Protected Access (WPA) keys, but as quickly as the security advances, so do the tools to break it."