UNIT I

CHAPTER-I: Introduction to Wireless: History of Wireless Technologies, History of Wireless Security, State

of the Wireless Security Industry, 2001

CHAPTER-II: Wireless Threats: Uncontrolled Terrain, Communications Jamming, DoS Jamming, Injections
and Modifications of Data, Man-in-the-Middle (MITM) Attack, Rogue Client, Rogue Network Access Points,
Attacker Equipment,

……………………………………………………………………………………………………………………………..

CHAPTER-I

1 Q) The history of wireless technologies

1. Early Developments: The journey began with Guglielmo Marconi's transmission of the first wireless radio
signal in 1894, which laid the foundation for future wireless communication. Following Marconi's success,
Reginald Fessenden completed the first true radio broadcast in 1906, marking the start of the wireless
revolution. By the 1920s, companies like General Electric, AT&T, and RCA were pioneering the AM radio
industry, leading to a rapid increase in radio adoption. By 1929, over 6 million radios were in use in the United
States, showcasing the technology's swift acceptance.

2. Post-World War II Developments: After World War II, the development of mass-market wireless
technologies slowed down until the launch of the Soviet Sputnik satellite in 1957. This event ignited a race
between the United States and the Soviet Union to advance space-related technologies, including wireless
communication systems necessary for space missions. This period saw significant investment in developing
advanced wireless systems, which would inform future technologies.

3. The 1970s - The First Wireless Networks: The first wireless phone systems emerged in the United States
during the 1970s, based on technology developed at AT&T's Bell Labs in the late 1940s. These analogy systems
operated within a limited frequency range and could handle only a small volume of simultaneous calls,
primarily serving law enforcement and public safety. A major limitation was the lack of communication
continuity when moving between cell sites. As demand for mobile voice grew, operators developed systems
that allowed calls to be transferred between cell sites, leading to the deployment of AT&T's Advanced Mobile
Phone Service (AMPS) in Chicago in 1979, marking the advent of first-generation networks.

4. The 1980s - Wireless Markets Start to Evolve: The 1980s saw the evolution of wireless markets, with the
introduction of more sophisticated technologies and an increase in consumer demand for mobile
communication. This period was characterized by the expansion of wireless services and the establishment of
regulatory frameworks to support the growing industry.

1 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified

5. The 1990s - Wireless Networks Mature: The 1990s marked a significant maturation of wireless networks,
with advancements in technology that improved the capacity and reliability of wireless communication. This
era also saw the introduction of digital technologies, which enhanced the quality of service and expanded the
range of applications for wireless communication.

6. The Mid-1990s - Other Wireless Networks Emerge: During this time, various new wireless networks began
to emerge, diversifying the options available for users and businesses. This included the development of
technologies that supported data transmission alongside voice communication.

7. The Late 1990s - The Wireless Internet Emerges: The late 1990s heralded the emergence of the wireless
internet, fundamentally changing how people accessed information and communicated. This development
paved the way for the mobile internet boom, leading to the proliferation of smartphones and other wireless
devices in the 21st century.

2 Q) History of Wireless Security

1. World War II and Early Wireless Security: The onset of World War II marked a critical period for wireless
communication, as both the Allies and Axis powers increasingly relied on wireless radios for military
communication. This reliance on wireless technology led to a corresponding increase in the tools and
techniques used to intercept these signals. Despite the use of encryption, the interception of wireless signals
became a significant concern, as demonstrated in various military operations. The ability to intercept and
decrypt these signals often provided strategic advantages in warfare, exemplified by the Battle of Midway,
where U.S. Navy intelligence successfully intercepted and decrypted Japanese naval communications, leading
to a decisive victory.

2. The Battle of Midway: A pivotal example of the importance of wireless security during World War II is the
Battle of Midway in 1942. The U.S. Navy, under the direction of Laurence F. Safford and the OP-20-G group,
focused on breaking the Japanese Navy's operational code, JN-25. This code consisted of over 45,000 five-
digit numbers, each representing specific words or phrases. The U.S. Navy's ability to intercept and decrypt
these communications allowed them to anticipate Japanese movements and prepare for the attack on Midway,
ultimately leading to a significant victory. This incident underscored the vulnerabilities of wireless
communications and the critical need for effective security measures.

3.Post-War Developments and Eavesdropping Concerns: Following World War II, the development of wireless
technologies continued, but so did concerns about eavesdropping. The 1980s saw a growing demand for
wireless services, yet the potential for interception remained a significant issue. Reports of eavesdropping on
law enforcement communications and credit card transactions highlighted the vulnerabilities of wireless
networks. Despite advancements in technology, the risks associated with unauthorized access and data
interception persisted, leading to increased scrutiny of wireless security practices.

2 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified

4.The Rise of Digital Security Standards: The introduction of digital wireless standards, such as the Global
System for Mobile Communications (GSM), in the 1980s and 1990s helped to alleviate some eavesdropping
concerns. GSM's reliance on digital signals and secret-key encryption provided a more secure framework for
wireless communications. However, as wireless technology evolved, so did the methods employed by
criminals, including the cloning of cellular phones to commit fraud. This highlighted the ongoing challenges in
maintaining security in the face of evolving threats.

5.The Wireless Internet and Security Issues: The late 1990s and early 2000s marked the emergence of the
wireless internet, which brought security issues to the forefront. As the wired internet grew, so did the
importance of security and privacy in online transactions. Technologies such as Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) became standard for securing communications over the internet. The wireless
internet's rapid growth necessitated similar security measures to protect sensitive information transmitted over
wireless networks.

6. Ongoing Security Challenges: Despite advancements in wireless security protocols, challenges remain. The
inherent nature of wireless communication—being untethered and accessible—poses unique security risks,
including eavesdropping, denial-of-service attacks, and unauthorized access. Organizations must remain
vigilant and adopt comprehensive security strategies that include the latest protocols and practices to mitigate
risks associated with wireless communication.

3 Q) State of the Wireless Security Industry, 2001

This overview is split into four geographic regions because the wireless market has evolved quite differently
across the globe. The following are the four geographic regions to be reviewed:

• North America
• Europe
• Japan
• Asia

The North American Wireless Industry in 2001

1. Market Maturity: By 2001, the North American wireless industry had transitioned from rapid growth in the
early 1990s to a more mature phase. This maturity was characterized by a stabilization of subscriber growth
and a focus on improving service quality and customer retention.

2. Subscriber Dynamics: The growth rate of new subscribers was slowing, the overall number of wireless
subscribers continued to increase. The U.S. was noted as the largest cellular market, with significant penetration
rates, although it still lagged behind some other regions in terms of overall adoption.

3.Competitive Landscape: The market saw a consolidation of players, with a few dominant national brands
controlling a significant share of the market. This included major carriers like AT&T Wireless, Cingular, Nextel,
Sprint PCS, Verizon, and Voice stream, which collectively held a large percentage of U.S. wireless subscribers.

4.Technological Advancements: The industry was experiencing advancements in wireless technology, including
the introduction of digital network standards such as CDMA, GSM, TDMA, and iDEN. These technologies
improved service quality and enabled new applications, contributing to the growth of wireless services.

5. Economic Factors: The industry faced economic pressures, including the aftermath of the dot-com bubble,
which affected investment and growth. Companies had to navigate these challenges while continuing to
innovate and enhance their service offerings.

6. Consumer Expectations: As wireless services became more prevalent, consumer expectations increased. Users
demanded better service quality, faster data speeds, and more innovative applications, prompting companies
to invest in infrastructure and technology to meet these demands.

7.Security Concerns: Security emerged as a significant issue, particularly as more sensitive transactions began to
occur over wireless networks. Companies needed to address these concerns to maintain consumer trust and
protect user data.
3 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified
The "European Wireless Industry, 2001”
1. Market Characteristics: The European wireless market was characterized by a high level of competition and
innovation. The adoption of wireless technologies was growing rapidly, with many countries experiencing
significant increases in mobile phone subscriptions.

2. Subscriber Growth: By 2001, many Western European countries had reached high adoption rates of mobile
services, with some estimates indicating that penetration rates were between 60% and 70% of the population.
This saturation meant that there were fewer new subscribers available, pushing operators to focus on increasing
usage among existing customers.

3.Revenue Streams: European operators successfully marketed SMS (Short Message Service) in 2000, generating
substantial non-voice revenue. In some regions, SMS traffic accounted for up to 20% of an operator's revenue,
showcasing the growing importance of data services alongside traditional voice calls.

4.Regulatory Environment: The European market benefited from regulatory policies that promoted
competition and innovation. However, certain regions still faced challenges related to regulation, which could
impact market dynamics and the ability of new entrants to compete effectively.

5. 3G Development Challenges: The rollout of 3G networks in Europe faced significant challenges, particularly
due to the high costs associated with acquiring spectrum licenses. Operators in the UK and Germany spent
over $75 billion on spectrum licenses alone, leading to substantial debt loads. This financial burden was
compounded by a lack of immediate revenue from new services, as it would take time to build a substantial
subscriber base for 3G.

6.Consumer Expectations and Services: The document notes that while there was considerable hype around
new services, such as WAP (Wireless Application Protocol) and mobile commerce, actual consumer uptake was
slower than anticipated. Many services were still in pilot phases, and the market was still figuring out how to
effectively monetize these new offerings.

7.Regional Variations: The wireless market in Europe was not uniform; different countries exhibited varying
levels of adoption and service offerings. For instance, Scandinavian countries were noted as being particularly
innovative in wireless services, while other regions were still catching up.

The "Japanese Wireless Industry, 2001"

1. Market Leadership: Japan was recognized as a leader in wireless technology, having developed its own
wireless voice technology (PDC) in the 1980s. By the late 1990s, the market had exploded with the introduction
of innovative services, particularly the i-mode wireless data service offered by NTT DoCoMo.

2. i-mode Service: Launched in August 1999, i-mode was a groundbreaking wireless Internet service that quickly
gained popularity. It provided several technological advantages:

-Packet-Switching Network: Unlike traditional circuit-based networks, i-mode operated on a packet-

switching model, allowing for always-on connectivity.

-Compatibility: The service was compatible with existing cellular network infrastructure, meaning no
significant additional investment was required from operators.

-Minimal Modifications Needed: i-mode did not require extensive changes to existing wired web content,
facilitating easier adoption by content providers.

3.Rapid Subscriber Growth: The success of i-mode was remarkable, with over 20 million subscribers signing up
within 18 months of its launch. This rapid growth was supported by a wide array of content and services
available specifically for i-mode users, with over 30,000 content sites developed for the platform.

4.Comparison with Other Markets: The document highlights that the speed of adoption for i-mode was
significantly faster than that of traditional wired Internet services. For context, it took AOL nearly 15 years to
achieve a similar number of subscribers as i-mode did in just over a year.

4 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified

5.Economic Context: The Japanese wireless market was thriving despite the broader economic challenges faced
by the country at the time. The innovative services and strong consumer demand for mobile connectivity
helped sustain growth in the wireless sector.

6.Technological Innovation: Japan's focus on technological innovation in wireless services set it apart from
other markets. The country was at the forefront of developing new applications and services that leveraged
mobile technology, contributing to a vibrant ecosystem of wireless offerings.

The "Asian Wireless Industry, 2001"

1.Diverse Market Conditions: The wireless industry in Asia was characterized by significant diversity, with
macroeconomic conditions influencing the development of wireless markets in different countries. Some
nations experienced rapid growth in wireless subscriptions, while others lagged behind due to economic
constraints.

2.High Standards of Living: In countries with higher standards of living, such as Singapore and Taiwan, wireless
usage rates were comparable to those in Western Europe, with penetration rates exceeding 50%. This high
adoption was facilitated by better infrastructure and economic conditions that supported the growth of mobile
services.

3.Rapid Growth in Developing Countries: In contrast, countries like Indonesia and the Philippines saw rapid
growth in wireless subscribers, but many people still faced financial barriers to accessing mobile technology.
Despite this, the growth in these markets presented significant opportunities for wireless service providers.

4. Mobile-Only Internet Access: The critical trend: In many developing countries, consumers were likely to
access the Internet primarily through mobile devices rather than traditional wired connections. This shift was
expected to lead to a situation where, by 2005, more people would access the Internet via wireless devices
than through wired PCs.

5. China as a Key Market: China emerged as a focal point for the wireless industry due to its massive population
of 1.2 billion people. By 2001, China had become the second-largest wireless market in terms of subscribers,
trailing only the United States. However, with only about 10% of its population owning a cell phone, there
was significant potential for growth as market saturation increased.

6. Government Involvement: The Chinese government played a crucial role in shaping the telecommunications
landscape, actively determining policies and regulations that affected foreign investment and market entry.
This involvement created both challenges and opportunities for international wireless vendors looking to enter
the Chinese market.

5 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified

 CHAPTER-II

Wireless Threats: Uncontrolled Terrain, Communications Jamming, DoS Jamming, Injections and
Modifications of Data, Man-in-the-Middle (MITM) Attack, Rogue Client, Rogue Network Access Points,
Attacker Equipment,

……………………………………………………………………………………………………………………………..

1. Q) Uncontrolled Terrain
The major difference between wired and wireless networks is the anonymous, uncontrolled coverage areas
between the end points of the network. In wide area cellular networks, the wireless medium cannot be
controlled at all. Current wireless networking technology offers little to control the coverage area. This enables
attackers in the immediate vicinity of a wireless network to perform a number of attacks that are not found in
traditional wired networks.

1.1. Eavesdropping

The most widely known problem with an open, uncontrolled medium like wireless technology is that it is
susceptible to anonymous attackers. The anonymous attacker can passively intercept radio signals and decode
the data being transmitted as shown in Figure 2-1.

Wireless Network Eavesdropping Overview

• Eavesdropping equipment can be as simple as gaining network access.

• Wireless networking cards can be purchased for under a hundred dollars.

• All wireless devices have the hardware to send and receive on the wireless network.

• Attackers must be in proximity to the transmitter to receive transmission.

• Use of antennas and amplifiers allows attackers to be distant during an attack.

• Recent tests show that an attacker can receive a signal nearly 20 miles away from a target during 802.11
wireless networking equipment eavesdropping.

6 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified

Eavesdropping and Network Attacks

• Eavesdropping gathers information on the network under attack.

• Attackers aim to understand network users, accessible resources, equipment capabilities, usage patterns, and
coverage area.

• Common network protocols transmit sensitive data in cleartext, which can be used by attackers for access.

• Even with encrypted communications, ciphertext remains, allowing for later analysis.

• Password encryption algorithms like Microsoft NTLM can be easily broken.

Active Eavesdropping in Wireless Networks

• Active eavesdropping on a wireless local area network (LAN) involves Address Resolution Protocol (ARP)
spoofing.

• Originally designed to sniff a switched network, it's a man-in-the-middle attack (MITM) at the data link layer.

• The attacker sends unsolicited ARP replies to target stations, causing them to send all traffic to the attacker
instead of the intended destination.

• The packet is then forwarded to the intended destination, allowing the attacker to sniff traffic of out-of-
signal wireless clients or wired clients.

2. Q) Communications Jamming
Jamming occurs when an intentional or unintentional interference overpowers the sender or receiver of a
communications link, there by effectively rendering the communications link useless. An attacker can apply
jamming in several ways.

2.1. Denial of Service (DoS) Jamming

• Jamming a network can lead to a denial of service (DoS) attack, shutting down all communications in a
given area.

• DoS attacks on wireless networks are difficult to prevent and stop due to the use of unlicensed frequencies
and interference from various electronic devices.

The denial of service prevents or inhibits the normal use or management of communications facilities. This
attack may have a specific target; for example, an entity may suppress all messages directed to a particular
destination (e.g., the security audit service).Another form of service denial is the disruption of an entire
network, either by disabling the network or by overloading it with messages so as to degrade performance.

• Client Jamming: Jamming a client station can allow a rogue client to take over or impersonate the jammed
client, leading to DoS and loss of connectivity.

7 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified

• Base Station Jamming: Jamming a base station can allow a rogue base station to stand in for the legitimate
one, depriving clients of service or a telecom company of revenue.

• To prevent unintentional jamming, site surveys are recommended before investing in wireless equipment.

2.2. Injection and Modification of Data

• Involves adding data to a connection to hijack it or send malicious data or commands.

• Manipulates control messages and data streams by inserting packets or commands to a base station.

• Can result in user disassociation or disconnection from the network.

• Can be used for DoS by flooding the network access point with connect messages.

• Bait-and-switch attacks or midstream insertion attacks can occur if upper-layer protocols lack real-time
integrity checks.

2.3. Man-in-the-Middle (MITM) Attacks

• Similar to injection attacks, MITM attacks subvert session confidentiality and integrity.

• More sophisticated than most attacks, requiring significant network information.

• Attacker impersonates a network resource, intercepts and completes connection, and proxies all
communications.

• Allows attacker to inject data, modify communications, or eavesdrop on encrypted sessions.

8 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified

2.4. Rogue Client
• Attackers can mimic or clone clients' identities to gain network and service access.
• They may steal access devices to gain network access.
• Securing wireless devices is challenging due to their small size.
• Layer 2 access controls were used to limit resource access, but failed in cellular phone companies.
• The 802.11 wireless LAN standard with Media Access Controls (MACs) is a common failure, easily
circumvented by skilled attackers.

2.5. Rogue Network Access Points

• An attacker can set up a rouge access point to impersonate a network resource, allowing clients to
unknowingly access and divulge sensitive credentials.

• This attack can be used with directive jamming to block legitimate network access points.

• Users with wired network access may install rouge access points, opening up the network to attacks.

• Wireless access points can serve as backdoors to the wired network due to their default configuration.

• Attackers can easily connect to these access points, allowing attackers to gain the same access as a wired
user.

2.5.1. Attack Anonymity in Wireless Ventures

• Wireless ventures provide complete attack anonymity.
• Without proper networks, attackers can remain anonymous and hidden.
• Internet attacks will become more difficult to solve due to the availability of anonymous access through
insecure access points.
• Attackers often seek free anonymous Internet access, not to attack internal resources.
• Network operators may be liable for damages if they fail to prevent malicious attacks.

2.5.2. Client-to-Client Attacks

• Attacks can directly target other network clients.
• Successful attacks may reveal sensitive information like username and password.
• Network administrators often overlook hardening stations or installing firewall software.
• Adequate hardening of all internet or wireless-connected stations is crucial.

9 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified

2.5.3. Infrastructure Equipment Attacks
• Infrastructure equipment, including routers, switches, backup servers, and log servers, is a prime target for
attackers.
• Attackers can bypass access controls and bypass layer 2 security mechanisms like virtual LANs (VLANs).
• Three main categories of attacks are switch attacks, MAC attacks, and routing attacks.
• Switch attacks can involve flooding the MAC or ARP table in the switch or manipulating the
communication protocol.
• MAC attacks include ARP spoofing and other physical layer attacks.
• Routing attacks involve participating in the routing protocol to change traffic flow for DoS or sniffing.

3. Attacker Equipment

The equipment used by the casual attacker can minimally consist of a wireless network interface. This can
either be a wireless Ethernet network interface card (NIC), a General Packet Radio Service (GPRS), or a
Cellular Digital Packet Data (CDPD) cellular telephony handset connected to a laptop either as a Personal
Computer Memory Card International Association (PCMCIA) card or through some communications link.

Advanced attackers will sometimes employ this wireless interface in conjunction with jammers and
specialized software. A sample is shown in Figure 2-9.

Cellular network attackers will generally use a configuration as depicted in Figure 2-7 because the network
coverage is understood and generally covers a large area.

10 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified

• Wireless Ethernet networks cover a smaller area, making it easier for attackers to locate cover.
• Attackers use a laptop, GPS unit, antenna, amplifier, and wireless Ethernet NIC for network discovery.
• For long-duration sweeps, extra power can be obtained by using an inverter.
• An attacker uses various antenna apparatus to determine the best link for attacks.
• Antenna types are characterized by gain or increase in signal strength and beam width.
• Common antenna types include omnidirectional antenna, yagi, and parabolic.
• Omnidirectional antennas have a 360-degree beam width and have little to no gain unless assembled in a
collinear array.

11 |© www.tutorialtpoint.net Prepared By D.Venkata Reddy M.Tech(Ph.D), UGC NET, AP SET Qualified