Wireless Networking Technology and Security:

¶ … Wireless Networking Technology and Security: A Moving Target

The objective of this work is to focus on wireless networking technologies, protocols, standards and operations. Additionally examined will be the capabilities of Wireless Personal Area Networks (WPANs), Wireless Local Area Networks (WLANs), and Wireless Wide Area Networks (WWANs). This work will describe wireless networking capabilities, recent initiatives and the advantages and limitations of wireless networks in accommodating goals, objectives and requirements in government and/or academic environments. Finally this work will examine a security component which relates to these wireless network technologies. Wireless devices are very much prone to being attacked and exploited however the benefits of these wireless technologies far exceed the risks that go along with the use of these. The Wireless Personal Area Network (WPAN) is a wireless network that has a maximum range of 10 meters and are networks utilized for interconnection of the respective devices one another. The Wireless Local Area Network (WLAN) has a signal range of approximately 30 meters indoors and 100 meters outdoors and are often also refereed to as Wireless fIdelity (WiFI). The WWAN - Wireless Wide Area Network (WWAN) provides a wireless connection over an area that is much wider.

Purpose of the Study

The purpose of this study is to identify a security protocol that will serve to protection wireless communication across the range of WPANs, WLANs and WWANs.

Rationale

The problem that is addressed in this research study is related to wireless technology and the limitations that exist in wireless network security at present. There are various applications of the wireless network and various wireless devices and communication protocol however; there is not yet wireless network security protection that exists with the necessary capabilities to cover all types of wireless network communication across the spectrum of diversity that exists in the wireless network technology communication security needs.

Methodology

The methodology of this study is one of a qualitative nature and that involves an extensive review of the literature in this area of study.

I. WPAN Security

The work of Todd Kennedy and Ray Hunt entitled: "A Review of WPAN Security: Attacks and Prevention" states that the Wireless Personal Area Network (WPAN) "fill an important role in local area network technology complementing traditional IEEE 802.11 Wireless LANs." Reports as well is that the key emergent WPAN technologies Bluetooth, ZigBee and NFC (Near field Communications) and that these are "subject to the usual range of security vulnerabilities found in wireless LANs such as spoofing, snooping, man-in-the-middle, denial of service and other attacks." (p.1) T

The Wireless Personal Area Networks (WPANs) are stated to form "an important niche in wireless area technology that are particularly applicable for applications demanding low data rate transfer, limited range, low power consumption as well as requiring devices to be physically small and of low cost." (Kennedy and Hunt, 2008, p.1) Bluetooth and Zigbee are stated to operate "in the same frequency spectrum as IEEE 802.11b Wireless LANs and are thus subject to interference." (Kennedy and Hunt, 2008, p.1) The following table summarizes these three WPAN technologies in terms of their physical characteristics.

Figure 1

Physical Characteristics of the Primary WPAN Technologies

Source: Kennedy and Hunt (2008)

The work of Kennedy and Hunt further states that Bluetooth technology was designed specifically for small form and low-cost as well as short-range radio links that communicate between "PCs, handheld devices, mobile phones and other computing devices based on IEEE 902.15.1[2]." (Kennedy and Hunt, 2008, p.2) This technology is viewed as a "cable replacement that allows ones device to connect to another through a 10 meter personal bubble (may extend up to 100 meters) and supports simultaneous transmission of both voice and data for multiple devices." (Kennedy and Hunt, 2008, p.2)

Profiles supporting by Bluetooth includes the following: (1) imaging; (2) file transfer; (3) generic access, (discovery and link establishment) human interface device (keyboard, mouse), LAN access (using Point-to-Point protocol." (Kennedy and Hunt, 2008, p.2) The release of Bluetooth Version 2.0 + Enhance Data Rate (EDR) was in 2004 with Bluetooth Version 2.1 + EDR Specification being adopted in July 2007 which is inclusive of various operation features which are new. Presently Bluetooth 3.0 is being drafting and Kennedy and Hunt state that it will likely being inclusive of Ultra Wide Bank (UWB) features. Bluetooth is stated to operate in the "unlicensed 2.4 GHz band, which is shared with other wireless communication standards as 802.11b LANs." (Kennedy and Hunt, 2008, p.2)

Bluetooth attacks are stated to generally be in relation to mobile telephony devices however "they are equally applicable to other devices used in the WPAN environment." Kennedy and Hunt, 2008, p.1) Bluejacking is the term used to refer to the process of unsolicited content being sent to devices which are Bluetooth enabled and that generally contain a message "such as BlueChat (chatting over Bluetooth). " (2008) It is stated that that messages are short in form and may be utilized in an attempt to "mimic authentication dialogues" and using these to compel the user in revealing access codes and then the attacker uses this information to access the files that are stored on the device often stated to be a mobile computer." (Kennedy and Hunt, 2008, p.1)

Kennedy and Hunt relate that BlueSnarf is the process entailing unsolicited content being sent to Bluetooth enabled devices and just as in Bluejacking, BlueSnarf attempts to mimic authentication dialogues causing the user to being tricked into disclosing their access codes and allowing the attacker to read access to a vulnerable device thus enabling them to access the calendar and phone book without authentication. This attack is reported to have recently been upgraded to BlueSnarf++ making the use of the Object Exchange FTP service in connecting to devices which are vulnerable and allowing the attacker read write access for the device's file system in its entirety as well as that of any memory extensions including such as memory sticks. The third attack in this area is related by Kennedy and Hunt as being that of what is known as 'BlueBump' which exposes a weakness in the "handling of Bluetooth link keys, giving devices that are no longer authorized the ability to access services as if still paired. It can lead to data theft or the use of mobile Internet connectivity services, such as Wireless Application Protocol." (Kennedy and Hunt, 2008, p.1)

Another attack referred to as Bluesmack is a Denial of Service (DOS) attack "that can be performed with standard tools such as Linux Bluez utils package." (Kennedy and Hunt, 2008, p.1) This attack is stated to be similar to that known as 'Ping of Death' because it targets the L2CAP layer, which can request another Bluetooth peer echo. This tool enables the user to choose a certain acceptable length of a packet and when a packet exceeds that length by more than 600 bytes the results may be 'devastating'. (Kennedy and Hunt, 2008, p.3)

Before an attacker can conduct a BlueDump attack the attacker must know "...the Bluetooth address of a set of paired devices." (Kennedy and Hunt, 2008, p.3) This involves the attacker spoofing the address of one of the devices and then connecting to the other. The attacker in this instance does not have a link key when the device asks for authentication and this can result in the link key being deleted by the garget device and reversion to pairing mode to be initialized. (Kennedy and Hunt, 2008, paraphrased)

Also a DoS attack is that of BlueChop which may disrupt any piconet established by Bluetooth and this is even when the device is nonparticipative. The device not participating in the piconet BlueChops a picnonet by spoofing a random slave and contacts the piconet master. Kennedy and Hunt report that 'Bloover' was created "as a proof-of concept' tool that can be used to initiate a BlueSnarf attack from a J2ME-enabled mobile device." (p.3) The intent however in creating Bloover was to use it as a tool for auditing that enabled checking for vulnerability in mobile devices. Bluetooth is also reported to be vulnerable to traditional computer attacks including the self-propagating virus, malware or worm. One such attack is the cabir worm that uses the Bluetooth device to self replicate which however affects only Symbian platforms.

Bluetooth is a wireless technology and this is stated to result in great difficulty in terms of avoidance of signals which leak outside the set boundaries. It is stated that for this reason the individual should not enter a PIN into the Bluetooth device for pairing in public which will mitigate the risk of eavesdropping by an attacker. It is important to understand Bluetooth pairing in defending against attacks. Bluetooth specification enables the use of NFC for the purpose of the creation of a pairing process that is secure in nature.

Bluetooth devices generally save the link key in a non-volatile memory for use in the future. Therefore, at the time the same Bluetooth devices want to communicate again the stored link key is used however, some of the Bluetooth devices require that a PIN number be entered each time communication takes place and this is stated to increase the likelihood that the attacker may perpetrate on the communication and eavesdrop. Bluetooth devices use encryption security and this makes the requirement of a "unique key session key to derive per-packet keys thus avoiding frequent key reuse." (Kennedy and Hunt, 2008, p.4)

Kennedy and Hunt report that ZigBee is a reasonably priced low energy consumption two-way CDMA/BA-based wireless communications standard which is based on IEEE 802.15.4 which is referred to commonly as a 'Low Rate Wireless Personal Area Networks (LR-WPANs) and which is targeted primarily "at radio frequency applications requiring low data rate, long battery life and secure networking." (p.4)

LP-WANS "offer device level wireless connectivity..." And as well "they enable a range of new applications as well as enhance existing applications." (2008, p.4) These devices are low in cost and low in their energy use and due to their self-organization features are useful for public security applications as well as for tracking inventory and automation in the home and office. A wireless device may be jammed in what is equal to a DOS attack. The jamming can take place at the PHY layer through sending transmissions continuously. It is also possible for collisions to be created by an attacker.

Kennedy and Hunt report that the 'void address' is a much more powerful attack since the LR-WPANs use 16-bit short addresses and the cluster-tree may use only part of the address, the attacker is able to send a packet to an address that is nonexistent which is beyond the cluster-tree address scope and while the address is not in existence, the packet will be sent up the tree and when it arrives there may be failure on the part of the root to validate the address and the packet is then forwarded to a branch that does not exist. Since the root does not receive a package acknowledgement, that packet will then be retransmitted.

The LR-WPAN device has its key management "based on the trust centre which is neither robust nor efficient. Communications between the trust centre and a device can be lost, especially in a multi-hop and/or mobile environment." (p.4) This reliance on the trust centre results in a reduction of the system's robustness and this is particularly true for key transports and for updates since the key are current unicast. The result is that the trust centre is heavily burdened and the devices near it are as well due to the need to relay traffic between other devices and the trust centre. For this reason, Kennedy and Hunt state that distributed or hierarchical key management schemes should be considered for large-scale networks.

Kennedy and Hunt relate that 'Near Field Communications' (NFC) is a "short-range wireless connectivity technology" that provides "intuitive and simple communication between electronic devices." (2008, p.5) Communication takes place when two NFC compatible devices are "brought within a few centimeters of each other and is compatible with existing RFID (Radio Frequency Identification) standards. This type of communication technology operates in the 13.56MHz frequency band and transfers data "at up to 242 Kpbs as defined by ISO 14445 [7]." (Kennedy and Hunt, 2008, p. 3)

Due to the short transmission range transactions enabled by NFC are potentially secure. The possibility of an eavesdropping attack is a high risk with NFC communication since antennas can be used to receive signals. NFC communication generally takes place between two devices which are 10 centimeters apart or less and while this range does not limit attackers the operating mode is limited including whether the RF field is used by the sender for generation or as to whether the RF field being used is generated by a separate device. When the NFC is generating its own RF field this is referred to as the 'active' mode and when the NFC uses the RF field of another device this is referred to as the 'passive' mode of generation. There are various transmission methods and this makes it more difficult to attack through eavesdropping on devices being operated in passive mode. When the active mode is being used to send data eavesdropping can occur within about 10 meters distance.

Also a risk with NFC communication is the data corruption attack which is a basic DOC type attack. The most simple form of attack is one in which the communication of the receiver is disturbed by the attacker rendering the data transmitted being failed to be understood by the receiver and this is perpetrated through the transmission of frequencies of the data spectrum that are valid and transmitted at a correct time. The attacker with an understanding of the modulation and coding scheme will be able to calculate the correct time. Finally another form of attack is the 'Data Insertion' attack which is the insertion of messages into the data that the two devices are exchanging however, this may only occur when the device that is answering accepts replies that are delayed.

The Data Insertion attack enables the attacker to insert the message prior to the reply sent which will be successful if the message makes it to the answering device first. If the data stream winds up overlapping then the data will become corrupt. While the passive mode of transmitting data is much safer there is still a possibility that eavesdropping may occur and for this purpose the NFC device can establish a secure channel through examining the RF field during transmission and check the RF field during the course of the transmission.

There are three possible countermeasures to a 'Data Insertion' attack: (1) the answering device answers with no delay making it impossible that the attacker could be as fast as the correct device; (2) the answering device can listen to the channel during transmission making it more difficult for an attacker to insert data and making it easier to detect this if it does occur; (3) secure the channel between the two devices. (Kennedy and Hunt, 2008)

The Data Insertion countermeasures can be performed through establishing a secure channel between the two NFC devices and then having a standard key agreement protocol "such as Diffie-Hellman based on RSA or Elliptic Curve cryptography. Since the "man-in-the-middle is no significant threat, the unauthenticated version of Diffie-Hellman will be adequate. The shared secret can then be used to derive a key to be used in symmetric encryption algorithm such as 3 DEC or AES which then secures the channel. (Kennedy and Hunt, 2008)

Kennedy and Hunt (2008) state: "Although application of the key security principles of encryption and authentication are clearly required in any wireless network architecture, they are more difficult to achieve as the size and scale of wireless devices is reduced. Implementing authentication and encryption algorithms in hardware on an IEEE 802.11 device installed, for example, in a laptop is not difficult, but the same cannot be said for a number of WPAN devices. Encryption and authentication need to be fast -- particularly in a highly mobile environment which demands hardware implementation." (Kennedy and Hunt, 2008, p. 5) The WPAN devices are to small to handle this challenge and current cryptographic algorithm demands including AES, MD5 as well as others results in difficulty in achieving due to the requirements of mathematical process that are quite complicated in addition to the miniature power sources. Stated to be a technology that might "...significantly alter this landscape is Ultra Wide Band (UWB), which operates by spreading pulses across a very wide frequency spectrum (3.1 to 10.6 GHz) although currently it is still in the standards specification phase. The combination of this larger spectrum, lower power and pulsed data improves speed and reduces interference with other wireless devices. This short-range radio technology could be very valuable for WPANs, as it would provide a cost-effective, power-efficient, high bandwidth solution for relaying data between hosts and intermediate devices (up to 10 meters). UWB is establishing partnerships with Bluetooth (draft version 3.0, May 2008) and Wireless USB to gain value from this new technology which may change the face of next generation of mobile devices." (Kennedy and Hunt, 2008, p.5)

II. P2P Wireless Technology

The work of Liu and Koenig (2008) entitled: "Security Policy Management for Peer Group Meetings" states that the privacy of P2P meetings needs "...appropriate security architecture." (p.1) Security architecture "specifies how to incorporate the needed cryptographic methodologies and the security functions (key management) into the system to meet the defined security requirements." (Liu and Koenig, 2008, p.68) Security architecture is reported to built up in a "modular manner" for the purpose of easing the systems expansion and maintenance and each module "serves as a specific security function in the system such as key management and the security policy management." (Liu and Koenig, 2008, p. 68)

The level of protection of a conference is determined by the security policy which also sets out the application of security algorithms. Therefore, it is the security policy that makes the determination of the conference's level of protection and that specifies the application of security algorithms. The primary concern in regards to the security policy module design is the method of the security policies which are diverse and how these may be reconciled. Absent a unified security policy the participants will not be able to initiative communication between one another.

While security policies play a primary role in the security activity controls of a system there has been a failure to examine this in the research on security for a great while. The principle is that the central security policy management is the responsibility of the server and this server creates disseminates and reconciles the security policies however this approach is not able to be applied to the P2P systems because these systems use serverless architecture. In fact, there are not yet any solutions that are appropriate for use with the security policy management in the P2P settings as of yet. Liu and Koenig state that their work proposes a solution for the P2P security policy management and specifically the P2P conference systems. Each peer in the P2P video conference system is stated to be in possession of the same capabilities and to utilize the same system structure meaning that the peers are capable of setting up meetings without use of any type of central server.

Different functional modules comprise the system and there are grouped by their functionalities which are distinctive and include the following three layers: (1) an application; (2) a security; and (3) a group communication layer. (Liu and Koenig, 2008, p. 68) The application layer contains the functions that are application-specific in regards to the transfer of media data. Functions include the group management for supervision of the composition of the group as well as the quality of service (QoS) management which controls the parameters of the media and the floor control which regulates the shared resources access or the white board. The sending and receiving of video and audio streams is comprised by the media data transfer functions and this includes the digitalization and compression which enables transmission across the network efficiently. The group communication layer is that which "form the basis for a reliable operation of the collaborative functions in the upper layers" and includes the group management data update in the peers. (Liu and Koenig, 2008, p. 68)

This is a distributed setting so required is ensuring consistency since all the peers "have the same view on the actual group state and it can uniquely decide all group related issues by themselves." (Liu and Koenig, 2008, p.69) Included are the QoS parameter settings, security policy reconciliations, or floor assignments. The virtual synchrony which is a requirements is provided by a "...decentralized group communication protocol...such as GCP." (Liu and Koenig, 2008 p.69) The security services that are needed in P2P conferences are provided by the security layer.

The requirements of security that are set out and which a conference is expected to comply with are the following: (1) user authentication; (2) authorization; (3) confidentiality; and (4) data integrity. Liu and Koenig explain that the decision for which security level and the type of security algorithm are required in a conference is made by the 'security policy module'. (Liu and Koenig, 2008, p. 69)

The mutual user authentication that occurs between the participant and the members of the group when a new participant joins the conference is performed by the 'authentication module'. The incoming calls are automatically filtered by the 'authorization module' ensuring that the only calls accepted are those who are listed in the user contact specified lists. The group key is refreshed by the 'group key management module' each time the group's composition changes. The confidentiality and integrity of the signaling data and media data exchange is ensured by the 'data security module'.

III. Radio and 3G Cellular

The work of Amaldi, Capone and Malucelli (2008) entitled: "Radio Planning and Coverage Optimization of 3G Cellular Networks" states the fact that over the past few years 3G systems "have been standardized and network deployment has started." (p.435) This includes such systems as UMTS and CDMA2000 which are "based on a more flexible but also a more complex Wideband Code Division Multiple radio Access scheme (W-CDMA)." (Amaldi, Capone and Malucelli, 2008, p.435) The service licenses for these devices are quite high and the market situation has experienced change of a dramatic nature therefore, it is important the planning tools for designation of networks providing service coverage that is good and that is also cost efficient is important.

Because of the W-CDMA being somewhat peculiar the result is that there can be no decomposition of the radio planning problem into a problem with coverage or into a frequency allocation problem as in the planning for a second generation cellular system with a Time Division Multiple Access scheme (TDMA). The W-CDMA bandwidth is shared and there is no requirements of frequency assignment and the "area actually covered by a base station (BS) also depends on the signal quality constraints, usually expressed in terms of Signal-to-Interference Ration (SIR) and on the traffic distribution." (Amaldi, Capone and Malucelli, 2008, p. 436) The SIR values, being dependent on the powers of emission also required to be taken into consideration are the "specific power control mechanism and the power limitations. (Amaldi, Capone and Malucelli, 2008, p. 436)

The data required to be known in addressing the network planning problem for W-CDMA air interface systems are stated to be those as follows: (1) a set of candidate sites where BSs can be installed, (2) a set of possible configurations of each base station (sector orientation, tilt, height, maximum power, pilot power, etc.), (3) the traffic distribution estimated by using empirical prediction models and (4) the propagation description based on approximate radio channel models or ray tracing techniques and antenna diagrams. (Amaldi, Capone and Malucelli, 2008, p. 437)

It is stated that there are some things similar in location and configuration problems in base stations and second generation systems the 3G system requires the same consideration as that of the W-CDMA air interface insofar as the peculiarities that must be considered. The W-CDMA cellular system is such that there is no limitation on the amount of traffic able to be served by each BS by fixed channel assignments as is the case in the 'Time Division Multiple Access' system (TDMA) however it is limited "by the interference levels in the service area" which enables the flexible use of radio resources however this being depending "on propagation conditions and inference sources distribution." (Amaldi, Capone and Malucelli, 2008, p.436)

The SIR is that which measure the quality of the signal and the signal quality constraints "impose that the SIR exceeds a minimum value r which is dependent upon the consideration of the communication service whether it be voice, video, or packet data. Amaldi, Capone and Malucelli states that the SIR level of each connection "...depends on the received powers. powers. The PC mechanism dynamically adjusts the emitted power according to the propagation conditions so as to reduce the interference and satisfy quality constraints." (2008, p.436)

A SIR-based PC mechanism is reported to be that which is generally utilized for the W-CDMA system and it is stated that the emitted power "is adjusted through a closed-loop control procedure so that the SIR is equal to a target value SIRtarget. According to this scheme the power emitted by each station is strictly related to that emitted by all the others." (Amaldi, Capone and Malucelli, 2008, p.437) Amaldi, Capone and Malucelli state that it is possible to consider power-based PC model which is simpler and one in which the "emitted power is adjusted so that the power received on each channel is equal to a given target value Ptarget." (2008, p. 446)

Amaldi, Capone and Malucelli report that in this instance the emitted power for each connection is dependent upon the "...attenuation between source and destination." (2008, p.446) Therefore, the power-based PC mechanism "yields higher powers compared with the more complex SIR-based PC one given any set of SIR constraints." (Amaldi, Capone and Malucelli, 2008, p. 446) From the "network planning point-of-view, considering a power-based PC mechanism instead of a SIR-based PC one may lead to a more conservative dimensioning of the system." (Amaldi, Capone and Malucelli, 2008, p.446)

Also strongly impacting the quality of the connection and the traffic handled other than base station location is that of the configuration of the antennae because "...the interference in each cell of a three-sector antenna depends on its horizontal orientation which can be optimized taking into account traffic distribution. Since the vertical radiation diagram is not uniform, also the vertical orientation (tilt) of the antenna affects the SIR values. Smaller tilt angles tend to increase not only the coverage range but also the captured interference. Also the BS maximum power affects the area actually covered: a higher power allows to cover a wider area, but it also increases the interference generated towards the other cells." (Amaldi, Capone and Malucelli, 2008, p.446)

The mathematic programming model presented by Amaldi, Capone and Malucelli (2008) is one that serves to optimize the location and configuration of BSs in 3G networks taking into account both uplink and downlink directions, with pilot signals included" and this upon the assumption of a SIR-based PC mechanism. Utilized is a 'Tabu Search algorithm and this is started from the ...solutions provided by a randomized greedy algorithm" and one that was proposed as being efficient in identifying "approximate solutions within a reasonable amount of computational time.

The algorithm was designed to be computationally effective through the adaptation of what is described as an: "...iterative method to locate the power levels of the signals that TPs or BSs emit. The SIR-based PC requires both uplink and downlink unlike the power-based PC uplink model's requirements and the results stated for the model combining uplink and downlink are stated to indicate that "that by starting from the solutions provided the simplified uplink model with power-based PC computing times are reduced by a factor of fifty without heavily affecting the solutions quality. Besides, the introduction of pilot signals obviously worsen the solutions' quality in downlink direction but makes the results more realistic." (Amaldi, Capone and Malucelli, 2008, p.446)

The final assertion made in the work of Amaldi, Capone and Malucelli is that the consideration and study "...studying separately the uplink and downlink direction models as well as a power-based PC mechanism or a SIR-based one has yielded a striking improvement from the computational point-of-view and has given us a better insight into the overall BS location and configuration problem." (Amaldi, Capone and Malucelli, 2008, p.446)

IV. Security Challenges, Risks and Approaches

Each of these wireless technologies are subject to being on the receiving end of snooping, spoofing, man-in-the-middle, denial of service and others." (Kennedy and Hunt, 2008, p.1) The same security concerns are present as in any other types of wireless networking and this requires confidentiality for ensuring privacy is not breached on sensitive data through disclosure to others than the individual who was intended to view that information and this is stated to be that which "serves as the backbone to prevent passive attacks." (Kennedy and Hunt, 2008, p.1) Sine messages can become corrupted during transit in wireless networks either through intentional and malicious attacks or due to environment issues and for example transmission collisions the authentication is critical for verification of "either the sender of the message (entity authentication) to confirm where the message originated." (Kennedy and Hunt, 2008, p.1) There is often congestion in the area of wireless technology usage sin that they generally share similar bandwidths and there is a requirement of the use of fairness and efficiency ensure for network resource usage.

V. Proactive Wireless Self-Protection System -- Anomaly-Based Security

The work of Fayssal, Al-Nashif, Kim, and Hairiri (2008) entitled: "Proactive Wireless Self-Protection System'" states that while mobile computing systems are that which comprise the "...the core of the next generation ubiquitous pervasive services, they still have many flaws in their security." (p.11) It is additionally stated by Fayssal, Al-Nashif, Kim, and Hairiri that wireless networks and the various application which accompany wireless network use "...have changed the structure of pervasive services and the defense strategies for network security. Wireless networks can range from 10 meters as in the case of wireless personal area networks (WPAN) to 100km as in the case of wireless regional area networks (WRAN)." (2008, p.11)

The wireless network and its applications have the capabilities needed to "...replace credit cards, phone books, file storage, and many other services using IDs from mobile devices, the trust and security factors of these network become more demanding." (Fayssal, Al-Nashif, Kim, and Hairiri, 2008, p.11) The wireless network according to Fayssal, Al-Nashif, Kim, and Hairiri can be categorized as follows:

(1) WPAN,

(2) WLAN (Wireless Local Area Network),

(3) WMAN (Wireless Metropolitan Area Network), and WRAN.

(4) WPANs (e.g., Bluetooth)

The wireless network is stated to be that which would "...provide a convenient replacement for wired technologies that connect different accessories to mobility devices. WPAN can also be used to form an ad hoc network using two or more WPAN enabled nodes. WLAN provides a cost-effective approach to install replacement for traditional LANs. WMAN is a promising technology to replace wires on the "last mile," and it covers up to 5km. WRAN cover up to 100km, which will be used to Wide Area Network in areas with low network congestion, such as urban areas." (Fayssal, Al-Nashif, Kim, and Hairiri, 2008, p.12)

All of these technologies are identified by Fayssal, Al-Nashif, Kim, and Hairiri common critical security vulnerabilities. The current security strategies are not comprehensive; they can only protect a single technology at a time, and fail to provide enough security to increase the user trust." (Fayssal, Al-Nashif, Kim, and Hairiri, 2008, p.12) There have been wireless attack prevention strategies proposed which includes the Wireless Intrusion Detection System (WIDS) which is stated to be of the nature that "...can be classified into anomaly based and signature-based detections. Both of those methods for WIDS rely on the analysis of network protocols and traffic.

Signature-based detection methods detect attacks if one or more monitored parameters match one of the known abnormal signature in a data base of previously learned abnormal signatures." (Fayssal, Al-Nashif, Kim, and Hairiri, 2008, p.12) There is a low false-positive rate although thee methods are able to discern an attack very early however, they simultaneously suffer "low detection rates for attacks are not known by the system or polymorphic instance of a known attack." (p. 446)

The anomaly-based method is in "its simplest form detects attacks by scoring the deviation of behaviors or trends of monitored parameters from known normal behaviors. If the score is beyond a certain threshold, then it is considered as abnormal." (Fayssal, Al-Nashif, Kim, and Hairiri, 2008, p.13) Fayssal, Al-Nashif, Kim, and Hairiri state that an effective Intrusion Detection System (IDS) "can be evaluated by the following: (1) Accuracy -- reduces the false-alert rate; (2) Extensibility -- assist in updating the system components which includes the monitoring of sources such as signal analyzers, wireless channels and multiple monitors in different geographic locations which ultimately provides a wider view of the network.; and (3) adaptability - can reduce the time and cost of upgrading and deployment of a WIDS.(Fayssal, Al-Nashif, Kim, and Hairiri, 2008, p. 13) Fayssal, Al-Nashif, Kim, and Hairiri (2008) state that WLAN attacks are in the following classifications:

(1) Identity spoofing: In MAC or IP address spoofing, attackers can hide their identities by using different MAC and/or IP addresses from the ones legally assigned to them. There are three different types of MAC spoofing attack: random, vendor-oriented, and peer;

(2) Network Analysis: This attack occurs when the attacker uses a high gain antenna to obtain information such as signal power, source type, and packet size; attackers in this category may or may not interfere with communication channels;

(3) Eavesdropping: These attacks can be categorized into being passive or active. Passive eavesdropping transpires when attackers sniff users' packets without interfering with the communication channels. Active eavesdropping occurs when attackers inject probe request frames into a communication medium to uncover silent access points and user stations;

(4) Vulnerability attacks: take advantage of wireless network protocol design flaws such as greedy behavior or breaking into WEP networks that are secure.

(5) Denial of Service: attacks such as beacon, probe request, association, authentication, ARP, and data flood attacks; attackers can flood the network with useless traffic and slow or even block legitimate users from accessing wireless network resources. Examples of this attack include deauthentication attack, AP association and authentication buffers overflow; physical layer jamming attacks, disassociation flooding attacks, and control frame vulnerability attacks.