Wireless Communications Security

An obvious problem of wireless communications is that they are very easy to intercept. This implies that some form of encryption is a must for the confidentiality of messages. The available approaches depend on the standard used. Cellular networks use GSM, while WLANs use two standard protocols:

  • IEEE 802.11a (Wi-Fi) can reach up to 1800 feet (550 meters). Devices connect to APs that have unique identifiers, Basic Service Set identifiers (BSS IDs). APs are basically transceivers that take the radio signals to the WLAN switch, which performs all the required network management.

WLAN switches support 802.11 at layer 2 and IP traffic at layer 3. The wireless network has a SSID (Service Set Identifier). It is also possible to set up Peer-to-Peer (P2P) networks.

  • Bluetooth. A protocol for short-range (up to 100 meters) wireless networks. Bluetooth devices are typically structured into ad-hoc networks.

IEEE 802.11 Wireless LAN Standard

It is the most widely used communications protocol for wireless LANs. The protocol resides in the physical and data link layers of the OSI (Open System Interconnection) model. It defines functions and specifications for the physical and MAC (Medium Access Control) layers.

The MAC layer covers three functional areas: reliable data delivery, access control, and security. The protocol defines different building blocks such as BSS (Basic Service Set) and ESS (Extended Service Set). Each ESS consists of one or more BSS. Stations in a BSS compete for access to the shared wireless medium.

Most ad hoc network routing protocols are designed and tested on top of the IEEE 802.11 protocol. Figure below shows the scope of the IEEE 802.11 standard in reference to the layers of the OSI model. It shows how the data link layer is actually divided into the MAC and LLC (Logical Link Layer).

The latter is responsible for providing the upper layers with three types of services, which are:

  1. Unacknowledged connectionless service
  • No flow and error control support
  • No guarantee of data delivery
  1. Connection-mode service
  • Logical connection is set up between two users
  • Flow and error control are provided
  1. Acknowledged connectionless service
  • This service is a cross between previous two
  • Datagrams are acknowledged
  • No prior logical set-up required

802.11 uses Wired Equivalent Privacy (WEP). WEP provides device or access point authentication as well as message secrecy through a variant of the RC4 cryptographic algorithm. The implementation of this algorithm has been shown to be flawed [isa]. Access to the wireless network is controlled using a static key.

WEP is being replaced by Wi-Fi Protected Access (WPA). WPA supports the AES (Advanced Encryption Standard, also known as Rijndael) encryption algorithm, provides effective key distribution, and can interact with RADIUS (Remote Authentication Dial-In User Service) or LDAP (Lightweight Directory Access Protocol) servers.

Authentication is based on the 802.1X and the Extensible Authentication protocol (EAP) and requires the use of an authentication server. An alternative (or complement) is using SSL VPNs (Virtual Private Networks). Other specialized products detect unauthorized access points and users.

WLAN switches apply security controls, including authentication (a comparison of some of them is in). Authentication can be provided locally or by connecting to a RADIUS or LDAP server. Because the RSA algorithm is rather inefficient in its use of key length, elliptic curve cryptography (ECC) algorithms have been proposed.

For example, an elliptic curve algorithm with a key length of 150 bits takes 3.8 × 10 10 MIPS-years to be broken by brute force, while the RSA with a key length of 512 takes only 3 × 10 4 years. However, this approach requires that all ECC users agree on a common set of parameters, otherwise the extra information needed effectively extends the key.


Bluetooth is a wireless communications protocol, originated by Ericsson, that quickly was adopted by many companies. It is intended to work in a close proximity environment, such as homes, offices, classrooms, hospitals, airports, etc. Connections are established using designated master and slave nodes.

Bluetooth uses application profiles for different devices, synchronous connection-oriented (SCO) for data, and asynchronous connectionless (ACL) links for voice, which are multiplexed on the same (Radio Frequency) RF link.

Frequency-hopping spread spectrum with a high 1600 hops/sec rate is used to reduce interference, and provide low power, low cost radio communications. It operates in the Industry Scientific and Medical (ISM) band at 2.45 GHz with a transmission power of 1 to 100 mW, a range of 10 to 100 meters, a maximum bit rate of 1 Mbps, and an effective data transfer rate of 721 Kbps.

Bluetooth provides authentication and message 128-bit encryption using hierarchical keys. Devices can be discoverable or invisible. In discovery mode a device is visible to any other device within range, which can make it vulnerable to attacks from those devices.