Wireless networks are everywhere, and ensuring secure wireless communication is of great importance. This research investigates infrastructure networks. This kind of network is based upon one or more connected Access Points (AP) that end users connect to in order to access the network. Several security protocols exist for these kinds of networks. Two common ones are Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA and WPA2).

The problem addressed in this research is the lack of a common protocol that is secure, but not private. A wireless network using WEP is secure, but private, meaning that people need to know a secret key in order to connect to the network. Why would we want a secure and public network? The main use would be in public places. Consider a wireless network in an airport - in order for it to be public; it has to be insecure, which puts the users at risk. We investigate alternatives which would enable the implementation of a public and secure wireless network. Does a protocol like this already exist? Are there implementations of current protocols that could ensure a public and secure network? If these do exist, why are they not widely used?

Free WiFi in Airports & Public Hotspots, Brian Wilson, http://anti-hacker.info/papers/free.pdf
-There exist infrastructure wireless networks that do not implement an authentication protocol. Many of these networks employ software called content portals on servers that are connected to their access point. In order for a user that is connected to an access point that is implementing a content portal to access the internet, he or she must give some sort of authentication in order to access the internet through that access point. This authentication is sent through the server attached to the access point and the user's MAC address is then added to a list of users who are allowed internet content. This article describes how to get free internet access without needing to authenticate through the content portal. Once connected to the access point, the user can probe inside of the LAN subnet without need for connection to the internet. Using some networking sniffing tools, a user is able to find all the other users connected to the access point. A user is then able to find the MAC addresses of all of the computers connected to the access point. The user is also able to monitor the amount of packets going to each IP/MAC address, seeing who is getting packets from the sources outside of the LAN subnet. From there the user can change his own MAC address to the MAC address of someone who was getting packets from outside of the LAN subnet, therefore letting the user to connect to the internet, bypassing the content portal.

The Art of casual WiFi hacking, Jeremy Martin. http://www.infosecwriter.com/pdf/WiFi%20hacking%20article.pdf
-This article gives a first person account of a casual WiFi hacking experience. The experience is called casual, because it is done simply. The article presents WiFi hacking like a simple science experiment. The author presents the materials he uses to participate in casual WiFi hacking. This includes a laptop computer running Windows XP with various wireless cracking software and a laptop computer running Linux with various wireless cracking software. The author then drives through different areas of a city, picking up WiFi signals and analyzing their vulnerabilities. The author then presents how easily a WEP encryption can be broken into, and how easily one can explore the subnets of a wireless network that is not implementing any wireless protocols. In the end, this article displays the great vulnerability in wireless networks that are not secure and those that are, and it shows that via a first person account of what the author calls "Casual WiFi hacking."

Hacking Techniques in Wireless Networks, Prabhaker Mateti
http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/ WirelessHacks/Mateti-WirelessHacks.htm
-Hacking Techniques in Wireless Networks is an introductory article of known security flaws. Since wireless networks send out information through radio waves that go through the air and they are potentially available to anyone in the area who can receive these signals. The article describes the MAC layer of networking and the difference between ad hoc and infrastructure networks. The vulnerabilities mostly focus on infrastructure networks. It first goes over the basics of wireless network sniffing and the different types of sniffing that can be done on wireless networks. It then goes into details about MAC address spoofing, IP spoofing and Frame spoofing. The article then goes over the basics of wireless network probing, access point weaknesses, different kinds of attacks including denial of service attacks and man in the middle attacks. The article not only talks about the weaknesses of wireless security, but also the best practices that wireless security uses. In the author's conclusion he declares that "Regardless of the protocols, wireless networks will remain potentially insecure because an attacker can listen in without gaining physical access. In addition, the protocol designs were security-naive." This is a call for greater and safer security for wireless networks; however the author does not present any other alternatives to wireless networks.

Secure Wireless Internet Access in Public Places, Paramvir Bahl, Srinivasan Venkatachary
http://www.cs.ucsd.edu/~abalacha/research/papers/ICC01.pdf
-The authors of this article, who work for Microsoft Research, created a network called CHOICE to provide a new paradigm of wireless communication: to provide wireless internet connectivity "anywhere, anytime computation on any device." The world needs fast and secure wireless connectivity on a wider scale than what is available today. Current wireless network implementation has many flaws, and current cannot support a wide-scale secure network to ensure the quality of service that the authors wanted to assure with CHOICE. Therefore, the authors created their own protocol called Protocol for Authorization and Negotiation of Services (PANS). The CHOICE network works as follows. A user connects to a wireless access point in a given location using PANS. A PANS verifier will be located at every access point in order to give access to the Global Authenticator. The Global Authenticator is located somewhere on the internet. Using the PANS Verifier, authentication information is sent safely to the Global Authenticator . Both the user and the PANS Verifier much have software which implements PANS in order for the correct encryption and decryption of data. After the Global Authenticator authenticates the end user, who is connecting to the network, the end user has a secure connection with the PANS Verifier. Then the user has a safe, fast connection with the CHOICE network, and all the data is encrypted using a personal key. The data is encrypted and passed between the end user and the PANS Verifier for safe and fast wireless connectivity. It is unclear whether or not anonymous access is possible with the CHOICE network, or whether or not it is just a proprietary service that is trying to be implemented on a wide scale, but either way it does provide a secure, fast connection to the internet in public places.

Build a Secure Wireless Portal with Linux, Carla Schroder
http://www.enterprisenetworkingplanet.com/netos/article.php/3592556
-This article centers on how to build a wireless portal. A wireless portal is a computer running a server application that manages all the connections that are coming in from a wireless router. The portal set forth in this article is one that runs one of multiple applications available to implement a secure wireless portal. There are many different types of wireless portals, but many have security flaws. Not only can a wireless portal provide encrypted data transfer, but "un-neighborly behavior, like bandwidth- and time-hogging." The wireless portals can be implemented to be either public or private. The difference between the two is that private requires some sort of authentication before access is allowed. The article then describes how to implement the wireless portal - the types of routers that can be used, the different Linux operating systems that can be used and their specific configurations. The article does not go over possible security flaws of the implementation of the secure Wireless Portal, but it does seem like implementing one could provide a public and secure wireless connection.

Extensible Authentication Protocol (EAP) Method Requirements for Wireless LANs, D. Stanley, Agere Systems, J. Walker, Intel Corporation, B. Aboba, Microsoft Corporation
http://tools.ietf.org/html/rfc4017
- The IEEE 802.11i MAc Security Enhancements Amendment relies on the Extensible Authentication Protocol. This Request For Comment (RFC) defines the requirements for EAP.

Wikipedia for PKI (public key infrastructure) - http://en.wikipedia.org/wiki/Public_key_infrastructure

Recon and Attack Tools, wi-foo.com http://www.wi-foo.com/index-3.html -
A list of resources for testing wireless vulnerability. - A long list of tools used for Wireless hacking. Includes sniffers, decrypters, and signal strength monitors. The tools mentioned in the two articles above are available here.

http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol -
Wikipedia entry for EAP - A general overview of EAP, a shrunken down version of the RFC above.

http://blogs.zdnet.com/Ou/?p=67 -
Understanding the updated WPA and WPA2 standards by George Ou - Another overview of the new WPA and WPA2 standards, explaining the change from supporting a single EAP standard to five EAP Standards, and the resulting confusion in the industry.