2174
Wireless LAN Setup and Security Loopholes
Most existing small deployments mapped by war
drivers do not enable the security features on
products, and many access points have had only
minimal changes made to the default settings.
Unfortunately, no good solution exists to this
concern. Software tools like NetStumbler allow
network administrators to wander their building
looking for unauthorized access points, though it
i s q u i t e a n ef f o r t t o w a n d e r i n t h e b u i l d i n g l o ok i n g
for new access points. Moreover, monitoring tools
will also pick up other access points in the area,
which may be a concern if two or more organi-
]DWLRQVDUHVKDULQJWKHVDPHEXLOGLQJRUDÀRRU
Access points from one organization may cover
SDUWRIDQRWKHURUJDQL]DWLRQ¶VÀRRUVSDFH
DoS (Denial of Service) Attacks
Wireless networks based on 802.11b have a bit
rate of 11 Mbps, and networks based on the newer
802.11a/g technology have bit rates of up to 54
Mbps. This capacity is shared between all the us-
ers associated with an access point. Due to MAC
layer overhead, the actual effective throughput
tops at roughly half of the nominal bit rate. It is
not hard to imagine how local area applications
might overwhelm such limited capacity, or how
an attacker might launch a denial of service attack
on the limited resources. Radio capacity can be
overwhelmed in several ways. It can be swamped
E\WUDI¿FFRPLQJLQIURPWKHZLUHGQHWZRUNDWD

rate greater than the radio channel can handle. If
DQDWWDFNHUZHUHWRODXQFKDSLQJÀRRGDWWDFNLW
could easily overwhelm the capacity of an access
point. Depending on the deployment scenario,
it might even be possible to overwhelm several
access points by using a broadcast address as
WKHGHVWLQDWLRQRIWKHSLQJÀRRG)LJXUHVKRZV
a SLQJÀRRGDWWDFNDQGWKHQHWZRUNXWLOL]DWLRQ
graph for a victim wireless node.
$WWDFNHUVFRXOGDOVRLQMHFWWUDI¿FLQWRWKHUDGLR
network without being attached to a wireless ac-
cess point. The 802.11 MAC is designed to allow
multiple networks to share the same space and
radio channel. Attackers wishing to take out the
ZLUHOHVVQHWZRUNFRXOGVHQGWKHLURZQWUDI¿FRQ
the same radio channel, and the target network
ZRXOGDFFRPPRGDWHWKHQHZWUDI¿FDVEHVWDVLW
could. DoS attacks could, thus, be easily applied
WR ZLUHOHVV QHWZRUNV ZKHUH OHJLWLPDWH WUDI¿F
cannot reach clients or the access point because
LOOHJLWLPDWHWUDI¿FRYHUZKHOPVWKHIUHTXHQFLHV
Some other DoS attacks are 7&36<1ÀRRGLQJ
Smurf attack, and fraggle attack. Distributed
Figure 8. Network utilization (y-axis) vs. time (x-axis) graph that shows the target equipment status
GXULQJDQGDIWHUWKHSLQJÀRRGDWWDFNQRWHWKDWWKHJUDSKGURSVDIWHUDWWDFN
2175
Wireless LAN Setup and Security Loopholes
DoS attacks can do greater damage to network
resources. Some performance complaints could
EHDGGUHVVHGE\GHSOR\LQJDWUDI¿FVKDSHUDWWKH

point at which a wireless LAN connects to the
network backbone. While this will not defend
against denial of service attacks, it may help
prevent heavy users from monopolizing the radio
resources in an area.
0$&6SRR¿QJ
In 0$& VSRR¿QJ WKH DWWDFNHU FKDQJHV WKH
manufacturer-assigned MAC address of a wireless
adapter to the MAC address he wants to spoof,
say by using tools like Mac Makeup software
(Mac Makeup, 2005). Attackers can use spoofed
IUDPHVWRUHGLUHFWWUDI¿FDQGFRUUXSW$53WDEOHV
At a much simpler level, attackers can observe
the MAC addresses of stations in use on the net-
work, and adopt those addresses for malicious
transmissions. To prevent this class of attacks,
user authentication mechanisms are being devel-
oped for 802.11 networks. By requiring mutual
authentication by potential users, unauthorized
users can be kept from accessing the network.
Mac Makeup software can be used to do the MAC
VSRR¿QJDVVKRZQLQ)LJXUH
7KH0$&VSRR¿QJDWWDFNFDQEHVKRZQDVLQ
the outlined three steps in Figure 10. Attackers
can use spoofed frames in active attacks as well.
In addition to hijacking sessions, attackers can
exploit the lack of authentication of access points.
Figure 9. Mac Makeup software. One can enter the MAC address to spoof and press Change button to
change the original MAC address. Later, by pressing the Remove button, the original MAC address can
be restored.

)LJXUH0$&VSRR¿QJDWWDFN6WHSVWRDUHIROORZHGE\WKHDWWDFNHU
2176
Wireless LAN Setup and Security Loopholes
$FFHVVSRLQWVDUHLGHQWL¿HGE\WKHLUEURDGFDVWVRI
Beacon frames. Any station that claims to be an
access point and broadcasts the right service set
LGHQWL¿HUZLOODSSHDUWREHSDUWRIDQDXWKRUL]HG
network. Attackers can, however, easily pretend
to be an access point because nothing in 802.11
requires an access point to prove that it really is
an access point. At that point, the attacker could
potentially steal credentials and use them to gain
access to the network through a man-in-the-
middle (MITM) attack. Fortunately, protocols
that support mutual authentication are possible
with 802.1x. Using methods based on transport
layer security (TLS), access points will need to
prove their identity before clients provide authen-
tication credentials, and credentials are protected
by strong cryptography for transmission over the
air.
Disassociation and Session
Hijacking Attack
%\FRQ¿JXULQJDZLUHOHVVVWDWLRQWRZRUNDVDQ
access point, attackers can launch more effective
'R6DWWDFNV7KH\FDQWKHÀRRGWKHDLUZDYHVZLWK
continuous disassociate commands that compel
all stations within range to disconnect from the
wireless LAN. In another variation, the attacker’s
malicious access point broadcasts periodic disas-

sociate commands that cause a situation where
stations are continually disassociated from the
network, reconnected, and disassociated again.
Session hijacking is said to occur when an attacker
causes the user to lose his connection, and the
attacker assumes his identity and privileges for
a period. An attacker temporarily disables the
user’s system, say by DoS attack or a buffer over-
ÀRZH[SORLW7KHDWWDFNHUWKHQWDNHVWKHLGHQWLW\
of the user. The attacker now has all the access
that the user has. When he is done, he stops the
DoS attacks and lets the legitimate user resume.
The user may not detect the interruption if the
disruption lasts no more than a couple of seconds
or few minutes. Such hijacking can be achieved
by using a forged disassociation DoS attack, as
explained above.
7UDI¿F$QDO\VLVDQGEavesdropping
Unlike in wired networks, a major problem with
w i r el e s s n e t w o r k s i s t h e e a s e of s i g n a l i n t e r c e p t i o n .
Signals are broadcast through the air, where any
UHFHLYHUFDQLQWHUFHSW7UDI¿FFDQEHSDVVLYHO\
observed without any protection. The main risk is
that 802.11 does not provide a way to secure data
in transit against eavesdropping. Frame headers
are always unencrypted and are visible to anyone
with a wireless network analyzer. Security against
eavesdropping was supposed to be provided by
WEP (as discussed earlier). WEP protects only
the initial association with the network and user

data frames. Management and control frames are
not encrypted or authenticated by WEP, leaving
an attacker wide latitude to disrupt transmis-
sions with spoofed frames. If the wireless LAN
is being used for sensitive data, WEP may very
ZHOOEHLQVXI¿FLHQW,WLVWKHUHIRUHUHFRPPHQGHG
to employ strong cryptographic solutions like
SSH, SSL and IPSec. These were designed to
transmit data securely over public channels, and
have proven resistant to attack over many years,
and will almost certainly provide a higher level of
security. However, even when data is encrypted,
attacker can gain insight about the meaning
of the data by observing some properties such
as message sizes, communication parties, and
sequence of encrypted back-and-forth conversa-
WLRQ 7KLV WHFKQLTXH LV FDOOHG WUDI¿F DQDO\VLV
and can be effective (Frank, Sandeep, Golden,
& Loren, 2005).
ARP Poisoning
In order to perform ARP poisoning, two desktop
computers and one laptop can be used as shown in
Figure 11. The two desktop computers (Computer
A and Computer B) can act as the victims while
the laptop (Computer C) can act as the attacker.
2177
Wireless LAN Setup and Security Loopholes
A can be the source while B can be the destina-
tion. C can be equipped with the Ethereal (2005)
packet capturing software and the ARP poisoning

software known as Cain and Abel (2005).
In ARP poisoning, an attacker can exploit
$53FDFKHSRLVRQLQJWRLQWHUFHSWQHWZRUNWUDI¿F
between two devices in the WLAN. For instance,
OHWXVVD\WKHDWWDFNHUZDQWVWRVHHDOOWKHWUDI¿F
between computer A and B. The attacker begins
E\VHQGLQJDPDOLFLRXV$53³UHSO\´IRUZKLFK
there was no previous request) to B, associating
his computer’s MAC address with A’s IP address.
Now B thinks that the attacker’s computer is A.
Next, the attacker sends a malicious ARP reply
to A, associating his MAC address with B’s IP
address. Now A thinks that the hacker’s computer
is B.
F i n a l l y, t h e h a c k e r t u r n s o n a n o p e r a t i n g s y s t e m
feature called IP forwarding. This feature enables
the hacker’s machine to forward any network
WUDI¿FLWUHFHLYHVIURP&RPSXWHU$WR%,QVWHDG
of enabling IP forwarding, the attacker has the
choice of drowning Computer B with any DoS at-
tack, so that the communication actually happens
between A and the attacker, whom A thinks to be
Computer B (Mohammed & Issac, 2005).
Operating System Weakness
Another security problem lies in the operating
system. For instance, NetBIOS and SMB services
allow unauthenticated users to create NULL ses-
sions, thus permitting attackers to gain access
to information about the machines they exploit.
These services are enabled by default on Windows

systems. Windows 2000 and Windows XP use
ports 135 through 139, and port 445. When im-
SURSHUO\FRQ¿JXUHG1HW%,26VHUYLFHFDQH[SRVH
FULWLFDOV\VWHP¿OHVRUJLYHIXOO¿OHV\VWHPDFFHVVWR
any hostile party connected to the network. Many
computer owners and administrators use these
VHUYLFHVWRPDNHWKHLU¿OHV\VWHPVUHDGDEOHDQG
writable, in an effort to improve the convenience
RIGDWDDFFHVV:KHQ¿OHVKDULQJLVHQDEOHGRQ
Windows machines, they become vulnerable to
both information theft and certain types of quick-
Figure 11. ARP poisoning. The attacker C monitors the communication between Computer A and B by
getting in between them.
2178
Wireless LAN Setup and Security Loopholes
moving viruses. The same NetBIOS mechanisms
WKDWSHUPLW:LQGRZV¿OHVKDULQJPD\DOVREHXVHG
to enumerate sensitive system information from
Windows NT systems. User and group informa-
tion (usernames, last logon dates, password policy,
etc.), system information, and certain registry keys
may be accessed via a NULL session connection
to the NetBIOS session service. This information
is typically used to mount a password guessing or
brute force password attack against a Windows
NT target.
Flipping Bits
5HVHDUFKKDVSURYHGWKDWDQDWWDFNHUFRXOGÀLS
certain bits (ELWÀLSSLQJLQWKHIUDPHDQGFKDQJH
the integrity check value without the knowledge

of the user. At the receiving end, no error on
tampering would then be reported. Though dif-
¿FXOWWRFDUU \RXWWKLVDWWDFNLWLVSRVVLEOHWRGRLW
and has been proved. Encrypt the 802.11 frames
within layer 3 (network layer) wrappers, so that
any tampering cannot go undetected. IPSec tunnel
or TKIP (temporal key integrity protocol) can be
used to thus strengthen the security.
WLAN SECURITY SAFEGUARDS
Wireless networks can never be security-risk free.
Being risk free is an ideal concept that just does
not exist. But we can try our best to minimize the
possible attacks. Some security steps are listed
here (Held, 2003; Hurton & Mugge, 2003; Issac
et al., 2005).
1. To start with, WEP 104-bit encryption
should be enabled, with possible rotation
of keys. WPA, with TKIP/AES options, can
EHHQDEOHG8SJUDGHWKH¿UPZDUHRQ$3WR
prevent the use of weak IV WEP keys. This
VWURQJHQFU\SWLRQLVWKH¿UVWOLQHRIGHIHQVH
The WEP key shall be a very random alpha-
numeric combination. In order to overcome
the weakness in the current 802.11b WLAN
standard, IEEE Task Group i has come out
with draft version of 802.11i standard. The
802.11i standard explains the usage of 48-
bit IV in temporal key integrity protocol
(TKIP) that helps to minimize cryptographic
attacks against WEP key, brute force attack,

and the weakness of static key. TKIP is a
short-term solution to the WEP key (Walker,
2002). TKIP also helps to prevent undetected
PRGL¿FDWLRQWRWKH:(3NH\E\SURYLGLQJ
an 8-byte message integrity code (MIC).
Furthermore, counter mode cipher block
chaining with message authentication codes
(counter mode CBC-MAC or CCMP), which
will be the long term security solution intro-
duced by 802.11i standard, uses advanced
encryption standard (AES), which encrypts
data in 128-bit chunks using cipher block
chaining (CBC) mode, and provides data
integrity checks via medium access control
(MAC) (Vocal Tech. Ltd., 2003). However,
the emergence of equipments bundled with
the 802.11i standard has yet to step into the
market.
2. Ensure that mutual authentication is done
through IEEE802.1x protocol. Client and
AP should both authenticate to each other.
Implementing IEEE802.1x port based
authentication with RADIUS server (with
PEAP/MS-CHAPv2) can be a second level
of defense.
3. Turn off the SSID broadcast by AP and
FRQ¿JXUHWKH$3QRWWRUHVSRQGWRSUREH
UHTXHVWVZLWK66,'³DQ\´E\VHWWLQJ\RXU
own SSID. Knowledge of SSID can be a
stepping-stone to other attacks.

4. Change default WEP settings, if any. For
example, Linksys AP WAP-11 comes with
default WEP key one: 10 11 12 13 14 15,
default WEP key two: 20 21 22 23 24 25,
default WEP key three: 30 31 32 33 34 35
and default WEP key four: 40 41 42 43 44
45.
2179
Wireless LAN Setup and Security Loopholes
5. I t i s a l wa y s b e t t e r t o c h a n g e t h e d e f a u l t S SI D
VHUYLFHVHWLGHQWL¿HUOLNHWKHQHWZRUNQDPH
IRU:/$1WRDGLI¿FXOWRQH.QRZOHGJH
of SSID itself may not cause direct harm,
EXWLWFDQEHWKH¿UVWVWHSIRUDQDWWDFNHUWR
proceed further.
6. Change the default IP address in the access
point to a different one. For example, CISCO
WAP54G AP comes with a built-in IP ad-
dress 192.168.1.245 and DLink AP DWL-
G730AP comes with a default IP address of
192.168.0.30. Enable dynamic IP addressing
through DHCP.
7. Also, change the default login/password
details for console access that comes along
with an access point. For example, CISCO
WAP54G AP uses a blank username and
WKHZRUG³DGPLQ´DVSDVVZRUG&,6&2
Aironet 350 AP (802.11b) does not use any
login/password by default, and DLink AP
DWL-G730AP comes with a default user

QDPH³DGPLQ´DQGQRSDVVZRUG
 (QDEOLQJWKH0$&¿OWHULQJLQ$3OHYHORU
in RADIUS server, or in both, can tighten
the security more, as there is a restriction
in the use of MAC addresses. Though MAC
VSRR¿QJ FDQ EH D SRVVLEOH DWWDFN 0$&
¿OWHULQJGH¿QLWHO\WLJKWHQVWKHVHFXULW\
9. Positioning and shielding of antenna can
help to direct the radio waves to a limited
space. Antenna positioning can help the
radio waves to be more directed and antenna
shielding, with radio transmission power
DGMXVWPHQWP:WRP:FDQFRQ¿QHLW
to a restricted environment. In order to limit
the transmission range of the AP, shielding
the AP with aluminum foil can be carried
out.
10. Limiting DHCP clients can restrict the
number of clients that can get hooked to the
:/$17KH'+&3VHUYHUFDQEHFRQ¿JXUHG
to limit the number of clients connecting
concurrently. This can prevent an intruder
getting connected when the total number is
used up.
11. Data transmitted over a local wireless link
s h o u l d b e s e c u r e d , a s n o t e d i n Poi n t s 1 a n d 2 .
To secure only the data transmitted over the
wireless link, the dedicated security server(s)
c a n b e pl a c e d a n y w h e r e w i t h i n t h e e n t e r p r i s e
network. Most enterprises are concerned

about preventing unauthorized users from
gaining access to their corporate network
through wireless access points. We recom-
P H QG SXW W L QJD ¿ U HZ DO OE HW ZH H QW KH Z L U HOH VV 
access points and the rest of the enterprise’s
ZLUHOLQHQHWZRUN8VLQJ¿UHZDOOEHWZHHQ
AP and the wired LAN can secure the wired
LAN from further intrusion. Firewall can
EHFRQ¿JXUHGWR¿OWHUEDVHGRQ,3DGGUHVV
port numbers, MAC address, and so forth.
12. Enabling of accounting and logging can help
to locate and trace back some mischief that
could be going on in the network. Preven-
tive measures can then be taken after the
SUHOLPLQDU\DQDO\VLVRIWKHORJ¿OH$OORZ
UHJXODUDQDO\VLVRIORJ¿OHVFDSWXUHGWRWUDFH
any illegal access or network activity.
13. Using an intrusion detection software can
help to monitor the network activity in real
time. Using an intrusion-prevention soft-
ware can, to some extent, prevent access
to intruders. It would thus be suggestive to
use monitoring tools to police the activities
on WLAN like intrusion and rogue access
points. One such example would be IBM’s
Distributed Wireless Security Auditor,
which can be accessed at
earch.
ibm.com/gsal/dwsa/. Even big enterprises can
EHEUHDFKHGLIHPSOR\HHVZLWKLQWKHRI¿FHVHW

up rogue APs themselves, or if they turn their
wireless laptops into what is known as soft APs.
Using commonly available freeware tools such as
Host AP, which can be accessed at
h t t p : / / h o s t a p .
HSLWHVW¿D
laptop wit
h a wireless card can be
transformed into an access point, allowing
2180
Wireless LAN Setup and Security Loopholes
anyone within range to connect through the
laptop’s wired ethernet connection. In any
case, an intelligent WLAN monitoring tool
can help to locate suspicious activities.
14. Implement VPN on WLAN. VPN technol
-
ogy has been used successfully in wired
networks, especially when using Internet
as a physical medium. This success of VPN
in wired networks and the inherent secu-
rity limitations of wireless networks have
prompted developers and administrators
to deploy VPN to secure wireless LANs.
IPSec tunnel can thus be implemented for
communication between nodes.
15. Use
honey pots or fake APs in the regular
network to confuse the intruder so that
he/she gets hooked to that fake AP without

achieving anything. Thus, the NetStumbler
WLAN detection software, if used by the
hacker, would then list the fake AP, and could
get him/her into wasting his/her time.
16. The security management of the access
points can be made better, especially when
the WLAN deployment is large, with many
AP installations across a campus. In such a
VLWXDWLRQVHFXULW\FRQ¿JXUDWLRQDQGRWKHU
policies need to be done on individual APs,
and that can be a hassle when the number
of APs increase. We propose to make the
APs less intelligent from what it is now,
and to have an intelligent central switch to
FRQWURODOLPLWHGVHWRI$3VFRQ¿JXUDWLRQ
policy, and security settings, like in any
client-server environment. For example,
let us say the ratio be one intelligent switch
for n less-intelligent access points. Hence,
the management of security settings can be
done centrally.
17. Access points need to be secured from un
-
authorized access. In this case, the access
point network, and in particular the wireless
devices on it, may still be accessible by any
device within range. To prevent unauthor-
ized devices from communicating with other
devices and resources, we recommend using
DFFH V VSRL QW V Z LW KEXL OWL QSURW RF RO¿OWHU LQJ

(such as the Cisco Aironet Series), similar
WR¿UHZDOORSHUDWLRQ
18. Physical security is also important, and steps
can be taken to limit the physical access to
any networking resources (say by locking
it within a box or within a room), thereby
preventing other forms of attacks.
19. Enabling
ELRPHWULF¿QJHUSULQWDXWKHQWLFD-
tion on the top of existing schemes can really
tighten the security, especially for accessing
super-sensitive data.
CONCLUSION
Although we cannot make any network fully
secure, we can try our best to minimize the
anticipated attacks. A wireless LAN security
checklist would include checking on features like
access control, access point, antenna operation,
DXWKHQWLFDWLRQ HQFU\SWLRQ ¿UHZDOO QHWZRUN
scan, physical security, SNMP, and VPN. The
challenge ahead is to make the network and sys-
tem administrators security conscious; thereby,
allowing them to use the highest level of security
in an implemented wireless LAN. Many a time,
ignorance holds the key to various information
thefts and other attacks, and eventual loss to
businesses in hefty sums. The authors feel, as a
general precaution, that an intelligent intrusion,
detection, or prevention software can help locate
many mischiefs in a wireless network.

REFERENCES
Arbaugh, W. A. (2001). An inductive chosen
plaintext attack against WEP/WEP2. IEEE
Document 802.11-01/230. Retrieved July 20, 2005,
from />ments/index.html
2181
Wireless LAN Setup and Security Loopholes
Arbaugh, W. A., Shankar, N., & Wan, Y. C. J.
(2001). Your 802.11 wireless network has no
clothes. Retrieved July 20, 2005, from http://www.
cs.umd.edu/~waa/wireless.pdf
Badrinath, B. R., Bakre, A., Imielinski, T., & Ma-
rantz, R. (1993). Handling mobile clients: A case
for indirect interaction. In Proceedings of the 4
th
Workstation Operating Systems, CA, USA.
Borisov, N., Goldberg, I., & Wagner, D. (2001).
Intercepting mobile communications: The in-
security of 802.11. Published in Proceedings of
the Seventh Annual International Conference on
Mobile Computing and Networking. Retrieved
July 20, 2005, from keley.
edu/isaac/mobicom.pdf
Cain & Abel software. Retrieved August 15, 2005,
from
Cam-Winget, N., Housley, R., Wagner, D., &
:D O NH U-   6 HF X U LW \ ÀDZ VL Q  G DW D OL Q N
protocols. Communications of the ACM, 35-39.
Campbell, P., Calvert, B., & Boswell, S. (2003).
Security+ guide to network security fundamen-

tals. CA: Thomson Course Technology.
Chan, F., Ang, H. H., & Issac, B. (2005). Analysis
of IEEE 802.11b wireless security for university
wireless LAN design. Proceedings of IEEE Inter-
national Conference on Networks (ICON 2005),
Malaysia (pp. 1137-1142).
Chen. T. (2005). Signaling for secure and ef-
¿FLHQW4R6DZDUHPRELOLW\VXSSRUWLQ,3EDVHG
cellular networks., MSc Thesis. Retrieved August
7, 2005, from />chen_tianwei.pdf
DriftNet software. Retrieved August 10, 2005,
from />Ethereal software. Retrieved August 10, 2005,
from />EtherPEG software. Retrieved August 5, 2005,
from />Fluhrer, S., Mantin, I., & Shamir, A. (2001). Weak-
nesses in the key scheduling algorithm of RC4.
Paper presented at the Eighth Annual Workshop
o n S el e c t e d A r e a s i n C r y p t o g r a p h y. Retrieved July
25, 2005, from urityfocus.
com/library/rc4_ksaproc.pdf
Frank, A, Sandeep, K. S. G., Golden, G. R., &
Loren, S. (2005), Fundamentals of mobile and
pervasive computing. McGraw-Hill.
freeRADIUS software. Retrieved August15, 2005,
from
Gast, M. (2002) Wireless LAN security: A short
history. Retrieved July 25, 2005, from http://www.
oreillynet.com/pub/a/wireless/2002/04/19/secu-
rity.html
Gast, M. S. (2002). 802.11 wireless networks: The
GH¿QLWLYHJXLGHCA: O’Reilly Media.

Giller, R., & Bulliard, A. (2004). Security Pro-
tocols and Applications 2004: Wired Equivalent
Privacy. Lausanne, Switzerland: Swiss Institute
of Technology.
Held, G. (2003). Securing wireless LANs. Sussex:
John Wiley & Sons.
Hurton, M., & Mugge, C. (2003). Hack notes:
Network security portable reference. CA: Mc-
Graw-Hill/Osborne.
IEEE Recommendation. (2003). Recommended
practice for multi-vendor of access point interop-
erability via an inter-access point protocol across
distribution systems supporting IEEE 802.11
operation, IEEE 802.11F- 2003.
Issac, B., Jacob, S. M., & Mohammed, L. A.
(2005). The art of war driving: A Malaysian
case study. In Proceedings of IEEE International
Conference on Networks (ICON 2005), Malaysia
(pp. 124-129).
LinkFerret Software. Retrieved August 5, 2005,
from />2182
Wireless LAN Setup and Security Loopholes
Mac Makeup software. Retrieved August 15,
2005, from />macmakeup/macmakeup.asp
Microsoft Corporation. (2000). Microsoft help in
Windows 2000 server. Retrieved July 20, 2005,
from
Mohammed, L. A., & Issac, B. (2005). DoS attacks
and defense mechanisms in wireless networks.
In Proceedings of the IEE Mobility Conference

2005 (Mobility 2005), Guangzhou, China (pp.
P2-1A-4).
NetStumbler software. Retrieved August 5, 2005,
from
Packetyzer software. Retrieved July 25, 2005,
from />ucts/packetyzer/
Strand, L. (2004). 802.1X Port-Based Authenti-
cation HOWTO. Retrieved July 15, 2005, from
/>6WXEEOH¿HOG $ ,RDQQLGLV - 5XELQ $ '
(2001). Using the Fluhrer, Mantin, and Shamir
attack to break WEP. AT&T Labs Technical Re-
port TD-4ZCPZZ. Retrieved July 25, 2005, from
/>Vocal Tech. Ltd. (2003). Counter CBC-MAC
protocol (CCMP) encryption algorithm. Re-
trieved July 28, 2005, from al.
com/CCMP.pdf
Walker, J. R. (2000) Unsafe at any key size:
An analysis of the WEP encapsulation. IEEE
Document 802.11-00/362. Retrieved July 20, 2005,
from />ments/index.html
Walker, J. (2002). 802.11 security series Part II:
TKIP. Retrieved July 25, 2005 from http://cache-
www.intel.com/cd/00/00/01/77/17769_80211_
part2.pdf
This work was previously published in Web Services Security and E-Business, edited by G. Radhamani and G. Rao, pp. 1-31,
copyright 2007 by IGI Publishing (an imprint of IGI Global).
2183
Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.
Chapter 7.14
Mobile Code and Security Issues

E. S. Samundeeswari
Vellalar College for Women, India
F. Mary Magdalene Jane
P. S. G. R. Krishnammal, India
ABSTRACT
Over the years, computer systems have evolved
from centralized monolithic computing devices
supporting static applications, into client-server
environments that allow complex forms of dis-
tributed computing. Throughout this evolution,
limited forms of code mobility have existed. The
explosion in the use of the World Wide Web,
coupled with the rapid evolution of the plat-
form-independent programming languages, has
promoted the use of mobile code and, at the same
time, raised some important security issues. This
chapter introduces mobile code technology and
GLVFXVVHVWKHUHODWHGVHFXULW\LVVXHV7KH¿UVWSDUW
of the chapter deals with the need for mobile codes
and the various methods of categorising them.
One method of categorising the mobile code is
based on code mobility. Different forms of code
mobility, like code on demand, remote evalua-
tion, and mobile agents, are explained in detail.
The other method is based on the type of code
distributed. Various types of codes, like source
code, intermediate code, platform-dependent
binary code, and just-in-time compilation, are
explained. Mobile agents, as autonomously mi-
grating software entities, present great challenges

to the design and implementation of security
mechanisms. The second part of this chapter deals
with the security issues. These issues are broadly
divided into code-related issues and host-related
issues. Techniques, like sandboxing, code sign-
ing, and proof-carrying code, are widely applied
to protect the hosts. Execution tracing, mobile
cryptography, obfuscated code, and cooperating
agents are used to protect the code from harmful
agents. The security mechanisms, like language
support for safety, OS level security, and safety
policies, are discussed in the last section. In order
to make the mobile code approach practical, it is
essential to understand mobile code technology.
Advanced and innovative solutions are to be
developed to restrict the operations that mobile
code can perform, but without unduly restricting
its functionality. It is also necessary to develop
formal, extremely easy-to-use safety measures.