International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469 WIRELESS USB AND SECURITY OF USER DATA Department of Computer Science and Applications Panjab University SSG Regional Centre Hoshiarpur (Pb.) ABSTRACT: The Wireless USB is high-speed wireless personal interconnects technology to meet the needs of various users. Wireless USB is a high speed and high-bandwidth communication protocol. It has a capacity of sending data 480Mbit/s at distance up to 3 meters. In this paper security algorithms for Wireless USB are discussed. Experiments have been conducted to check the password strength. Nowadays almost all the Wireless USB devices are using WEP, WPA, WPA2, WPA-PSK, WPA2-PSK security protocols. But these protocols are prone to various threats. So security of the user data also depends upon the strength of the passwords. Experiments show how the security also depends upon the strength of the passwords. If it is weak then it can be easily found. Other available wireless technology such as Bluetooth, ZigBee, Wi-Fi and WiMAX are also discussed in this paper. Keywords: Wireless USB, Bluetooth, ZigBee, WiMAX [1] INTRODUCTION Wireless USB protocol is created by the Wireless USB promotion group. Wireless USB is a high speed, short-range and high-bandwidth communication protocol [1]. The Universal Serial Bus (USB) is very successful in PC history. It is the de facto interconnect for PCs, consumer electronics (CE) and mobile devices. Wireless USB is based on wired USB, so this technology can easily migrated with wired USB solutions [2]. It has a capacity of sending data 480Mbit/s at distance up to 3 meters. Further it can send data with a speed of 11Mbits/s up to 10 meters. Its working frequency range is 3.1 GHz to 10.6 GHz. Main goals of this 183
WIRELESS USB AND SECURITY OF USER DATA protocol is to meet the needs of mobile devices, consumer electronics and pc peripherals. Wireless USB is mainly used in printers, scanners, game devices and portable media players [1][3]. A main use of Wireless USB devices in case of offices and homes is given below in the table 1: Table 1 Wireless USB Devices in case of Home a) MP3 Players b) Gaming Consoles c) External Hard Disks d) Digital Cameras and Camcorders e) Set Top Boxes and Home Entertainment Wireless USB Devices in case of Office a) Scanner b) Printers c) Personal Digital Assistance(PDA) d) PC camera e) Speakers [2] WORKING OF WIRELESS USB It works on the top of traditional Wired USB. Main component of the Wireless USB is radio and antenna system. Wireless USB mainly uses Ultra-wideband (UWB) technology which operates in frequency range of 3.1 to 10.6 GHz. Main advantage of UWB is the low power consumption., So it is useful in portable devices. Key feature of the UWB is that it transforms the information over on a large bandwidth. Therefore it can share spectrum with the other users also. Main application areas of UWB are sensor data collection and tracking applications [4][5]. Wireless USB uses Hub and Spoke topology. In this topology wireless host sits at the centre and the connected devices sits at the end of the spoke as shown in the figure 1 given below. Figure 1 Hub & Spoke Topology Wireless USB follows polled, TDMA based protocol. Each Data transfer has three parts, token, data and handshake. UWB has also two layers PHY and MAC. PHY layer checks header and main functions of MAC layer are encryption/ decryption and synchronization [1] [11]. [3] ADVANTAGES OF WIRELESS USB: 184
International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469 A Main disadvantage of wired USB is that use of wires is restrictive. Once wires are plugged in a device, we cannot move that device freely. Users which are using wireless USB can move freely from one place to other. It is difficult to handle multiple wires simultaneously if they are connected to same device. If we want to remove a component or want to reconfigure it then it creates hassles. But this problem is not there in case of Wireless USB. Currently main wireless available solutions are Bluetooth and Wi-Fi. But Bluetooth cannot be used in internet applications which need high speed internet connectivity. Disadvantage of Wi-Fi is that Wi-Fi technology is very expansive and Wi-Fi devices consume much power. Main Benefits of Wireless USB are: 1. It provides speed up to 480 Mbps as compared to Bluetooth technology. 2. It has low cost implementation as compared to Wi-Fi. 3. It is compatible with majority of USB drivers and firm wares. 4. Its plug and play feature reduces time and money of the users. Its plug and play capability is similar like wired USB. 5. Wireless USBs are compatible with majority of wired devices [3]. [4] OTHER MAIN WIRELESS TECHNOLOGIES: The Wireless technology and networks allow devices to communicate with each without needing wires. Main wireless technologies are given below: a) Bluetooth (IEEE 802.15.1) Bluetooth technology is used to transfer data over short distances. This technology is used in many consumer devices ex in smart phones and tablets. Nowadays many wireless speakers use this technology. It is a low power wireless technology and can be used to stream audio and transfer of data over small distances. Bluetooth technology has two flavors: a) Low Energy (LE) b) Basic Rate/Enhanced Data Rate (BR/EDR). Bluetooth technology is supported by many operating systems such as windows, Linux, Android and IOS [6]. b) ZigBee (IEEE 802.15.4) ZigBee is gaining popularity these days. ZigBee is less expansive as compared to other wireless personal area networks. It is an open global standard designed specifically for M2M networks. ZigBee has a low latency and low duty cycle which increases the battery life of devices. For security purposes this protocol offers 128-bit AES encryption. It can also be used in mesh networks [7]. c) Wi-Fi (IEEE 802.11) Wi-Fi is based on IEEE 802.11 standards. Mainly it is used in devices such as smart phones, tablets, digital cameras, printers and smart-tvs. In Wi-Fi network radio waves are used transmit the data within the range of the network. Main two components of this technology are WLAN and wireless access points. It operates in 2.4GHz radio band [8]. d) WiMAX (IEEE 802.16) WiMAX means Worldwide Interoperability for Microwave Access. It was initially designed to provide 30 to 40 megabits/s data rates. This technology can be used both indoors and outdoors [9]. 185
WIRELESS USB AND SECURITY OF USER DATA [6] A COMPARISON OF VARIOUS AVAILABLE WIRELESS TECHNOLOGIES Some of the available wireless technologies are shown in the table given below: Paramete r Bluetooth Distance 10-100m(ap p.) Frequency Range 2.4 to 2.485 G Hz ZigB ee 10 100 m 2.4 GHz Wi- Fi 20-50 m 2.4 or 5 GHz WiM AX 50-km radius from base station 2 to 11 GHz and 10 to 66 GHz Wirele ss USB 10-50 m 3.1-10.6GHz Bandwidth 2 Mbps 20Kbp s - 250 Kbps 54 Mbps 30 Mbs - 40Mbs 110Mbs - 480Mbs Modulatio n Schema GFSK, 8DPSK DSSS, BPSK, OQPS K OFD M MIM O- SOFD MA MB- OFDM Figure 2 Various Wireless Technologies Main parameters which are chosen for the comparison of the wireless technologies are Distance, Frequency Range, Bandwidth and Modulation Schema. For short distance communication between the two devices Bluetooth, ZigBee and Wi-Fi and Wireless USB can be used. WiMAX technology covers the large area as compared to these technologies. Frequency Ranges of the different technologies are also shown in the table. Data transfer speed of the Wireless USB is high as compared to other technologies [6][7][8][9]. [6] WIRELESS USB SECURITY Wireless USB is based on ultra wide band (UWB). In any wireless technology data is transferred in open air, so there is possibility that this data is available to other wireless users also. Malicious users can use this data and information for their benefit. There security is an important issue in case of wireless USB. Encryption algorithms are used to make secure association between wireless USB and host computer. User data is encrypted before it is transferred into the air. First time association between wireless USB device and host computer must be trusted. It means only authorized devices are allowed to communicate with each other. Unauthorized users will be prevented from the communication. Similarly in an environment when there are multiple wireless USB devices and multiple Wireless USB hosts are there, then there is need that which devices are allowed to communicate with each other. Due to short range nature of the wireless USB users must be in close proximity of the wireless USB network [10]. According to Amazon some of the well-known wireless USB devices and security protection protocols used by these are given below: S.N. Wireless USB Security 186
International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469 1. Panda PAU09 WEP 64/128bit, WPA, WPA2 (TKIP+AES) encryption 2. BrosTrend AC1 WPA2- Personal 3. NET-DYN 300M 4. TP-Link AC450 Archer T1U 5. Edimax EW- 7811Un WPA/WPA2/WEP 64/128-bit WEP, WPA/WPA2, and WPA- PSK/WPA2-PSK encryption standards 64/128 bit WEP Encryption and WPA-PSK, WPA2-PSK Figure 3 Various Wireless Security Protocols From the table it is clear that almost all the Wireless USB devices are using WEP, WPA, WPA2, WPA-PSK, WPA2-PSK security protocols. Wireless USB security settings in case of TPLINK are shown below. Figure 4 Security Settings in TPLINK In case of TPLINK users have following choices for security: None, using WEP, WPA/WPA2, and WPA-PSK/WPA2-PSK. Main wireless security protocols which are supported by these devices are: Wired Equivalent Privacy (WEP): This protocol was introduced in 1997 along with 802.11 standards. It was used to provide confidentiality. It uses three types of encryption 64-bit, 128- bit and 256-bit. Majority of router uses 128-bit encryption algorithm. But sooner much vulnerability was found in WEP[12]. Security researchers used these vulnerabilities to crack WEP easily. Later many upgrades and fixes for these protocols were given, but still this protocol is easy to penetrate. But many older devices and routers still use this security protocol. So it is better to activate it than co protection at all. Working of WEP: WEP perform Cyclic Redundancy Check operation on plaintext, and then this CRC value is concatenated with plaintext. Secret key value is concatenated with Initialization Vector (IV). 187
WIRELESS USB AND SECURITY OF USER DATA Then with the help of RC4 keystream is generated. Plaintext and CRC value then XOR ed with keystream to generate ciphertext. The same Intialization Vector (IV) is then added before ciphertext. This data with frame header is then transmitted over the air. Drawbacks of WEP: main drawbacks of WEP are small initialization vector and weak RC4 algorithm [13]. Wi-Fi Protected Access (WPA): WPA Protocol was introduced to overcome the vulnerabilities of WEP. It was intermediate remedy to wireless network. This security protocol provides strong security of data as compared to WEP. But for using WPA all the devices must be configured for WPA. Working of WPA: WPA security protocol use Temporal Key Integrity Protocol (TKIP) for encryption. KIP has four additional algorithms. a) A per packet key mixing function b) rekeying mechanism c) extended initialization vector d) message integrity check For strong authentication WPA use 802.1x and Extensible Authentication Protocol (EAP)[17]. Drawbacks of WPA: passphrase is prone to dictionary attack, vulnerabilities in TKIP protocol [13]. WPA2: WPA2 standard is successor to WPA. This protocol was introduced in 2004. This standard is used widely nowadays. It uses Temporal Key Integrity Protocol (TKIP) for message integrity. WEP uses Cyclic Redundancy Check (CRC). TKIP is much stronger than CRC. WPA2 replaces the RC4 cipher and TKIP with two stronger encryption and authentication mechanisms: the Advanced Encryption Standard (AES) and Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), respectively. Drawbacks of WPA2: AES 128 bit protocol is breakable. WPA2 is prone to deauthentication, Disassociation, and DoS(Denial of service) attacks [15][16]. WPA-PSK: Wi-Fi Protected Access Pre-Shared Key (WPA-PSK) is a variation of WPA security protocol. It can be used in home as well as in small office networks. It is used to authenticate and validate Wi-Fi connection. In this case password can have 8 to 63 characters. Based on this 256 character key is generated which is shared by both the devices for encryption and decryption. If WPA-PSK is used with TKIP then dynamic 128 bit encryption key is generated for each packet. WPA-PSK can also be used with AES. Drawbacks of WPA-PSK: Using WPA-PSK with TKIP is vulnerable. Password can be cracked during the four way handshake [16]. From the above discussion it is clear that all the above said protocols need strong passwords for the security of the wireless network. Checking the strength of passwords: We have conducted various experiments for checking the password strength of wireless network. Main steps of Methodology are shown in the figure 5 given below. 188
International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469 Figure 5 Research Methodology Wi-Fi Monitoring: Main tools which can be used for this purpose are NetStumbler, NetSurveyor andwirelessnetview etc. Traffic Analysis: After discovering the wireless network free tool Wireshark can be used to analyze the traffic. Other tools are NetStumbler, Wi-Fi Inspector and Kismet etc. Traffic Capturing: Wireshark, CommView for WiFi tools can be used for traffic capturing. Attacking : To attack a host various wireless attacks such as de-authentication attack, denial of service attack, MITM attack and fragmentation attack etc can be used. Stealing Information: Main tools which can be used are Aircrack,AirSnort,Cain & Able,Kismet and NetStumbler etc. Experiments are conducted using dictionary attack. Case a: In case of simple password. (WPA2- PSK) Password Length: 8, only numbers 1 to 8 are used. We have the following snapshot: Figure 6 Case b: When password consist of only 8 characters 189
WIRELESS USB AND SECURITY OF USER DATA Figure 7 Case c: When password length is 11 characters. Combination of 8 characters and 3 numbers is used. Figure 8 Case d: Password length is 11. It is combination of 8 characters, 1special characters and 2 numbers. Figure 9 Cracking of the password also depends upon the computation power of the system. For example if we are using Aircrack ng on i3 processor then it try 1100Keys /s. But when same experiment was repeated for i7 processor then it can try 5500Keys/s. 190
International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469 S.N. Key Characters Result Case 1: Numbers from 1 to 8 Key found Case 2: 8 characters Key found Case 3: 8 characters and 3 numbers Key found Case 4: 8 characters, 1special characters and 2 Key found numbers Figure 10 [6] CONCLUSION From the experiments figure 10 it is clear that users should use strong passwords. If the password length is big, but it only consist of numbers or characters then it is still easily breakable. But if the password is strong, if it consist of combination of characters, numbers and special characters then it is very difficult to break. For example in Case d it took around 25 minutes to find out the key. According to [18] rules for the strong passwords are: It should contain at least 12 alphanumeric characters. It should have upper and lower case letters. It must contain at least one number (0-9). It must contain at least one special character. Currently wireless USB devices offer same functions as wired USB devices but without needing wires. Use of Wireless USB is very easy for the users. These devices also save time of the users. But at the same time wireless USB are prone to various threats. In order to increase the security users should choose strong passwords for their USB device. And password should be changed time to time. Defending Against various Attacks: a) In case of only WEP option turn on the WEP. b) In case of WEP and WPA using WPA. c) In case of WPA and WPA2 using WPA2. d) Choosing strong passwords e) Changing password in case if it is lost or compromised. f) Changing the password after certain time period. REFERENCES [1] https://en.wikipedia.org/wiki/wireless_usb [2] www.usb.org/wusb/docs/wirelessusb.pdf [3] https://www.scribd.com/document/24343350/wireless-usb-is-a-short-range-high-bandwidth- Wireless-Radio-Communication-Protocol [4] https://www.everythingusb.com/wireless-usb.html. [5] https://wikivisually.com/wiki/ultra-wideband [6] https://en.wikipedia.org/wiki/bluetooth [7] https://en.wikipedia.org/wiki/zigbee [8] https://en.wikipedia.org/wiki/wi-fi [9] https://en.wikipedia.org/wiki/wimax 191
WIRELESS USB AND SECURITY OF USER DATA [10] https://www.everythingusb.com/wireless-usb. [11] http://inno-logic.com/wireless-usb-an-overview.php [12] F. Sheldon, J. Weber, S. Yoo, W. Pan, The Insecurity of Wireless Networks. IEEE Computer Society, vol. 10, no. 4, July/August, 2012, pp. 54-61. [13] Waliullah, Md, and Diane Gan. "Wireless LAN security threats & vulnerabilities." International Journal of Advanced Computer Science and Applications 5, no. 1 (2014) [14] Arana, Paul. "Benefits and vulnerabilities of Wi-Fi protected access 2 (WPA2)." INFS 612 (2006): 1-6. [15] Arana, Paul. "Benefits and vulnerabilities of Wi-Fi protected access 2 (WPA2)." INFS 612 (2006): 1-6. [16] Tsitroulis, Achilleas & Lampoudis, Dimitris & Tsekleves, Emmanuel. (2014). Exposing WPA2 security protocol vulnerabilities. International Journal of Information and Computer Security. 6. 93-107. [17] http://searchmobilecomputing.techtarget.com/definition/wi-fi-protected-access [18] https://www.sans.org/security-resources/policies/general/pdf/password-construction-guidelines 192