Exploring Wi-Fi Security Challenges and Proposing Solutions: The case of Afghanistan

— Wireless networks are the most developed progress than other technologies because of cost-effective, flexibility, mobility, and easy deployment. Despite these benefits, wireless networks suffer from different types of challenges and vulnerabilities. During past decades, IEEE, IETF and, Wi-Fi Alliance Institute developed a lot of wireless security protocols including WEP, WPA, WPA2, WPA3, 802.1x standards. Besides, these protocols bring the most solutions for wireless security challenges, still, these protocols are vulnerable against the different types of attacks and threats (Dictionary attacks and Rogue access points). Thus, in this paper after doing a survey and finding the challenges in the case of Afghanistan, I propose solutions regarding specific challenges. The proposed solutions are Kismet and Snort for rogue-AP and dictionary attack detection and prevention. Since these proposed solutions are implemented in the least cost due to open source and free attitude, the proposed solutions are implementable in every Wi-Fi environment in Afghanistan..


I. INTRODUCTION 1
Wireless networks are the most popular and useful and cost-effective network in the technology world.Wireless networks use waves and radiofrequency for their communication, but wired networks use wire for their communication.Thus the broadcast nature and propagation of radio, wireless networks are usable for both illegal and legal users [1]- [3].This is another difference between wired and wireless networks because the wired networks are usable just and only for those users that are authorized for networks.As Zou and Zhu [3] point out; the open communication environment makes wireless transmissions more vulnerable than wired communications to malicious attacks including both the passive eavesdropping for data interception and the active jamming for disrupting legitimate transmissions [3], [4].

II. WLAN STRUCTURE
Wireless devices with WLAN technology can communicate with each other in two different structures.
Submitted on July 09, 2023.Published on October 03, 2023.S. Zabihullah Mosawi, Kunduz University, Afghanistan.(e-mail: zabi.mosavi64@yahoo.com)M. Qasimi, Kunduz University, Afghanistan.(m.qasimi786@gmail.com) A. Ad-hoc Mode Ad-hoc network known as IBSS [5] in this type of networks all device communicate with each other within the range of each other directly [6], it is provided in 802.11 standards, and called Ad-hoc network (MANET).Every Adhoc network consists of two stations with no central access point for communication [7].This type of network relies on direct communication and this type of network is run by less cost.Because of no central access point, network management and deployment will be easy for users.Besides, it is not suitable for networks that have a large number of devices.

B. Infrastructure Mode
Infrastructure mode or (BSS) is the most useful wireless network against the Ad-hoc networks.This type of network build from clients and access points or WAP [8].Thus, infrastructure mode is suitable in a large scale network.Besides, it has a lot of security features and protocols for securing the clients and access points [9]- [13].

5) Use of security mechanism among Afghan's users
Fig. 6.Wireless security mechanism among Afghan's users.Regarding the survey, the most using security mechanism is a short password and open and default some of them are using the long password as the password in wireless environments.shows that Afghan's wireless network users are mostly using WEP and WPA1 at second they are using WPA2 and some of them use other security policies.

B. Data Analysis 1) Participant' residence profile
In this survey, we had 100 participants from different universities from different Afghanistan's provinces.In this survey among 100 participants, 75 people were a student of computer science and 25 persons of this survey participants were employees from different sectors.

2) Internet usage among Afghan students and employees
Among 100 participated persons, from 25 employees all of them use the internet, but over 75 participated students only 4 of them do not use the internet but other 71 persons use the internet in their duty or academic research.This evidence showed that the use of the internet is useful among Afghan students and employees.

3) Use of Operating system type among Afghan users
Over 96 persons that gave a positive answer about the use of the internet, 57 students and 17 employees use windows operating system, 8 students and 3 employees use Linux operating system, 4 students and 3 employees use android, one other employee uses another operating system, but none of them use the Unix operating system in their systems.With the result of this survey, we could define that the usage of windows as the close source operating system is useful after that Linux is useful in the second stage and the third useful operating system is belonging to Android among Afghan users.But the strange thing is, Unix with a lot of capabilities, strongest security and fast performance does not have user among Afghan's users.

4) Use of the internet environment
Among 96 persons of the participant, 51 students and just 2 employees use the internet in universities, 19 employees and just 2 students use the internet in offices, 12 students and 3 employees use the internet in the homes and finally, 6 students and just 1 employee use the internet in business environments.

5) Use of security mechanism among Afghan users
Among 96 participants, 16 students and 4 employees use open, 5 students and no employee use the default, 47 students and 19 employees use a short password and 3 students, and 2 employees use a long password security mechanism.This evidence showed that use of open, default as well as short password security mechanism tell the truth of wireless vulnerabilities among Afghan' users.It is not good news for the people who want to investigate wireless security.As the network has a connection among every device in every place, it will be dangerous to another device even in other countries because intruders use from public IP of Afghan users target the outside users, so the security of devices in Afghanistan is relevant to devices in other countries.

6) Use of wireless security protocol among Afghan's users
Among 96 people, 33 students and 4 employees use WEP, 17 students 19 employees use WPA/TKIP, 8 students, and only one employee use WPA2/AES and finally, 3 students and one employee use other security policy in their networks.
Thus, it is clear that WEP is the first, WPA/TKIP is at second and WPA2/AES is at the third position of using wireless security protocols among Afghan users.This is also bad news because WEP and WPA/TKIP are the most vulnerable security protocols among the mentioned three protocols, even WPA2/AES.

IV. FINDING CHALLENGES
A. WPA2 Authentication challenges WPA2 is vulnerable against different malicious attacks [14] in term of authentication because it is vulnerable against handshake capture and dictionary attacks, this means WPA2 does not have a good authenticity and access control [15], and IEEE propose 802.1x for making strong authentication but existing 802.1x system in Afghanistan use LEAP/MSCHAP within Linksys product for authentication.LEAP/MSCHAP uses the simple username and password as same as Windows operating system [15] and this is also vulnerable against dictionary offline attack [5].According to my survey; 8 students and one employee use WPA2/AES-CCMP to their systems in Afghanistan.So, it means with the use of existing 802.1x our wireless networks are also vulnerable in terms of authenticity and access control.In the following experimental study, I will show that WPA/WPA2 key cracking is very easy and after running some command and copying dictionary file that contains more than 40 million passwords will crack WPA/WPA2 within minutes.

C. Proposed Solutions
In traditional infrastructure wireless networks, we only have an access point and some clients [16].The access point has the authorization and authentication right for clients.Every time the access point sends a request packet to the client and client response to access point requests, this process continues through a client find authentication and association.But in the proposed solution, we have three elements, client (Supplicant), an access point (Authenticator) and FreeRADIUS (Authentication server).Well, the proposed solution is useful not only for the best authentication but also for the best access control, because in this scenario the clients after passing long security with the cooperation of FreeRADIUS and the access point could authenticate.The proposed solution is illustrated in the following picture with the comparison table.

D. Challenge two
Mostly wireless networks suffer from illegitimate access point by the name of the rogue access point.The rogue access point is mostly installed by illegal users without permission from network administrators.Generally rogue access points are in two types: Those wireless routers that act as the rogue access point and directly connect to one of Ethernet ports of legitimate wireless access points on the wall and the second one are the fake access point installed on a laptop, it means there are a lot of free tools that act as an access point that has two ports; one for direct connection to legal access point other for the attack.While rogue access point configured in the range of legitimate access point, the users think it is the real access point, they want to connect, during connecting to the rogue access point and attacker sniffs its MAC address and uses for hacking to another part of the network.

E. Proposed Solutions
In the proposed design, normally every client communication with each other, but besides legal Accesspoints and other network elements, we have WIDS/WIPS for the rogue Access-point detection and prevention.For this purpose, we are going to use Kismet.Kismet shall monitor the wireless area passively.If it detects any rogue accesspoint the wireless administrator can decide to drop or deny.Kismet software is almost available in all Linux distros and it is free, so I am eager to use it as network monitoring software for detecting rogue access points.After finding of rogue access point we can deny its MAC address into the server or legitimate access point.For the installation and configuration of kismet, the following commands are necessary.

1) Sudo apt-get install kismet
The Kismet installation is the same as other open-source software, after a lower time, the Kismet will be installed successfully, so to use Kismet we must run the following command.This is the Kismet monitoring screen, it continuously monitors the wireless network and shows the available APs, if any APs with duplicate SSID find, the wireless administrator can get its MAC address and deny it in other places like server or wireless routers.It is the most important point of Kismet because when the Kismet finds any APs, it gets a chance to network manager to see how many clients are connected to find APs.

V. RESULT
WPA2 the latest version of wireless security has strong encryption.It means it has strong integrity and confidentially, but it has challenges in terms of authenticity and access control, thus the proposed solution was the Freeradius server because it used EAP-TLS for authentication and bring strong capability in term of access control.The other effect of this solution is that the Freeradius server is available and free in every Linux Distro with less cost it could be implemented from SOHO to large networks, due to this it is implementable in Afghanistan.
Wireless security protocols also have a problem in terms of the link layer and a lower layer; therefore, the next solution is kismet because this mentioned free software work as WIDS and detect and protect wireless networks against malicious software and attacks in the lower layer.As well as with the use of kismet we could be able to detect and prevent rogue access points.

VI. CONCLUSION
In conclusion in this paper after the survey and experimental study, we categorized the wireless security challenges in two sections in Afghanistan.The first challenge was about the use of WPA2 and 802.1x, because these protocols has the biggest problem in term of authentications, but in this paper, I proposed Freeradius server, Freeradius use apache2, SQL-server, PHP and phpmyadmin for user addition, deletion and management, so it could be very safe against intruders that target the wireless authenticity and access control.And Rogues access point is another challenge in wireless networks and use the same name as a legitimate access point, so it will be impossible for legal users to categorize which one is legal and which one is illegal.For this purpose, I propose kismet open-source software for the detection and prevention of rogue access points.Finally, with the use of the mentioned solution besides wireless security, we will provide better security in WLAN, but still, it is impossible to see the WLAN is 100% secure because attacking resources and preventing and managing the resources is a continuous process.

Fig. 1 .
Fig. 1.Wireless Ad-hoc modes.Wireless network communication without the use of central access point (IBSS).

Fig. 2 .
Fig. 2. Wireless infrastructure modes.Wireless network communication with the use of central access point (BSS).Access point connected the wireless networks and wired networks in one central point.

Fig. 3 .
Fig. 3. Participant residence profile.In this survey, 100 persons participated that 75 of them were students from different universities and 25 were employees in the Afghanistan government's offices.

Fig. 3 .
Fig. 3. Internet usage among Afghan students and Employees.Among 25 of the employees all of them use the internet but from 75 of students 71 of them were able to use the internet and 4 of them did not use the internet because of unknown reasons.

Fig. 4 .
Fig. 4. Operating system usage among Afghan's users.Afghan technology users at first mostly use windows operating systems because of the Graphical user interface and a second they are using Linus and at third they are using Android OS and IOS.

Fig. 5 .
Fig. 5. Use of the internet environment.The survey has shown that at first most of the students use the internet in universities and second they are using the internet in offices and at third, they are using the internet in homes and business environments, but most of Afghan's employees use the internet in offices and universities.