Examining Potential Correlations between WLAN Security and Social Statistics

By Joseph Avanzato

In the modern world, the prevalence of personal Wireless Local Area Networks (WLAN) is a given, with WLANs existing in nearly every home and workplace as a means to facilitate WAN connections. The development of WLANs has greatly benefited most, but the nature of the wireless access medium leads to potentially unwanted intruders or eavesdroppers who wish to perform malicious actions utilizing vulnerable WLANs. It is for this reason that most access points have the ability to provide security at various levels, typically provided through either the Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access/2 (WPA2) protocols. Introduced in the original 802.11 standard, WEP was designed to provide confidentiality to wireless exchanges via the use of RC4, a stream cipher. Unfortunately, WEP was found to contain vulnerability in its implementation of RC4 which led to the discovery of a passive key-recovery attack. In response, WPA and WPA2 were introduced, providing greater levels of security in two separate modes known as Temporal Key Integrity Protocol (TKIP) and a CTR with CBC-MAC mode known as CCMP. TKIP implements RC4 with a per-packet key while CCMP utilizes the Advanced Encryption Standard (AES) block cipher in Counter mode with a CBC-MAC integrity check.

Unfortunately, security standards are not everyone’s top priority; in fact, most people would likely not regard their level of Wi-Fi security as an important factor in their life, which is shocking. This blog seeks to merge population data such as mean annual income, property values and crime rates with an assessment of WLAN security levels performed on a per-neighborhood basis in Rochester, NY. The goal of merging this data is to make informed assessments as to whether any type of correlation may exist between these factors and the collected aggregate security levels in order to better direct information and security mechanisms to vulnerable population demographics. WLAN analysis is performed via the use of Acrylic Wi-Fi, a tool similar to Omnipeek or Wireshark with the ability to utilize promiscuous mode on compatible wireless NICs, in our case a D-Link DWA-160 USB adapter with custom drivers. Using a laptop collecting WLAN data strapped into the passenger seat, routes across Rochester’s neighborhoods were navigated in what is known as Wardriving, defined in this case to mean the mobile and passive collection and analysis of Wi-Fi signals. Personal information such as MAC addresses, SSIDs or BSSIDs and IP addresses were discarded upon capture and only pertinent information relating to the available security modes was kept. This manner of collection preserves privacy while still allowing for the necessary analysis.

The exact delineation of a particular neighborhood as given in [2] tends to vary from source to source. In addition, certain neighborhoods are much larger than others and population density varies greatly. To help account for some of these factors, data collection did not follow the neighborhood outlines but instead focused on collecting a reasonable sum of packets from the neighborhood in question. This helped form an accurate picture of each area in order to make informed comparisons between them. Once data is collected for a particular neighborhood, relative percentages are assigned to the various security categories and used as a more explicit means of comparison. In general, figure 1 below demonstrates the neighborhoods of Rochester, N.Y., the focus of this study as given per [2].

1.png

Figure 1. Neighborhood outlines given per [2]

Instead of collecting data for every single neighborhood of Rochester, a sub-set of 10 were analyzed (Represented via numbers in figure 1), with the selected areas listed in figure 2 below. These ten represent a range of disparity in median incomes, crime rates and property values and will help to gain an accurate cross-section of the city for further analysis. The neighborhoods are listed below with their relative data collected and averaged from various sources, ordered according to the travel path given in figure 1 [1,2,3,4,5,6,7]. This data will be used to data to make informed evaluations when cross-referenced with the collected WLAN data, presented further below in this blog.

Neighborhood

Average Property Listing (In Thousands, [1,4,7])

Violent Crimes (~Last 10 Years [3])

Median Income (In Thousands, [4,5,6,7]

  1. Strong

$123

9

$41

  1. Mt. Hope/Highland

$146

4

$34

  1. Ellwanger-Barry

$164

9

$42

  1. South Wedge

$94

10

$37

  1. Center City

$365

42

$53

  1. Upper Falls

$22

73

$23

  1. Mayor’s Heights

$40

26

$31

  1. Plymouth-Exchange

$30

22

$29

  1. Genesee-Jefferson

$35

19

$26

  1. 19th Ward

$58

58

$34

Figure 2. Neighborhoods analyzed along with their associated statistical information

In brief, WLAN data was collected via the previously mentioned Acrylic Wi-Fi utilizing a D-Link USB WLAN adapter functioning in promiscuous mode to properly sniff control packets and non-broadcasting SSIDs. The only data saved in the collection process was the level of security a particular AP had implemented, defined either as WEP-Open, WEP-Shared, WPA or WPA-2. WEP-Open is no different from having no password while WEP-Shared is analogous to using a door with no hinges. An attacker with a very small amount of time in his hands would find it possible to do extreme damage in either scenario, with WPA providing marginal more security and WPA-2 existing as the current standard for WLANs. Technically there exist multiple sub-divisions within WPA or WPA-2 such as the TKIP and CCMP security protocols. CCMP implements a form of AES while TKIP utilizes RC4 and is considered deprecated in newer revisions for the 802.11 IEEE standards. The collected data was arranged in a percentile format, with the results shown in figure 3 below. If a network supported both WPA and WPA-2, only WPA-2 was counted. Most WPA networks allow for either TKIP or CCMP while all WPA-2 WLANs support CCMP with some additionally supporting TKIP. A further breakdown by security protocol in use may be something for future research.

Neighborhood

WEP-Open

WEP-Shared

WPA

WPA-2

  1. Strong

11%

6%

8%

76%

  1. Mt. Hope/Highland

10%

4%

10%

76%

  1. Ellwanger-Barry

14%

5%

9%

72%

  1. South Wedge

12%

3%

9%

76%

  1. Center City

6%

5%

7%

82%

  1. Upper Falls

13%

9%

11%

67%

  1. Mayor’s Heights

11%

12%

7%

70%

  1. Plymouth-Exchange

7%

8%

10%

75%

  1. Genesee-Jefferson

12%

9%

9%

70%

  1. 19th Ward

8%

7%

8%

77%

Figure 3. Relative WLAN Security Levels for Analyzed Neighborhoods

In the above figure, WEP-Open represents the weakest end of the security spectrum while WPA-2 represents the strongest end. This data is not necessarily helpful alone but compared to the results listed in figure 2 it may be possible to infer certain casual relationships between the implemented security levels and the presented statistics. These relationships may exist in reality or may be the result of other un-studied variables influencing either WLAN security levels or population statistics in an interfering manner. This work should not be taken as an end-all analysis but rather as a jumping off point for more scholarly research in the future. As seen in figure 2, Ellwanger-Barry had the highest percentage of Access Points (AP) running in WEP-Open mode while Center City had the highest percentage running WPA-2 as a security protocol. Comparing the above neighborhoods on pure security levels alone is hard due to the variances seen among the different protocols in each neighborhood and as such a general security rating is assigned to each neighborhood based upon the given percentile values using weighted averages, seen in figure 4 below. In general, WEP-Open was weighted at .1, WEP-Shared at .2, WPA at .2 and WPA-2 at .5. This allowed for the calculation of rough ‘security rankings’ on a scale of 1-5, seen below.

Neighborhood

Security Ranking”

  1. Strong

4.19

  1. Mt. Hope/Highland

4.18

  1. Ellwanger-Barry

4.02

  1. South Wedge

4.16

  1. Center City

4.4

  1. Upper Falls

3.88

  1. Mayor’s Heights

3.99

  1. Plymouth-Exchange

4.18

  1. Genesee-Jefferson

3.98

  1. 19th Ward

4.23

Figure 4. Security Rankings from 1-5 derived from values in figure 3 and weighting discussed previously

Overall, Center City displays the highest security levels while Upper Falls demonstrates the lowest. It is these rankings that will be used in order to infer any relationships with the values in figure 2. The first test run is a simple correlation in excel, returning a value between -1 and 1 which represents how strongly two data sets are computed to be related. The results of a statistical correlation computed in Excel for Security Ranking versus the three presented data sets is shown in figure 5 below.

Data Type

Statistical Correlation

  1. Average Property Listing

0.69

  1. Violent Crime Count

-0.13

  1. Median Income

0.75

Figure 5. Statistical Correlation Results for Security Ranking vs. Data Sets via Excel from -1 to 1

The above results imply median income and average property listing value are both strong correlators in the level of security WLANs in a particular neighborhood will possess. Inversely, the data presented suggests violent crimes as reported to the police are not a strong factor in determining the same security levels. Individual linear regressions with average trend lines for the independent data sets are shown below in figures 6, 7 and 8 with security ranking along the X-axis for each. The blue lines represent the actual data points while the black lines demonstrate a ‘best-fit’ linear regression trend line across the specified data and the previously computed security rankings.

3

Figure 6. Linear Regression for Average Home Prices Figure 

4

Figure 8. Security Rank vs. Median Income

The results in the figures above do not necessarily indicate a positive or negative relationship in each case but serve to demonstrate the type of relationship that could possibly exist among the various data sets. More granular amounts of data are required in order to infer anything more specific about the data, left for future research work. The R² value represents how well the regression is able to fit the data, with 1 being the best fit possible and 0 being the absolute worst. In each case the fit is relatively poor, most likely due to not enough data points leading to inaccurate overall representations. Alternatively, the poor fit may be an indicator that no relationship exists among the data, meaning a linear fit among the various plots will always result in a poorly fitting regression. Other regression types such as exponential and logarithmic were also explored, with examples shown below.

5

Figure 9. Exponential Regression over Average Home Price

6

Figure 11. Exponential Fit over Median Income

Without more research and the collection of further data, it is difficult to determine whether a linear or exponential regression is appropriate. Judging by possible fits from the limited data collected, it may be possible for there to be a more exponential relationship among the data rather than purely a linear functionality.

Conclusion

This blog sought to examine and infer from collected data any possible correlations or relationships among the level of implemented WLAN security and social statistics such as median income, violent crime rate and average house listing as given in figure 2. This analysis was performed on a per-neighborhood basis within Rochester, N.Y. as per figure 1, with data broken into separate categories based upon the security protocol detected in use and each neighborhood assigned an overall ‘security ranking’ based upon a weighted average of the four security types seen in figure 3. These rankings, from a scale of 1-5, were used to attempt direct statistical correlations, linear regressions and exponential regressions over the rankings and previously specified neighborhood information given in figure 2, with results seen in figures 5-11. The results seemingly indicate exponential regressions fit the described data better than linear fits, with violent crime rate demonstrating the best fitting regressions for all data types.

Overall, without much more extensive research, it is hard to draw any definite conclusions from the work presented above. In brief, it appears as if a positive relationship exists between violent crime rate and overall WLAN security levels compared to the casually inverse relationships seen when comparing either median income or average property listing price against the aggregated security rankings. As stated previously, this is not any piece of definitive proof towards this conclusion but instead should serve as a piece of reference for future WLAN security analysis endeavors. If a real correlation exists at all between any of these pieces of data, the reasons underlying such a relationship could be either direct or indirect influencers, requiring further research to draw any type of casual basis.

References

[1] Average property value per Rochester neighborhood (https://www.trulia.com/home_prices/New_York/Rochester-heat_map/ )

[2] Rochester Neighborhoods superimposed on Google Maps (https://www.google.com/maps/d/u/0/viewer?mid=1iJHDrruEBEwP1yeJKYi-vCNfobs&hl=en_US&ll=43.18416250507947%2C-77.61319049999997&z=12)

[3] Official Rochester Police Crime Rate Mapping (https://www.arcgis.com/apps/webappviewer/index.html?id=cecd42757c664cc29d2a85f3b9d0da0c&extent=-8650368.7866,5328974.7993,-8628698.8891,5344262.205,102100)

[4] Various data per-neighborhood such as median income (http://www.city-data.com/nbmaps/neigh-Rochester-New-York.html )

[5] Rochester Population Data (https://www.point2homes.com/US/Neighborhood/NY/Monroe-County/Rochester-Demographics.html)

[6] Rochester Rent/Income Data (http://www.newdigs.com/ny/monroe)

[7] Rochester Demographic Data (http://statisticalatlas.com/neighborhood/New-York/Rochester/)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s