Elsevier

Computer Networks

A systematic methodology for continuous WLAN abundance and security analysis

Under a Creative Commons license

Open access

Abstract

In this paper, we present a systematic methodology for continuous surveying and analysis of 802.11 Wireless Local Area Network (WLAN) abundance and security, based on the passive wireless network scanning technique called wardriving. The objective is to provide an efficient, scalable, and easily accessible methodology for collecting, analysing and storing WLAN survey data. To adhere to these set requirements, the presented survey and analysis processes can be carried out with freely available open-source software and common off-the-shelf hardware. While extensive literature has been produced on wardriving and numerous WLAN survey studies have been documented in previous works, to our knowledge, no similar comprehensive methodology for systematic WLAN surveying and analysis has been previously presented. To further rationalise the need for surveying and analysing WLAN networks, an investigation on the related literature and the current state of the WLAN networking landscape has been conducted. Furthermore, as surveying WLAN networks via the wardriving technique undoubtedly raises legal and moral concerns, the legitimacy and ethics of wardriving have been examined. To test the effectiveness of the proposed methodology, a primary test and calibration WLAN survey was conducted in three separate locations within a middle-sized city located in Southwest Finland. Based on the survey results, WLAN security in Finland is in a relatively good state. During the test survey, we successfully collected and analysed data from 720 WLAN networks, proving the effectiveness of the proposed methodology. From the 720 detected WLAN networks, 6% used insecure encryption protocols, 12.8% were unencrypted and a clear majority of 81.3% used the WPA2 encryption protocol. Results also show that wireless network device owners in the surveyed areas are not inclined to alter the factory-set default settings of their wireless networks. It was noted that roughly 40% of the surveyed networks used easily identifiable factory-set SSIDs and only 5.4% of the networks had a cloaked SSID. Furthermore, the survey data shows that WLAN devices from 38 different manufacturers were detected. Three of the most popular manufacturers in the surveyed area were Cisco with 28.3%, Huawei with 15.7% and Ruckus Networks with 9.7%.

Keywords

IEEE 802.11

Internet of Things

IoT

Wardriving

Wireless LAN

Wireless security

Cited by (0)

Saku Lindroos received his BBA degree in business communication and information security from the Turku University of Applied Sciences, Turku, Finland, in 2014 and his M.Sc. (Tech) degree in networked systems security from the University of Turku, Finland, in 2020. He is pursuing the D.Sc. (Tech) degree in communication engineering at the University of Turku, Department of Computing, where he is currently working as a project researcher. His research interests include wireless network security, security and privacy in communication systems, ethical hacking and computer ethics.

Dr. Antti Hakkala is a University Teacher in Communication Systems and Cyber Security at Department of Computing, University of Turku, Finland. He received his D.Sc.(Tech.) degree in Communication Systems in 2017 from the University of Turku. He has over 10 years experience in teaching engineering students on cyber security and communication systems engineering, and has supervised over 100 Bachelor's and Master's theses on cyber security topics. His current research interests include wireless network security, cyber security in autonomous systems, and security and privacy in networked information society.

Seppo Virtanen received his D.Sc.(Tech.) degree in communication systems from the University of Turku, Finland, in 2004. He is currently Associate Professor of Cyber Security Engineering with the University of Turku, Department of Computing, where he also is the Vice Head of the department. His research currently focuses on information security issues in communication and network technology, especially for smart environments.

© 2021 The Authors. Published by Elsevier B.V.