Introduction
This is the first in a series of blog posts that focus on wireless security and technology at Cisco Meraki.
It is generally good practice to connect to a secure SSID, and if we have to connect to an open or insecure SSID, to use a client VPN (both of which Cisco Meraki have great technologies to help with). But we are seldom told why this is the case, without the explanation involving lots of technical terms.
To put it simply, it’s challenging and sometimes impossible to control who can hear what you say on a wireless network.
That’s because wireless networks are Carrier Sense Multiple Access with Collision Avoidance, or CSMA/CA for short. This means that multiple clients can access the network (and now simultaneously with 802.11ac Wave 2) and they will do their best to not run into one another, sort of like a road. In a similar manner to driving roads, wireless networks have rules to avoid collisions, like waiting for your time slot to use the network (akin to waiting at a red light) or for the medium to be free (similar to making sure there are no other vehicles on the road). Unfortunately, wireless transmissions move at the speed of light, meaning that thanks to Einstein and Maxwell, that there is no physical way of getting prior notification of a transmission arriving.
As a result, it’s actually impossible to avoid collisions, unlike with wired Ethernet networks, where each client’s connection to the switch is uncontended. Luckily, the 802.11 Standards Body thought of this and came up with the handy algorithm here. This states that you must listen to the medium before transmitting, which in our road analogy, means that as long as there are no cars passing right now, just go for it. If the medium or “road” is busy, then wait a predetermined amount of time, plus a random additional time, before checking again.
The more courteous drivers amongst you will have noticed a potential problem: if you start transmitting and someone else near you also starts to transmit, then those frames are going to collide and likely neither of you will be understood. In our road analogy, imagine we can’t see the opposite lane in an intersection and it’s not until we get into the middle of the intersection that we realize someone else has also entered from another entrance…we may end up with catastrophic results!
This problem is further compounded in wireless networks because the two colliding clients could be on opposite sides of the wireless cell. This can be hard to visualize, so the below diagram shows how both Client A and Client B can transmit to the access point but they can’t directly transmit to one another:
So, without an additional mechanism, there’s no way to avoid collisions! Client A and Client B are hidden nodes: they are completely “hidden” from one another.
The Additional Mechanism – RTS/CTS
802.11 wireless networks solve this problem through the use of an additional optional handshaking mechanism called “Request to Send/Clear to Send” or RTS/CTS, shown here. This is much like an intersection on a road that is controlled by pressure-pad-triggered traffic lights, whereby a light will stay on red until a car rolls onto the pressure pad. At this point, the control system knows that a car is waiting at the light on red, this is like a request to send. The light for the waiting car then goes to green, which is much like a clear to send, at which point the car (or data in a wireless network) moves off from the pressure pad, which is similar to an ACK, which is an acknowledgment. This means that in busy networks, more RTS/CTS messages will be seen, which is why it’s often used as a key factor in determining how busy wireless networks are. Given the speed of modern wireless networks, however, this mechanism is seldom implemented and is typically only used if the total packet size exceeds 2347 octets, which is similar to an 18-wheeler, that will take a long-time to clear an intersection and hence, have more chance of something driving into it or “colliding” in wireless networks.
What Does That Have to Do With Security?
In and of itself, nothing. But the fact that wireless networks need these mechanisms to ensure they perform well does serve to highlight just how open wireless networks are. Also, bear in mind that someone using a high-gain antenna doesn’t have to be physically close to you to be listening in to your wireless communications. If we extend out our analogy further, this is akin to someone watching the intersection with a pair of binoculars or a telescope. So, if you were shipping a top secret spy plane on the back of a flat bed being pulled by an 18-wheeler, then you’d better make sure the trailer is covered, which is what CCMP encryption does in wireless networks, but that’s another topic for another blog post.
I know some people will always think that this is overly cautious or scaremongering, but it is relatively trivial to build a high gain antenna out of household items, such as:
*Yes, you can use an empty can of Pringles to wirelessly eavesdrop of 802.11 networks! ** No, you don’t have to use ‘Dill Pickle’ flavour ***Image credit to Tommaso Righetti – https://www.youtube.com/watch?v=PDb16PNgYPcThis makes it even more important to be cautious and to protect yourself when you connect to open wireless networks. So, the next time you connect to the Wi-Fi at your favorite coffee shop, make sure you’re using a client or per-app VPN.