I did a short series on attacking Wi-Fi for my personal blog last year, but I did not cover Enterprise Wireless. A few interesting tools have been released in the time that has passed, so I’m going to steal some of my own words as a short lead into a new post on conducting attacks against WPA/2-Enterprise wireless networks.
The Spectrum
Electromagnetic energy is the basis on which all modern day wireless communication systems are based. Radio, non-cable television, cellular and satellite phones, and WiFi all rely on signals carried over the air within the various bands of the radio frequency (RF) spectrum. Below is a breakdown of these bands:
Math and General Terminology
WiFi operates by design within the Ultra High Frequency (UHF) and Super High Frequency (SHF) bands at 2.4 and 5 GHz respectively. Before we start exploring WiFi as a service, it’s important to sort out the relevant terminology and functionality of RF theory as a whole.
RF Waves are comprised of two portions which run perpendicular to each other: An electric component (E) and a magnetic component (M). In the diagram to the left, the red section represents E while the blue section represents M as the full RF wave moves along the horizontal axis.
Amplitude is the height of a wave. It is measured from a wave’s midpoint to its peak. It is normally expressed in Volts (V).
Frequency refers to the number of times a wave cycles past a given point each second. It is normally expressed in Hertz (Hz).
Wave Length is the distance from the start to the end of a single wave cycle. It is typically expressed in meters.
Received Signal Strength Indicator (RSSI, pronounced “rizee”) is also known as signal strength. It is the ratio in decibels (dB) of the measured power in relation to one milliwatt (mW). RSSI values (dBm or dBmW) represent how well a client device is receiving an emitter’s signal. The less negative the ratio, the stronger the signal; values typically bottom-out around -110 dB, though different chipset manufacturers use different minimum values.
The formula for determining dBm and Watts is as follows:
Relative power (dB) = 10 Log^10 [P1 (watts) / P2 (watt)]
Fortunately, there is an easy pair of rules to help remember the relationship: The Rules of 3 and 10. Duplicating the power is equal to adding 3 dB, and reducing the power by half is equal to subtracting 3 dB. Multiplying the power by ten is the equivalent of adding 10 dB, and reducing the power by one tenth is equal to subtracting 10 dB. On the right is a chart that will better illustrate this relationship.
Wave Motion
A wave is simply a transfer of energy by oscillation from one location to another. Electromagnetic waves travel at a constant rate (the Speed of Light: 299 792 458 m/s…or ~300 million m/s). RF waves travel outward from a source not unlike the ripples in a pond where a rock has been dropped, though the propagation patterns of RF energy are greatly affected by a number of environmental factors.
Reflection occurs when a wave comes into contact with a different medium (air-to-ground, for example). The wave will bounce at the same angle at which is struck the surface but in the opposite direction
When a wave changes mediums, a portion of the wave will continue to propagate through the new medium. This is known as Refraction. The angle at which the wave continues to travel depends on the make-up of the two mediums.
Diffraction occurs when a wave passes through an aperture in (or over an edge of) a medium through which it is traveling. The wave will bend and spread out within the new space. The new angle of travel depends on the size of the aperture and frequency of the wave.
Scattering occurs when a wave strikes an object with an uneven surface. Scattering occurs when a wave strikes any surface, but grows more pronounced on increasingly uneven surfaces. Weather events (rain, snow, fog, and even heavy humidity) can also lead to increases in RF scattering.
Power loss that occurs as an RF wave travels through a medium is known as Absorption. Construction materials like stone, brick, and concrete typically offer moderate absorption, though conductors like heavy metals and water are the best and are often used in electromagnetic shielding. [See Cosmic Rays and Human Waste and Faraday Cage]
