Security and Privacy Issues in Wireless Networks

— Communication between devices has transitioned from wired to unwired. Wireless networks have been in use widely around the globe since the advent of smartphones, IoT devices and other technologies that are compatible with wireless mode of communication. At the same time security issues have also increased in such communication methods. The aim of this paper is to propose security and privacy issues of the wireless networks and present them through comprehensive surveys. In context of security issues, there are 2 typical DDoS attacks - HTTP flood and SYN flood. Other than DDoS attacks, there are several other threats to wireless networks. One of the most prevalent include security issues in Internet of Things. In terms of privacy issues in a wireless network, location-based applications, individual data, cellular network and V2G (Vehicle to Grid) network are surveyed. The survey is hosted using questionnaire and responses of 70 participants is recorded. It is observed from the survey results that many groups of people lack the knowledge of security and privacy of wireless technologies and networks despite their increased use, however, students are relatively more aware and have strong knowledge of those issues. It is concluded from the results that an effective solution to these problems can be hosting campaigns for spreading the security and privacy laws to help the groups of people who are lagging behind in this domain of knowledge become more aware. A unique solution is also presented to overcome the security issues which include implementation of detection and mitigation techniques, implementing Blockchain in the IoT devices and implementing fog computing solutions. The unique solutions to overcome the privacy issues are proposed in the form of a privacy approach from the LBS server between pairs of users to increase the implementation of DSPM and blockchain as a solution.


A. Security
There are uncountable traffics transmitted in the networking world. A giant company such as Google generates a huge number of network traffic. According to research, 228,000,000 searches are done per day. The number of traffic Google generates is expected to be much higher than that [18]. Nevertheless, no one worries about Google's server because it is an acceptable figure for Google and their server can stand with it. However, what will happen if a small scale business receives 228 million traffics per day? Will that be okay? Is that normal? In this case, we consider it a Denial of Service(DoS) attack. A DDoS attack is a malicious attempt to disrupt normal traffic of a targeted server, service or even network by sending an overwhelming number of traffic [19] [20]. It can also exploit machines including computers and other networked resources such as IoT devices. But how does a DDoS attack work? As the name said, it is a distributed attack, which means it requires many devices. In order to conduct this attack, the attacker may need to infect other machines with malware, turning each one into a bot [21]. Once the machine is infected, the attacker then has control over the group of bots, which is called a botnet. The DDoS attack is conducted in various ways and we can categorize it by the OSI model. Open Systems Interconnection (OSI) model is a conceptual model created to visualize communication in networking [22]. As it can bee seen in Fig. 1, there are 7 layers in the OSI model [23].  [23] There are two typical DDoS attacks -HTTP Flood (Fig. 2) and SYN Flood (Fig. 3). They are conducted in Layer 7 and Layer 4 respectively. When we enter a website, our browser sends a GET request. As the website gets our request, it decides whether it accepts the user or not. In other words, the webserver has to respond to every GET request. This is where hackers aim for. If the infected bots send GET requests more than the webserver could handle, the server will shut down. SYN Flood is similar to HTTP Flood attack except for the fact that it is conducted in Layer 4. Before client and server communicate, they firstly have a handshake to see whether the opposite side is up or not [24]. This is called 'TCP handshake'. The client sends SYN packet and if the server is up, the server will send SYN/ACK packet then the client will send ACK packet ending up the conversation. This also, similar to the previous one, has a vulnerable point, which is that the webserver responds to every SYN packet it receives. Likewise, if the server gets more SYN packets than it can handle, the server will shut down and be unavailable. These days, it is almost impossible to talk about networking without mentioning IoT. IoT is a network of devices and things which are interconnected forming a system that has the ability to communicate with other without human intervention [25]. This technology has made life easier since the machines under the network operate automatically. However, this technology could also throw security challenges. Once one of the machines under the network is exploited, the whole machine could be affected. In the following, we are going to see what major security challenges IoT environments has.
Since wireless network machines are not connected with physical cables, it has a higher possibility for hackers to intercept the data in the middle. This is why authentication plays a more important role in IoT than other networks. However, in the IoT environment, many IoT devices lack memory and CPU power to calculate cryptographic operations [26] [27]. Many wireless devices such as our smartphone or laptop use complex cryptographic operations to authenticate protocol so that no one can steal the data. Since lack of memory and CPU power, IoT devices have no other choice but using a relatively simple cryptographic algorithm to authenticate. This is a big problem because some symmetric cryptographic algorithm can be cracked.
This problem can be solved by outsourcing expensive computations to another device which has enough memory and CPU power. The thing is, however, it does not scale well for IoT systems. IoT is implemented not only in a company or factory but also in our daily life. Nowadays electronic companies have released household electrical appliance with IoT technology implemented. These machines are neither equipped with good memory and CPU power nor outsourcing machine. Therefore, it cannot be said that the problem has been totally solved.
Next challenge is 'Rogue Node'. We call devices as nodes in networking. Rogue node is a device which is installed maliciously to access the database or crack the whole system [28]. Fig. 4 shows how devices are connected and retrieve data.

B. Privacy
Nonlinear time-series analysis (NTSA) refers to methods that extract dynamical information, mainly complexity measures, from complex non-linear systems. Because the brain is a complex dynamical system exhibiting chaotic behaviour in which nonlinearity is introduced at neuronal level, NTSA of the EEG is a much better alternative to study different functional activities of the brain and neurological disorders, AD and MCI in the context of this study, and can provide a better insight into abnormal EEG dynamics. Moreover, it is a very relevant in method in complexity analysis of EEG time series.
Location: The authors proposed the privacy issue of location data. Location-based service is to get location information of the mobile and to offer location-based services to the mobile on the wireless network [30]. The well-known dominant mOSNs such as Facebook, YouTube, Twitter have been rising rapidly both in size and popularity due to the growth of Internet technology [31] [32]. Users can easily exchange information in these conventional online social networks, and share forums, videos, photos, etc. When mOSNs and location-based services are merged together, mOSNs can provide several location-based services such as the query near friends, "check-in," and simple location sharing [33]. For example, users may use the "check-in" services to get some preferential service. Additionally, users may query their friends and strangers who are close to the current position and obtain information about their location. We draw a significant number of users from startup operations after Facebook merged with location-based services, and the number of users is still increasing rapidly. Location-based service (LBS) is one of the most critical components of mOSNs providing users with services based on the mobile device's geographic location [34]. With mobility and the world's Internet connectivity ever-present, vast numbers of users take advantage of LBS to demand information based on their location. Users can ask the nearest hospitals, stores, bars, and so on in LBS, which offers a lot of comfort for users. As LBSs and mOSNs become increasingly popular, many new services are spawned, such as recommendations on friends and travel routes. However, there are also other issues that need to be overcome. Location knowledge is one of the most valuable user rights and is therefore of great importance. For example, if mOSNs collect a lot of location information from users, they will give it to third parties because of the commercial intent, which would compromise the privacy of the location of users. However, as the more advanced methodology is used, more confidential information may be derived from the position details. For example, attackers may make a guess which school user is studying at. Additionally, the attacker may be able to deduce that if the user searches the nearest bars on the Internet frequently, he/she is a heavy drinker. The privacy of the location includes published location information time, space position, and position service request material. In particular, spatial location is the most concerning problem of privacy of location in mOSNs. Knowledge about the geographical position of users primarily relates to the spatial location, which is one of the main concerns.
Individual Data: The authors in [35] have explained the data privacy issue in terms of individual data with healthcare applications using wireless network technology [35]. Recently, advances in wireless technology and ICT (information and communication technology) systems have allowed the health care sector to quickly and efficiently track and implement a range of solutions and health services. Progressed ICT systems should be able to communicate administration of medicinal services to patients in healing facilities and clinical attention, as well as in their homes and work environments, along these lines providing expense reserve funds and improving individual patient fulfilment. Sensors are used to gather a patient's sensitive and important medical information or can be used in sports as well. WBANs connect with the network and other devices such as ZigBee, WSN, WI-FI, Bluetooth, Wireless Personal Area Network (WPAN) technology. The sensor gathers patient-related data, uses various technologies to move it to the cloud, the doctor uses this data or information, and so on. It can contribute to many risk factors when data is exposed to unauthorized individuals (persons), and an individual's medical information is a very sensitive subject, and can only be accessed by an authorized person. For instance, the effects may range from inadequate treatment of patients to violations that debilitate patients' lives on the off chance that the knowledge is contaminated or confiscated.
Cellular Network: The authors in [36] have raised the privacy issues of cellular networks, especially 5G mobile networks (Fig. 5). Based on recent developments in wireless and networking technologies, such as software-defined networking and virtualization, the next-generation wireless network technology is being developed as shown in the below figure. Compared to 4G technology, 5G is distinguished by much higher bit rates of more than 10 gigabits per second as well as more bandwidth and very low latency, which is a big advantage to the trillions of connected objects in the Internet of Things [37] setting. By creating various new network services such as mobile fog computing, car-to-car communications, smart grid, smart parking, named data networking, blockchain-based services, unmanned aerial vehicle (UAV), etc., 5G will enable a fully mobile and connected society in the IoT era. Telecommunications firms, therefore, agree that 5G will begin commercialization in 2020. In a 5G world, the combination of various wireless technologies and service providers that share an IP-based core network would provide mobile users with the ability to move between networks and technologies to maintain a high level of service quality (QoS) [38]. Fast vertical transfer and general network accessibility make designs susceptible to multiple vulnerabilities such as access control, communication protection, data privacy, availability a well as privacy [39] [40]. Furthermore, As mobile devices are connected to the network all the time, they will get a notion of social nodes through the vertical handover. These nodes can be monitored more easily and are more vulnerable in different forms of attacks, such as impersonation, eavesdropping, man-in-the-middle, denial of service, replay attack, and repudiation attack [41]. Figure 5: The overview of 5G network [36] V2G (Vehicle to Grid) Network: The authors in [42] have presented the privacy issues in Vehicle to Grid (V2G) networks Fig. 6 shows the V2G network framework and components. The electric vehicle (EV) uses electricity instead of gasoline in a V2G network, and this protects the atmosphere and helps alleviate the energy crisis. The vehicle will temporarily act as a distributed energy storage device by using its battery capacity to reduce the peak power grid load. Yet the two-way contact and power flow not only facilitate V2G network connectivity but also encourage attackers. Privacy now poses a significant barrier to the growth of V2G networks. Although the two-way communication and energy flow greatly increase the performance, reliability, and versatility of V2G networks, they also pose major security concerns and privacy protection challenges. In conventional power systems, metering data is usually read on a monthly basis, but in smart grid, more granular and accurate data on energy usage are read using smart meters about every 15 min or less. These data could potentially expose a large amount of customer personal information, including energy usage patterns, types of household appliances, the number of people in a household, along with their schedules or activities. Problems with privacy protection are more difficult in V2G networks than in other smart grid networks [43], such as location-fixed HAN. Compromising an appliance in your house is much harder for an adversary than compromising a charging spot or a LAG deployed along the lane. In addition, a vehicle can frequently join or depart a network due to e-mobility, whereas an appliance in your home is always in its network. Thus, if a fake appliance joins the network a detector can easily detect two identifications (IDs) of the same value. Figure 6: V2G networks framework and components [43] III. SURVEY METHODOLOGY In this survey, there are two ways that are used to collect our information and data. The first method to collect data is online sources which are journals, websites, and other types of reliable sources. The motive of having sources from other authors or websites is to follow up on the trend of investigating different categories. Other than that, the sources are also reliable, especially on the practical aspect.
The second method that is used to collect data is a questionnaire survey is conducted to achieve the goals of unique finding. The questionnaire is to test the participants' knowledge of security and privacy on the wireless network. There will be a total of 70 participants who answer the questionnaire. The questionnaire survey is successfully spread with the help of social media. There will be a total of 4 questions on basic information of the participants and 6 questions to test the knowledge of security and privacy on the wireless network of each participant.
The four questions in Fig. 7 show the basic information of the participants. All the categories are the ones that have a different level of knowledge. For example, teenagers are not concerned about privacy of their data [44][45] [46][47] [48]. Fig. 8 and Fig. 9 present survey questions on security and privacy issues in wireless networks, respectively.

IV. DISCUSSION OF RESULTS
The section is dedicated to test knowledge and awareness of data protection laws and measures to be taken for secure data communication among various groups of people. The 6 questions are divided into 2 parts in which 3 related to security issues and another 3 related to privacy issues. The questions above mostly are the factors of how security or privacy issues are created. Fig. 10 represents the study between the gender and age variable and the output value of whether the participants have experience of leaking their data on social media. From the image, the information that can be concluded is that females have much less experience of leaking their own private data to social media. But for female, as the age is between 36-45, the amount of having the experience of leaking their own private data have been exceeded. The image also shows that males have a large amount of leaking privacy data experience from age of 15-45. The age of 26-35 for males has the biggest gap between the amount of experience and non-experience.  Fig. 11 shows the relationship between gender and time spend on the phone and the dependent variable of whether the participants downloaded untrusted software. The participants spend less than one hour on their devices have a larger amount of download software from untrusted sources. The male has the largest amount of download software from trusted sources and untrusted sources with the condition of spending more than 8 hours on their devices. Figure 11: Bar chart representing the downloading of trusted versus untrusted software Fig. 12 shows the study between gender and occupation and the awareness of participants to the security of public WIFI. The results can conclude that the students and self-employment have a higher amount of awareness compared to other occupations.  Fig. 13 shows the relationship between gender and time spend on the phone and the awareness of knowing someone that is following you or you followed on the social media platform. The results can conclude that males have more awareness compared to females. The females have a weaker awareness of social media "friends" as the time spends on their devices is higher.   Fig. 15 shows the study of the independent variable of occupations and gender and the dependent variables of whether the participants configured any security software on their devices. Most full-timers did not configure any security software on their devices. While students have the awareness to configure security software on their devices The issues about the security and privacy of wireless networks that were discussed in the Literature Review section have given insight to users on what issues can be found in this type of network. The issues in security can be grouped into two categories which are DDoS attack and IoT. The DDoS attack can be prevented by implementing the detection and mitigation techniques to detect insider and attackers [44][45][46]. It would study the networks and detect the attackers and will blocking or dropping the malicious traffic [44] [45]. The security issue in IoT can be solved by implementing Blockchain to the network [47] [48]. Blockchain will prevent unauthorized access via communicating through encrypted public and private keys. Thus, it will prevent attackers from attacking the IoT devices [47] [48]. The fog computing could be implemented to the IoT devices to avoid rogue node and node capture attack store the data in locally [47].
The privacy issues in wireless networks can be grouped into four categories which are location, individual data, cellular network and V2G network. Yamin et. al. proposed a privacy approach from LBS server between a pair of users to increase the privacy [49]. which led the LBS to be unable to collect accurate information about these users. Next, individual data could be prevented by implementing DSPM which is a system that allows personal data exchange while enhancing individual control and data discovery [50]. The privacy issue for cellular networks can be increased by implementing blockchain schemes to the cellular network [51]. V2G network privacy issues can also be solved by implementing blockchain to preserve the payment mechanism [52].
The results from the unique finding on the survey are : • Females have lesser experience of leaking their own privacy data.
• For female, the higher the time spend on devices, the lower awareness on social media "followers/ following" • Males spend more than 8 hours on their devices and have a big chance to download software from untrusted sources.
• Most self employees and students have an awareness of the security of public WIFI.
• Most Full-timers and students are more aware of any law regarding protecting privacy data.
• Most full-timers did not configure any security software on their devices, most students have configured security software on their devices.
Firstly, the focus group will be on the female that spends plenty of time on their phone especially on social media. This group will lack knowledge on the privacy issues on the wireless network. Then, Males and full-timers are the other groups to focus as well. Full-timers and Males that spend plenty of time on their devices have a larger chance to have a lack of knowledge on the security issues on the wireless network. Basically, the solution to these problems is to have a campaign focus on these groups on gaining knowledge of privacy and security issues VI. CONCLUSION In conclusion, it is observed that wireless networks play an important role in the lives of people around the world in context of ease of communication that it provides. However, it also poses security threats which can violate privacy at individual and organizational level. The criminal activity has increased since the advent of wireless communication medium and technology which supports such communication. This has also led to manipulation of data generated by devices which run on wireless networks such as IoT which are originally implemented in their insecure form, leading to increase in cybercrimes. The security and privacy issues of wireless networks should be the addressed along with the awareness among people of all age groups who use these technologies. People and organizations should be aware of the solutions and precautions that they can take to increase the security and privacy of their devices which are running on wireless networks such as implementing the blockchain to the IoT devices and other detection and mitigation techniques. From the findings through the surveys carried out, the effective solution to solve the problem is to focus on the people who have a higher spending time on devices or social media. Another group of people to be focused on is full-time workers who use these technologies. It is essential to create campaigns, whether online or onsite, to help them gain technical knowledge on the issues in wireless network from security perspective. It is also observed that the students have a better understanding and relatively good knowledge of security issues which can lead to data manipulation by attackers and therefore, they tend to be more careful when using their devices. However, there is a need of increase in awareness strategies and training to educate other groups of people so they can use their devices securely.