The security built into Wi-Fi is better than no security at all—but not by much. Standards bodies are at work, though, on a framework that will free IT managers from some of the heavy lifting they have to do to get WLANs up to enterprise code.
During the past two years, the IEEE has been working on the 802.11i security standard. This standard is designed to address known WEP (Wired Equivalent Privacy) vulnerabilities and provide significant enhancements to 802.11-based equipment. 802.11i calls for a better authentication scheme—via 802.1x—and two new encryption protocols that will replace WEP.
The IEEE-ratified 802.1x, which provides a framework for stronger user authentication and a centralized security management model, comprises three components: the supplicant, a client machine trying to access the wireless LAN; the authenticator, a Layer 2 device that provides the physical port to the network (such as an access point or a switch); and the authentication server, which verifies user credentials and provides key management.
802.1x supports the use of an authentication server or a database service, including a Remote Authentication Dial-In User Service, or RADIUS, server; an LDAP directory; a Windows NT Domain; or Active Directory.
The upper-layer authentication protocol used by 802.1x components is called EAP (Extensible Authentication Protocol). EAP is a challenge-response protocol that can be run over secured transport mechanisms such as TLS (Transport Layer Security) and TTLS (Tunneled TLS).
EAP-TLS is a certificate-based protocol supported natively in Windows XP. Both the client and the authentication server require certificates to be configured during initial implementation.
EAP-TTLS can be used to provide a password-based authentication mechanism. In EAP-TTLS implementations, only the authentication server is required to have a certificate.
Cisco Systems Inc.s proprietary LEAP (Lightweight EAP) was the first password-based authentication scheme available for WLANs. Ciscos Aironet AP supports LEAP and EAP-TLS.
Although 802.1x will help fix the static WEP key security issues, it is strictly an authentication standard and does not address the encryption weaknesses found in WEP. The Wi-Fi Alliance, working with the IEEE, has devised a security standard called WPA (Wi-Fi Protected Access) that will reach the product certification stage this year.
WPA uses 802.1x for authentication but adds a stronger encryption element from the 802.11i draft called TKIP (Temporal Key Integrity Protocol). TKIP addresses all the known deficiencies in the WEP algorithms but maintains backward compatibility with legacy 802.11 hardware.
TKIP works like a “wrapper” around WEP, adding multiple enhancements to the WEP cipher engine. TKIP ex-tends the IV (initialization vector) from 24 bits in WEP to 48 bits to address replay attacks. The IV is used to encrypt the data in a packet.
Extending the IV to 48 bits greatly increases the number of possible shared keys, to protect against replay attacks. Some vendor implementations of WEP use the same IV for all packets for the lifetime of the connection or rotate the IV in a predictable manner. TKIP uses better sequencing rules to ensure that the IV cannot be reused even if intruders got hold of it.
WPA also adds Message Integrity Code, a cryptographic checksum that protects against forgery attacks.
The transmitter of a packet adds about 30 bits (the MIC) to the packet before encrypting and transmitting it. The recipient decrypts the packet and verifies the MIC (based on a value derived from the MIC function) before accepting the packet. If the MIC doesnt match, the packet is dropped.
Having the MIC ensures that modified packets will be dropped and attackers wont be able to forge messages to fool network devices into authenticating them.
Per-packet key mixing of the IV prevents weak key attacks. A new key derivation scheme helps to minimize the amount of information gained on a successful forgery attempt.
With TKIP implemented on both the access point and all client devices, a different key is generated to encrypt each new packet. This will ensure that hackers with exploited IVs cannot predict the base WEP key.
Although WPA brings a welcome boost to WLAN security, many view it as a temporary fix because future 802.11 equipment will likely use the Counter Mode with CBC-MAC Protocol, or CCMP, which is also a part of the 802.11i draft. CCMP uses AES (Advanced Encryption Standard) to provide even stronger encryption. However, AES requires a good amount of processing power—which likely means upgrading hardware to see optimal performance—and is not designed for backward compatibility.
Certification of the new security enhancements in the 802.11i standard is just starting, and Wi-Fi products supporting WPA will make their way slowly to market this year.
Technical Analyst Francis Chu can be reached at [email protected]
- Security of the WEP algorithm www.isaac.cs.berkeley.edu/isaac/wep-faq.html
- 802.11i draft and call for interest on link security for IEEE 802 networks grouper.ieee.org/groups/802/linksec/meetings/MeetingsMaterial/Nov02/halasz_sec_1_1102.pdf
- 802.1x: port-based network access control www.ieee802.org/1/pages/802.1x.html
- Open-source implementation of 802.1x open1x.sourceforge.net/