Warning: Your Wireless Communication Might Not Be Secure!
WLAN security is becoming more important as companies grow their wireless networks. Living in a world where illegality and selfish aspirations are increasingly revealed in our daily routine, security is most certainly a necessity. Private and confidential information has to be protected from exposure to undesirable recipients that could twist and use them in an inappropriate or even dangerous manner. Imagine going for a long vacation trip and leaving the front door of your house open. Someone could easily enter the house and the consequences are pretty much clear.
The thing with wireless communication is that for someone to steal information from you, there is no need to enter your house. Being near your house or company is enough to capture the information transmitted. Imagine the disaster! Due to its open and unguided nature, wireless transmission definitely needs to follow strict security standards.
Wireless LAN Security Methods: WLAN Encryption and Authentication
Wireless security is composed of a combination of two facilities:
- Authentication: the process of verifying the communication partner and providing access to the network.
- Encryption: the process of scrambling the data prior to transmission in a manner that only the intended recipient can descramble.
Both the authentication and the encryption methods are required for securing the wireless local area network or WLAN. Also, both methods are mandated by standards which are discussed below.
Wireless Security Standards
Let’s take a look at the Wireless Security Standards you need to be familiar with to ensure your wireless communication is secure.
802.11 WEP: Wired Equivalent Privacy
The 802.11 WEP standard is designed to make the security of wireless LANs as good as that of wired LANs. However, the specific standard has known vulnerabilities and is not considered to be a strong security protocol.
802.11 WEP Encryption
WEP encryption uses a stream cipher based on the RC4 algorithm. This algorithm uses 40-bit or 128-bit keys to construct a key stream which is then XORed with plain data to form the cipher text. To be able to have end-to-end communication, both wireless end points must share the same key in order to be able to encrypt and decrypt data. For the 40-bit key, wireless devices use a 10-digits hexadecimal key structure and for the 128-bit key use a 26-digits hexadecimal structure.
The 802.11 standard deals with static key assignment. Because of their long term existence, they are vulnerable to malicious attacks and hence possess a weak security property. Many vendors use proprietary alternatives. For example, CISCOs Aironet supports dynamic WEP key assignment through a dedicated key management service, hence enhancing security.
802.11 WEP Authentication
Two types of authentication are defined by 802.11: Open and Shared Key.
- Open authentication takes for granted that every wireless client is authenticated. Actually no authentication in the true sense of the term is performed. Every client regardless of its WEP key is authenticated in the network. However, , in order to be able to have end-to-end data transmission the WEP key must be identical on both client and Access Point, otherwise the Access Point will not be able to decrypt the encrypted packets from the client.
- Shared Key Authentication is based on a four-way challenge-response handshake. The authentication process follows the following steps:
- The client station sends an authentication request to the Access Point.
- The Access Point sends back an authentication response containing a clear-text challenge.
- The client uses its configured WEP key to encrypt the challenge text and sends it back to the Access Point in another authentication request.
- The Access Point compares the received encrypted challenge text with its own copy of encrypted challenge text. If they are the same then the client is authenticated in the network. After that, WEP encryption takes place.
Shared Key authentication is less secure than Open System authentication even though the later does not really offer any authentication, because is possible by capturing the clear-text challenge and its encrypted equivalent to determine the stream cipher.
WPA: Wi-Fi Protected Access
WPA is a standard developed by the Wi-Fi Alliance in 2003. It was implemented having WEPs vulnerabilities in mind. Its mechanisms were designed in such a way so that they could be implemented by vendors on existing hardware.
WPA encryption is based on the RC4 stream cipher similar to WEP but with major improvements over its predecessor. WPAs improvements include the following:
- Use of TKIP (Temporal Key Integrity Protocol) which dynamically changes keys per packet while the transmission occurs.
- Use of MIC (Message Integrity code) which ensures that original data are received and are not maliciously altered during transmission.
- Use of a frame counter to prevent replay attacks.
WPA Authentication process uses IEEE 802.1x authentication and requires the use of an EAP-capable client and an EAP-capable server. EAP stands for Extensible Authentication Protocol and is actually an authentication framework, not a specific authentication mechanism; therefore a lot of EAP methods have been developed to address the requirements of the desired authentication mechanism. WPA authentication goes though the following phases:
- Using an EAP method, the client requests via the Access Point to be authenticated by the EAP server (could be a RADIUS server or LDAP based server).
- After client authentication by the server, the later derives and distributes a Pairwise Master Key (PMK) to the Access Point which is also derived at the clients’ site
- Then the Access Point and the client authenticate each other using the derived PMKs
- MIC and TKIP encryption keys are installed; therefore, from now on communication between client and Access Point is encrypted.
WPA2, also known as 802.11i specification is the evolution from the interim WPA specification. WPA2 enabled clients and Access Points need to have the appropriate hardware and software to support the processing of this protocol.
WPA2 replaces completely RC4 encryption mechanism. It uses a next-generation encryption technology called AES-CCMP (Advanced Encryption Standard-Cipher Block Chaining Message Authentication Code Protocol) or AES for short. It uses a 128-bit block cipher which is cryptographically stronger than RC4. WPA2 also includes an Intrusion Detection System (IDS) which identifies and protects against Denial of Service attacks.
WPA2 authentication follows the 802.1x standard; therefore it uses EAP authentication methods similar to WPA.
Things to Remember Before Choosing a WLAN Security Standard
The old encryption protocol, WEP, is simple to configure. It is widely supported by existing wireless hardware. However it uses weak authentication mechanisms and static breakable keys.
WPA protocol was designed to provide an interim solution to the problems of WEP. It has an improved encryption mechanism and strong authentication architecture based on EAP protocol.
WPA2 is the newest security protocol for WLANs. It is designed to identify and protect against spiteful attacks. It provides stronger encryption through AES. Authentication is still strong and is based on an EAP method. It is scalable since it can interoperate with different EAP authentication methods or types. It is more expensive to implement since it depends on clients hardware capabilities.