Wireless Security with the IEEE 802.11 Standard

Wireless Security with the IEEE 802.11 Standard

The original IEEE 802.11 standard defined authentication, encryption, and data integrity for wireless traffic. As we will discuss, the original authentication, encryption, and data integrity proved to be relatively weak and cumbersome for widespread public and private deployment. Subsequent sections of this chapter describe the additional standards that provide stronger authentication methods and discuss enhancements to the originally defined encryption and data integrity methods or replacements for them.

Authentication

IEEE 802.11 defines the following types of authentication, discussed in the following sections:

  • Open system authentication

  • Shared key authentication

Open System Authentication

Open system authentication does not provide authentication, only identification using the wireless adapter s Media Access Control (MAC) address. This authentication is used when no authentication is required, and it is the default authentication algorithm that uses the following process (shown in Figure 2-1):

  1. The authentication-initiating wireless client sends an Open System Authentication Request message, which contains the MAC address as the source address of the 802.11 frame.

  2. The receiving wireless node responds with an Open System Authentication Response message that indicates either success (the authentication-initiating wireless client is authenticated) or failure.

figure 2-1 open system authentication.

Figure 2-1. Open system authentication.

Some wireless APs allow you to configure a list of MAC addresses of wireless clients that are authorized. However, this does not provide security for a wireless network because an attacker can easily capture wireless packets and then use the MAC address of a valid wireless client as its own.

Shared Key Authentication

Shared key authentication verifies that an authentication-initiating station has knowledge of a shared secret, which is similar to preshared key authentication for Internet Protocol security (IPSec). The 802.11 standard currently assumes that the shared secret is delivered to the participating wireless clients by means of a secure channel that is independent of IEEE 802.11. In practice, this secret is a sequence of characters typed during the configuration of the wireless AP and the wireless client.

Shared key authentication uses the following process (shown in Figure 2-2):

  1. The authentication-initiating wireless client sends a Shared Key Authentication Request frame.

  2. The authentication-enforcing wireless node responds with a Shared Key Authentication Response frame that contains challenge text.

  3. The authentication-initiating wireless node responds with a Shared Key Authentication Request frame that contains an encrypted form of the challenge text, which is encrypted using Wired Equivalent Privacy (WEP) (the encryption method used on 802.11 wireless networks) and the shared key authentication key.

  4. The authentication-enforcing wireless node decrypts the encrypted challenge text in the Shared Key Authentication Request frame using WEP and the shared key authentication key. If the decrypted challenge text matches the originally sent challenge text, the authentication-enforcing wireless node sends a Shared Key Authentication Response frame that indicates authentication success. Otherwise, the authentication-enforcing wireless node sends a Shared Key Authentication Response frame that indicates authentication failure.

figure 2-2 shared key authentication.

Figure 2-2. Shared key authentication.

Because the shared key authentication secret must be manually distributed and typed, this method of authentication does not scale appropriately in large infrastructure mode networks (for example, corporate campuses and public places).

Another serious problem with shared key authentication is that for configuration simplicity, the shared key authentication key is the same as the WEP encryption key used to encrypt all data between the authentication-initiating wireless client and the authentication-enforcing wireless node. The shared key authentication exchange includes a plaintext (the challenge text) and a ciphertext (the encrypted challenge text) exchange with an indication of success. An attacker can capture a successful shared key authentication exchange and determine the shared key authentication key, which is also the WEP encryption key, through cryptanalysis methods. When the WEP encryption key is determined, the attacker has full access to the wireless network and can begin attacking wireless nodes. Therefore, the use of shared key authentication is highly discouraged, even for Small Office/Home Office (SOHO) wireless networks.

More Info
For more information about SOHO wireless networks, see Chapter 12, Secure Wireless Networks for the Home and Small Business.

Encryption and Data Integrity

Due to the broadcast nature of wireless LAN networks, eavesdropping and remote sniffing of wireless LAN frames is very easy. Wired Equivalent Privacy (WEP) is defined by the IEEE 802.11 standard and is intended to provide a level of data confidentiality and integrity that is equivalent to a wired network.

WEP

WEP provides data confidentiality services by encrypting the data sent between wireless nodes. Setting a WEP flag in the MAC header of the 802.11 frame indicates that the frame is encrypted with WEP encryption. WEP provides data integrity by including an integrity check value (ICV) in the encrypted portion of the wireless frame.

WEP defines two shared keys:

  • Multicast/global key

    The multicast/global key is an encryption key that protects multicast and broadcast traffic from a wireless AP to all of its connected wireless clients.

  • Unicast session key

    The unicast session key is an encryption key that protects unicast traffic between a wireless client and a wireless AP and multicast and broadcast traffic sent by the wireless client to the wireless AP.

WEP encryption uses the RC4 symmetric stream cipher with 40-bit and 104-bit encryption keys. Although 104-bit encryption keys are not specified in the 802.11 standard, many wireless AP vendors support them.

NOTE
Some implementations that advertise the use of 128-bit WEP encryption keys are just adding a 104-bit encryption key to the 24-bit initialization vector (IV) and calling it a 128-bit key. The IV is a field in the header of each 802.11 frame that is used during the encryption and decryption process.

WEP Encryption Process

To encrypt the payload of an 802.11 frame, the following process is used (shown in Figure 2-3):

  1. A 32-bit ICV is calculated for the frame data.

  2. The ICV is appended to the end of the frame data.

  3. A 24-bit IV is generated and appended to the WEP encryption key.

  4. The combination of [IV+WEP encryption key] is used as the input of a pseudo-random number generator (PRNG) to generate a bit sequence that is the same size as the combination of [data+ICV].

  5. The PRNG bit sequence, also known as the key stream, is bit-wise exclusive ORed (XORed) with [data+ICV] to produce the encrypted portion of the payload that is sent between the wireless access point (AP) and the wireless client.

  6. To create the payload for the wireless MAC frame, the IV is added to the front of the encrypted[data+ICV], along with other fields.

figure 2-3 wep encryption process.

Figure 2-3. WEP encryption process.

WEP Decryption Process

To decrypt the 802.11 frame data, the following process is used (shown in Figure 2-4):

  1. The IV is obtained from the front of the 802.11 frame payload.

  2. The IV is appended to the WEP encryption key.

  3. The [IV+WEP encryption key] is used as the input of the same PRNG to generate a bit sequence of the same size as the combination of the data and the ICV. This process produces the same key stream as that of the sending wireless node.

  4. The PRNG bit sequence is XORed with the encrypted[data+ICV] to decrypt the [data+ICV] portion of the payload.

  5. The ICV calculation for the data portion of the payload is run, and its result is compared with the value included in the incoming frame. If the values match, the data is considered to be valid (sent from the wireless client and unmodified in transit). If they do not match, the frame is silently discarded.

figure 2-4 wep decryption process.

Figure 2-4. WEP decryption process.

Although the secret key remains constant over a long duration, the IV is changed periodically and as frequently as every frame. The periodicity at which IV values are changed depends on the degree of privacy required of the WEP algorithm. The ideal method of maintaining the effectiveness of WEP is changing the IV after each frame.

Security Issues with the IEEE 802.11 Standard

The main problem with WEP is that the determination and distribution of WEP encryption keys are not defined. WEP keys must be distributed by using a secure channel outside of the 802.11 protocol. In practice, WEP keys are text strings that must be manually configured using a keyboard for both the wireless AP and wireless clients. Obviously, this key distribution system does not scale well to an enterprise organization and is not secure.

Additionally, there is no defined mechanism to change the WEP encryption keys either per authentication or periodically for an authenticated connection. All wireless APs and clients use the same manually configured WEP key for multiple sessions. With multiple wireless clients sending a large amount of data, an attacker can remotely capture large amounts of WEP ciphertext and use cryptanalysis methods to determine the WEP key.

The lack of a WEP key management protocol is a principal limitation to providing 802.11 security, especially in infrastructure mode with a large number of stations. Some examples of this type of network include corporate and educational institutional campuses and public places such as airports and malls. The lack of automated authentication and key determination services also affects operation in ad hoc mode, in which users may wish to engage in peer-to-peer collaborative communication in areas such as conference rooms.

The security issues that exist with the original 802.11 standard are the following:

  • Rogue wireless APs.

  • No per-user identification and authentication.

  • No mechanism for central authentication, authorization, and accounting.

  • Some implementations derive WEP keys from passwords, resulting in weak WEP keys.

  • No support for extended authentication methods. For example, token cards, certificates/smart cards, one-time passwords, biometrics, and so on.

  • No support for key management. For example, rekeying global keys and dynamic per-station or per-session key management.

The solution for these shortcomings of the originally defined IEEE 802.11 standard is the IEEE 802.1X standard.



Deploying Secure 802.11 Wireless Networks with Microsoft Windows
Deploying Secure 802.11 Wireless Networks with Microsoft Windows
ISBN: 0735619395
EAN: 2147483647
Year: 2000
Pages: 123
Authors: Joseph Davies

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net