WLANs employ specific methods for encryption, hashing, and authentication. Figure 7-1 illustrates the general elements that make up the embedded WLAN security. Figure 7-1. Embedded WLAN Security
EncryptionEncryption is the action taken to mask the elements in a data stream. This is done by applying a variable (key), which is known by a sending station and a receiving station, to an algorithm that encodes and decodes the transmission. In this section, you will find three basic flavors of encryption that have been applied to WLANs for securing over-the-air transmissions. Each is still suitable for use today. However, they are typically not used in Enterprise environments as they are insufficiently robust. The initial encryption method was WEP, which provided sufficient protection in early WLAN deployments. Over the years, the ability and desire of people to crack encryption algorithms and break cyphers has increased. As such, more robust encryption schemes are continuously developed to offset weakened methods and to retain the possibility of secure communication. WLANs have thus seen the displacement of WEP by the schemes named CCMP and AES. Let us compare these three methods. WEPWEP is an encryption algorithm that is built into the original 802.11 standard. WEP encryption uses the RC4 stream cipher with either 40- or 104-bit keys and a 24-bit initialization vector. WEP was initially deployed as a static key written onto the client, which caused a burden on key management. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)CCMP is a 128-bit keys cipher with a 48-bit initialization vector (IV), which helps prevent replay attacks. The Cipher Block Chaining Message Authentication Code (CBC-MAC) component of CCM provides data integrity and authentication. Note Although CCMP is a very strong encryption standard but it requires more computing power than WEP. This is important because some wireless access points might not have sufficient computing power to support CCMP. Advanced Encryption Standard (AES)AES was developed for securing sensitive but unclassified material by the U.S. government. By directive of the National Institute of Standards and Technology (NIST), a replacement for the Data Encryption Standard (DES) and to a lesser degree 3DES was commissioned. The specification required a symmetric algorithm using a block encryption of no less than 128 bits in size. Note that AES also forms the underlying encryption algorithm used in CCM. Its requirement and subsequent ratification by the U.S. government prompted acceptance by the general public. The capability of AES encryption to remain protected is estimated to be years as opposed to weeks or days of current encryption methods. Note AES was built on the cipher developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, called Rijndael. HashingHashing prevents man-in-the-middle attacks as it ensures that messages that have been tampered with, while they were in transit, can be identified by the receiver. This is independent of whether the message is encrypted. This section details Temporal Key Integrity Protocol (TKIP) and Message Integrity Check (MIC), which we refer to as radio side protection throughout this chapter. Both of these are used to maintain the integrity of the information sent over the RF. TKIP (Temporal Key Integrity Protocol)You can think of TKIP as a wrapper or enhancement for WEP. WEP is still the underlying encryption standard, but TKIP significantly improves the security by addressing its weak hashing capabilities. Using TKIP, every key is "rehashed," effectively giving each packet its own key. Because the attacks upon WEP rely on capturing tens of thousands of packets that use the same key to attempt to identify the actual key, TKIP never reuses the same key. As such, it greatly reduces the risk of the key being discovered. TKIP is also part of the WPA standard. Message Integrity CheckIn order to combat the ability of a hacker to intercept, examine, and forward on a packet to an AP, there is a need to provide an additional layer of radio side protection. This is done through the insertion of an 8-byte MIC placed between the data portion of the 802.11 frame and the 4-byte Integrity Check Value (ICV). The MIC field is encrypted along with the frame data and the ICV. This is essentially a cyclic redundancy check (CRC) for wireless and is intended to prevent replay attacks, that is replay of an intercepted packet. Table 7-1 summarizes the different security models described.
AuthenticationAuthentication is the process in which the identity of a user or device is validated. This is typically done using passwords or certificates. Note that authentication assumes some degree of implicit trust. For example, the use of passwords assumes that it is only known by the authenticating entity. The same is true for certificates as they, in theory, can be handed off to somebody else. Furthermore, in the case of certificates, you need to trust the authority that extends the certificates. This book does not cover this topic in-depth. However, you should be aware of these nontrivial challenges regarding trust and authentication. In the remainder of this section, we cover the methods and frameworks that are commonly used in WLANsspecifically, 802.1x, Wi-Fi Protected Access (WPA), and 802.11i. 802.1xThe 802.1x standard is a framework that defines a common process of communication for both wired and wireless LAN-based devices to initiate and secure point-to-point authentication. The 802.1x LAN standard can be applied to any subset of the 802 family. Its mainstream debut came at the time when WLAN products hit the mass market. Because standalone WEP was already known to be weak, 802.1x found a niche in which it could help to ensure the secure transmission of data in a WLAN. It is very important to understand that the standard only outlines the framework for communication. This freamework allowed vendors to provide various underlying authentication methods (which you learn more about in the section "EAP Types"), each with its own distinctive features. The framework defines mutual authentication of devices and recommends the use of RADIUS as an authentication protocol. There are three key components to the 802.1x framework:
The authentication communication between a client device and the authentication server is broken into two stages, as shown in Figure 7-2:
Wi-Fi Protected AccessWi-Fi Protected Access (WPA) is a standard developed by the Wi-Fi Alliance primarily as a method for interoperability between Wi-Fi vendors. The Wi-Fi Alliance is a coalition of vendors with the charter of finding a common solution for wireless security. The WPA standard helps to mitigate the inherent shortcomings of WEP by protecting the transmission of data in the RF space by mandating the use of TKIP, MIC, and 802.1x. WPA has two modes:
WPA is built to support WEP as the encryption method, whereas the second phase of WPA, WPA2, supports the addition of CCMP for authentication. Table 7-2 summarizes the features of the different WPA types.
802.11iBased on WPA, the IEEE has ratified 802.11i as a wireless security standard to help provide a more robust method of protection. This standard introduces new and stronger encryption and hashing methods. It expands the initial validation (handshake) between the AP and client while still using 802.1x for the actual authentication process. 802.11i also mandates the use of AES. The principle enhancements are
Figure 7-3 illustrates the relationship between these four parts of 802.11i. Each shaded area refers to one of the four functions listed previously. Figure 7-3. Functions of 802.11i
802.11i uses EAP as the end-to-end transport for authentication and 802.1X (EAPoL) to encapsulate these EAP messages over WLANs. During the discovery phase, participants determine the parties with whom they will communicate. The AP informs the client which security features are required to be used for communications. Authentication employs 802.1x as a framework and further specifies the following:
Key management also uses the 802.1x framework with the addition of a four-way handshake, which ensures that the client and AP are valid devices (trusted). Because the session key used in client and AP transmissions is valid for the length of the session, an additional mechanism was added to the protocol to help maintain the integrity of the key. Specifically, the following actions take place (four-way handshake):
EAP TypesThe Extensible Authentication Protocol (EAP) is a framework for sending authentication information and encryption keys from the authentication server (AS) to the client (STA) and AP (Auth). The authentication methodologypassword-based, public key infrastructure (PKI), or certificateis set by the organization. The EAP session thus adopts the following event sequence:
The following list describes different EAP types. Note that this is not a comprehensive catalog of all EAP types. However, it does include all the mainstream versions:
Table 7-3 summarizes the features of different EAP types.
|