What is Next?


Many people are working to improve the security of the WLAN. The greatest reason is to upgrade the security functionality. To a lesser degree, but equally important, these efforts also promote assurance to the users and managers of wireless devices. Here are three approaches that have promise for the future of 802.11 WLAN.

nDosa

The future of secure WLAN may rest with products like nDosa Access Point. nDosa Technologies introduced a secure wireless LAN technology based on its nESA (nDosa Enhanced Security Algorithm) that renders its signal invisible to would-be hackers and unauthorized observers, and hence, greatly reduces its vulnerability to hacking and intrusion. It should be noted, however, that although some determined hackers may still be able observe the RF signal and monitor LAN activity over the air, it would be extremely difficult for them to break into the system (Kim & Shin, 2003). Like other WLAN solutions, it is scalable, upgradeable, flexible and can be customized. nDosa secure WLAN users can access not only nDosa secure WLANs but also the standard WLANs deployed widely in public places or in highly secure areas. When needs arise to enhance authentication or key management procedure, nDosa secure WLAN technology can be applied without alteration. Encryption algorithms and security solutions, in general, need to be upgraded continually as they are at war against hackers. According to the literature, nESA is designed to make upgrades simple and easy.

The combination of the proposed wireless LAN scheme with nDosa s existing secure wireless LAN technology would render the system not only invisible even in the RF band , but also assures that the system will remain relatively impervious to break-ins even if the signal is detected . Implementation of both security measures would provide the wireless LAN with ironclad security that is necessary and appropriate for defense of government applications and data.

WPA

Wi-Fi Protected Access is a specification of standards-based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN systems. Designed to run on existing hardware as a software upgrade, Wi- Fi Protected Access is derived from and will be forward compatible with the upcoming IEEE 802.11i standard ( http://www.wi-fi.org/OpenSection/pdf/Wi-Fi_Protected_Access_Overview.pdf ). WPA is a proactive response by the industry to offer an immediate and strong security solution. An inexpensive software upgrade is now available to installation at the enterprise or SOHO WLANs. This solution is compatible across multiple vendors and is configurable with authentication servers or as a stand-alone. WPA is a subset of the 802.11i draft standard and will maintain forward compatibility.

Wi-Fi Protected Access was constructed to provide an improved data encryption, which was weak in WEP, and to provide user authentication, which was largely missing in WEP. The improvements are centered on the use of enhanced data encryption through Temporal Key Integrity Protocol (TKIP). TKIP provides important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through these enhancements, TKIP addresses all WEP s known vulnerabilities.

Table 1: Comparison Chart
 

WEP

WPA

802.11i

nDOSA

Cipher

RC4

RC4

CTR-CCMP

nESA

Key Size

40 bits

128 bits encryption 64 bits authentication

128 bits

128 ~ 256 bits

Key Life

24-bit IV

48-bit IV

48-bits IV

48-bits IV

Packet Key

Concatenated

Mixing Function

Not Needed

Mixing Function

Data Integrity

CRC-32

Michael

CCM

CRC-32

Header Integrity

None

Michael

CCM

nESA

Replay Attack

None

IV Sequence

IV Sequence

Encrypted IV

Key Management

None

EAP

EAP

EAP & any other methods

Header Encryption

None

None

None

nESA

Hidden Mode

None

None

None

Yes

Using the Enterprise-level User Authentication via 802.1x and Extensible Authentication Protocol (EAP) WEP has almost no user authentication mechanism, Wi-Fi Protected Access implements 802.1x and the EAP strengthens user authentication. Together, these implementations provide a framework for strong user authentication. This framework utilizes a central authentication server, such as RADIUS, to authenticate each user on the network before they join it, and also employs mutual authentication so that the wireless user does not accidentally join a rogue network that might steal its network credentials.




Information Technology Security. Advice from Experts
Information Technology Security. Advice from Experts
ISBN: 1591402484
EAN: N/A
Year: 2004
Pages: 113

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net