So far we have discussed generic solutions and tools. The following section will review specific tools to correct WEP- related vulnerabilities, as well as other security enhancements that are being considered for future versions of 802.11 networks.
The Temporal Key Integrity Protocol (TKIP) is a more recent security feature offered by various vendors to correct the weak WEP problem. It was developed by some of the same researchers who found the weaknesses in how RC4 was implemented. TKIP corrects these weaknesses and more.
This new protocol still uses RC4 as the encryption algorithm, but it removes the weak key problem and forces a new key to be generated every 10,000 packets or 10kb, depending on the source. In addition, it hashes the initialization vector values that are sent as plaintext in the current release of WEP. This means the IVs are now encrypted, and are not as easy to sniff out of the air. Because the first three characters of the secret key are based on the three-character IV, the hashing of this value is a must. Without protecting the IV from casual sniffing attacks, a hacker can turn a 64-bit key (based on 8 characters x 8 bits in a byte) into a 40-bit key (based on 8 - 3 characters x 8 bits in a byte).
Also included in TKIP is a stronger and more secure method of verifying the integrity of the data. Called the Message Integrity Check, this part of TKIP closes a hole that would enable a hacker to inject data into a packet so he can more easily deduce the streaming key used to encrypt the data. Based on the discussion in Chapter 5, "Cracking WEP," you know that if a hacker knows any two of the XOR values, he can calculate the third. Therefore, by injecting known data into a packet and capturing it after it has been encrypted, a hacker can determine the encrypted value and the plaintext value. When values are XORed together, the result is the PRGA streaming key. Once the PRGA for any packet is known, a hacker can reuse it to create his own encrypted packets without ever knowing the secret key. This is possible because the hacker can take the deduced PRGA value and XOR it with his choice of text. The result of this is a properly encrypted packet. He can then simply append the same IV value he pulled from the hacked packet and reapply it to the newly created packet. Thus, a hacker could completely bypass the creation of the KSA, which is the only part of the encryption process that requires the password.
This packet, once received by the access point, will be deciphered by using the appended IV values and the password used by the access point. Then the KSA is created, which is used to create the PRGA value that the hacker used to encrypt his packet. Then the PRGA streaming key is XORed with the encrypted packet, and that information is passed on.
With the new Message Integrity Check, this type of exploit is not possible. By verifying that the packet was not altered , and by dumping any packet that appears to be, the hacker will not be able to easily determine the PRGA. In addition, hashing the IVs creates yet another obstacle to any hacker that somehow deduces the PRGA. The hacker would have to determine the correct value of the hashed IVs, which is probably based on the data in the encrypted packet.
However, and even with all this extra security, TKIP is designed like the current version of WEP. This similarity allows TKIP to be backward-compatible with most hardware devices. This also means consumers merely have to update their firmware or software to bring their WLANs up to par.
Although this new security measure is important, it is only temporary. TKIP is more like a simple band -aid to patch the hemorrhaging artery of WEP security. This is because TKIP still operates under the condition that a hacker only has to crack one "password" to gain access to the WLAN. This is one of the major factors that caused the current release of WEP to be crackable. If WEP included a multifaceted security scheme using stronger encryption and/or multiple means of authentication, a hacker would have to attack the WLAN from several points, thus making WEP cracking much more difficult.
Therefore, if you own WLAN gear, keep a close eye on the vendor patch list to see when the update is released. You might also want to send an email to the vendors' support departments to get your name on an email notification list once they have a patch. If you do not own a WLAN and are looking to purchase one, consider looking for one with this option built into it. The only other option is to wait until the next standardized wireless products are released using the 802.11i standard.
Advanced Encryption Standard (AES) is a newer encryption method that was selected by the U.S. government to replace DES as their standard. It is quite strong, and is actually under review for the next version of the wireless 802.11 standard (802.11i). In fact, although it is not yet officially supported in all WLAN hardware, certain vendors have already started implementing it.
AES uses an algorithm known as Rijndael. The algorithm was devised by Joan Daemen and Vincent Rijmen, and it became part of AES by a contest-like selection process that picked the best algorithm from proposed schemes created by the public sector. Other competitors were RSA (maker of RC4), IBM, and various international groups. The contest was hosted by the National Institute of Standards and Technology, which was working for the National Security Agency. The contest was devised as a result of the cracking of the previous standard encryption method (DES), which was broken in 1990. Because of this, an immediate replacement for the encryption method was a necessity. However, "immediate" in terms of a bureaucracy means that it took seven years to start the contest, and a few more years to actually select a winner. Thus, AES was born.
The strength of AES has yet to be truly tested . Barring advances in quantum computing, it is expected that AES will remain the standard form of encryption for many years. The following is a list of the number of guesses it would take to crack AES-protected data. There are three options, because AES allows different sizes of keys, depending on need. The key size directly reflects the strength of the encryption, as well as the amount of processing required to encrypt and decipher the text.
In other words, using the same technology used to crack DES, it would take 149 trillion years to crack AES. Now, this was over a decade ago, but the fact remains that AES is a very good algorithm, and is expected to remain the standard for many decades to come. However, like all encryption, AES will be cracked eventually.
One downside to AES is that it has a larger overhead than RC4. This is because of the extra processing required during the encryption/decryption process, which is more complex than the relatively simple RC4. To illustrate , the entire RC4 algorithm is often coded in about 50 lines of code, whereas AES takes about 350 lines. Although this does make AES more of a resource hog, hardware accelerators and other software tricks can compensate for this.
Nevertheless, AES is destined to be the encryption method of all wireless traffic. Vendors are using AES already in their own proprietary WLANs, and this trend will act as a catalyst to make AES the official standard. However, you will not be able to use AES-ready hardware using the current standard of WEP. They are two entirely different encryption methods , and they will not work together.
Secure Sockets Layer is a protocol that has been in use for years online. The most popular form uses RC4 to encrypt data before it is sent over the Internet. This provides a layer of security to any sensitive data and has been incorporated into almost all facets of online communication. Everything from Web stores, online banking, Web-based email sites, and more use SSL to keep data secure. The reason why SSL is so important is because without encryption, anyone with access to the data pipeline can sniff and read the information as plaintext.
When building a secure WLAN, one of the important and necessary parts is authentication. Although there is some protection in the preshared password that is used to set up WEP, this will only encrypt the data. The flaw in this is that the system assumes the user is allowed to send data if the correct preshared password is used. In addition, by only using WEP (in conjunction with a DHCP WLAN), there is no way to track and monitor wireless users for security reasons. Thus, authentication of some sort is required.
Although authentication is important and necessary, it is also potentially vulnerable to several different types of attacks. For example, user authentication assumes that the person sending the password is indeed the owner of the account, which might not be true. Another weakness of an online authentication system is that the user information must be sent from the client to the host system. Therefore, the authentication information can be sniffed, which is why SSL is important to the authentication of users.
Because WLANs operate in a world that is meant to be very user-friendly and cross-platform, using proprietary software to encrypt and authenticate users would be tedious , and would be simply another obstacle for a user. Instead of designing an authentication system this way, many vendors are using a system that has been tried and tested for years. By using a Web browser with SSL enabled, an end user can make a secure and encrypted connection to a WLAN authentication server without having to deal with cumbersome software. As most wireless users will be familiar with using secure Web sites, the integration of SSL will go unnoticed. Once the connection is made, the user account information can be passed securely and safely.
Intrusion detection systems (IDSs) are to computer networks what burglar alarms are to homes . The simple truth remains that all networks can be hacked . Because of this, we recommend that every network contain at least one form of IDS. (Chapter 14, "Intrusion Detection Systems," examines IDSs in more detail).
When dealing with wireless networks, using an IDS can be a bit tricky. Because of the nature of WLANs, guests might be connecting all the time and using the Internet or other network resources. Thus, an IDS system would quickly overload and eventually be ignored because of the number of false positives.
It is best to place the IDS on a system behind the firewall. This way, the amount of traffic it has to deal with is lessened, and it can become a reliable part of the security system. This is like trying to use a car alarm on a car that is parked next to the highway ”the alarm would have a difficult time trying to distinguish a truck's rumbling from a thief 's ministrations. Instead, you would want to park the car on the other side of the building or house to keep it from repeatedly having false alarms.
Thus, install an IDS and let it maintain a watchful eye over your network. Although this part of your security will not provide any direct protection, as described in Chapter 14, it does have significant advantages.