802.11 Security Beyond WEP
June 26, 2002
If WEP is not good enough for you, then consider the security enhancements that 802.11i has in store. Here's an overview of how 802.1X, TKIP, and AES will provide rock solid security.
As discussed in a previous tutorial, 802.11 wired equivalent privacy (WEP) has weaknesses, making it inadequate for protecting networks containing sensitive information. WEP does a fairly good job of defending against the general public, but there are some good hackers lurking out there who can crack into a WEP-protected network. As a result, you will need to implement advanced security mechanisms beyond the capability of WEP if you feel that unauthorized people will want access to resources on your network.
WEP only provides a method for authenticating radio NICs to access points, not the other way around. As a result, a hacker can "reroute" data through an alternate unauthorized path that avoids other security mechanisms. Instead of one-way authentication, wireless LANs need to implement mutual authentication to avoid this problem.
Encryption alters the bits of each data packet to guard against eavesdroppers from decoding data, such as credit card numbers and user/name passwords. WEP doesn't support key management, which requires users to manually change encryption keys. Because this is a tedious process, keys go unchanged for weeks, months, and even years. This leaves the network wide open to hackers.
For encryption to be effective, the security function must minimize the reuse of encryption keys by changing them often, possibly every frame transmission. This decreases the time available for a hacker to break into the network and makes it very difficult if not impossible to comprise the security of the network.
There are proprietary enhancements to WEP that leading wireless LAN vendors currently implement (such as Agere's 152-bit WEP and US Robotic's 256-bit WEP), and some companies utilize Internet-based security mechanisms (e.g., IPSec) to protect data transmissions from eavesdroppers. For a standardized solution, the 802.11i committee is nearly finished specifying methods that strongly enhance 802.11's ability to safeguard wireless LANs.
802.1X: Framework for Authentication
Combined with an authentication protocol, such as EAP-TLS, LEAP, or EAP-TTLS, IEEE 802.1X provides port-based access control and mutual authentication between clients and access points via an authentication server. The use of digital certificates makes this process very effective. 802.1X also provides a method for distributing encryption keys dynamically to wireless LAN devices, which solves the key reuse problem found in the current version of 802.11. (For details on the operation of 802.1X, refer to a past tutorial.)Microsoft supports 802.1X in Windows XP, and many vendors offer 802.1X in wireless LAN devices. 802.11i is including 802.1X in the future 802.11 standard, which will probably be available in by the end of 2002.
TKIP: Interim Encryption Solution
The temporal key integrity protocol (TKIP), initially referred to as WEP2, is an interim solution that fixes the key reuse problem of WEP, that is, periodically using the same key to encrypt data. The TKIP process begins with a 128-bit "temporal key" shared among clients and access points. TKIP combines the temporal key with the client's MAC address and then adds a relatively large 16-octet initialization vector to produce the key that will encrypt the data. This procedure ensures that each station uses different key streams to encrypt the data.
TKIP uses RC4 to perform the encryption, which is the same as WEP. A major difference from WEP, however, is that TKIP changes temporal keys every 10,000 packets. This provides a dynamic distribution method that significantly enhances the security of the network.
An advantage of using TKIP is that companies having existing WEP-based access points and radio NICs can upgrade to TKIP through relatively simple firmware patches. In addition, WEP-only equipment will still interoperate with TKIP-enabled devices using WEP. TKIP is a temporary solution, and most experts believe that stronger encryption is still needed.
AES: Long Term Encryption Technique
In addition to the TKIP solution, the 802.11i standard will likely include the Advanced Encryption Standard (AES) protocol. AES offers much stronger encryption. In fact, the U.S. Commerce Department's National Institutes of Standards and Technology (NIST) organization chose AES to replace the aging Data Encryption Standard (DES). AES is now a Federal Information Processing Standard, FIPS Publication 197, that defines a cryptographic algorithm for use by U.S. Government organizations to protect sensitive, unclassified information. The Secretary of Commerce approved the adoption of AES as an official Government standard in May 2002.
An issue, however, is that AES requires a coprocessor (additional hardware) to operate. This means that companies need to replace existing access points and client NICs to implement AES. Based on marketing reports, the installed base today is relatively small compared to what future deployments will bring. As a result, there will be a very large percentage of new wireless LAN implementations that will readily take advantage of AES when it becomes part of 802.11. Companies having installed wireless LANs, on the other hand, will need to determine whether it's worth the costs of upgrade for better security.
Jim Geier provides independent consulting services to companies developing and deploying wireless network solutions. He is the author of the book, Wireless LANs (SAMs, 2001), and regularly instructs workshops on wireless LANs.