(Web site).doc.doc.doc

Wireless Security Initiatives Keith Fleming

Wireless Security Initiatives

The Wireless LAN (WLAN) industry is the fastest growing networking market, only

overcome by limitations to secure it. There has been a widespread adoption of wireless

networks in the SOHO user market. Wireless LAN technology is recognized, accepted

and adopted by many organizations worldwide. Many companies and government entities

are realizing the competitive advantage of deploying wireless technology in the

workplace. Wireless technologies are continually evolving and providing advancements

in speed, bandwidth, and security. However, large enterprises have been reluctant to

deploy wireless networks due to perceived limitations in wireless security and the risks it

poses to the organization.

Simply, WLAN’s are a disruptive technology that has many challenges with securing its

networks. Today, the WLAN industry can be categorized as “overheated”, where

technology adoption is being driven by an impatient user base demanding more features,

and an all out effort by vendors to address known wireless security vulnerabilities. There

is a high priority in the industry, especially with the federal government, to push the

technology to a point where the risk of compromise is minimized.

The intent of this paper is to address the security issues surrounding wireless networks in

an enterprise environment. This paper will provide a high level overview of all the

challenges and components associated with securing a wireless network. The

fundamental question plaguing the industry today is if wireless networks can be deployed

1


securely. There is a mindset prevailing that wireless networks are inherently insecure.

Can this be actually true, a fact or fabrication? What known security holes limit

enterprise deployments of a WLAN and can they be fixed? This paper will shed light on

these questions and detail how wireless networks are secured and point out their

limitations. Additionally, this paper will explore current and future initiatives to secure

wireless networks in a large enterprise environment, and provide a roadmap where

wireless security is headed in the future.

WLAN Overview, Standards and Organizations

WLAN technology first dates back to the mid-1980s when the Federal Communications

Commission (FCC) made the RF spectrum available to the industry. In 1990, the

Institute of Electrical and Electronics Engineers (IEEE) formed a working group (WG) to

develop a wireless standard to provide wireless networking technology to be similar to

the wired Ethernet (802.3).1 This group focused on developing a general standard for

radio equipment and networks working at 2.4 GHz, with access time of 1 and 2 Mbps. In

June 1997, the IEEE released the wireless standard describing the operations for WLAN,

known as 802.11. The 802.11 specifications is the fundamental standard for WLAN. The

new standard defined the following functions and technologies: WLAN architecture,

MAC layer services such as association, re-association, authentication and privacy, frame

formats, signaling functions, and WEP algorithm.

1 A working group, formed by the IEEE, is a collection of researchers, academics, and industry professionals formed with a goal to develop an industry standard to be eventually approved by the IEEE.

2


In September 1999, the IEEE ratified 802.11b that provided the same basic architecture,

features and service as 802.11, but improved upon the standard by adding higher data

rates (5.5 and 11 Mbps) and more robust connectivity. 2 The 802.11b standard

established operations in the unlicensed 2.4 –2.5GHz frequency range using direct

sequence spread-spectrum (DSSS) technology.3

In late 2001, 802.11a was ratified that improved the data rate to 54 Mbps, operating at a

licensed frequency range of 5 GHz, and using orthogonal frequency division multiplexing

(OFDM) technology to reduce interference. 4 This was a dramatic technology shift from

802.11b providing fast data transfers at a higher frequency range that was not susceptible

to interference from other devices. However, the 802.11a standard sacrificed decreases in

range comparable to 802.11b.

In 2003, the IEEE published 802.11g Amendment 4 that provided a higher data rate

extension in the 2.4 GHz unlicensed frequency band up to 54 Mbps (similar to 802.11a).

It provided backward compatibility to 802.11b, a major advantage, by still supporting the

complimentary code key (CCK) modulation. The 802.11g provided the best of both

worlds (802.11a and 802.11b) with higher speeds, and employing OFDM technologies

(like 802.11a), but in the 2.4 GHz frequency bands where range was not compromised

(like 802.11b).

2 802.11 operated only at 1 & 2 Mbps not comparable to Ethernet speeds of 10 Mbps. 3 This frequency range is known as the Industrial, Scientific, and Medical (ISM). 4 802.11a Working Group (WG) technically started before 802.11b. However, the objectives were considerably more difficult that resulted in a later ratification date.

3


The above IEEE standards (802.11a, 802.11b, and 802.11g) serve as the major players in

the world of wireless networking. However, there are various other standard tasks and

WGs involved with promoting the overall functionality of the 802.11 protocol. Two

important standards that directly addressed security limitations in the 802.11 protocols

were the IEEE 802.11i and 802.1x standards.

The IEEE 802.11i and 802.1x specifications addressed several separate initiatives for

improving WLAN security. The IEEE Task Group i (TGi) developed the 802.11i

standard, published in 2004, to provide short-term and long-term solutions for wireless

security to ensure message confidentiality and integrity. 5 The TGi developed the

Temporal Key Integrity Protocol (TKIP) as a short-term solution, known as WiFi

Protected Access (WPA), to address problems with WEP and to support legacy systems.6

It is a cipher suite that consists of three protocols: a cryptographic message integrity

algorithm, a key mixing algorithm, and an enhancement to the initialization vector (more

on this later). The long-term solution defined in 802.11i is the Counter Mode/CBC-MAC

Protocol (CCMP) based on the newly released Advanced Encryption Standard (AES).

CCMP is a highly robust algorithm solution that is not compatible with older WEP-

oriented hardware, as thus will require new hardware and protocol changes. 7 The AES

(CCMP) protocol provides WLANs with a stronger encryption (confidentiality)

5 The TGi group was formed in March 2001to provide enhancements in security and authentication for the 802.11 MAC. The TGi group split from the MAC Enhancement Task Group (TGe) to address security limitations of 802.11. 6 TKIP was a fix for deficiencies identified in WEP, without any hardware changes. Fixes had to be made to the firmware or software drivers only. WPA is a subset of the TGi solution and an interim fix that incorporates two main features: (1) 802.1x, and (2) TKIP. 7 AES it considered to be a very secure encryption suite, as a result of wide international security by cryptographic experts. It is the current state-of -the art encryption algorithm, as a result of international involvement to produce a strong encryption algorithm. The U.S. government has accepted AES has a standard encryption suite. Approved and published in the FIPS-142.

4


capability, and message integrity than TKIP. Also, it incorporates replay protection. 8

The future of WLAN deployments is moving towards CCMP as the accepted compliance

standard.

The 802.1x technology was primary developed to support 802 LANs, and is included in

the 802.11i standard to provide MAC layer security enhancements.9 The 802.1x is a port

authentication algorithm that provides a framework at the link layer allowing for a variety

of authentication algorithms to operate over it. It primarily uses the Extensible

Authentication Protocol (EAP) to exchange authentication information. It allows WLAN

clients to communicate with an authentication server to validate their credentials, and

supports strong mutual authentication and key management. 10

In WLANs, the 802.1X framework consists of three entities: the client (resides on the

wireless client), the authenticator (resides on the access point), and the authenticator

server or AS (resides on a RADIUS server). The 802.1X protocol is an end-to-end

communication authentication process between the client and the AS, with the AP

serving as the conduit for the authentication messages. The client and AP communicate

by means of the EAP encapsulation over LAN (EAPOL) protocol. The AP and the AS

communicate through RADIUS. 11 It should be noted that the 802.1X protocol supports

8 Replay protection denies an attacker the capability to capture at least one packet traveling from a victims wireless client laptop/AP to be replayed back into the network, causing the target AP to respond and provide more traffic to capture. 9 IEEE standard 802.1X-2001 is a port-based network access specification that was ratified in June 2001. 802.1aa is a revision to 802.1X and work is still in progress. 10 802.1x allows an AP and a wireless client to mutually authenticate one another. 11 Remote Address Dial-In User Service (RADIUS) is an access server authentication and accounting protocol developed by Livingston Enterprises, Inc. In June 1996, the Internet Engineering Task Force (IETF) approved RADIUS as a standard: RADIUS Specification (RFC 2058) and RADIUS accounting standard (RFC 2059).

5


several different authentication protocols in addition to RADIUS such as Diameter, and

Kerberos. The 802.1X can be implemented with different EAP types (to be covered

later). Figure 1 illustrates the communication paths of the client, AP and AS, and the

802.1X authentication process.

Figure 1 - 802.1x Authentication Process (WPA2)

1. Client request access with AP.

2. Authenticator detects client association and enables the client’s port.

3. Port is forced into an unauthorized state to forward only 802.1x traffic (all other

traffic is blocked).

4. The AP passes request to the RADIUS server.

5. The AS and client exchange authentication messages for server to verify client’s

identity (password). Mutual authentication also possible where client is verifying

the AS identity.

6. The AS instructs the AP via a RADIUS-ACCEPT message to let the client onto

the network if the client has satisfied the authentication criteria. If not, an

RADIUS-REJECT message is sent to the AP.

7. Upon receipt of the RADIUS-ACCEPT message, the AP transitions the client port

to an authorized state allowing the client onto the network.

6


Since the ratification of the initial 802.11 standard, the IEEE 802.11 WG has made

numerous revisions through various task groups to improve wireless technologies and

security. 12 Table I provides a summary of the 802.11 standards. (Note: Standards

highlighted in blue will be the main focus of this paper.)

Table I – Summary of 802.11 Standards

Specification Description Main Purpose Interest to Security Availability

802.11: Wireless LAN Media Access Control (MAC) and Physical Layer Specifications

Original WLAN standard designed for 1 to 2 Mbps wireless transmissions at 2.4 GHz frequency range. Defined the WLAN infrastructure, MAC level services, Frame formats, FHSS and DHSS functions, and WEP algorithm. Operates at the physical and data link layer of the OSI model.

Basic wireless technology standard

LowCompleted in

June 1997

802.11a: Wireless LAN MAC and PHY Specifications

A physical layer standard in the 5 GHz frequency band. Second major revision to 802.11 standard that provided significant increases in the transfer rate to a maximum theoretical speed of 54 Mbps per channel, and 8 available channels.

Higher Performance

Low

Approved and ratified by IEEE in

2001

802.11b: Wireless LAN MAC and PHY

Specifications

A physical layer standard in the 2.4 GHz unlicensed frequency band. First major revision to 802.11 standard that provided enhancements with a maximum link rate of 11 Mbps per channel, and 3 available radio channels. Provided a major leap forward in speed, ease of use, implementation flexibility, and relative cost.

Performance Enhancements

Low

Approved and ratified by IEEE in September,

1999

12 For the latest IEEE 802.11 developments and initiatives refer to http://standards.ieee.org/getieee802.

7

http://standards.ieee.org/getieee802



802.11d-2001 Amendment 3

A supplementary standard to the MAC layer in 802.11 to add features and restrictions to allow WLANs to operate within the rules of other countries. It will allow APs to communicate information on the permissible radio channels with acceptable power levels for user devices.

Promote Worldwide Use

Low

Published in 2001 as

Amendment 3 to 802.11

802.11e: Wireless LAN MAC and PHY Specifications:

Amendment 7: MAC Quality of Service

(QOS) Enhancements.

A supplementary standard to the MAC layer in 802.11 to support applications that require QOS such as VoIP, and video over 802.11wireless networks.

QOS Enhancements

Low Active

802.11f: IEEE Trial-Use Recommended Practice for Multi-

Vendor Access Point Interoperability via an

Inter-Access Point Protocol Across

Distribution Systems Supporting IEEE 802.11 Operation

A "recommended practice" standard designed to enhance AP interoperability within multi-vendor WLAN networks. The specification addresses the information that needs to be exchanged between APs, use of RADIUS protocol, and context handling for faster roaming to support interoperability.

Interoperability Medium Published in

2003

802.11g: Wireless LAN MAC and PHY Specifications and

Amendment 4

Developed a higher data rate extension in the 2.4 GHz unlicensed frequency band up to 54 Mbps (similar to 802.11a). Provided backward capatibility to 802.11b, and supports OFDM, CCK, and PBCC modulations.

Higher Performance with 802.11b

Backward Compatibility

Low

Published in 2003 as

Amendment 4 to 802.11

802.11h: Wireless LAN MAC and PHY

Specifications

A supplementary standard to the MAC layer to satisfy regulatory requirements for operations in the 5 GHz band in Europe. Defines the use of Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS) to comply with European regulations.

European Regulation Compliance

LowPublished in

2003

802.11i: Wireless LAN MAC and PHY Specifications:

Amendment 6: MAC Security

Enhancements

A supplementary standard to the MAC layer to enhance security and authentication mechanisms. Supports the 802.11 a, b & g standards, and is an alternative to WEP. IEEE 802.1x forms a major part of 802.11i.

Security Improvements

HighPublished in

2004

8



802.11j: Wireless LAN MAC and PHY Specifications: Specification to

Enhance Japanese Compliance

An enhancement to 802.11 standard and amendments to operate in the Japanese 4.9 GHz and 5 GHz frequency bands. Japan

Compliance Low

Published in 2004

802.11K: Wireless LAN MAC and PHY

Specifications: Specification for Radio

Measurement

Standard to define Radio Resource Management measurement enhancements for external use. Originally designed for internal use only, these enhancements will provide radio and network information to higher layers for management, maintenance, and enhanced data that will provide such services as roaming, and coexistence to external entities.

Radio Resource Management

(External Source)

Low Active

802.11n

Study group formed to investigate a standard for higher throughput (108 - 320 Mbps), and to enable newer applications and market segments.

Higher Performance

Low

Active (High Throughput Study Group

(HTSG)

802.11p

An amendment to 802.11 standard to make it suitable for interoperable communications to and between vehicles in the 5 GHz frequency bands.

Improvement in Latencies and

Communications Between Transport

Environments

Low Active

802.11r

Provide enhancements to 802.11 MAC layer by improving the Basic Service Set (BSS) transition with Extended Service Set (ESS), and support real-time constraints imposed by latency sensitive applications such as VoIP.

802.11 MAC Enhancements

for BSSLow Active

802.11s

Develop a protocol between an ESS mesh and a Wireless Distribution System (WDS) to support broadcast/multicast and unicast delivery over self-configuring multi-hop topologies.

802.11 MAC & PHY

Enhancements Low Active

9



802.11t

Develop recommended practices to enable measuring and predicting the performance of 802.11 WLAN devices based on a common and accepted set of performance metrics, measurements and methodologies and test conditions.

Improvements to Methodology & Processes to Predict WLAN Performance

Low Active

802.11u

Amendments to 802.11 MAC and PHY layer to enable Inter-Working with external networks.

802.11 MAC & PHY


802.11v

Amendments to 802.11 MAC and PHY layer to support wireless management of attached stations in a centralized or in a distributed fashion, and create an Access Port Management Information Base (AP MIB).

802.11 MAC & PHY


802.11w

An amendment standard to 802.11 MAC layer to enhance security of 802.11management frames, including de-authentication and disassociation frames. Goal is to develop a host of security features including data integrity, data confidentiality, data origin authenticity, and replay protection.

Security Enhancements

High Active

(WG formed in 2005)

802.1x: Port-Based Network Access

Control

Primary developed to support 802 wired LANs, the 802.1x authentication framework is included in the 802.11i MAC layer security enhancements. The 802.1x standard provides a framework at link layer for extensible authentication allowing a variety of authentication algorithms to operate over it. Establishes a framework for WLAN client to communicate with an authentication server to validate the client credentials. It is only focused on authentication and key management, and does not provide encryption. 802.1x is used in combination with an encryption cipher.

Security Enhancements

High Published in June, 2001

10


Besides the IEEE, there are several other organizations that have played a major role in

defining the security standards for WLAN. The Internet Engineering Task Force (IETF)

has been the primary architect for EAP protocols such as EAP-TLS, Protected EAP

(PEAP), and EAP-Fast.13 EAP is a flexible and transport protocol that is used to carry

authentication information that can support multiple authentication mechanisms.14 EAP

is versatile and may be used on dedicated links, switched circuits, and wired/ wireless

networks. Table II provides a summary of the EAP protocols – IETF.

Table II – Summary of the EAP Protocols -IETF


Extensible Authentication Protocol (EAP)

RFC 2284

EAP is the original 1998 RFC standard (RFC 2284) for authentication exchange. It provides an authentication method for the Point-to-Point (PPP) Protocol at the transport layer. A versatile framework that supports multiple authentication extensions (i.e. EAP-TLS, EAP-MD5, EAP-TTLS, etc.) 15

Authentication Exchange

High

13 The IETF consists of network designers, operators, vendors, and researchers from all over the world concerned with the evolution and smooth operation of the Internet.14 EAP was originally defined by RFC 2284. RFC 3579 is a revision to the initial version of EAP. 15 EAP supports many different authentication methods (which will not be discussed in this paper). It is important to note that every AP, client or RADIUS/EAP server supports all EAP authentication methods. Therefore, the EAP authentication method proposed will drive product selection and network design, etc. EAP protocols accommodate different levels of security needs for the EAP client and the back-end EAP server.

11



EAP-TLS (Transport Layer

Security)

RFC 2716

Based on the TLS protocol, similar to SSL version 3 (Secure Sockets Layer) protocol used for secure WEB traffic. EAP-TLS provides mutual authentication and the capability to dynamically change encryption keys.Uses digital certificates, and requires an infrastructure to manage (i.e. issue, revoke, and verify) the certificates and keys.

Mutual Authentication

&Key

Management

Medium

Protected EAP (PEAP)

PEAP is an EAP extension that is similar to EAP-TLS but adds capabilities needed for the wireless domain. PEAP provides the security framework for mutual authentication between an EAP client and an EAP server, and adds client authentication and key exchange not available from EAP-TLS. PEAP addresses gaps in EAP by securing the initial exchange, add user database extensibility, and support for one-time token authentication and password change or aging. 16

Authentication Enhancements

High

Based on an Internet-Draft from (I-D).17

Still in draft (not yet a standard)

EAP-FAST

EAP-FAST is considered the most comprehensive and secure WLAN scheme. 18 Provides a mutually authenticated (protected) tunnel to EAP, and incorporates deployment flexibility and extensibility by enabling support for most password authentication interfaces.


High

Based on an (I-D).19 Still a work in progress (not yet a standard)

16 PEAP provides advantages for deploying WLANs in large enterprise environments. It is based on a server-side EAP-TLS mechanism. First, issues associated with installing digital certificates on every client machine are avoided (EAP-TLS it is a requirement). Second, organization can select methods of client authentication that best suit their needs, such as logon passwords, or One Time Password (OTP).17 PEAP is an Internet-Draft, a collaboration of engineers from Cisco Systems, Microsoft, and RSA Security, submitted to the IETF. 18 The verdict is not conclusive. Refer to an article by George C. Ou, “EAP-FAST: The LEAP and PEAP killer?” at http://www.lanarchitect.net/Articles/Wireless/EAP-FAST/. 19 Internet-Drafts are working documents of the IETF, its areas, and its working groups, and are valid for a period of six months.

12



Cisco Lightweight EAP (LEAP)

LEAP was developed by Cisco to provide security advantages including username/password-based mutual authentication between a wireless client and a RADIUS server, and dynamic key generation and key exchange to enhance confidentiality and encryption. 20


to 802.11 High

Introduced in December 2000 by Cisco.

The Wi-Fi Alliance is a non-profit organization that promotes and tests for WLAN

interoperability of 802.11 devices. 21 The Wi-Fi Alliance will certify a product if has

successfully met the interoperability requirements, allowing a vendor to use the Wi-Fi

certified logo for its product. 22 This Wi-Fi seal of approval carries a high level of

interoperability, and assures the end user is achieving interoperability with other WLAN

devices that also bear the Wi-Fi logo. There are many factors required to meet Wi-Fi

Alliance interoperability compliance including 40-bit WEP keys, fragmentation, PSP

Mode, and SSID probe requests to name a few.

In addition to certifying WLAN devices for interoperability, the Wi-Fi Alliance

developed Wi-Fi Protected Access (WPA) to address security deficiencies in WEP.23

WPA, a subset of 802.11i specification, provided an interim solution for the security gaps

identified in WEP, without waiting for 802.11i standard to be developed. The WPA

20 LEAP is not an IETF standard, but introduced by Cisco in December 2000 as a way to quickly improve the overall security of WLAN authentication.21 The Wi-Fi Alliance was formed in 1999 as WECA – Wireless Ethernet Compatibility Alliance. In October 2002, the Wi-Fi Alliance announced the WPA standard would be available in Wi-Fi products starting in early 2003. 22 There are over 200 members associated with the Wi-Fi Alliance from the world’s leading companies. In 2005, there are over 1,500 Wi-Fi Certified products. 23 WPA addressed all known vulnerabilities in WEP.

13


solution required firmware updates (not hardware), and products be certified by Wi-Fi

Alliance, while maintaining 802.11i compatibility.24 WPA uses the Temporal Key

Integrity Protocol (TKIP) with Message Integrity Check (MIC) for encryption. It

provides mutual authentication by using 802.1x/EAP authentication or pre-shared key

(PSK) technology. In large enterprise environments, WPA provides a high level of

confidentiality and mutual authentication for all wireless users when deployed with a

RADIUS server and database. WPA offers two classes of certification: a WPA-Enterprise

and WPA-Personal. 25

The Wi-Fi Alliance released Wireless Protected Access 2 (WPA2) in September 2004,

which incorporated the full implementation of 802.11i.26 WPA2 provides major

advancements in key management, encryption and pre-authentication mechanisms.

WPA2 differs from WPA by providing a stronger encryption mechanism through CCMP

using the AES encryption standard. It is similar to WPA in that it still utilizes the 802.1x

and EAP for authentication. Similar to WPA, WPA2 offers two modes of operations: a

Personal and Enterprise mode. Also, WPA2 creates fresh session keys on very

association (similar to WPA). This provides an added security benefit by offering unique,

fresh encryption keys for a specific client, and avoids key reuse. WPA2 does not address

any flaws with WPA, but provides an advantage to corporations and government entities

since it provides a security solution (AES) that meets the FIPS (Federal Information

24 WPA can be implemented immediately and inexpensively through firmware (software) upgrades, reduces the overall cost and impact to network operations. 25 The personal mode is designed for the home and SOHO environment, and does not employ the 802.1x authentication process. It does deploy the same encryption procedures as an Enterprise mode. The Personal mode is not subject of this paper. 26 WPA2 certification was launched in September 1, 2004. In the Spring 2006, the Wi-Fi Alliance will require all APs be WPA2 certified to receive the Wi-Fi seal of approval.

14


Processing Standards) 140-2 compliance requirements.27 WPA2 certified products are

backward compatible with WPA. Upgrading to WPA2 may require new hardware

requirements due to AES, and not be available for firmware (software) upgrade. Table

III provides a summary of the WLAN standards - Wi-Fi Alliance.

Table III – Summary of WLAN Standards – Wi-Fi Alliance


WPA (Wi-Fi Protected Access)

A subset of 802.11i, WPA addresses all known vulnerabilities in WEP. Provides mutual authentication by means of the 802.1x/EAP authentication process. Provides a stronger encryption technology than WEP through TKIP with MIC.

Security Enhancement

High Launched October

2003

WPA2 (Wi-Fi Protected Access 2)

WPA2 is the certified interoperable version of the 802.11i specification. WPA2 provides mutual authentication by means of the 802.1x/EAP authentication process. Provides a new advanced encryption technology using CCMP deploying AES encryption.

Higher Performance

High Launched September

2004.

The Wireless LAN Association (WLANA) is a non-profit education trade organization

that’s chartered to educate and promote WLAN technologies. It serves as an educational

resource to learn more about WLANs that includes a directory, white papers and case

studies providing valuable information about WLAN products, services, and

27 AES is adopted has the official government standard by the Department of Commerce, and the National Institute of Standards and Technology (NIST).

15


implementations.28 The organization offers various levels of certifications to provide an

educational standard for the WLAN industry. 29

Wireless Security (Overview)

Wireless communications offers many benefits to an organization including portability,

flexibility, increased productivity, and lower installation costs. However, there is the

security challenge with WLAN. Enterprise organizations must have the assurance that a

WLAN deployment offers minimum risk before the benefits can be fully realized. In

additional to the risks associated in wired networks, there are additional risks inherent in

wireless technology exacerbated by wireless connectivity, and some new risks not

associated with wired networks. Simply, security is the weak link to the wireless

revolution.

In the wired world, protection is provided to some extent by wires, and access is available

through a physical jack to communicate. In the wireless world, the airwaves are open for

all to listen, similar to an “Ethernet port in the parking lot”, creating more challenges.

Security breaches can be very costly to an organization putting at risk their most valuable

assets, including intellectual property, proprietary business processes, customer data, not

to mention the dollar costs due to lost business and recovering from the event. The

security challenge is to incorporate basic security mechanics and mechanisms for

28 WLANA has many partners contributing content and information to the WLANA directory of information. Refer to the WLANA website: www.wlana.org. 29 WLANA offers the following certifications: Certified Wireless Network Administrator (CWNA), Certified Wireless Security Professional (CWSP), Certified Wireless Network Integration ((CWNI), and the Certified Wireless Network Expert (CWNE).

16

http://www.wlana.org/


organizations deploying wireless networks.30 The goal to successfully implementing a

WLAN is to ensure all tools and techniques are used to minimize any security risks

associated from a passive or active attach.

The first step to address the complexity of securing wireless networks is by discussing the

basic security mechanics, and mechanisms available for wireless deployments. Basic

security mechanics, in the wireless world, entails the general capabilities of

confidentiality, integrity, availability, authentication, authorization, and access control.

Mechanisms provide the means through technologies, protocols, and implementations to

achieve the basic security mechanics. Some important key mechanisms to deploy in a

wireless network include encryption protocols, digital signatures, and key management.

Security, for all practical purposes, is the combination of processes, procedures, and

systems used to achieve the basic security mechanics. Table IV describes the basic

security mechanics and mechanisms for wireless deployments.

Table IV – Basic Security Mechanics and Mechanisms

Basic Security Mechanics & Key Mechanisms

Definitions Mechanisms

Confidentiality Capability to protect information from unauthorized entities. The capability to send/receive data without divulging any information to unauthorized entities during the transmission of data.

Encryption (Symmetric and Asymmetric)

Integrity Capability to protect data content from unauthorized modifications. Capability to send/receive data such that unauthorized entities cannot change any part of the

Digital Signatures (Using one-way hash functions)

30 Cisco defines basic security mechanics as a general capability that includes confidentiality, integrity, availability, authentication, authorization, and access control. Mechanisms are defined as detailed technologies, protocols, and implementations that include encryption and key management.

17


Basic Security Mechanics & Key Mechanisms

Definitions Mechanisms

exchanged data without the sender/receiver detecting the change.

Availability Capability to send/receive data without disruption. Ensures that a system or data is accessible/available when needed. 31

Defensive technologies to

detect/guard against DoS attacks

Authentication Capability to validate the identity of the sender/receiver of information.

802.1x, RADIUS, PAP/CHAP, MS-

CHAP, etc.Authorization Usually follows an authentication

procedure, and establishes what capabilities and information a user can access.

802.1x (based on authentication),

multiple levels and protocols

Access Control Capability ensuring users see only the information for which they are authorized.

Based on authentication,

encryptionEncryption Capability to transform data (or plain text)

into meaningless bytes (Cipher text) based on some algorithm.

WEP, CKIP, TKIP, AES

Decryption Capability to transform the meaningless bytes (Cipher text) back to meaningful data (or plain text).

WEP, CKIP, TKIP, AES

Key Management Process and capability of generating, storing, and distributing keys. 32

Confidentiality

The goal of confidentiality is to protect information during its transmission from

unauthorized entities. Encryption is the key mechanism to achieve confidentiality.

Simply, encryption is the means to encode data using cryptography to achieve privacy of

in-transit data, and meaningless to unauthorized recipients. By converting data into a

form that cannot be easily understood, encryption attempts to prevent eavesdropping

from anyone who is not authorized to read it. In the wireless world, the goal is to prevent

31 A denial of network availability usually involves some form of DoS attack, which can range from physical destruction of network equipment to attacks designed to saturate a network’s bandwidth. 32 Key is a digital code used to encrypt, decrypt and sign information. Key management is the process of generating, storing, distributing, and providing the overall protection of keys. A compromised key can provide the most direct means of unauthorized access.

18


eavesdroppers from capturing packets and analyzing them later. Therefore, the algorithm

must be able to achieve confidentiality for a certain length of time.

The process to encrypt data is through use of an algorithm, or key. There are two key

paradigms used to encrypt data: symmetric key and asymmetric key algorithms. In the

wireless world, the preferred method for data confidentiality is symmetric key

algorithms. 33 It uses a common key and the same cryptographic algorithm to both

encrypt and decrypt data. Symmetric key algorithm uses one of two different methods to

encrypt and decrypt data: block ciphers and stream ciphers. Early WLAN deployments

used the block cipher method.34 Generally, block cipher methods are more suitable for

software-based encryption. The newer symmetric key algorithms employ a stream cipher

method. 35 Stream ciphers are more efficient for hardware-based encryption. In addition,

stream ciphers are considered more inherently secure than block ciphers. Whereas, block

ciphers transform identical message blocks into identical cipher-text blocks when using a

fixed key, allowing for an unauthorized entities to delete, insert or replay of cipher-text,

and conduct cipher-text searching for matches. Stream ciphers employ a memory

function that encrypts a stream of data (usually a character or byte of data) under a time

varying function of the key that prevents deletion, insertion or replay of cipher-text, and

cipher-text searching.

33 Also known as secret key encryption, symmetric key encryption is faster having a major performance advantage that can handle bulk encryption much better than asymmetric key encryption. Designed for hardware, the symmetric key encryption can encrypt large amounts of data more efficiently. 34 Block cipher method breaks up data in 64-bit blocks or a finite size, and chains them together using one of four common chaining mechanisms called a mode (ECB, CBC, CFB & OFB). A mode is a method of combining the plain text (not encrypted), the secret key, and cipher text (encrypted) of a message to generate the cipher text that is transmitted to the recipient. Cryptosystems are used on each block independently. 35 Stream cipher method encipher stream of data usually a byte at a time.

19


Asymmetric encryption uses a pair of keys to encrypt and decrypt data: a public key and

a private key. 36 It can use the same algorithm or a different but complimentary algorithm

to scramble or unscramble data. What one key encrypts, only the other key can decrypt.

Thus, if plain text is encrypted using the public key, than the private key must be used to

decrypt the cipher-text (and vice versa). Asymmetric encryption is rarely used for data

confidentiality. 37 The algorithm is typically used in applications involving sender

authentication using digital signatures and key management, and the exchange of session

symmetric keys.

Integrity

Integrity provides the means to detect if data has been tampered with in any way.

Deploying strong integrity mechanisms are aimed at providing confidence that the data

coming into or exiting the network is trustworthy. A digital signature is the preferred

mechanism to achieve integrity. Simply, a digital signature is an encrypted message

digest or hash that is appended to a document.38 A digital signature uses a public key

encryption algorithm to confirm the identity of the sender and encrypt the hash of a

message, and a one-way secure hash function algorithm to ensure the integrity of the

document. 39

36 Also known as public key encryption. 37 Asymmetric encryption requires public/private key generation that is complex that includes stringent mathematical computations and is processor intensive. Also, this performance constraint makes it less effective to hardware (chip) offload. 38 A hash or message digest is a result of a one-way hash algorithm to generate a fixed length code from an input message. 39 The sender generates a hash and encrypts it to be transmitted to the receiver. The receiver separates the message and the signature. The message is input into a one-way hash function with a result of a hash of the message. The hash from this message is verified with the decrypted hash from the digital signature. Integrity has been preserved if the both codes are equal.

20


Authentication

Authentication is the capability to validate the identities of a user, service or device based

on predefined criteria. Due to the broadcast nature of WLANs, much attention and focus

has been given to authentication to prevent unauthorized access to network resources by a

user or device. Authentication is the process of determining whether the authorized user,

service or device that has tried to gain access to the network is in fact the authorized

entity. In the wireless world, the 802.11 specifications do not consider the user, but only

authenticates a wireless station or device. Authentication systems can range from simple

name-password matches to challenge-response protocols. The 802.11 specifications

define two basic authentication services: open authentication and shared-key

authentication methods. There are two other mechanisms that are commonly used for

authentication: the Service Set Identifier (SSID), and the Media Access Control (MAC)

address.

Open Authentication and Vulnerabilities

Open authentication method does not employ cryptographic validation. It is a null

authentication algorithm, meaning the AP will grant any request for authentication by a

device. A wireless station can access the wireless network without any identity

verification. If a wireless client (station) can find and communicate with an Access Point

(AP), it will be allowed to join the wireless network. The only security mechanism

employed for open authentication is the SSID of the AP. If WEP encryption is not

employed, a device only needs to know the SSID of the AP to gain access to the network.

21


40 If WEP encryption is enabled on the AP, the device will not be able to transmit or

receive data from the AP without a correct WEP key. In 1997, 802.11 specified

authentication to be connectivity-oriented, and allow devices quick access to wireless

networks. 41 Open authentication provides simplicity and ease with connecting to a

wireless network, and is recommended for a public WLAN. 42

There is no way an AP can determine whether a wireless client is valid or not by

employing open authentication. This can provide considerable security risk if open

authentication is deployed without WEP encryption implemented. However, WEP has

been compromised and is no longer a viable WLAN security solution. WEP

vulnerabilities will be discussed in more detail later.

Shared Key Authentication and Vulnerabilities

Shared key authentication use to be considered one of the more secure methods of

authentication in a WLAN environment. It uses a cryptographic technique for

authentication, and is based on a challenge-response protocol. The shared key

authentication requires a static WEP key to be configured by a wireless client. The AP

sends a random challenge in plaintext to a wireless client. If the wireless client has

knowledge of the shared key, it will encrypt the challenge and sent the result back to the

AP. The AP will allow access only if the decrypted value (the result computed by the

wireless client) is the same as the random challenge transmitted by the AP.

40 Wired Equivalent Privacy (WEP) is the security protocol specified in 802.11 specifications. It is designed to provide a WLAN with the same level of security and privacy expected of a wired LAN. 41 Many 802.11 compliant devices do not have the CPU capabilities required to exercise complex authentication algorithms such bar code readers. 42 Open authentication is a viable connectivity mechanism when employing technologies like an IPSec/VPN solution for security to connect to corporate networks.

22


There are several fundamental problems with shared-key authentication. First, it does not

provide for mutual authentication, but merely establishes proof that both parties (AP and

wireless client) share the same secret. 43 Secondly, the shared-key authentication method

depends on the WEP infrastructure that has been deemed insecure for a variety of

reasons. Third, the challenge-response process explained above is vulnerable to a man-

in-the-middle attack. An eavesdropper can capture both the plain-text challenge text and

the cipher-text response by just sniffing with a protocol analyzer, and determine the key

stream (Figure 2). 44

Figure 2 – Known Plaintext Attack

43 The wireless client does not actually authenticate the AP and vice versa, and has no assurance as of each parties identity. 44 The WEP encryption process derives cipher-text by performing an exclusive OR (XOR) function on the plaintext with the key stream. An eavesdropper can perform a XOR on the captured plaintext and cipher-text to derive the key stream.

23


MAC Address Authentication and Vulnerabilities

The AP’s policy can also base its access on the client’s MAC address, where the

authenticating MAC address is matched to the AP’s table of valid MAC addresses.45

MAC address filtering is not specified in the 802.11 specifications. However, many

vendors support this method of authentication. MAC address filtering provide another

layer of security to limit unauthorized devices from accessing an network, and augments

the open and shared key authentications provided by 802.11 specifications.

Availability

45 MAC based authentication is not suitable for large enterprise deployments, and more appropriate for the SOHO environment where the number of computers (and corresponding registration table) are small. It is valid as a first layer of defense to deny access to client adapters.

24


Requires that a WLAN be available to authorized users when needed. It is the capability

to receive and send data without disruption of services. DoS attacks are a threat to

network availability. Organizations must deploy defense mechanisms to detect and guard

against various forms of DoS attacks to ensure availability is achieved.

Access Control

Access control is the capability to ensure users see only the information for which they are

authorized. Entities (usernames, MAC/IP addresses, etc.) use credentials such as

passwords, and shared keys to establish the identity, that is authenticated by AAA

systems (RADIUS, LDAP, etc). It uses 802.1x authentication protocols or similar (EAP,

LEAP, PEAP, etc.) to exchange credentials and establish challenge/response handshakes.

Once authenticated, an AAA system provides the authorization and controls the access to

what network resources are allowed by a user. Access control security mechanisms are

based on authentication, and having knowledge of WEP keys before access and

privileges are granted.

Encryption/Decryption

Encryption is the mechanism to achieve confidentiality. It is the capability to transform plaintext

into meaningless bytes, known as Cipher text, based on three primary 802.11 algorithms: WEP,

TKIP and AES (CCMP). Decryption is the reverse process. It is the capability to transform

meaningless bytes (Cipher text) back to meaningful data (or plain text). Simply, encryption

techniques provide three main goals in a WLAN: confidentiality, message integrity, and supports

authentication, authorization and access control process. See discussions above for

25


confidentiality, message integrity and access control. A detailed discussion of WEP,

TKIP, and AES (CCMP) encryption algorithm are found later in this paper.

Key Management

Key management is the process of distributing keys to support encryption, decryption,

and mutual authentication. It is the process of generating, storing, distributing, and

providing the overall protection of keys. A key is digital code. Primarily used to encrypt,

decrypt and sign information. Keys length and the strength of a key are two important

topics related to key management. Key strength is the capability to withstand the digital

code from being deciphered, and is usually measured by the time, effort and resources

required to break the key. Key length is the number of bits in the key. The longer the key

length, the more difficult it becomes to break a key with brute-force. However, there

must be a balance between key “cost” and the worth of the information that the key is

protecting. Longer key lengths require more overhead and bandwidth, and are more

computationally expensive to encrypt and decrypt. There are two types of keys: public

keys, and shared or secret keys. With public keys, there known by everyone. With shared

(or secret keys), it is known only by the recipient of the message. (See symmetric and

asymmetric key operations above for a discussion on keys). With WEP, keys were

distributed manually, and unique only to the network. A WEP key was vulnerable to

unauthorized access. A compromised key provides the most direct means of unauthorized

access. With the IEEE 802.11i standard (WPA/WPA2 protocols), keys are distributed

dynamically (automated), and are unique to a packet, session and user.

26


WLAN (Basic Architecture & Fundamentals)

Wireless networks can be categorized into three groups based on their coverage range.

The Wireless Wide Area Networks (WWAN) extends over large geographical areas and

includes technologies such 3G cellular, Cellular Digital Packet Data CDPD, and Global

Systems for Mobile Communications (GSM). WWAN is focused on linking different

networks over a large geographical area to allow wider file sharing and connectivity.

Wireless Personal Area Networks (WPAN) is an IEEE 802.15 specification that

represents technologies with a very short range such as Bluetooth and IR. 46 WPAN is

focusing on technology called “plugging in” that allows any two WPAN-equipped

devices that come into close proximity (within several meters of each other) or within a

few kilometers of a central server to communicate as if connected by a cable. Also,

WPAN is promoting the ability of each device to lock out other devices selectively,

preventing needless interference or unauthorized access to information. The focus of this

paper is WLANs that has range coverage that falls between WWANs and WPANs.

WLAN Architecture The 802.11 standard is based on cellular architecture where the system is divided into

cells. Each cell (called a Basic Service Set or BSS) is controlled by a base station called

an Access Point or (AP). 47 A typical installation will include several cells, where APs are

connected through a backbone (called a Distribution System or DS) usually Ethernet. 48

However, a backbone can be wireless. The whole interconnected WLAN including the

46 WPAN is fairly new and undergoing a rapidly development. Currently, there are four specifications defined by the IEEE (802.15.1 –802.15.4) that deal with Bluetooth. 47 BSS can be considered a coverage area. 48 A DS is usually a wired network that connects a WLAN to the rest of the world such as a corporate LAN, access provider, or the Internet.

27


different cells, respective APs and DS, is seen as the upper layers of the OSI model, as a

single 802 network. This is referred to as an Extended Service Set (ESS). Simply, the

ESS consists of two or more BSS, or wireless clients that are connected to an AP,

forming a single sub-network. ESS is multiple BSS cells linked together by either a wired

or wireless backbones (DS). 49 A typical WLAN is depicted (Figure 3).

Figure 3 - Typical 802.11 Wireless Local Area Network

Distribution System (DS)

ESS

The 802.11 define two modes of WLAN operations including the independent BSS

(IBSS), and the infrastructure mode or ESS (already discussed). Large enterprise

deployments are consistent with the WLAN infrastructure mode. On the other hand, the

IBSS mode is an ad-hoc mobile network that is not used very often. An IBSS is a BSS

that stands alone and is not connected to an AP, communicating only peer to peer. IBSS

are usually spontaneous networks that can be set up rapidly, and are limited both

temporally and spatially. 50

49 The ESS is the most common WLAN mode. 50 The IBSS mode is an emerging technology with the potential of providing value to the Internet. There are several Mobile Ad-Hoc Network (MANet) protocols being worked at the IETF standards level. Two experimental protocols are: (1) The Ad hoc On-Demand Distance Vector (AODV) algorithm enables dynamic, self-starting, multi-hop routing between participating mobile nodes wishing to establish and maintain an ad hoc network, and (2) Adaptive Demand-Driven Multicast Routing (ADMR) protocol is a new

28

AP

BSS

AP

BSS


802.11 Physical Layer

The IEEE 802.11 standard focuses on the bottom two layers of the OSI model: the

physical and data link layer. The physical layer provides the transmission of bits through

a wireless network. The IEEE 802.11 defines several physical techniques to transmit data

using a WLAN: Diffused Infrared (IR), frequency hopping spread spectrum (FHSS),

direct sequence spread spectrum (DSSS), and orthogonal frequency division multiplexing

(OFDM). RF-base solutions are the traditional technology for transmission of data over

WLANs. Whereas, IR-based solutions have not generated much interest as a technology,

and vendors have not produced 802.11 IR compliant products. IR offers higher

transmission rates than RF based systems, but due to distinct limitations precludes its use

as a WLAN physical layer standard. 51 Spread spectrum technology uses radio frequency

(RF) to transmit data over a WLAN that include: FHSS, DSSS and OFDM. Spread

spectrum takes a digital signal and expands it to make it appear more like random

background noise (wide bandwidth and low peak power). This makes a spread spectrum

signal harder to detect, more noise-like, and difficult to intercept and decode without the

proper equipment. 52 The technology employs several methods of modulation including

various versions of phase shift keying (PSK), Quadrature amplitude modulation (QAM),

and complementary code keying (CCK).

on-demand ad hoc network multicast routing protocol that attempts to reduce any non-on-demand components within the protocol. 51 First, frequencies are in the terahertz range. It is restricted to line of sight operations (similar to visible light). Proponents of this technology advocate higher security advantages due to IR not being able to penetrate through walls, and no RF interference. However, due to limited range, costs can more expensive than radio-based solutions. Second, the power output must be set low to reduce damage to the human eye, but also limits the effective transmission range. IR is highly reflective. 52 Spread spectrum was developed by the military in the 1950s in an attempt to reduce jamming and eavesdropping.

29


DSSS is the spread spectrum technology chosen by the IEEE 802.11 working group, and

is widely used with 802.11b devices. 53 A data signal is combined with a higher data rate

bit sequence, known as a chipping code or processing gain, that convert each bit of user

data into a series of redundant bit patterns (known as chips). 54 DSSS works by dividing

the 2.4 GHz band into 11 channels that are 22 MHz wide, and uses a 1 MHz carrier

frequency for data transmission. Data is spread and transmitted over one of these 22

MHz channels without hopping to other channels, in effect causing noise on the given

channel. With the combination of chips and spreading the signal across the 22 MHz

channels, DSSS provides a mechanism for error checking and correction functionality to

recover data. The center frequencies for each channel are 5 MHz apart, creating

overlapping channels. 55 There is a maximum of only three non-overlapping channels

that can be co-located (channels 1, 6 & 11) without some degradation in throughput.

DSSS is primary used with 802.11b devices. The FCC (Regulation 15.247) governs

DSSS in the United States. In Europe, the European Standard Organizations and

Regulations (ETSI) by regulation 300-328 governs the DSSS technology.

OFDM is not a spread spectrum technology, but rather a frequency division multiplexing

(FDM) modulation technique that can transmit large amounts of digital data over a radio

wave. OFDM works by splitting the digital signal into separate sub-signals that are

53 Vendors and the IEEE 802.11 working group did not favor FHSS, due mostly to security concerns that the hopping codes are published (802.11 standard) and available to anyone. 54 A chipping sequence is a data stream of ones and zeros that are modulated with a second pattern to generate a redundant bit pattern to be transmitted, resulting in a signal that appears as wide band noise to an unintended receiver. 802.11b uses two different sequencing techniques. The Barker code achieves data rates of 1 and 2 Mbps. The CCK uses a series of codes (called complementary sequences) to achieve 5.5 and 11 Mbps data rates. 55 Overlapping channels should not be co-located, since a drastic or complete reduction in throughput will be experienced.

30


simultaneously transmitted separately at different frequencies over a wireless network. A

data signal is divided across 48 separate sub-carriers within a 20 MHz channel that yields

transmission rates up to 54Mbps. OFDM is a very efficient at transmitting data at high-

speed, and minimizing the amount of crosstalk in signal transmissions. Besides being

deployed as an 802.11a and 802.11g WLAN standards, OFDM has been selected for use

with 802.16 and WiMax technologies. 56 The U.S. Code of Federal Regulation (Title 47

Section 15.407) regulates OFDM within the United States.

The IEEE 802.11 physical layer is divided into two sub-layers: the Physical Layer

Convergence Protocol (PLCP), and the Physical Medium Dependent (PMD). The PLCP

is responsible for preparing the 802.11 frames (signal) for transmission. It directs the

PMD, primary responsible for encoding, to transmit and receive signals, and change radio

channels amongst other functions. 57

The Big Three: 802.11b, 802.11a and 802.11g The 802.11 standard has evolved since being ratified in 1997. The original 802.11

specification supported 1 and 2 Mbps in the 2.4 GHz spectrum using FHSS, DSSS and

IR. Also, the 802.11 specifications defined the WLAN architecture, various MAC layer

services, and WEP algorithm to provide wireless security. Today, three IEEE 802.11

protocols have provided major technological advancements to the WLAN industry

including 802.11b, 802.11a and 802.11g.

56 OFDM has been supporting the symmetric digital subscriber line (ADSL) standard for quite some time. In addition, OFDM is used with the European based HiperLAN/2 wireless standards. 57 Refer to http://grouper.ieee.org/groups/802/11/main.html for a detailed discussion of the PLCP and PMD.

31


The 802.11b standard is the most widely deployed wireless standard with data rates of

11megabits per seconds (Mbps) that is similar to the Ethernet wired LAN connections of

10 Mbps. It operates in the unlicensed portion of 2.4 GHz radio band and is limited to

three frequency channels. The protocol increased the data rate to 11 Mbps, and provided

an improved range over 802.11. Benefits to 802.11b included ease of use, implementation

flexibility, and cost savings. However, 802.11 operate in an unlicensed band (2.4 GHz)

that has become overcrowded, and can provide interference problems. 58 The 802.11b is

ideal for home and SOHO deployments, but provided liabilities for large enterprise

deployments. 59

The 802.11a standard provided significant benefits over 802.11b, with speed (transfer

rate) being the greatest advancement. Delivering a maximum data rate of 54Mbps and

eight non-overlapping frequency channels, this standard provides increased network

capacity, improved scalability, and more flexibility in designing “microcells” without

interference from adjacent cells. The IEEE 802.11a standard operates in the 5 GHz

frequency ranges that are in the unlicensed National Information Infrastructure (U-NII

frequency spectrum. This provides another major advantage for 802.11a, since it is

immune to interference from devices that operate in the crowded 2.4 GHz range. The

standard introduced multiplexing (OFDM) as a transfer mechanism. While tremendous

transfer speeds are achieved with 802.11a, the effective range is sacrificed. The

maximum effective range is 80 feet (average) with relatively an unobstructed path.

Whereas, 802.11b can achieve ranges upward of 300 feet given optimal conditions. 60 58 Devices such as microwave ovens, cordless telephones and Bluetooth devices operate in the 2.4 GHz frequency range. 59 Mostly due to bandwidth limitations and insecurities of WEP. 60 IEEE 802.11b maximum effective range is about 175 feet (average).

32


Another disadvantages, 802.11a is not backward compatible with IEEE 802.11b

compliant devices. However, 2.4 and 5 GHz devices can operate within the same physical

environment without interference. In Europe, the HiPerLAN/2 directly competes with the

802.11a standard. The IEEE 802.11h standard is working with the ETSI to establish

interoperability with HiPerLAN/2. 61

The 802.11g standard provides best of both worlds (802.11a and 802.11b). It achieves the

higher speeds, while employing OFDM technologies (like 802.11a). But operates in the

2.4 GHz frequency bands where range was not compromised (like 802.11b). The greatest

advantage for WLAN users deploying 802.11g, that higher data rates could still be

achieved up to 54 Mbps while operating in the 2.4 GHz unlicensed frequency band. In

addition, the maximum effective range of 175 feet (average) was not compromised even

though operating at higher data rates. Another advantage, the 802.11g standard offers

backward capability for the 802.11b standard by still supporting the CCK modulation.

This capability provides upgrading WLANs simple and inexpensive. Again like 802.11b,

the 802.11g standard has three channels that can limit wireless capacity and scalability.

Another disadvantage is that 802.11g operate in the crowded 2.4 GHz frequency band

making it susceptible to interference. Table V provides a standard technology overview

for the 802.11 standards.

Table V - 802.11 Standard Technology Overview

802.11b 802.11a 802.11g

61 Known as the “5UP” initiative (5 GHz Unified Protocol) where the IEEE and the ETSI is working to unify certain wireless technologies.

33


Frequency Band 2.4 GHz(ISM Band)

5GHz(UNII Band)

2.4Ghz(ISM Band)

Frequency Range (US)

2.412-2.484 GHz(83 MHz wide)

5.15 – 5.35 GHz5.725-5.825GHz(300 MHz wide)

2.412-2.484 GHz(83 MHz wide)

Channel Support 11 (1-11)(25 MHz Channels)

12 Non-overlapping channels

11 (1-11)(25 MHz Channels)

Non-Overlapping Channels

Only 3 12 Non-overlapping channels

Only 3

Availability Worldwide US/AP WorldwideData Rates 1, 2, 5.5 and 11

Mbps 6, 9, 12, 18, 24, 36, 48, and 54 Mbps

6, 9, 12, 18, 22, 24, 36, 48, and 54 Mbps

Maximum Data Rate

11Mbps 54Mbps 54Mbps

AP Simultaneous Users

20 –30 Users 100+ Users 100 + Users

Methods of Transmission

DSSS (CCK, BPSK, QPSK)

OFDM (BPSK, QPSK, 16-QAM, 64-QAM)

OFDM & DSSS (CCK, BPSK, QPSK)

Basic Access Method

CDMA/CA CDMA/CA CDMA/CA

Interference(Other Devices)

Cordless PhonesMicrowave OvensWireless VideoBluetooth Devices

HiperLAN Devices Cordless PhonesMicrowave OvensWireless VideoBluetooth Devices

Maximum Range (Average)

175 feet 80 feet 175 feet

The 802.11 Medium Access Control (MAC) Layer

The 802.11 Mac layer is responsible for managing and maintaining communications

between WLAN entities (APs, wireless clients - Network Interface Cards (NIC), and

Distribution Systems). The 802.11 WLAN consists of a set of essential services that are

implemented by WLAN entities to coordinate access to shared radio channels, data

34


transfer, authentication and other important functions. 62 Services are achieved by

communication of messages between entities that are composed within frames. Table VI

provides a list of essential 802.11 services executed in the MAC layer, but is not an

inclusive list.

Table VI – 802.11 Mac Layer Essential Services

Service Description Group Type

Authentication

Process of establishing client identity prior to a wireless client associating with an AP. The authentication server must be satisfied that it is indeed the authorized wireless client. Goal is to provide access control equivalent to a wired LAN.

SS 63 Request 64

De-authentication

Process of terminating an existing authentication.

SS Notification 65

Association

Process of establishing the wireless link between the wireless client and the AP. Executed after an authentication, an association must take place before data frames can be transmitted. A wireless client is associated with only one AP.

SS & DSS

Request

DisassociationProcess of terminating an association between a wireless client and an AP.

SS & DSS

Request

Re-association

Process of providing a roaming capability for the wireless client. Allows a wireless client to move from one AP to another within an ESS.

DSS 66 Request

62 Station services (SS) are MAC layer services implemented by an AP or wireless client. Distribution system services (DSS) are MAC layer services implemented by the backend DS. 63 A station service (SS) is a service that is either implemented by an AP or wireless client within a BSS. 64 A request type can be denied by an entity. 65 A notification type is final, and must be executed. It cannot be refused be either party. 66 A distributed system service (DSS) is a service that is implemented by a back-end DS.

35


Service Description Group Type

Confidentiality

Provides the capability to protect information from unauthorized entities. This service is provided only for data frames.

SS (DSS for key

material)Request

DistributionProcess of delivering messages (MAC frames) across a DS.

DSS Request

Integration

Process of connecting a WLAN with a back-end LAN. Simply, it performs translation of 802.11 frames to frames that can transverse another network, and vice versa.

DSS Request

Data Delivery

Process of delivering data between MAC service access points, with minimal duplication and reordering of frames. .

SS Request

There are two ways to provide medium access to a radio channel, as defined in the 802.11

standard, before a frame can be transmitted: the distributed coordination function (DCF),

and point coordination function (PCF). DCF is based on collision sense multiple access

with collision avoidance (CSMA/CA) methodology to access wireless entities. 67 With

DCF, a wireless station contending for access will transmit data after first sensing if the

medium is free.68 If not, the wireless station will wait and defer its transmission to a later

time. 69 The receiving station sends an acknowledgment (ACK) if no errors was detected

in the frame. The sending station will retransmit a frame if it does not receive an ACK

within a specified amount of time, assuming a collision or RF interference occurred.

PCF is an optional provision in 802.11 to allow an AP to grant access to wireless stations

67 WLANs, different from the wired world, cannot both receive and transmit on the same channel using radio transceivers (unless a full duplex radio is developed significantly increasing the cost). The receiving station must inform the sending station through an acknowledgment (ACK) that no errors were received in the frame. CSMA/CD cannot be used for the IEEE 802.11 technology. 68 The medium must be free for a specified amount of time, also known as the Distributed Inter Frame Space (DFIS). 69 The IEEE 802.11 uses a basic back-off algorithm and a back-off timer for fairness.

36


after polling a station during the contention free period. It is primary used to implement

time-critical services such as voice and video transmissions. The transmission of PCF-

based traffic occurs alternately between contention periods (or DCF).

Prior to transmitting a frame, the sending station calculates a value, known as network

allocation vector (NAV), to determine the amount of time necessary to send the frame

based on the frames length and data rate. 70 The NAV value is placed in the duration field

within the header of the frame. The receiving station uses this value to set its

corresponding NAV, and reserve the medium for the sending station.

The wireless 802.11 uses the Carrier Sense Multiple Access with Collision Avoidance

(CSMA/CA) as the packet transmission protocol. This differs from the “wired” Ethernet,

which uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD). Radio

Frequency technology does not have the capability to detect collisions, and uses collision

avoidance by first listening to determine if another wireless station is transmitting. If the

medium is not busy, the wireless station can transmit. If the medium is busy, the

CSMA/CA protocol uses a random back-off timer before transmitting again.

Wireless Basic Components

The basic WLAN architecture consists of APs that comprise the WLAN infrastructure

and network interface cards (NIC) or client adapters for the wireless client. The antenna

is a significant component of the WLAN that can make a difference in the overall

performance, and is responsible for radiating the modulated signal for reception by

wireless components. Wireless bridges and repeaters serve to provide connectivity

70 NAV must be zero before a sending station can attempt to transmit a frame.

37


between multiple LANs (wired and wireless) at the MAC layer. The enterprise WLAN

network is also comprised of the following components: the authentication, authorization

and accounting (AAA) server, network management server (NMS), and “wireless-aware”

switches and routers. The WLAN components listed above can be easily folded into the

current wired architecture within an organization, and provide end-to-end network

mobility in enterprise and vertical markets. Table VII provides a description of WLAN

components.

Table VII – Description of WLAN Components

WLAN Component Description

Access Point (AP)(Fat AP)

A primary component of the WLAN infrastructure providing clients with a point of access to the network. It is a layer 2 device that serves as an interface between a wireless and wired network, controlling medium access using RTS/CTS (4-way handshake). An AP is a half-duplex device that incorporates intelligence similar to a sophisticated Ethernet switch. Operates either at the 2.4 or 5 GHz frequency range depending on the 802.11 standard deployed, and uses standard 802.11 modulation techniques (see above). APs are responsible for notifying wireless clients of its availability, and authenticating/associating wireless clients to a WLAN. In addition, APs coordinate use of wired resources and roaming functionality such as re-association. APs can be configured in three modes: root, bridge or repeater mode. There are several kinds of APs ranging from single and multiple radios (depending on the 802.11 technologies), to centrally managed thin APs. 71 A new, integrated AP architecture is emerging that puts the intelligence in the network infrastructure. 72

71 Thin APs, also known as lightweight APs, are little more than a radio-for-wire media converter. It is a stripped down version of the “fat” AP that is paired with a central management controller. Whereas a “fat” AP is a standalone device responsible for all WLAN functionality, the “thin” AP communicates with a single centralized intelligent point that handles the WLAN functionality (802.1x user authentication, wireless encryption, secure mobility, and WLAN management). According to the results of a new International Data Corporation (IDC) research report, “Worldwide WLAN 4Q04 Market Share Update”, “thin” APs showed marginal growth and continued to gain over the “fat” AP architecture. In the report, IDC acknowledged that “fat” AP enterprise shipments and revenues decreased. Presently, there is an industry-wide debate on whether APs should be standalone, “fat” APs , or “thin” APs, whether AP WLAN functionality should be performed at the AP or in the network infrastructure. 72 Companies like Trapeze Networks is introducing a new category of AP, known as the integrated mobility point (MP) or “fit” AP, that takes an intelligent, system approach by separating the responsibilities of the

38



NIC or Client Adapters

Used by end-user nodes such as PCs, laptops or PDA computers to connect to a WLAN. The NIC is responsible for scanning the frequency range for connectivity and then associating to an AP or wireless client. Radio cards are manufactured only in two physical formats: PCMCIA and Compact Flash (CF). Radio cards are connected to adapters such as PCI, ISA and USB.

Bridge and Workgroup

Bridge (WGB) 73

Wireless bridges and repeaters serve to provide connectivity between multiple LANs (wired and wireless) at the MAC layer. Bridges are used to provide wireless connectivity from building-to-building, and covers longer ranges than APs. 74A WGB is a smaller-scale bridge responsible for supporting only a limited number of wired clients. Operates at the layer 2 network architecture, and provide segmentation of data frames.

Antennas

Responsible for radiating the modulated signals through the air for reception by wireless components. An antenna is a device that converts high frequency (RF) signals from a cable or waveguide to into propagated waves in the air. Antennas are deployed on APs, bridges, and clients (through a NIC or client adapter), and come in three generic categories: Omni-directional, semi-directional, and highly directional. Each category of RF antennas has different RF characteristics (propagation pattern, gain, transmit power, etc.), and appropriate uses. 75

AAA Server Better known as a Remote Authentication Dial-In User Service (RADIUS) server, an AAA server uses the RADIUS protocol to provide authentication, authorization, and accounting services in a WLAN for enterprise infrastructures. Simply, a RADIUS server is a computer-based database that compares usernames and passwords to allow access to a wireless network. AAA servers can provide several functions from granting different levels of authorization rights to administrative users, passing policy such as virtual LAN (VLAN) and SSID for clients, to generating dynamic encryption keys for WLAN users. Additionally, an AAA server can provide accounting services such as capturing the start/end of a session to provide statistical data

AP and the intelligent control point. The “fit” AP architecture involves an intelligent wire-speed device, known as a Mobility Exchange (MX), located in the wiring closet that is integrated with directly attached MPs. MPs act as an extension of the MX’s physical ports with RF specific intelligence. Fat and Thin APs, on the other hand, uses different architecture approaches. With “fat” APs, all WLAN functionality is distributed to the AP. Whereas, the intelligence of “thin APs” are centralized at an intelligent control point within the network infrastructure. 73 Bridges are not currently defined in the 802.11 standards (not an open standard), which mean they are only compatible with same vendor WLAN components. 74 According to the IEEE 802.11 specification, the maximum coverage range for an AP is one mile. 75 Antennas selection is an important consideration to enhance the security of a WLAN. An antenna should be properly chosen and positioned can reduce signal leakage from the workplace, and reduce the capability to eavesdrop extremely difficult.

39



on the amount of resources (time, packets, bytes, etc.) used during the session.

Network Management

Servers (NMS)

NMS can provide a wide range of services to support the management of large WLAN networks including security, performance and reliability. NMS support should include configuration management, application management, and performance trending and reporting. To manage large enterprise WLAN networks, NMS services should also include client association reporting capabilities, and tools to manage the RF spectrum and detect rogue APs.

"Wireless-Aware" Switches and

Routers

Wireless-aware" switches and routers provide layer 2 and 3 integration services between traditional WLAN components and wired network components, and enhanced scalability and management of WLAN networks. Cisco catalyst 6500 series switch, a “wireless-aware" switch, provides roaming, network management and security services. Enterprise wireless gateways provide specialized authentication, management and connectivity for wireless clients, and appropriate for large-scale enterprise WLAN deployments.

Access Points (APs) - Future Direction: Fat, Fit (Integrated) or Thin

There is an industry-wide debate raging that will affect the future direction of large

enterprise WLAN deployments. This debate focuses on the functionality of IEEE 802.11

APs. There are three different architecture approaches to where WLAN functionally

(intelligence) should be implemented: within the AP (fat), not within the AP (thin), or in

a system, integrated approach (fit). The choice of AP will have a fundamental impact on

the scalability, performance, security and resiliency of an enterprise WLAN.

The standalone or “fat” AP, known as the “traditional” AP architecture, places all WLAN

functionally in the AP device. These responsibilities include such important WLAN

functions as 802.1x user authentication, wireless encryption, and secure mobility and

management. In addition, “fat” APs can handle critical network functions such as

routing, IP tunneling, Virtual Private Network (VPN), and 802.1Q trunking. Fat APs are

40


independent devices, which autonomously manage all data and control frames between

wireless clients and wired LANs.

Thin APs, for all practical purposes are radio-for-wire media converters, which

communicates with a single centralized intelligent point in the network core. It is a

stripped down version of the “fat” AP, with the WLAN functionality now residing with a

central management controller. WLAN functions such as 802.1x user authentication,

wireless encryption, and secure mobility and management are the responsibility of the

central management controller. The “thin” AP is not a standalone or independent device,

and must be managed and configured by the management controller. The management

controller device, not the AP, is responsible for handling all data and control frames

coming to and from all APs. This technology has recently gained industry support. First,

it simplifies the management responsibilities due central management of APs. Second, it

can be more cost-effective than “fat” APs in large-scale enterprise deployments.

The Mobility Point (MP) is a new, integrated AP architecture that distributes the WLAN

functions (intelligence) where appropriate. Known as the “integrated” or “fit” AP, the

architecture consists of an intelligent wire-speed device, known as a Mobility Exchange

(MX), that is located in the wiring closet. It is integrated and directly attached to a MP,

which acts as an extension of the MX’s physical ports with RF specific intelligence.

Being an integrated system, the MX is primary responsible for security control, user

authentication, management and data flow analysis, whereas MP is primary responsible

for RF-specific functions such as packet conversion (802.11 to 802.3), wireless

41


encryption, and RF statistics gathering and monitoring (supports rogue AP detection). A

key factor to deploying “fit” APs, MX and MP devices can reside anywhere on the

network, and can be placed between any wired infrastructures providing security,

performance, and ease of deployment benefits. For example, rogue detection, encryption,

and off-loaded 802.1x authentication are security functions best performed closest to the

user, at the MP. There are distinct advantages to deploying “fit” AP architecture in an

enterprise-wide environment: diminishes security risks, simplifies configuration and

management requirements, highly scalable, improves performance, and seamlessly

integrates with the wired LAN. The following is list of key features that diminish

security risks with “fit” AP deployments:

All security-related control functions, such as 802.1x authentication and secure

mobility, are performed by the MX and physically secure (inside a locked wiring

closet), while still being placed as close to a user as possible.

EAP processing and master key generation are performed by a MX, which

provides significant load reductions on the AAA server. 76

Integrated AP via the MP has the capability to conduct RF data and statistics for

troubleshooting and detection of rouge APs.

Integrated AP supports wireless packet encryption at the MP, that is deployed

closest to the user with the benefits of network traffic reduction and encryption

deliver performance improvements. There is no traffic bottlenecks at the MX,

and provides system scalability with each MP.

76 With some EAP protocols, the “fit” or “integrated” AP can eliminate up to 80% of the load from a RADIUS server (as compared to “fat” and “thin” AP implementation).

42


Provides identity-based authorization and enforcements (i.e. VLAN membership

and ACLs) to provide uninterrupted session capabilities. 77

Eliminates a single point of failure (provide relief during a DoS attack).

Provides no impact to the backbone configuration during a deployment or

upgrade, since no new client software or reconfiguration is required. .

Serious consideration must be given to what AP architecture is implemented. Key factors

to consider are security, scalability, ease of management and configuration, performance

and cost. The integrated (fit) AP architecture is a new approach to implementing an

enterprise-wise WLAN infrastructure, and positioned to be embraced by the industry.

Table VIII summarizes the security features of an integrated (fit) AP architecture, with

comparisons to the fat and thin AP architectures. Table IX provides a comparison where

functions are distributed in the different AP architecture (Fat, Fit and Thin).

Table VIII – Security Comparisons for AP Architectures (Fat, Fit and Thin) 78

Fat AP Thin AP Integrated (Fit)

AP Security

Physical Security of APs No Yes Yes Security of AP Link No No Yes

Identity-based Authorization and Enforcement (VLAN Membership,

ACLs)No No Yes

77 With an integrated (fit) AP architecture, a MX has the capability to learn each user’s identity when they authenticate to the network. In addition, it obtains the user’s authorizations from an AAA server to be able to enforce those permissions. This allows secure mobility for the user to move about the network with the same local VLAN and subnet, providing uninterrupted session capabilities. Enforcement can include roaming policies that restrict the geographic roaming areas for a user. 78 Reproduced from Trapeze Networks: " AP Architecture Impact on the WLAN, Part 2: Scalability, Performance and Resiliency", (http://www.trapezenetworks/technology/whitepapers).

43

http://www.trapezenetworks/technology/whitepapers



AP Security

Security Enforcement Point AP (Insecure

location)

Central Controller (leaves path to core

vulnerable)

Within the wiring closet

Rogue Detection and Location

No system-wide

coordination or location

Insufficient RF processing horsepower

Yes

Table IX - WLAN Functionality for Different AP Architecture (Fat, Fit and Thin) 79


AP Security

802.11 to 802.3 Packet Conversion AP Central Controller Mobility Point

Wireless Encryption (WEP, TKIP, AES)

AP Central Controller Mobility Point

Authentication Control AP Central Controller Mobility Exchange

Wireless to Wireless Forwarding AP Central Controller Mobility Exchange

Stored Configuration, Image AP Central Controller Mobility Exchange

Console Port Configuration AP Central Controller Mobility Exchange

RF Statistics Gathering and Monitoring

AP Central Controller Mobility Point

QoS Treatment AP Central Controller Mobility Point

Class of Service (CoS) AP Central Controller Mobility Exchange

Access Control List (ACL) Enforcement

AP Central Controller Mobility Exchange

79 Reproduced from Trapeze Networks: " AP Architecture Impact on the WLAN, Part I: Security and Manageability", (http://www.trapezenetworks/technology/whitepapers).

44

http://www.trapezenetworks/technology/whitepapers


WLAN Basic Topology

The basic topology of a WLAN usually consists of a wireless infrastructure (such as

wireless clients, stations, supplicants, and APs) that is connected to a distribution system

medium (DSM) or wired infrastructure, by means of an AP. There are several design

options depending on the organization (University, corporate, public WLAN, etc.),

WLAN policies, and cost restraints. Figure 3 provides a simplified WLAN topology that

is suitable for large enterprise deployments. Notice the AAA system and RADIUS server

is part of the DSM, and not within the wireless infrastructure.

Figure 4 – Simplified WLAN Topology

45


Wireless Threats and Vulnerabilities

WLANs are more susceptible to attacks and unauthorized access, than wired LAN

environments. It is difficult to prevent access to a wireless network, since WLANs work

through the air. Anyone can capture and transmit wireless signals if they are within range

and have the right tools. This makes wireless security a real challenge. The press and

published reports/papers have documented numerous attacks on 802.11 wireless networks

exposing organizations to considerable security risks. The consequences of an attack can

lead to devastating results for an organization such as loss of proprietary information, loss

of network service, legal and recovery costs, and a tarnished image that can have

financial and operational ramifications.

46


There are two types of security attacks: passive and active. Passive attacks consist of

unauthorized access to an asset or network for the purpose of eavesdropping or traffic

analysis, and not modifying its content. An active attack is an unauthorized access to an

asset or network for the purpose of either making modifications to a message, data

stream, or file, or by disrupting the functions of a network service. There are many

reasons why an attacker may target a wireless network or organization. However, the

three main goals of an attacker are to disrupt an organization normal network operations

by denial of service (DoS), gaining read access, and/or by gaining write access. The

sequence of an attack usually starts with the reconnaissance phase, followed by an active

attack to gain network access or DoS. Figure 5 provides a general taxonomy of WLAN

security attacks.

47


Figure 5 – General Taxonomy of WLAN Security Attacks

There is usually two phases to an attack. The first phase is the known as the

reconnaissance phase, conducted passively. 80 During the reconnaissance phase, an

attacker must discover a target network, and then find out more information about the

network. Two methods are deployed to execute undetectable passive attack:

eavesdropping, and traffic analysis. Eavesdropping is the capability to monitor

transmissions for message content. An attacker listens and intercepts wireless signals

between the AP and wireless client. Traffic analysis is the capability to gain intelligence

by monitoring transmission for patterns of communications, or perform packet analysis.

In the wireless world, sniffing tools are the most effective means of finding out what is

happening on a network. Undetectable, sniffing can perform two key functions: packet

capture and packet analysis and display. Analyzing a packet allows an attacker to

80 Active host and port scanning is also a reconnaissance technique, but considered an active attack which can be detectable.

48


determine what capabilities are on a network, and can provide all sorts of confidential

information to exploit an organization. With packet capture, an attacker is able to recover

WEP keys within a few minutes, providing the capability to read all the data passing

between the wireless client and the AP.81 There is a wide variety of sniffing tools

available, both on the commercial market and through open-source code.82 Another

technique used during reconnaissance is War Driving. War Driving is the process of

surveying wireless networks by use of an automobile. 83 With programs like Network

Stumbler and GPS, a WLAN can be detected, plotted and posted to a website. Table X

provides a list of some of the more popular sniffing tools.

Table X – Sniffing Tools

Tool Capability Source Notes AirSnort War Driving

(Packet capture and analysis)

Open-source: http://airsnort. shmoo.com

Recovers encryption keys (Windows or Linux Based)

WEBCrack Packet Analysis Open-source: http://wepcrack. sourceforge.net

Recovers WEP keys (PERL based scripts)

Ethereal Packet Capture Open-source: http://ethereal.com

Based on Libpcap, a packet capture library (text and GUI based)

Tcpdump Packet Capture Open-source: http://tcpdump.org

Based on Libpcap, a packet capture library

81 The Fluher-Mantin-Shamir Attack (FMS) is the most damaging attack on WEP. Discovered by three cryptographers: Scott Fluhrer, Itsik Mantin, and Adi Shamir. Through packet capture, an attacker was able to recover WEP keys in little as nine minutes of sniffing. After gathering five to 10 million packets, an attacker uses tools such as WEPCrack and AirSnort that can determine encryption keys in a few minutes. Refer to the paper "Weaknesses in the Key Scheduling Algorithm of RC4" by Fluhrer, Mantin and Shamir for more details. 82 Sniffing tools are not only used by attackers, but find value in an organization with use by network administrators. Sniffing tools are helpful determine if a network is properly configured, and to detect whether attacks are taking place. 83 Similar to War Driving, there are several other methods used to detect WLANs. War Strolling is the technique of walking around with wireless equipment looking for networks. War flying is executed by mounting an antenna on a plane and flying around to search for networks. War Chalking is the practice of signposting open APs. Once found, a basic war-chalking symbol is made on the sidewalk, usually with chalk or spray paint.

49

http://tcpdump/

http://wepcrack/

http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf


Tool Capability Source Notes (text based only)

Sniffer Wireless

Packet Capture & Display

Network Associates (commercial product)

Capability to decrypt WEP-based traffic and quickly detect Rogue APs. (Windows and PDA based)

Net Stumbler War Driving; Network Discovery; Packet Capture

Open-source: http://netstumbler.com

Records SSIDs in beacons and interfaces with GPS to map a network. (Windows-based)

Prismdump Packet Capture Freeware (Linux) Text base Kismet War Driving;

Network Discovers; Packet Capture

Open-source:http://kismetwireless.net

Most complete War Driving tool. Works with most client cards that support Rfmon mode. Operates on most OS systems.

Wellenreiter War Driving; Network Discovers; Packet Capture

Open-source: http://www.wellenreiter.net

Perl and C++ based for Linux and BSD systems.

AiroPeek & OmniPeek

Packet Capture & Analysis/Display

WildPackets - http://www.wildpackets.com

Deployed to troubleshoot, secure and monitor WLANs

Active attacks are primarily conducted by either limiting an organizations network

availability through a DoS attack or by gaining unauthorized read and/or write access to a

network (Network Access). An active attacker may masquerade as an authorized user

and gain certain unauthorized privileges, monitor transmissions passively and then

retransmit messages as a legitimate user (replay), or modify legitimate messages.

DoS attacks can range from physical destruction of equipment, disruption of certain

network services that prevent or prohibit the normal use of an organization’s network

capabilities to a full-blown attack designed to use all of a network’s bandwidth. DoS

50

http://www.wellenreiter.net/

http://kismetwireless.net/


attacks can disrupt services for a particular user or for the whole network. End results

can include an attacker a means to setup a rogue AP and associate users to a bogus

network (Man-in-the-Middle (MitM) attack, to completely shutting down the network not

allowing any transaction to take place. In the wireless world, DoS attacks are more

problematic since it is easier to access a network. The following are some common

practices for accomplishing DoS:

Deploy radio-jamming equipment

Saturate a network’ bandwidth by continually broadcasting frames

Conduct disassociation/de-authentication attacks

Conduct transmit duration attacks by configuring the transmit duration field to a

maximum of 30-packets-per-second rate

Saturate AP tables by flooding associations

Setup a rogue AP and associate users to a bogus network to establish a MitM

attack

Active attacks can be accomplished by means of gaining network access to have read and

write capabilities. The goal for network access attacks is to gain access to network

resources or to capture and decrypt data (if encrypted). Read access is the ability of an

attacker to intercept and read traffic from a network, providing the capability to launch

attacks on encryption, authentication, and other protection methods. Once an attacker is

able to discover a target network through reconnaissance, and capture unencrypted or

encrypted traffic by means of a sniffer, the attacker has the potential to gain key material

and recover encryption keys. A compromise of the encryption keys can provide an

51


attacker full access to the target network. Write access is the capability to send traffic to a

network entity. The following are some goals of an attacker with network read and write

access:

Recover encryption keys

Recover keystreams generated by encryption keys 84

Inject data packets: write encrypted data by replaying captured keystream

Encrypt data with key and inject the data to the network

Install spying software on a wireless client and have the capability to read the

results

Setup a rogue AP and control network parameters (such as encryption keys)

Bypass Authentication schemes:

o By deploying MAC address spoofing to evade MAC address filtering

o By deploying shared-key authentication bypass attacks

o By performing LEAP Dictionary attacks if network is using 802.1x for

authentication

o By performing PEAP MitM attacks if network is using 802.1x for

authentication

Install malicious code on a wireless client

WLANs, by its own architecture, have security problems embedded in its technology.

The WLAN technology must advertise their existence so clients and APs can link up.

84 In legacy systems not deploying WPA and 802.11i, there are several uses for recovered keystreams. An attacker only needs one keystream to inject an unlimited number of packets into a network. An attacker can conduct bit-flipping attacks and replay, and has the capability to decrypt packets if has gathered a complete keystream dictionary for the WEP key.

52


Accomplished by special frames called beacons that are transmitted and serve as the

primary discovery mechanisms for wireless clients to detect APs within a BSS. This

exposes a signal to anyone cable of listening and within range. If a WLAN can be located

within a heavy-shielded office where RF signals are not capable of escaping, then the risk

of unauthorized access is minimized. Since this is not always a viable solution, other

security methods must be deployed such as strong access control and encryption

technology. The techniques for gaining unauthorized access to a WLAN are well-known

security issues. Many security issues exploiting WLANs have recently been corrected

with technology developments in the 802.11i standard. Table XI is list of well-known

security attacks deployed against WLANs.

Table XI – Wireless Security Attacks

Attack Description TargetSolutions for Protection

DoS Attacks Disruption of network services. Network Services

Mac Filtering, Firewalls (wired),

IDS (Wired), DMZ architecture,

802.11i

Disassociation & De-authentication (DoS Attack) 85

Exploits unauthenticated nature of 802.11 management frames. Due to a lack of strong authentication, a wireless client can spoof disassociate or de-authenticate a message, thereby disrupting network services. Since an AP must associate with a wireless client first before traffic can be transmitted, an attacker can effectively keep one or more stations from transmitting by repeatedly sending disassociate frames. There are several known implementations of this type of attack.86

Network Services

Requires strong authentication of management and control frames.

802.11i does not currently prevent

these attacks.

85 Disassociation and De-authentication attack are at the MAC layer.

53



Transit Duration Field (DoS Attack) 87

Based on the Transit Duration field of an 802.11 frame, that announces to other nodes how long a frame will last. If a stream of packets are sent by an attacker, and the transit duration field is set to its maximum setting (1/30th of a second), this prevents other stations from transmitting for that duration of time, effectively occupying the network.

Network Services

Logic in wireless NIC cards to ignore the Transmit Duration field. Requires strong authentication of management and control frames. 802.11i does not currently prevent these attacks

Authentication Attacks

Exploits authentication methods to gain network access. 88

Network Access

802.1x& EAP-based

Authentication

Shared-key Authentication

Flawed mutual authentication mechanism, based on a challenge-response protocol. During the shared-key authentication process, each party responds to a challenge with an encrypted message proving its knowledge of the WEP key. 89 An attacker can simply XOR the challenge and response message and determine a portion of the keystream to generate a successful authentication response in the future.

Network Access

Open-key authentication or

EAP-based authentication

MAC Address Spoofing

Sniffing can detect valid MAC addresses that can be used with certain 802.11 card drivers to spoof a MAC address and gain network access.

Network Access

802.11i (TKIP and CCMP) or VPNs

86 Omerta (named after the Sicilian code of silence), developed by Mike Schiffman, is a tool capable of listening and sending a disassociate message for every packet it sees. AirJack is suite of tools (essid_jack, wlan_jack, and fata_jack) that can launch disassociation or de-authentication attacks. For more details refer to http://802.11ninja.net. Void11, developed by Reyk Floeter, consist of two types of de-authentication attacks. In one version, an AP is flooded with authenticate requests, thereby attempting to crash the AP or deny service by filling up tables of associated services. 87 Transit Duration field attacks occur at the MAC layer. 88 Authentication attacks can be launched on shared-key and MAC address filtering schemes, as while as attacks on the 802.1x protocols. 89 The shared-key authentication process requires a wireless client to use a pre-shared WEP key with an AP. The client encrypts the challenge, and the AP authenticates the client by decrypting the shared key response.

54

http://802.11ninja.net/



Man-in-the-Middle (MitM)

An attacker has ability to capture/decrypt frames during the association process to provide critical information. With this information, an attacker can setup a rogue AP to force a wireless client to re-associate with a bogus AP. This allows the attacker to access all data transmitted back and forth between a wireless client and a server. Note: the wireless client and server believe they are connected directly to each other, and not a bogus AP or MitM. (See figure 6 for a pictorial description of a MitM using a rogue AP.)

Network Access

Physical Security, T802.1x or VPNs

Dictionary Attacks (Crack

passwords)

An attacker can collect challenge and response exchanges from password-based protocols, with the capability to determine the login name - password combination. Use of open source tools based on a dictionary of hundreds of thousands of words/phrases, and an offline computer to cycle through every possible name - password combination, login information can be compromised. Once compromised, an attacker has WLAN access with the rights and privileges of that user.

Network Access

Strong Password Policy, 802.1x and

VPNs

Known Plaintext Attack

(WEP Keystream Recovery)

An attacker can recover keystreams that a key can generate called a known plaintext attack. An attacker sends data over a wired network to a wireless client, and captures the encrypted data from the AP being sent to the wireless client. Once captured, an attacker can apply an XOR operation on the plaintext and captured data (cipher-text) to determine the keystream.90 An attacker will be able to decrypt any traffic used by that WEP key, once a dictionary is established for all 15 million keystreams. 91

Network Access

WPA & 802.11i

90 RC4, the underlying encryption technique for WEP, uses XOR logic to derive one key element if two are known: cipher-text, plaintext and the keystream. An attacker only needs to know two of the three elements to calculate the third element. Since cipher-text is broadcasted, and the attacker knows the plaintext, the keystream can be derived through XORing.

55



IV Collisions (WEP Keystream

Recovery)

A WEP keystream recovery method by waiting for a collision (repeated keystreams). An attacker can collect IV collisions and through cryptographic techniques compromise the data and keystreams. 92 Once compromised, an attacker can built up a dictionary of keystreams.

Network Access

WPA & 802.11i

WEP Cracking (WEP Key

Recover Attacks)

An attacker can recover the encryption keys by use of a sniffer to collect from 5 to 10 million packets. With use of tools such as WEPCrack or AirSnort, an attacker can determine encryption keys within a few minutes, and gain read/write access of encrypted data.

Network Access

WPA & 802.11i 93

Traffic Injection (WEP Keystream

Recovery)

After recovering one keystream, an attacker has the capability to inject packets by reusing the same IVs.

Network Access

WPA & 802.11i (MIC Algorithm), Cisco has implemented mechanisms to reject repeated IVs

91 WEP uses the initialization vector (IV) to provide a certain level of security by not repeating the same keystream. Since WEP keys are static, IV permits 224 (about 16 million) possible keystreams for each key. 92 Since there is about 16 million possible keystreams for one key, and WEP are static (legacy systems), a keystream can be used more than once (known as a collision). Collisions can reveal important information about the data and keystream, and be exploited. Statistical analysis has calculated that all possible IVs (about 16 million) would be exhausted in five hours if operating in a busy network. 93 There is no keystream to recover using CCMP. With the TKIP algorithm, a key and an associated keystream are used only once.

56



Bit-flipping Attack (Message

Modification)

Bit flipping relies on the weakness of the Integrity Check Vector (ICV), since it can be recalculated even in the encrypted form. 94 An attacker can take a message, flip some arbitrary bits in the data portion of the frame (higher layer packets), recalculate a proper ICV, then rebroadcast the message and be considered valid. The ICV will pass through an AP or wireless client, but the CRC will be rejected at layer 3 (Router), generating a plain-text error message, in which an attacker can sniff the error message and derive the keystream. 95

Network Access

WPA & 802.11i (MIC Algorithm)

Initialization Vector (IV)

Replay Attack

Derived from recovering keystreams from a WEP key, an attacker can grow the keystream by using the same IV/WEP key pair as the observed frame. Reuse or replay of this IV/WEP key pair can generate a keystream large enough to subvert a network.

Network Access

WPA & 802.11i (MIC Algorithm, TSC in TKIP, and PN in CCMP) 96

PEAP MitM

An attacker can setup a rogue AP and AS to steal a clients credentials if one of two rules for PEAP are violated. First, the client must validate the server certificate, and not have the capability to override

Network Access

PEAPv2 97

94 WEP uses the Integrity Check Vector (ICV), which is known to be an insecure checksum. It uses a linear sum methodology that is predicable. An attacker will be able to know which bit of the encrypted ICV has changed after altering a bit in the encrypted message. Thus, an ICV can be fixed and pass checksum validity. 95 Bit flipping can be used in reaction and inductive attacks. A reaction attacks exploits the flaws of the ICV in the WEP protocol, and predictable bits in fields like TCP/IP packets. An attacker can guess some of the bits in a message, and determine the value of other bits not known, by flipping certain bits, and rebroadcast the message. An attacker is able to determine if a packet had a valid TCP checksum by looking for an encrypted TCP acknowledgement (ACK) packet, which is short and recognizable by its length although encrypted. By repeating this procedure, an attacker can deduce whether other bits were 0 or 1 by the absence or presence of an ACK response, with an end result of recovering some if not all of the keystream for a particular IV. An inductive attack is a methodical trail and error procedure that relies on WEP to provide feedback when an attacker has correctly guessed parts of the keystream. An ICMP ping or ARP request packet (that demands a reply) is sent by sending 256 versions of a packet that covers all possibilities of a known keystream (n) plus one byte (n + 1). If correct with the proper encrypted checksum, an AP will accept it and respond providing the attacker with the additional byte of the keystream. Process can be continued until the full length of the keystream (1500 bytes) is derived. 96 MIC prevents an attacker from changing the packet counter if attempting to rebroadcast a message with a new packet counter. TSC and PN are packet counters. 97 Still under development has an IETF standard. The IETF is addressing PEAP MitM attacks for all vendors.

57



invalid server certificates. Second, the inner PEAP authentication credentials must not be configured to run outside of a protected session. If so, an attacker can steal the credentials to successfully launch a PEAP authentication session. Note: EAP-TTLS is susceptible to the same MitM attack.

Dictionary Attack on LEAP

Exploits the use of MS-CHAPv1 (an unencrypted form for authentication) in the Cisco-proprietary LEAP protocol. An attacker can execute offline dictionary attacks from the challenge/response information sniffed from a LEAP authentication, and match the logon name - password combination. Once matched, an attacker can pose as a wireless client using the LEAP authentication method. Tools such as asleap provide the means to launch this type of attack.

Network Access

Strong Password Policy 98

Session Hijacking

The capability of an attacker to redirect network traffic away from a legitimate end user. Known as session hijacking, an attacker must have the ability to both sniff network traffic, and insert own information. Executed by setting up a Rogue AP, with unsuspecting wireless clients trying to authenticate to it.

Network Access

802.11i, 802.1x & VPNs

Rogue APs

Unauthorized APs in a network, a rogue APs are used by attackers to gain future access to the network through MitM attacks. (See Figure 6 for a MitM attack using a rogue AP

Network Access

Corporate Policy, Physical Security &

SWAN 99

Figure 6 – MitM Attack Using a Rogue AP

98 A strong password policy is the main countermeasure for dictionary attacks. A strong password policy should include a length of 12 characters (combination of numeric, lower and uppercase alpha-numeric, and symbols), and changed on a regular basis. Passwords should not be based on any words found in the dictionary or any variant of the users name. Password enforcement should include tools that enforce password policy at creation time, and conduct automated password cracking operations on a regular basis to determine passwords within the organization that are vulnerable. 99 The Cisco Structured Wireless-Aware Network (SWAN) architecture enables several security features that provide an end-to-end security solution., including rogue AP detection and suppression .

58


WEP (The Legacy Protocol)

Wired Equivalent Privacy (WEP) was the initial encryption protocol specified by the

IEEE 802.11 standard to authenticate users and encrypt data payloads over a wireless

medium. WEP was intended to provide the security goals of confidentiality, data

integrity, and access control, to make the wireless medium as secure as the wired

Ethernet. Even though the designers new there were potential flaws, the early adopters of

WLANs believed they could simply implement WEP, and have a complete secure

wireless network.100 Vendors found out quickly that WEP was not the complete solution,

but by that time the WLAN technology had gained immense popularity (home and

SOHO market), before the problem was widely published.

To prevent disclosure of packets in transit (confidentiality), WEP uses the RC4

algorithm, a symmetric cipher, which produces a key stream that is the same length as the

data. RC4 was not designed for reuse with the same key. To overcome this flaw, a 24-bit

100 The 802.11 standard meet the following selection criteria for security: exportable, reasonably strong, self-synchronizing, computationally efficient, and optional. In September 1994, the WEP algorithm (RC4), a trade secret of RSA Security, was leaked to the general public (Cypherpunks mailing list).

59


initialization vector (IV) was added that changed the value for each packet. The WEP

encryption process start with an IV being generated, then concatenated with the WEP key

through the RC4 algorithm to create a WEP seed value. The WEP seed is run through a

pseudo random number generator (PRNG) to produce a cipher-stream, then through a

XOR process with the plaintext/ICV message. The result is the WEP cipher-text that is

appended with the IV (in plaintext), and the key # to form the message to be transmitted.

WEP had some serious flaws in providing confidentiality. First, the IVs are short or static

that allows the key stream to be repeated, exposing the data to be decrypted and

compromised. Second, IVs are transmitted in the clear for a recipient to successfully

decrypt a packet. The manner in which the IV is incremented and sent in the clear allows

an attacker to recovery an RC4 key stream, and launch active attacks such as traffic

injection, message modification and replay, dictionary-based, and WEP key cracking. 101

To prevent modification of packets in transit (data integrity), WEP uses the Integrity

Check Vector (ICV), which is known to be an insecure checksum. It is a four-octet linear

sum methodology that is predicable, and uses a 32-bit cyclic redundancy check (CRC-

32). The plaintext is sent through an Integrity Check algorithm (CRC-32), produces an

ICV, which is appended to the plaintext. The ICV is included in the encrypted payload

(cipher-text). Weakness with the ICV, allows an attacker to execute a bit-flipping attack.

101 Two papers that document WEP insecurities (weaknesses in how the encryption is implemented). Researchers at Berkeley document their findings at: http://www.issac.cs.berkeley.edu/issac/wep-faq.html. Using the Fluhrer, Mantin, and Shamir Attack to break WEP is documented at: http://www.cs.rice.edu/~astubble/wep/wep_attack.html.

60

http://www.issac.cs.berkeley.edu/issac/wep-faq.html


An attacker can take a message, flip some arbitrary bits in the data portion of the frame

(higher layer packets), recalculate a proper ICV, and then rebroadcast a valid message.

WEP uses the shared-key authentication mechanism to achieve access control. Based on

a challenge-response protocol, the shared key authentication requires a static WEP key to

be configured by a wireless client. The process starts with the AP sending a random

challenge in plaintext to a wireless client. If the wireless client has knowledge of the

shared key, it encrypts the challenge and sends the result back to the AP. The AP allows

access only if the decrypted value (the result computed by the wireless client) is the same

as the random challenge transmitted by the AP. The shared-key authentication method is

flawed, and compromises bits of the key stream. It does not provide for mutual

authentication, but merely establishes proof that both parties (AP and wireless client)

share the same secret. It depends on the WEP infrastructure that has been deemed

insecure for a variety of reasons. Also, the one-way challenge-response is vulnerable to a

man-in-the-middle attack. An eavesdropper can capture both the plain-text challenge text

and the cipher-text response by just sniffing with a protocol analyzer, and determine the

key stream.

WEP key management is another serious problem identified with the WEP protocol. Key

management was not supported, which did not provide the automatic exchange of

encryption keys between wireless client and AP. This means WEP keys must be

manually configured (static keys), and changed regularly to maintain effective security.

61


In large enterprise environment this would be tedious, costly and almost an impossible

task.

Static WEP keys lead to another serious vulnerability with the WEP protocol, many

WLAN users sharing the identical key for long periods of time. First, a WEP key could

be compromised if a laptop was lost or stolen, leaving all other wireless components

sharing that key vulnerable. Second, large amounts of traffic data are potentially available

to an eavesdropper to recover key streams and launch active attacks, especially in a large

environment sharing the same WEP key.

WEP provides varying levels of encryption ranging from 40 to 152 bits.102 The general

logical would prevail that more bits equal better security, since a longer encryption key

would take more effort to break.103 That is not true with WEP. The source of the

weakness is not with the key length, but with the 24-bit IV. Regardless if it is a 64-bit or

128-bit WEP, they still use the exact same 24-bit IV. An attacker has no reason to brute

force an attack, when it is so much easier to exploit IV by other means.

Wireless Security (The Next Generations)

Wi-Fi Protect Access (WPA)

102 WEP keys are available in several key lengths, 64-bit and 128-bit, for 802.11b/g standard, and up to 152-bit for 892.11a standard. Sometimes referenced as 40-bit, 104 -bit, and 128-bit, this is a misnomer. This reference refers to the secret key lengths. However, a 24-bit IV is concatenated with a secret key length yielding WEP key lengths of 64-bit, 128-bit and 152-bit. RC4 stream ciphers have the capability to actually handle keys as large as 256 bits. 103 Using a 128-bit instead of a 40-bit encryption key, based on today’s computer horsepower, would increase the time to brute force crack a WEP key from a few days to approximately 20 weeks.

62


Security problems in the 802.11 standard and WEP led to the development of the 802.11i

standard. In October 2003, the Wi-Fi Alliance launched Wi-Fi Protect Access (WPA) to

address all known vulnerabilities in WEP. This was an interim solution to provide quick

relief to the vulnerabilities of the 802.11 standard, where the Wi-Fi Alliance adopted as

much of the 802.11i that was available at the time. 104 The impetus for WPA centered on

the security vulnerabilities in 802.11, where many vendors (members of the Wi-Fi

Alliance) were concerned that these problems stood to give the standard a bad name and

hurt industry sales. WPA was designed to be a strong, economical solution that worked

with legacy hardware (802.11 products), and provided the forward compatibility with the

802.11i standard. By 2004, all products had to incorporate WPA to be Wi-Fi certified.

WPA made major improvements to encryption, authentication, data integrity, key

management, and added a network security capability determination feature. WPA

introduced a new encryption technology, Temporal Key Integrity Protocol (TKIP) with

Message Integrity Check (MIC), to replace WEP and provide strong data confidentiality

and payload integrity. The Wi-Fi Alliance implemented mutual authentication in WPA

by means of the IEEE 802.1x/EAP authentication to provide a strong authentication

between a wireless client and an authentication server via an AP.105 In addition, WPA

paved the way for use of the open authentication method, and benched the flawed shared-

key authentication method. Key management, one of the biggest problems in 802.11,

was addressed and implemented in 802.11i (and WPA) that provided a separate

authentication process to enable the distribution of keys. The network security capability

104 Based on the earlier draft (version 3.0) of the 802.11i standard. 105 WEP lacks authentication methodology. WPA also uses a pre-shared key (PSK) technology for authentication in the Personal-mode.

63


determination feature incorporated WPA information elements in the 802.11 frames

(beacon, probe, response, and re-association request) to determine which authentication

and cipher suite to use.

TKIP was designed to fix the vulnerabilities of WEP, without replacing legacy hardware.

For this reason, TKIP kept the basic mechanisms of WEP: the IV, RC4 encryption, and

ICV. However, the RC4 encryption scheme was reinforced using a 128-bit per-packet

key, and a longer 48-bit IV. Unlike WEP, TKIP encrypts every data packet sent with its

own unique encryption key. The keys are dynamically generated, providing more

security against intruders who relied upon the predictability of static keys in WEP. 106 In

addition, WPA includes a Message Integrity Check (MIC), called Michael, to prevent

message modification. 107

There are three protocols associated with TKIP: MIC (or Michael), a key mixing

algorithm, and an IV enhancement. First protocol, MIC, is a cryptographic message

integrity algorithm to prevent any modifications to a message. It uses a hash instead of a

linear checksum that addressed the flaws with the ICV. 108 The hashing algorithm, called

Michael, is designed to ensure the contents of data packet have only been sent by

legitimate wireless clients, and there is no modification of data during packet

transmission. Michael produces two 32-bit words that make up a 64-bit hash. A hash is

106 TKIP dynamically generates unique keys to encrypt every data packet, providing approximately 280 trillion possible key combinations to be generated for every given packet. 107 An attacker can capture, alter and resend data packets. 108 A hash is a mathematical calculation that provides a fingerprint of a message or file, which is unique and proves the integrity and authenticity of a message. A hash depends on a key, and is non-linear, which prevents an attacker from modifying parts of the message and predict parts of the hash that will change. This eliminates bit-flipping attacks.

64


computed, and then compared by both receiving/transmitting entities. The MIC value

must match for data to be accepted. If not, the packet is dropped since it is assumed that

packet integrity has been compromised, unless optional countermeasures are

implemented. In this case, all packet reception and transmissions are disabled, and all

wireless clients de-authenticated and new associations are prevented for 60 seconds.109

Second protocol, TKIP replaced the flawed 24-bit IV with a 48-bit TKIP Sequence

Counter (TSC) to fix the IV reuse problems in WEP. The TSC is a 48-bit counter starting

at zero and incremented by 1 for each packet, that provides a receiver the means to keep

track of the highest value for each MAC address, to ensure packets arrive in sequence. A

packet is dropped if the TSC value (TKIP Packet) is less than or equal to one it has

already received, to prevent replay attacks. Due to the first protocol enhancements of ICV

and MIC, an attacker is also prevented from changing the TSC and using to it rebroadcast

a packet. The TSC is used in the decryption algorithm, and if modified will result in the

ICV and MIC to not match and the packet to be dropped. The TSC function allows a key

stream never to be reused with the same key. This protocol prevents an attacker from

launching a replay attack, known plain text and dictionary-based attacks after recovering

a key stream.

109 Michael is a much simpler algorithm to calculate than such hashing algorithm like Secure Hash Algorithm (SHA1). This is a downside to the algorithm, why additional countermeasures were added. There are two countermeasures added to the Michael algorithm to safeguard against active attacks: logging, and disable and de-authenticate. The first logs failures as an attack. However, the ICV is checked prior to Michael value being checked to prevent an attacker from creating failures for Michael to log. Second countermeasures disable and de-authenticate, resulting in a wireless client to negotiate new keys.

65


Third protocol, TKIP incorporates a key mixing function to ensure encryption keys

changes on a per-packet basis. It is designed to protect the 128-bit Temporal Encryption

Key (TEK), a temporary base key used for creating unique per-packet keys. The key-

mixing algorithm is a two-phase operation. To simplify, the TEK, is combined with the

TSC and a 48-bit Transmitter Address (TA) to produce a unique per-packet, 128-bit WEP

seed, which is used with WEP algorithm. The TSC counter, as stated before, increases

with each packet, resulting in the WEP seed to change with each packet. 110 As result,

TKIP dynamically generates unique keys to encrypt every data packet communicated

during a wireless session, providing approximately 280 trillion possible key combinations

to be generated for every given packet.

In WPA, mutual authentication is achieved with the 802.1x/EAP framework. Mutual

authentication helps to ensure only authorized users access the network. It is a process to

confirm that a wireless client is authenticating to an authorized server, and not to a rogue

AP accidentally.

The authentication process starts with an EAP supported protocol, the wireless client

(user) contacts an AP with a request (association) to be authenticated.111 With 802.1x port

access control, a wireless client is not granted access to an AP until it is authenticated.

The AP passes this request to an Authentication server (AS), where the AS challenges the

user for a valid password (via the AP), and authenticates the response from user (if valid).

110 The WEP seed includes the first 24-bits of the IV, and the 104 bits of the WEP key. 111 EAP supported protocols are restricted to only those EAP methods that support mutual authentication for both a wireless client and the authentication server, such as TLS, TTLS, LEAP and PEAP.

66


Thereafter, an AP receives authorization from the AS, and opens a port to accept data

from the user. The wireless client is then allowed to join the WLAN.

Once authenticated, the AS and the wireless client simultaneously generate a Pairwise

Master Key (PMK), as part of the mutual authentication process. 112 Master keys serve as

the root of the key hierarchy for transient keys. The PMK is a shared key used by the

wireless client and AS to negotiate the transient keys (PTK keys) used for a session.113 .

It is not the PMK, but the transient keys that are used in the encryption and hashing

functions. The PMK is not directly involved in generating keystreams for encryption,

helping to prevent weak key compromises.114 Once the master shared key is derived, the

AS transfers this key to the AP via the RADIUS protocol. 115

WPA incorporates a robust key generation and management system that integrates the

authentication process and data integrity functions. Using the 802.1x/EAP protocol, a

master key is dynamically generated. 116 After PMK generation, the process of

exchanging keys is known as the 4-way handshake, and the Group Key (GTK)

handshake. 117 The 4-way handshake and GTK are security handshakes used to establish

and install the transient keys to be used between a wireless client and an AP during the

session, including the TKIP encryption keys. It is a four-packet exchange process of

112 The PMK is 256 bits 113 Pairwise Transient Keys or PTK (512 bits) is a result of a PMK and two nonce generated from a 4-way handshake, and mixed with a pseudo random function. The PTK consists of three keys: EAPOL KCK confirmation key), EAPOL KEK (encryption key), and TKIP. 114 A PMK can last a longtime with multiple associations to an AP. 115 A unique PMK exists between each wireless client and its associated AP. 116 A master key can be manually configured, and more conducive to a SOHO environment. 117 The 4-way handshake establishes the PTK to be used for unicast traffic. The GTK is used to distribute the group key need for multicast traffic.

67


EAPOL-key messages. The 802.1x EAPOL key packets are used to distribute per-session

keys to wireless clients that have already been successfully authenticated. It must be

noted that transient keys are temporary, and last only as long as a wireless client is

associated and authenticated to an AP.

WPA added a network capability determination feature in the 802.11 frames to specify

through WPA information elements (in the frame) the required authentication method

(802.1x or pre-shared key) and preferred cipher suite (WEP, TKIP or AES). The WPA

information elements are available in the following frames: Beacon frames (AP to all

clients in the BSS), Probe response (AP to wireless client), Association request (client to

AP), and Re-association requests. The wireless client will take this information from the

WPA information elements to determine the authorization method and cipher-suite to

use.

WPA is not perfect, and does expose some limitations. First, it is susceptible to DoS

attacks. As mention before, the TKIP protocol employs two countermeasures to limit

weaknesses in the Michael algorithm. When two data packets fail the MIC within a 60

second period, An AP, assuming it under an active attack, will disassociate every client

that is associated. In effect, network connecting is lost for 60 seconds. But the upside, an

attacker will not be able to gleam information for the encryption keys. In addition,

802.11i (including WPA) does not address the security weakness with some EAP

protocols such as LEAP and PEAP.

68


WPA is a leap forward for WLAN security than WEP.118 Most vulnerabilities addressed

in WEP has been fixed with WPA. TKIP significantly increased the strength and

complexity of wireless encryption, making it far more difficult for an attacker to break

into a WLAN. Through WPA, wireless security measures were greatly expanded

including: the size of the key, number of keys in use by adding dynamic key generation

on a per-packet basis, a stronger encryption cipher (TKIP), creating an integrity checking

mechanism, and incorporating mutual authentication. WPA has addressed and eliminates

many known passive and active attacks. MIC is able to detect any modifications of

messages, thereby eliminating such attacks as an inductive, replay, and bit flipping. By

means of the TKIP key mixing algorithm, WEP keystreams recovery are rendered

useless. Dictionary-based WEP key recoveries are not possible, since the attacker can no

longer guess. 119 WEP cracking is also defeated with TKIP’s key mixing algorithm.

WPA also provides some relief for the detection of rogue AP’s.

Wi-Fi Protect Access 2 (WPA2)

WPA2 was launched in September 2004, by the Wi-Fi Alliance. It is based on the final

ratified version of the IEEE 802.1li standard.120 WPA2 is the second generation of WPA

security that incorporates a new, more advanced encryption mechanism using the Counter

–Mode/CBC-MAC protocol (CCMP) called the Advanced Encryption Standard (AES).

118 WPA was independently verified to address all of the WEP known weaknesses. 119 If Pre-shared master keys based on ASCII characters, the possibility of a dictionary-based still exits. 120 The IEEE 802.11i standard was ratified in June 2004.

69


121 WPA2 authentication still uses the 802.1x/EAP authentication scheme introduced in

WPA. However, the full 802.11i standard incorporates EAP over an Ethernet LAN

(EAPOL) protocol that enables clients to pre-authenticate with APs. This is accomplished

by sending a clients credential through a wired LAN, well in advance, to make it easier to

roam between APs and from wired to wireless environments. In addition, WPA2 is

backward compatible and interoperable with products that are Wi-Fi Certified for WPA.

CCMP is based on the newly released Advanced Encryption Standard (AES), which

received wide international scrutiny by cryptographic experts. 122 AES meets U.S.

government security requirements, and is accepted has a standard encryption suite. 123

CCMP is a highly robust algorithm solution that is not compatible with older WEP-

oriented hardware, and will require new hardware and protocol changes.124 CCMP

provides stronger encryption (confidentiality), message integrity than TKIP, and also

incorporates replay protection. The future of WLAN deployments is moving towards

CCMP as the accepted compliance standard.

121 The AES cipher developed by two Belgian cryptographers: John Daemen and Vincent Rijndael. AES is also known as the Rijndael algorithm. The CCMP is a combination of the Cipher Block Chaining Counter Mode (CBC-CTR) for encryption and the CBC Message Authenticity Check (CBC-MAC) for message integrity, which provides encryption and message integrity into one solution. 122 AES it considered to be a very secure encryption suite, as a result of wide international security by cryptographic experts. It is the current state-of -the art encryption algorithm, as a result of international involvement to produce a strong encryption algorithm. It takes 2 to 120 power operations to break an AES key, making it an extremely secure cryptographic algorithm. 123 Adopted by the U.S. Department of Commerce and the National Institute of Standards and Technology (NIST) as the official government standard for data privacy. It is approved/published in the Federal Information Processing Standard (FIPS) 142. 124 AES requires different co-processors that are not available in WPA certified products, requiring new hardware to deploy WPA2.

70


AES was selected by NIST due to its cryptographic strength, and relative ease to

implement. 125 Derived by the Rijndael algorithm, AES is a relatively simple cipher that

uses a substitution-permutation computation.126 It is fast, deployed with either software or

hardware, and requires very little memory. AES is a symmetric key encryption technique

that uses a block cipher method to encrypt bits in blocks of plaintext, which is calculated

independently.127 Each block size is 128 bits, and deploys a 128 bit key length. 128 AES

operates on a 4 x 4 array of bytes called a state. With WPA2, there are 10 rounds, and

four stages that make up one round.129 The four stages include:

SubBytes (a non-linear substitution step) - Each byte is replaced with another

byte according to a lookup table.

ShiftRows (transposition step) – Each row of the state is shifted cyclically a

certain number of steps.

MixColumns (a mixing operation step) – A mixing operation is conducted on

the columns of the state, combining the four bytes in each column using a

linear transformation.

AddRoundKey – (XOR operation) – Each byte of the state is combined with a

byte of the round sub-key using the XOR operation.

125 NIST solicited the cryptography community for new encryption algorithms that had to be fully disclosed to the public, and available royalty free. They selected the Rijndael algorithm as the Federal Information Processing standard (FIPS-197) in November 2001. In June 2003, the National Security Agency (NSA) deemed AES “secure enough to protect classified information up to the Top Secret level”. This is the first time that NSA approved an encryption algorithm for Top secret being public disclosed beforehand. 126 There are some differences between Rijndael and AES. Rijndael supports larger range of block and key sizes, with key/block sizes in any multiple of 32 bits between 128 and 256 bits. Whereas, AES uses one fixed block size of 128 bits, and is capable to deploy a key size of 128, 192 or 256 bits. 127 Symmetric key cipher uses the same key for both encryption and decryption. Block cipher (type of a symmetric key cipher) that uses groups of bits of a fixed length, called blocks. 128 AES specification identifies three possible key lengths: 128, 192 or 256 bite length. The WPA2/802.11i uses a 128 bit key length. 129 The final round (10) omits the MixColumns stage.

71


As of 2005, there has been no successful attack against AES. 130 AES is an extremely

secure cryptographic algorithm. In April 2006, WPA2 will be mandatory where wireless

products must be certified with the Wi-Fi logo. Figure 7 provides a summary of the

WLAN security standards.

Figure 7 – WLAN Security Standards 131

WEP WPA 802.11i (RSN, WPA2)Cipher Algorithm RC4 RC4 (TKIP) Rijndael (AES-CCMP)Encryption Key 40-bit 128-bit (TKIP) 128-bit (CCMP)

Initialization Vector 24-bit 48-bit (TKIP) 48-bit (CCMP)Authentication Key None 64-bit (TKIP) 128-bit (CCMP)

Integrity Check CRC-32 Michael (TKIP) CCMKey Distribution Manual 802.1x (EAP) 802.1x (EAP)

Key Unique to: NetworkPacket, Session,

User Packet, Session, User Key Hierarchy No Derived from 802.1x Derived from 802.1x

Cipher Negotiation No Yes YesAd-hoc (P2P) Security No No Yes (IBSS)

Pre-Authentication (Wired LAN) No No Using 802.1x (EAPOL)

WLAN Security Domain Conceptual Model (The Big Picture!)

The WLAN Security Domain Conceptual Model, introduced by Cisco Systems, provides

a basic security conceptual model for how WLANs (best practice) should be secured

(Figure 8). This model identifies the entities, functionalities, and shows the relationships

between the different components of a WLAN. Securing a WLAN is a very intricate and

detailed process that requires numerous components to ensure a network is not accessible

130 With a WPA2/802.11i implementation (10 rounds), the best known attacks have been able to break up to seven rounds. Some cryptographers worry about the security of AES, that seven rounds provides little margin for comfort. Other concerns point out the mathematical structure of AES is very neat, and this may be exploited. In 2002, the “XSL” attack was theorized by Nicolas Courtois and Josef Pieprzyk, which identified a potential weakness in the AES algorithm. Several cryptography experts found flaws in the underlying mathematic of the XSL attack, indicating that an attack on AES is very speculative but unlikely to be carried out .in practice. 131 Reproduced from an the article: “Emerging Technology: Wireless Security-Is Protected Access Enough?”, Andy Domain, 10/26/2003. URL Http://www.networkmagazine.com/shared/article/ showArticle.jhtml?articled=15201417.

72

http://www.networkmagazine.com/shared/article/


by unauthorized users. The key components in the WLAN conceptual model are:

entities, identifies, credentials, capabilities, communication channels, AAA systems,

authorization protocols, authorization and access control, encryption, message integrity,

and other protocols. A description of the conceptual model follows:

Entities consist of users and WLAN technologies (SSID, MAC/IP addressing, etc.)

that have corresponding identifiers (principals, wireless NIC cards, and APs).

Entities have credentials such as passwords, and shared keys to establish the identity,

that is authenticated and authorized by AAA systems (RADIUS, LDAP, etc) using

802.1x authentication protocols or similar (EAP, LEAP, PEAP, etc.) to exchange

credentials and establish challenge/response handshakes.

AAA systems provide critical security functions such as keys for encryption (AES,

TKIP, RC4, etc) and message integrity (MIC, CRC), usernames, password hashes,

policies, and authorization and access control.

The IEEE 802.11 provides communication channels through the WLAN standards

(802.11a/b/g/i) to facilitate integrity and confidentiality within the wireless signal.

Whereas, confidentiality is achieved through encryption, and message integrity by

means of digital signatures with suitable protocols for key exchange, key refresh, etc.

Figure 8 – The WLAN Security Domain Conceptual Model 132

132 Based upon Cisco’s domain conceptual model. Reproduced from “Cisco Wireless LAN Security, Expert guidance for securing your 802.11 network”, Cisco Press, 2005.

73


74


Security Considerations, Recommendations and Best Practices: WLAN

The IEEE, vendors and other organizations have come a long way to secure the

vulnerabilities in WEP. With WPA2 (or full implementation of 802.11i), enterprise

organizations are provided a high level of assurance that only authorized users can access

their wireless networks. It is highly recommended that an organization deploy WPA2 if

cost is not a consideration. WPA is an alternative if cost is a consideration, and a legacy

system is already in place. In addition to deploying IEEE 802.11i through WPA/WPA2,

the following list provides other security considerations, recommendation and best

practices for WLAN implementations in an enterprise environment.

Management Considerations, Recommendations and Best Practices

Develop Corporate Policy that addresses use of IEEE 802.11 WLAN’s.

Establish a strong password policy, and deploy technology that encrypts

passwords before being sent over the network.

Train users in computer security awareness and risks associated with WLAN’s.

Deploy WPA/WPA2 certified hardware/software.

Ensure client NIC and AP support firmware upgrade (prior to purchase).

Perform comprehensive security assessments periodically (regular/random

intervals).

Establish external boundary protection around perimeter of building(s).

Deploy physical access controls to the building (i.e. biometrics, Access badge,

Guards, etc).

Establish AP coverage (site survey) for the enterprise environment.

75


Complete inventory of all APs/802.11 devices, and maintain a database for

periodic review.

Establish a security and technical approval process prior to deploying an AP and

wireless client within an enterprise environment.

Place APs on the interior of the building (instead of exterior) to minimize leakage.

Deploy APs in secure areas to prevent unauthorized access/user manipulation.

Determine which security architecture and authentication methods that meet

security policy and technical design goals.

Provide strong physical security for access point hardware.

Technical Considerations, Recommendations and Best Practices

Use directional antennas and lower transmit power to cover only the AP coverage

area, and minimize any leakage outside this zone.

Turn off APs when not being used.

Ensure only certified and authorized engineers have access to APs, and use reset

function only when needed.

Ensure the default SSID is changed in an AP, and broadcast SSID feature is

disable to force wireless client to match AP.

Design AP’s channel coverage to not interfere with other AP’s.

Ensure all default setting for 802.11 hardware/software is changed.

Determine all AP protocols and capabilities, and disable all non-essential

management protocols on an AP.

In WEP/WPA/WPA2, enable all security features of the WLAN product.

76


With WEP, ensure default shared keys are periodically replaced by more unique

secure keys.

Install firewalls between a wired and wireless infrastructure.

Install security products such as antivirus and personal firewall software on

wireless clients.

Disable file sharing on wireless clients, especially in un-trusted environments.

Deploy MAC address control lists.

Do not deploy hubs, and use wireless-aware layer 2 switches.

Deploy IPsec-based VPN technology if deploying WEP architecture.

Deploy WPA2 (802.11i) if not dealing with a legacy system.

Ensure software patches are tested and deployed o a regular basis.

Ensure that a strong password policy is being implemented on APs and wireless

clients, and they are change on a regular basis.

Deploy 802.1x for key management and authentication. (Note: Use EAP protocol

that is right for your enterprise environment.)

Deploy user authentication technology (in addition to 802.1x) such as biometrics,

smart cards, and PKI.

Do not deploy an ad-hoc mode in a WLAN.

Use static IP addressing, and disable DHCP.

With WEP, establish management traffic for an AP is on a dedicated wired

subnet.

Do not use SNMP v1 and SNMP v2, and configure SNMP settings for least

privilege (i.e. read only).

77


Use or SNMP v3 equivalent cryptographically protected protocols for AP

management traffic.

Deploy intrusion detection systems.

Use AAA server technology deploying RADIUS, LDAP or Kerberos protocols.

Deploy wireless DMZ for APs (treat base stations as un-trusted), and ensure

appropriate firewalls, VPNs, IDS, are installed, and use VPN’s to tunnel into the

trusted network.

Install the following security technologies in wireless clients: firecell, VPNs, IDS,

antivirus, and desktop scanning software.

Deploy technologies and establish processes that monitor and detect rogue access

points (i.e. SWAN).

In WEP, set authentication method to “Open”, and AP to a closed network.

Deploy EAP methods that support mutual authentication.

WLANs (Over the Horizon)

WiMax (IEEE 802.16)

WiMax (IEEE 802.16) is a high-speed wireless broadband capable of covering a radius of

two to six miles.133 The industry is excited about this technology, since it can provide the

technology to deal with the last-mile issue at a cost much cheaper than wire-line

technologies.134 Furthermore, WiMax can operate without a direct line of sight to a base

133 WiMax is cable of transferring approximately 70M bit/sec over a distance of 30 miles from one base station to thousands of users. 134 According to Eric Maniton of In-Stat, an Arizona Research Firm, WiMax costs about $2 billion to deploy to 85 million homes, as compared to SBC Communications plans to spend $4 billion to connect only 18 million homes with high-speed fiber cable.

78


station. This provides attractive business opportunities in rural areas, especially where

there are lots of trees. WiMax is still in its formative years, and the potential to be a

totally disruptive technology is still speculative. If WiMax is able to wrap data, voice and

video into “one high-speed, cost-efficient package”, which is considered technically

feasible, will totally disrupt the cable/ DSL providers, Satellite, and telephone industries.

Approved in January 2003, the interest in WiMax has attracted the “entire food chain of

tech companies”. The WiMax forum is a conglomerate of over 220 companies promoting

a single standard for wireless broadband technology. These companies range from

chipmakers to equipment manufacturers to software developers, and include giants like

Intel, Cisco Systems, Dell and Time Warner. Intel is one of the biggest backers of the

technology, has already shipped its first WiMax chips to equipment manufacturers. In

April 2005, the WiMax Forum announced the first WiMax certified products are

scheduled to be available by the end of the year. In 2007, WiMax is expected to begin

launching full-scale deployments of WiMax certified products. It is conducting over 50

WiMax tests around the country to test interoperability between products, and the effects

of weather conditions and the physical environment (trees, buildings, etc.) on WiMax

technology. The standard has still to address such issues as whether WiMax will use the

licensed or unlicensed frequency spectrum. 135 WiMax will certainly make its mark on

Wi-Fi, be it disruptive or integrated, is still speculative.

135 WiMax supports the licensed and unlicensed frequency band operations below 11 GHz.

79


Summary

The ability to secure a WLAN has come a long way, suitable for large enterprises to

deploy with a certain level of assurance that their wireless network will not be

compromised. The flaws detected in WEP have been fixed with the ratification of the

IEEE 802.11i standard, and the rollout of WPA and WPA2. Organizations such as the

IEEE, IETF, and Wi-Fi Alliance, have addressed many issues dealing with wireless

security including confidentiality (encryption), mutual authentication, data integrity, and

key management. Manufacturers such as Cisco Systems (Swan136) and Trapeze networks

(Fit APs) have pushed the envelope of wireless technology to encompass end-to-end

solutions that add another layer of security. However, to fortify your network requires

more than just deploying WLAN technologies (hardware and software), but requires

strong operational practices, corporate policies that are enforceable, and a well-designed

infrastructure incorporating best practices in the wired and wireless medium. WPA and

WPA2 are only a single part of an end-to-end network strategy.

WLANs may never be totally “hack-free”, and achieve the “Fort Knox” solution to

enterprise-class wireless security, and be totally immune to DoS attacks. But with the

right network architecture, deployed with WPA or WPA2, enterprise organizations can

achieve a high level of security assurance that their networks will not be compromised.

Bibliography136 Cisco Structured Wireless-Aware Networks (SWAN) is a cost-reducing end-to-end solution for deploying, managing, operating, and securing up to thousands of APs across different industries and deployment scenarios. It provides the framework to integrate and extend wired/wireless networks, and provides “wireless awareness” and enterprise-class security and security policy monitoring to the network infrastructure. For more details, refer to http://www.cisco.com/go/swan.

80

http://www.cisco.com/go/swan


Reynolds, Janice, “Going Wi-Fi, A Practical Guide to Planning and Building an 802.11 Network”, CMP Books, 2003

Sankar, Krishna, S. Sundaralingham, A. Balinsky, and D. Miller, “Cisco Wireless LAN Security”, Cisco Press, 2005

Nichols, Randal and Lekkas, Panos, “ Wireless Security, Models Threats and Solutions”, McGraw-Hill, 2002

“CWNA Certified Wireless Network Administrator: Official Study Guide (Exam PW0-100) Second Edition”, Planet3 Wireless Inc., 2003

Carr, Jim, “Configuring Wireless Security”, Network Magazine, February 01, 2005, http://networkmagazine.com/shared/article/showArticle.jhtml?articeld=57701960 “Wi-Fi Protected Access”, Retrieved from http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

“TKIP”, Retrieved from http://en.wikipedia.org/wiki/TKIP

Geier, Jim, “Infrared WLAN”, Wi-Fi Planet, March 17, 2003, http://www.wi-fiplanet.com/tutorials/article.php/2110301

“Protected Extensible Authentication Protocol {Cisco Aironet 1200 Series}”, Retrieved from http://www.cisco.com

“Cisco Catalyst 6500 Series Wireless LAN Services Module”, Retrieved from http://www.cisco.com/en/US/products/ps5865/index.html

Nedeltechev, Plamen PhD, “Wireless Local Area Networks and the 802.11 Standard”, March 31, 2001

“Wireless 802.11b Modulation”, Vocal Technogires, Retrieved from http://ww.vocal.com/data_sheets/wireless_802.11b_mod.html

Moore, Matthew, CyberScience Lab Report: Introduction to the 802.11 Wireless Network Standard”, CyberScience Laboratory, May 16, 2003

“FAQ Wireless LAN”, Micronet, 2005, retrieved from http://www.micronet.info/FAQ/ wireless/wireless.asp

Geier, Jim, “802.11a Physical Layer Revealed”, Wi-Fi Planet, March 14, 2003, http://www.wi-fiplanet.com/tutorials/article.php/2109881

81

http://www.wi-fiplanet.com/tutorials/article.php/2110301

http://www.micronet.info/FAQ/wireless/wireless.asp

http://www.micronet.info/FAQ/wireless/wireless.asp

http://ww.vocal.com/data_sheets/wireless_802.11b_mod.html

http://www.cisco.com/en/US/products/ps5865/index.html

http://www.cisco.com/



http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access



http://networkmagazine.com/shared/article/showArticle.jhtml?articeld=57701960


Vichr, Roman, and Vivek Malhorta, “Securing 802.11 transmissions, Part 1: 802.11x’s elusive security”, IBM, 15 April 2003, http://www-106.ibm.com/developerworks/ wireless/library/wi-80211security.html

“Deploying Wi-Fi Protected Access (WPA) and WPA2 in the Enterprise”, Wi-Fi Alliance, March 2005, http://www.wifialliance.com

“WPA2 Q&A”, Wi-Fi Alliance, March 2005, http://www.wifialliance.com

Posey, Brian, “Have Wireless Networks Surpassed the Security of Wired Networks?”, WindowSecurity.com, Mar 22, 2005, http://windowsecurity.com/

Dorman, Andy, “Emerging Technology: Wireless Security – Is Protected Access Enough?”, Network Magazine, October 16, 2005, http://networkmagazine.com/ shared/article/showArticle.jhtml?articled=15201417 Geier, Jim, “WPA Security Enhancements”, Wi-Fi Planet, March 20, 2003, http://www.wi-fiplanet.com/tutorials/article.php/2148721

Karygiannis, Tom and Les Owens, “Wireless Network Security 802.11, Bluetooth and Handheld Devices, NIST - National Institute of Standards and Technology (Special Publication 800-48), U.S. Department of Commerce, November 2002

Rendon, Jim, “Wi-Fi security must go beyond encryption”, SearchMobileComputing .com, 09 March 2004, http://searchmobilecomputing.techtarget.com

“Wireless LAN Security FAQ”, Retrieved from http://www.iss.net/wireless/ WLAN_FAQ.php

“Cisco SAFE: Wireless LAN Security in Depth”, Retrieved from http://www.cisco.com

LaRosa, Jon, “WPA: A Key Step Forward in Enterpriser-class Wireless LAN (WLAN) Security”, Meetinghouse Data Communications, May 26, 2003

Griffith, Eric, “Wi-Fi Alliance Plansd for the Future”, Wi-Fi Planet, April 7, 2005, http://www.wi-fiplanet.com/news/article.php/3495936

Rivituso, Monica, “The Next Disruptive Technology”, SmartMoney.com, April 5, 2005, http://yahoo.smartmoney.com

“Cisco Structured Wireless-Aware Network”, Retrieved from http://www.cisco.com

Lawson, Stephen, “WiMax staring to make its move”, Network World, June 07, 2004

“WiMax Technology”, WiMax Forum, Retrieved from http://wimaxforum.org/tech

82

http://wimaxforum.org/tech


http://yahoo.smartmoney.com/



http://www.iss.net/wireless/

http://searchmobilecomputing.techtarget.com/




http://windowsecurity.com/

http://www.wifialliance.com/

http://www.wifialliance.com/

http://www-106.ibm.com/developerworks/


Diaz, Sam, and Dean Takahashi, “Taking WiFi to the Max”, Mercury News, October 04, 2004

“Quick Guide to IEEE WG & Activities”, Retrieved from http://grouper.ieee.org/groups/802/11/QuickGuide_IEEE_802_WG_and_Activities.htm

“Wi-Fi Alliance Introduces Next Generation of Wi-Fi Security”, Wi-Fi Alliance Press Release, September 01, 2004, http://www.wi-fi.org

Ou, George C., “EAP-FAST: The LEAP and PEAP Killer?”, July 6, 2004, http://www.lanarchitect.net/Articles/Wireless/EAP-FAST

Phifer, Lisa, “Cisco LEAP (Lightweight Extensible Authentication Protocol)”, SearchDomino, August 12, 2002

Storer, Amy, “Amid Shakeup, WLAN switch sales booming”, SearchNetworking.com, April 14, 2005, http://searchnetworking.techtarget.com

“WLAN Deployment on the rise”, Wireless.ITWorld.com, April 06, 2005, http:// www.itworld.com/jump/wirenl/wireless.itworld.com/4244/nls_ebizwlandeploy050330/

Geier, Eric, “802.11 Security Beyond WEP”, Wi-Fi Planet, June 26, 2002, http://www.wi-fiplanet.com/tutorials/article.php/1377171

Geier, Eric, “The “Thin” Access Point Approach”, Wi-Fi Planet, February 26, 2004 http://www.wi-fiplanet.com/tutorials/article.php/3318401

Dornan, Andy, “Building The Intelligent Wireless LAN”, Network Magazine, November 5, 2003, http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleld=16000350

Fogarty, Kevin, “Why aren’t people adopting 802.11i security?”, Network World, April 05, 2005

Storer, Amy, “Interoperability, thin AP to grow WLAN Market”, SearchNetworking.com, March 25, 2005, http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_ gci1071199,00.html

Funk, Paul, “The nuts and bolts of 802.11i wireless LAN security’, Network World, March 28, 2005,http://www.techworld.com/mobility/featuires/index.cfm?featureID=1293

Dornan, Andy, “Wireless LANs: Freedom vs. Security?”, Network Magazine, July 7, 2003, http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleld=10818265

83

http://www.techworld.com/mobility/featuires/index.cfm?featureID=1293

http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci1071199,00.html

http://searchnetworking.techtarget.com/originalContent/0,289142,sid7_gci1071199,00.html



http://www.itworld.com/jump/wirenl/wireless.itworld.com/4244/nls_ebizwlandeploy050330/

http://searchnetwroking.techtarget.com/

http://www.lanarchitect.net/Articles/Wireless/EAP-FAST

http://www.wi-fi.org/

http://grouper.ieee.org/groups/


“802.11i”, Retrieved from http://en.wikipedia.org/wiki/802.11i

“AP Architecture Impact on the WLAN, Part 1: Security and Manageability”, Retrieved from http://www.trapezenetworks.com/technology/whitepapers/ Part1APArch/ Part1APArch.asp

“AP Architecture Impact on the WLAN, Part 2: Scalability, Performance and Resiliency”, Retrieved from http://www.trapezenetworks.com/technology/whitepapers/ Part2APArch/ Part2APArch.asp

McCaffrey, James, “Keep Your Data Secure with the New Advanced Encryption Standard”, MSDN Magazine, November 2003, http://msdn.microsoft.com/msdnmag/ issues/03/11/AES/?print=true

Nobel, Carmen, “WI-FI Alliance to Promote WLAN Security”, eWEEK, January 31, 2005

“Wireless Security Blackpaper”, Retrieved from http://arstechnica.com/articles/paedia/ security.ars/1

Fluhrer, Scott, Itsik Mantin, and Adi Shamir, “Weaknesses in the Key Scheduling Algorithm of RC4”, 2001

“The Advanced Encryption Standard (Rijndael)”, Retrieved by http://home.ecn.ab.ca/ ~jsavard/crypto/co040401.htm

84

http://home.ecn.ab.ca/%60jsavard/crypto/co040401.htm

http://home.ecn.ab.ca/%60jsavard/crypto/co040401.htm

http://arstechnica.com/articles/paedia/security.ars/1

http://arstechnica.com/articles/paedia/security.ars/1

http://msdn.microsoft.com/msdnmag/issues/03/11/AES/?print=true

http://msdn.microsoft.com/msdnmag/issues/03/11/AES/?print=true

http://www.trapezenetworks.com/technology/whitepapers/Part2APArch/Part2APArch.asp





Date post:	07-May-2015
Category:	Documents
Upload:	johnsondon
View:	1,748 times
Download:	0 times

(Web site).doc.doc.doc

Documents