Security in Wireless Local Area Networks

Authors Avatar

Security in Wireless Local Area Networks


Department of Electrical and Communications Engineering
Helsinki University of Technology

Abstract

When the wireless communications is coming to the offices and the homes, there are some new security issues to be taken care of. Today we have continuously growing markets for the wireless LANs, but there is big black hole in the security of this kind of networks. This paper gives an overview of the security functions specified in two wireless LAN standard, namely in the IEEE 802.11 and the HIPERLAN. There is also some discussion about the threats and vulnerabilities in wireless networks compared to wired networks. And last but not least the protocols and mechanisms needed in the secure wireless LAN are described.

Table of Contents

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1 Introduction

Around 1980 was the concept of the wireless LAN introduced and since 1985 have many companies tried to implement variety of wireless LAN applications using spread spectrum, infrared and traditional wide band radio [] technologies. Now is the real breakthrough of the wideband wireless applications happening; the IEEE 802.11 standard, approved June 1997, gives a solid platform for new applications and the chips supporting IEEE 802.11 are already in the market. The wireless office market revenue was year 1996 $390 million from which $218 million belonged to wireless LANs and it is expected to break a billion dollar in early next millennium [].

The commercial wireless LAN applications can be divided in five category []:

  • LAN extension - indoor wire replacement
  • Inter-LAN bridges - outdoor wire replacement
  • Campus Area Networks (CAN) - wireless LANs with infrastructure
  • Ad-hoc networking - wireless LANs without infrastructure
  • Nomadic access - a wireless LAN service

Today's existing applications aims at four category of applications []:

  • Healthcare industry
  • Factory floors
  • Banking industry
  • Educational institutions

The security issues in the wireless environment are much more stressed than in the wired networks, but there are still products without any security functions and even the IEEE 802.11 specifies the security functions as an optional feature. Anyhow the security in the Internet is coming more and more vital and the IPSEC concept and IPv6 are going to demand the ciphering and authentication as mandatory functions in the network equipment. So there is a real need for developing the security in the wireless networks.

2 Abbreviations and Definitions

In this document are following abbreviations () and definitions () used.


3 Standards

This section describes two existing wireless network standards concentrating on the security functions they provide. The proprietary solutions (like Lucent Technologies WaveLAN), existing mobile telephone networks (like GSM) and future technologies (like wireless ATM or UMTS) are out of the scope of this paper.

3.1 HIPERLAN

In this paper, the term "HIPERLAN" is used to refer to HIPERLAN, Type 1 []. 

HIPERLAN is ETSI's wireless broadband access standard, which defines the MAC sublayer, the Channel Access Control (CAC) sublayer and the physical layer. The MAC accesses the physical layer through the CAC, which allows easy adaptation for different physical layers. Currently defined physical layers use 5.15 - 5.30 GHz frequency band and support 2 048 Kbps synchronous traffic and up to 25 Mbps asynchronous traffic. HIPERLAN has following properties []:

  • it provides a service that is compatible with the ISO MAC service definition in ISO/IEC 15 802-1 []
  • its operations are compatible with the ISO MAC bridges specification ISO/IEC 10 038 for interconnection with other LANs []
  • it may be deployed in pre-arranged or an ad-hoc fashion
  • it supports node mobility
  • it may have a coverage beyond the radio range limitation of single node
  • it supports both asynchronous and time-bounded communication by means of a Channel Access Mechanism (CAM) with priorities providing hierarchical independence of performance
  • its nodes may attempt to conserve power in communication by arranging when they need to be active for reception

The HIPERLAN specification [] defines an encryption-decryption scheme for optional use in the HIPERLAN. In this scheme, all HM-enties of a HIPERLAN shall use a common set of shared keys, referred as the HIPERLAN key-set. Each of these keys has an unique key identifier. Plain text is ciphered by XOR operation with random sequence generated by confidential [] algorithm, which uses as an input the secret key and initialization vector send in every MPDU (see ). ETSI claims that defined scheme utilizes the level of protection of a wired LAN [].
Figure 1: HIPERLAN encryption-decryption scheme [] 

It is impossible to say anything for sure about the protection level that the WEP offers, because the algorithms are not available. But the lack of the independent and public analysis arouses some suspicions about the strength of the algorithms. The HIPERLAN standard does not define any kind of authentication, which sounds very strange for this kind of system. In my humble opinion one should not trust the security level offered by the HIPERLAN specification in any sensitive application, but use some additional mechanism to gain the security requirements sat to the wireless LAN.

3.2 IEEE 802.11 []

The IEEE 802.11 standard defines the physical layers and the MAC sublayers for the wireless LANs. There are three different physical layers: Frequency Hopping Spread Spectrum Radio, Direct Sequence Spread Spectrum Radio and Baseband Infrared. All physical layers can offer 2 Mbps data rate, the radio PHYs uses 2 400 - 2 483.5 MHz frequency band. The MAC layer is common for all three PHY and has the following features []:

  • Support of Iso-chronous as well as Asynchronous data
  • Support of priority
  • Association/Disassociation to an AP in a BSS or ESS
  • Re-association or Mobility Management to transfer of association from one AP to another
  • Power Management to save in the battery time
  • Authentication to establish identity of the terminals
  • Acknowledgment to ensure reliable wireless transmission
  • Timing Synchronization to coordinate the terminals
  • Sequencing with duplication detection and recovery
  • Fragmentation / Re-assembly

The IEEE 802.11 defines two authentication schemes: Open System Authentication and Shared Key Authentication. The former is actually a null authentication, all mobiles requesting the access are accepted to the network. The later one uses shared key cryptography to authenticate the mobile. When a mobile request authentication, the base sends 128 octet ( 1024 bits ) long random number to the mobile encrypted using shared key. The mobile decrypts the random number using the same shared key than the base and sends that back to the base. If the number that the base receives is correct, the mobile is accepted to the network. All mobiles allowed to connect to the network uses the same shared key, so this authentication method is only able to verify if the particular mobile belongs to the group of the mobiles allowed to connect to the network, but there is no way to distinct the mobiles from each other. There are also no means to authenticate the network by the mobile. The IEEE 802.11 does not define any key management functions.

Join now!

The IEEE 802.11 defines an optional Wired Equivalent Privacy (WEP) mechanism to implement the confidentiality and integrity of the traffic in the network. WEP is used at the station-to-station level and does not offer any end-to-end security. WEP uses the RC4 PRNG [] algorithm based on a 40 bit secret key and a 24 bit initialization vector (IV) send with the data. WEP includes an integrity check vector (ICV) to allow integrity check. One MPDU frame contains the clear text IV and ICV and the cipher text data block, so receiver is always able to decrypt the cipher text block ...

This is a preview of the whole essay