802.11b devices suffer interference from other products operating in the 2.4 GHz band. (Devices operating in the 2.4 GHz range include: microwave ovens, Bluetooth devices, baby monitors and cordless telephones). It also uses three different non overlapping channels (1, 6, 11) to minimize the interference between each of the access points and the mobile devices associated with those access points.
At the same time the IEEE created the 802.11b standard, it also issued another standard with even higher speeds. The 802.11a standard specifies a maximum rated speed of 54Mbps and also supports 48, 36, 24, 12, 9 and 6Mbps transmission using the U-NII band and 802.11a has 12/13 non-overlapping channels. Although the 802.11a and b specifications were published at the same time by IEEE, 802.11b products started to appear almost immediately, while 802.11a products came to market later because of technical issues along with the high cost of developing products for the standard ( 802.11a standard use metal oxide semiconductors(CMOS) and these are more expensive and required more capital investment and time to develop).
The next major amendment to 802.11 was 802.11g, which was completed in 2003 and is the most commonly used wireless networking technology as of 2009. 802.11g represented a shift in technique for the 802.11 standard, switching to the use of orthogonal frequency-division multiplexing, or OFDM, for its modulation (802.11g-2003 10). Earlier versions of the protocols used Complementary Code Keying, or CCK, a technology that while error resistant required the serial transmissions of all data (802.11b-1999 16). OFDM multiplexes the spectrum allowing for data to be sent in parallel and increasing the overall speed of transmission. 802.11g is backwards compatible with 802.11b, meaning that 802.11g will work with 802.11b wireless and vice versa. 802.11g supports CCK and will fall back to it when an 802.11b client connects to an 802.11g network (802.11g-2003 13). CCK is also more interference resistant, so 802.11g will also revert to CCK in cases of high interference.
In Irvine’s whitepaper, (2006) it states:
Though the official specification is still pending, 802.11n is already commonly implemented based on the draft specification. 802.11n further improves upon the techniques of 802.11g to increase the maximum theoretical throughput to 600 megabits/second, though the fastest implementations currently available only support a theoretical throughput of 300 megabits/second (Broadcom 4). 802.11n uses multiple antennae; both to improve signal reception 802.11n devices as well allow further parallelization of data transmission (p. 4-5).
In addition, it goes on to state that:
A common problem with 802.11b and 802.11g devices involves the use of the 2.4 ghz spectrum for communication. The 2.4 ghz is commonly used in consumer wireless devices, such as cordless telephones and Bluetooth devices such as wireless headsets for cell phones. Microwave ovens also operate at this frequency, and create enough interference that 802.11b and 802.11g devices in close proximity to a microwave oven that is in use can become functionally useless for the duration of its use. (p. 5).
802.11n attempts to address this problem to some extent with its use of multiple antennae, allowing for simultaneous communication at slightly different frequencies. An 802.11n device will use 2 slightly overlapping 20mhz bands to create the 40mhz band it uses, providing enough frequency differentiation as to make it quite a bit more resistant to radio interference that 802.11b or 802.11g. (p. 6).
Encryption
Non-Encryption Techniques for Wireless Network Security
On the simplest level, wireless network security is the problem of preventing unauthorized clients from accessing a wireless network. The simplest solution to this problem, separate of any encryption techniques, as researched by Tsow, et. al. (2006), is:
The optimization of the range of a network. For an average household or business, access to a wireless network is often possible over a much wider area than is intended. A practice known as “war driving” exploits this fact. Someone who is “war driving” will travel throughout a neighborhood with an 802.11 device searching for unsecured networks. Though most war drivers are merely interested in relatively harmless pranks, the potential for more serious exploitation of the security risks exist. Many consumer 802.11 devices, and nearly all professional 802.11 devices, support user modification of antenna power, allowing one to decrease the range over which the network is accessible. (p. 7 -8).
Another non-encryption related technique that may be employed, as suggested by Milpitas, (2003), is:
The creation of a list of allowed devices based on MAC address, and excluding all others. Excluding devices in this way has the advantage of being extremely difficult to circumvent without either access to the wireless access point or knowledge of an approved MAC address. In the event that an approved MAC address becomes known, it is a relatively simple process to make a network device report a MAC address other than the one it was originally assigned, providing the most common point of attack for networks using this technique (p. 1).
The creation of a list of approved MAC addresses is the most commonly used technique in areas where an entity is attempting to provide public Wi-Fi access, such as at airports or universities, and is handled by what is known as a Radius server. Upon initiating a new session, a user will be required to agree to terms of use for the access point or input a username and password. Networks for which the operators charge for access often require the user to first enter a credit card number in order to connect. After the required process has been completed, the user’s MAC address is logged by the Radius server and connections from that MAC address are allowed as normal.
In Milpitas’, (2003), research, it says that the major flaws with the technique of allowing access based on MAC address are the vulnerability relating to MAC address spoofing, as well as convenience for the user. Requiring a device to be approved before it may connect requires a user to modify the appropriate configuration on their access point, or requires the use of a Radius server, the configuration of which is outside the skill set of most home and small business users (p. 1).
802.11 provides users the option of hiding the unique identifier of their network, known as the SSID. This commonly prevents the network from showing as available to clients that are unaware of its existence. Many tools designed specifically to compromise wireless security will show a list of all available wireless networks, regardless of whether the name of the network is public, so this technique alone is not useful for preventing unauthorized connections.
No non-encryption based security technique alone will prevent unauthorized access to a network. When combined with encryption based techniques, however, these techniques can greatly increase security. Lowering the visibility of a network through range optimization and the hiding of the SSID make attempts to gain unauthorized access less likely.
Encryption based Wireless Network Security Techniques
In a 2003 update to the 802.11g specification, the IEEE clarifies that the time required for the use of a protection mechanism “shall be no longer than or equal to the total time required to send the data and any required response frames.”. This clause in the specification imposes the restriction that any implemented encryption must have no negative effect on the throughput of a connection.
The most commonly implemented techniques for digital communications encryption involve the use of a key, used for encryption of the data, as well as an initialization vector, or IV. An IV is used in encryption to indicate the when a new set of encrypted data has begun. For example, each encrypted packet of data in a wireless network would begin with the IV, which is known to both the transmitter and receiver of the data. An IV does not need to be kept secret as the key does, and is often easily determined by data analysis as it usually the most commonly recurring string of data.
A key is employed in much the same way as a decoder ring, as quoted by Bittau, 2006):
When data is encoded, the key is employed alongside an encryption algorithm, ensuring that the data is sufficiently obfuscated so that it isn’t easily decoded by those who are unaware of the key. All encryption is vulnerable to “brute force” attacks, where successive keys are tried until the proper key to decrypt the data is found. The amount of time required to decrypt data through this method is directly related to the length of the key. Even the least secure 802.11 encryption, WEP, uses a 40-bit key that would take months crack through brute force methods. More common 128-bit and 256-bit keys would take years to decrypt. (p. 3-8)
Wired Equivalent Privacy (WEP)
Wireless Equivalent Privacy, was the first encryption technique specified to 802.11 networks, and was included in the 802.11 specification in 1997. Though it is the most commonly supported form of encryption on wireless networks, it is now considered to be a deprecated technology and is seldom used in new installations.
In Arbaugh’s research, (2001), it states that:
While the original WEP specification was being created, encryption technology was subject to strict U.S. export laws, limiting the length of the encryption key that could be used. The exportation of encryption technology using keys longer than 40 bits was prohibited, placing an upper limit on the security of WEP networks.
The first implementation of WEP is known as 64-bit WEP. 64-bit WEP uses a 40-bit key, the maximum allowed by law at the time, coupled with a 24-bit initialization vector. With WEP, the IV is generated at the time of connection, while the 40-bit key is specified by the user. (p. 4).
Two algorithms are incorporated in WEP. For encryption, RC4 is used. RC4 is the most commonly implemented form of digital encryption, and is also used for e-commerce transactions in the form of Secure Sockets Layer, or SSL. Many hardware implementations of RC4 encoders and decoders are available, making it relatively inexpensive for wireless chipset manufacturers to incorporate. (p.4).
To ensure data integrity, CRC-32 is used. CRC-32 takes a block of data of fixed length, and from it creates an integer expressed as a 32-bit binary number. This allows for over 4 billion potential combinations, making the likelihood of two dissimilar pieces of data having the same key extremely remote. (p. 3).
Beck, et. al., (2006), states that:
After the U.S. government relaxed import restrictions, a more secure implementation of WEP was standardized, known as 128-bit WEP. 128-bit WEP retains the same 24-bit IV, but increases the key size to 104-bits. (p. 3).
WEP keys are generally represented in hexadecimal, allowing for the use of the numbers 1 through 9, as well as the letters A through F. Each hexadecimal digit is represented by 4 bits when converted to binary. This means that the 40-bit key required for 64-bit WEP is represented by 10 hexadecimal digits, while the 104-bit key in 128-bit WEP is represented by 26 hexadecimal digits. (p. 3).
WEP can be used in two forms, known as Open System and Shared key. When shared key is used, an initial process occurs in which the client must first authenticate before data transmission can begin. After an initial request to connect is issued by the client, the access point sends an unencrypted packet of data (802.11i-2004 10). The client then encrypts this data with the encryption key and sends an encrypted packet back to the access point. If the access point decrypts the packet successfully, communication beings using the agreed upon key. This process is prone to failure when other issues, such as interference or the distance between the client and the access point, prevent the packet from being successfully transmitted or received.
In the case of a network using an open system, no such initialization process occurs. A request is sent by the client to receive data, to which the access point immediately responds with encrypted data (802.11i-2004 10). If the client and the access point are using the same key, the data is successfully decrypted and communication continues. If the client is using a different key than was used to perform the encryption, all data is unusable to the client.
WEP is extremely vulnerable to attack, and can broken in minutes with easily available tools, most commonly aircrack-ng on the Windows and Linux platforms, and Kismac on the Macintosh platform. For this reason, it is never used on wireless networks requiring high security.
Bittau, et. al., (2006), quotes that the source of the vulnerability is related to the way the RC4 encryption occurs, and the relatively short 24-bit length of the IV. The two most common types of encryption algorithms are known as stream ciphers and block ciphers. RC4 is a stream cipher. A stream cipher counts on each block of data having a unique IV. (p. 4).
As per Arbaugh, (2001), due to the high number of separate data packets required to make wireless networks effective, a 24-bit IV does not provide enough unique possibilities to make RC4 effective, with IV repetition occurring often every 5000 packets. An average wireless network with multiple clients connected will send and receive hundreds of packets per second. (p. 4)
Beck, (2008), states that, further techniques have been developed both to increase the number of packets transmitted across a network, and minimize the number of packets required to determine the encryption key used. (p. 7).
A common WEP breaking technique involves the use of two 802.11 devices. One device sends a large number of malformed authentication packets, to which the access point responds with validly formed but encrypted packets. The second device collects and stores the response packets, as well as any other communication occurring over the network.
Another vulnerability of WEP encrypted networks is the relatively short key length. Though even a short key poses problems for brute force attacks, someone with a small amount of prior knowledge can often guess the key. These problems, however, are less related to wireless security and more related to password security.
For many home applications, or wireless network installations in remote locations, WEP can be acceptable solution, though it is seldom optimal. Another common application of WEP is on networks on which there are a large number of legacy clients. WEP is often the only encryption technique supported by older wireless hardware and drivers. In these cases, the best solution is to choose a secure key and employ non-encryption based security techniques to minimize the number of potential unauthorized connections.
WEP2
After the security flaws in WEP were publicized the IEEE TGi task group which responsible for the implementation of the original WEP, released a new proposed implementation of WEP known as WEP2. WEP2 attempted to overcome the limitations of WEP by adding two new security enhancements. First, the WEP key was increased to 128 to address the weakness of encryption. Second, a different authentication system was used, known as KERBEROS. It was developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of network users.
Kerberos is typically used when someone on a network attempts to use a network service, and the service wants assurance that the user is who he says he is. The user is provided a ticket that issued by the Kerberos server, much as a driver’s license is issued by DMV. This ticket contains information linking it to the user. The user presents this ticket to the network for a service. The service then examines the ticket to verify the identity of the user. If all checks out, the user is accepted. However, by May 2001 it became clear that WEP2 was no more secure then WEP itself. Increasing key to 128 still did not prevent collisions, or two packets derived from the same IV and inclusion of mandatory Kerberos opened WEP2 to new dictionary-based attacks.
Dynamic WEP
Another solution was advanced was dynamic WEP. It solves the weak IV problem by rotating the keys frequently, making it much more difficult to crack the encrypted packet. It uses different keys for unicast traffic and broadcast traffic.
A major advantage of using dynamic WEP is its straightforward deployment. Dynamic WEP can be implemented without upgrading device drivers or AP firmware. Deploying dynamic WEP is a no-cost solution with minimal effort.
Although dynamic key overcomes the weak IV problem of original WEP, it is still only a partial solution. It does not protect against man-in-the-middle attacks and susceptible to DoS attacks. Because it only offered partial solution, it was never widely implemented.
IEEE 802.11i
After three years of effort, in June 2004 the IEEE 802.11i standard was ratified. It addresses both encryption and authentication. Encryption is accomplished by replacing the RC4 stream cipher works on one character at a time, a block cipher manipulates an entire block of plaintext at a time. The plaintext message is divided into separate blocks of 8 to 16 bytes, and then each block is encrypted independently. For additional security, the blocks can be randomized.
The block cipher used in 802.11i is Advanced Encryption Standard (AES). AES performs three steps on every block (128bit) of plaintext. Within step 2, multiple iterations (round) are performed depending upon the key size: 128 bit key performs 9 rounds and within each rounds bytes are substituted and rearranged and then special multiplication is performed based on the new arrangement. AES is designed to be secure for several years to come. The time it would take to break AES using brute-force attack with $1 million worth of computers is 2.20*10^17 years.
WI-FI Protected Access (WPA)
When the first vulnerabilities were discovered in WEP in 2001, the Wi-Fi Alliance, a consortium who took over the development of wireless networking related standards from the IEEE, immediately began developing 802.11i, an amendment to the 802.11 specification designed address the security concerns related to WEP. A draft specification was quickly completed, the majority of which is implemented by WPA.
WPA increases the length of the encryption key to 256-bits, creating trillions of possible combinations. To prevent users from being required to remember a 64-bit hexadecimal string, a standard method was created to allow for the use of standard passwords, which are allowed to be between 8 and 63 characters long. A unique string is created using a combination of the specified password and the SSID of the wireless network.
For encryption, WPA still uses RC4 but employs a technique known as the Temporal Key Integrity Protocol (Orinoco 3). Though still using RC4, the key length was increased to 256-bits. Also, TKIP mixes the key and IV, making it extremely difficult to determine the IV without first knowing the key. While not an optimal solution with regard to encryption, such a technique allowed most WEP hardware to be upgraded to support WPA with just a software modification, rather than requiring replacement of the device. WPA also introduces a proprietary 64-bit integrity check, rather than using the 32-bit CRC32 as WEP does.
In Beck’s research, (2008), it states that, a minor exploit of TKIP was discovered using common types of packets, such as those dealing with basic communications issues. The exploit does not allow discovery of the key, however, only allowing the attacker to inject up to 15 packets of their own data, a relatively harmless amount. (p. 9).
Since its initial implementation in 2003, WPA has remained unbroken as of 2009. Recent advancements in the general purpose use of hardware traditionally used for computer graphics have made the potential of a successful brute force technique more likely. The technique is only effective, however, on weak passwords. Using a password of longer than 14 characters makes such an attack impossible to carry out in a reasonable amount of time.
WI-FI Protected Access (WPA2)
The 802.11i standard was finalized in 2004, the implementation of which is known as WPA2. WPA2 uses an encryption technique known as Protocol, which is based on the Advanced Encryption System (802.11i-2004 31).
AES is a 3 stage block cipher, meaning that each packet of data is encrypted 3 times by 3 different block ciphers, and must be decrypted in the same way. The use of a multistage cipher provides many additional security benefits. The order in which the ciphers are used must be known in order to decrypt the data. An IV is exponentially more effective with each subsequent cipher applied, and the use of a block cipher mitigates risks associated with the IV becoming known (802.11i-2004 29).
Just as WEP can be used in shared key or open system modes, WPA2 has similarly differentiates the modes in which it can be used. WPA2 incorporates a mode functionally similar to shared key mode in WEP, known as Personal mode, and provides extensions known as WPA2 enterprise that allows for authentication to be done externally by a 802.1x server, though Personal mode is the most commonly used mode (802.11i-2004 38).
WPA2 has become the only accepted 802.11 encryption standard. It is the only available encryption method in 802.11n, and all devices released since its ratification must implement it in order to be certified as compatible with other wireless devices.
As of 2009, no exploits have been discovered for WPA2, and the combination of multiple ciphers and a longer encryption key make the likelihood of one being discovered somewhat unlikely. WPA2 has been judged to be secure enough for government use, and the City of San Francisco has a city-wide 802.11n network encrypted with WPA2.
Security Models
Someone said security is like a car insurance: you realize you should have had more only after it’s too late! It is important to implement the most comprehensive security model possible in order to protect information. Failing to adequately protect information from all potential attacks can result in only partial coverage and will result in serious consequences.
We have three types of security model; transitional, personal and enterprise level security.
Transitional Security Model
There are some occasions when the best security model can not be implemented. For example, a public library may have installed an 802.11b network several years ago for its patrons but due to funding cannot afford to purchase new equipment that supports highest level security. What should be done in this instance?
The answer may be to implement the highest level of security based upon the current equipment in use. Although it is not the optimal solution, it is better than doing nothing at all. It should be recognized that his should only be considered a transitional phase until migration to stronger wireless security is possible. The transitional security model should only be implemented as a temporary solution. Transitional security is the basic security for wireless LAN. It includes both authentication and encryption.
Authentication
There are three important steps that should be taken for authentication under the transitional security model. These are using shared key authentication, turning off SSID and implementing MAC address filtering.
WEP Encryption
Although WEP has vulnerabilities, it should be turned on if no other options available for encryption. The longest WEP key available should be used for added security, because a longer key may be more difficult to break.
Personal security model
The personal security is designed for single users or small office home office settings of generally 10 or fewer wireless devices. It is divided into two sections, WPA and WPA2. Older equipment may be forced to implement WPA while newer APs and wireless NICs can support WPA2.
WPA Personal Security
The authentication used is PSK and the encryption is TKIP.
PSK Authentication
It uses a passphrase that is manually entered to generate the encryption key. Unlike WEP, the PSK is not used for encryption. Instead, it only serves as the starting value for mathematically generating the encryption keys themselves.
However, the disadvantage is key must be created and entered in the wireless access point and also wireless device.
TKIP Encryption
TKIP encryption is a strong substitution for WEP encryption. However, instead of replacing the WEP engine, TKIP is designed to fit into the existing WEP procedure with a minimal amount of change.
WPA2 Personal Security
The authentication used is PSK but encryption is AES, instead of TKIP.
PSK Authentication
PSK provides a strong degree of authentication protection. PSK keys are automatically changed (rekeying) and authenticated between devices after specified period of time or after a set of number of packets has been transmitted.
AES-CCMP Encryption
AES is the encryption protocol. CCMP is based upon the Counter Mode with CCM of the AES encryption. CCM is the algorithm providing data privacy, while the Cipher Block Chaining Message Authentication Code (CBC-MAC) component of CCMP provides data integrity and authentication.
Enterprise Security Model
The most secure level of security that can be achieved today for wireless is Enterprise Security Model. It is designed for medium to large-size organizations such as business, government agencies and universities.
Like the personal model, the enterprise is divided into two sections, WPA and WPA2.
WPA Enterprise Security
The authentication used is IEEE802.1x and the encryption is TKIP.
IEEE802.1x Authentication
It provides an authentication framework for 802-based LANs. It uses port-based authentication mechanisms, meaning that the switch denies access to anyone other than an authorized user who is attempting to connect to the network through that port. 802.1x does not provide any encryption; instead, it is intended to authenticate a user and to provide a secure way to exchange keys that can be used for encryption. It consists of three elements;
a) Supplicant; wireless device wants to connect to network,
b) Authenticator; serves as an intermediate device, AP,
c) Authentication Server; stores the list of the names and credentials of authorized users in order to verify their authenticity, RADIUS.
Here is the 802.1x procedure;
Step 1- The wireless devices requests from the access point permission to join the wireless LAN.
Step 2- The access point asks the device to verify its identity.
Step 3- The device sends identity information to the access point which passes it on to an authentication server, whose only job is to verify the authentication of devices. The identity information is sent in encrypted form.
Step 4- The authentication server verifies or rejects the client’s identity and returns the information to the access point.
Step 5- An approved client can now join the network and transmit data.
TKIP Encryption
TKIP is a `wrapper` around WEP that provides encryption mechanism for WPA enterprise security. Because of design goal of TKIP was to dovetail into the existing WEP mechanism, it was not designed from the `ground up` and vulnerabilities may be exposed in the future.
WPA2 Enterprise Security
WPA2 provides the most secure level of authentication and encryption available on wireless LAN. The authentication used is IEEE802.1x and the encryption is AES-CCMP
IEEE 802.1x Authentication
The strongest type of wireless authentication currently available. It provides the higher degree of security for a WPA2 enterprise model.
AES-CCMP Encryption
AES is a block cipher that uses the same key for both encryption and decryption. With AES, bits are encrypted in blocks of plaintext that are calculated independently, rather than a keystream acting across a plaintext data input stream.
Other Enterprise Security Tools
Besides the enterprise security model, there are additional security tools that can supplement the enterprise security model to provide an even higher degree of security. These include VPN, Wireless Gateway Wireless Intrusion Detection System (WIDS) and captive portals.
VPN
It uses a public, unsecured network as if it were private, secured network.
Wireless Gateway
Equipping an access point with additional functionality can create a device known as a wireless gateway. Most of the AP wireless gateway because they combine the functions of AP, router, network address translator, firewall and switch.
Wireless Intrusion Detection System
A common network security device that establishes and maintains network security is an intrusion-detection system (IDS). An IDS monitors the activity on the network. WIDS serves similar to IDS and look for attacks based on a database of attack signatures.
Captive Portal
A captive portal is a web page that wireless users are forced to visit before they are granted wireless access to the internet. They are used in public hotspots.
Conclusion
Wireless networking technology is sufficiently mature that any early problems with have since been discovered and resolved. The use of WPA2 encryption with a strong password and non-encryption based techniques such as hiding the SSID of a network as well as optimizing wireless network range make wireless networking suitable even for applications requiring the highest level of security.
References
Arbaugh, William. A. (2001). “An Inductive Chosen Plaintext Attack Against
WEP/WEP2”, University of Maryland College Park,. 3, 4.
Ars Technica. (2009). New Attack Cracks WEP in Record Time.
Austin. (2005). Deploying Wi-Fi Protected Access and WPA2 in the Enterprise,
Wi-Fi Alliance.
Beck, Martin, & Tews, Eric.(2008). Practical Attacks Against WEP and WPA,
TU-Dresden and TU-Darmstadt, Dresden.I 3, 7, 9.
Bittau, Andrea, et. al.(2006). The Final Nail in WEP’s Coffin, University College
London, London . 2-4.
Borisov, Nikita et al.(2008), Intercepting Mobile Communications: The Insecurity
of 802.11, University of California at Berkeley, Berkeley.
Ciampa, Mark. (2005). CWNA Guide to Wireless LANs. Cengage Learning.
Coppersmith, Don. (1994). The Data Encryption Standard and its strength against
attacks, IBM Journal of Research and Development. 38, 243-250.
He, Changhua. (2005). Analysis of Security Protocols for Wireless Networks,
Diss. Stanford University.
IEEE Standard 802.11b-1999. (1999). IEEE Computer Society, New York,.
IEEE Standard 802.11b-1999 Corrigendum 1. (2001). IEEE Computer Society,
New York.
IEEE Standard 802.11g. (2003). IEEE Computer Society, New York.
IEEE Standard 802.11i. (2004). IEEE Computer Society, New York.
Irvine. (2006). 802.11n: Next Generation Wireless LAN Technology White
Paper, Broadcom Corporation, 2-6.
Milpitas. (2003). Orinoco Security Paper v. 2.2”, Proxim Corporation.
Tsow, Alex, et. al. (2006). Warkitting: The Drive-by Subversion of Wireless
Home Routers, Indiana University, Bloomington.
NIST. (2005). Wireless network security 802.11, Bluetooth and hand devices.
Tanenbaum, Andrew, S. (2002). Computer Networks: Wireless MAC Sublayer protocols
and physical layer. Pearson, 4th edition.
Tanenbaum, Andrew, S. (2002). Computer Networks: Cryptography. Pearson, 4th
edition.