Since the ratification of the IEEE 802.11b standard in 1999, wireless LANs (WLAN)
have become more prevalent. Today, wireless WLANs are widely deployed in places
such as corporate office conference rooms, industrial warehouses, Internet-ready
classrooms and even coffee houses.
These IEEE 802.11-based WLANs present new challenges for network
administrators and information security administrators alike. Unlike the
relative simplicity of wired Ethernet deployments, 802.11-based WLANs broadcast
radio-frequency (RF) data for the client stations to hear. This presents new and
complex security issues that involve augmenting the 802.11 standard.
Securing 802.11 WLANs
Some mistakenly believe WEP to be the only component to WLAN security, but
wireless security actually consists of three components:
- The
authentication framework - The authentication algorithm
- The data privacy or encryption algorithm
802.1x authentication framework
The IEEE 802.1x standard provides a framework for many authentication types
and the link layer. The 802.1x authentication framework is included in the draft
for 802.11 MAC layer security enhancements currently being developed by the IEEE
802.11 Task Group i (TGi). The 802.1x framework provides the link layer with
extensible authentication, normally seen in higher layers.
802.1x requires three entities:
-
The supplicant-resides on the WLAN client
-
The authenticator-resides on the access point
-
The authentication server-resides on the RADIUS server
These
entities are logical entities on the network devices. The authenticator creates
a logical port per client, based on the client's association ID (AID). This
logical port has two data paths. The uncontrolled data path allows network
traffic through the network. The controlled data path requires successful
authentication to allow network traffic through.
The supplicant becomes active on the medium and associates to
the access point. The authenticator detects the client association and enables
the supplicant's port. It forces the port into an unauthorized state so that
only 802.1x traffic is forwarded. All other traffic is blocked.
802.1x provides the means for a WLAN client to communicate
with an authentication server to validate the client credentials. 802.1x is
extensible and allows a variety of authentication algorithms to operate over it.
Extensible Authentication Protocol (EAP) Algorithm
The EAP supports centralized, user-based authentication with the ability to
generate dynamic WEP keys.
The EAP authentication is designed to function on top of the
802.1x authentication framework.
Mutual Authentication: Many authentication algorithms exist,
each with an ideal use. In the world of WLANs, the client needs to be certain
that it is communicating with the intended network device. The lack of physical
connectivity between the client and the network requires the client to
authenticate the network as well as to be authenticated by the network.
User-based Authentication: 802.11 authentication is
device-based. The user of the device is invisible to the authenticator, and so
unauthorized users can access the network simply by gaining access to an
authorized device. Notebooks with 802.11 NICs using static WEP with 802.11
authentications create network vulnerability if the notebook is stolen or lost.
Such an event would require the network administrator to rapidly re-key the
wireless network and all clients.
The scenario is all too common and is a major barrier to
deployment for WLANs. Hence, authenticating the user rather than the WLAN device
makes the process of authentication tighter.
Dynamic WEP Keys: User-based mutual authentication provides
an easy-to-administer and secure authentication scheme, yet a mechanism is still
needed to manage WEP keys efficiently. This need has driven the requirement for
the authentication algorithm to generate keying material for dynamic WEP keys. A
user-based mechanism to generate unique keying material for each client relieves
network administrators from the burden of managing static keys and manually
re-keying as needed.
802.1x session timeouts force the client to re-authenticate
to maintain network connectivity. Although re-authentication is transparent to
the client, the process of re-authentication in an algorithm that supports
dynamic WEP will generate new WEP keys at every re-authentication interval. This
is an important feature in mitigating statistical key derivation attacks.
Temporal Key Integrity Protocol (TKIP)
TKIP is a draft standard with Task Group i of the IEEE 802.11 working group.
Although TKIP is not a ratified standard, it provides three major enhancements
to WEP.
Message Integrity Check (MIC)-The MIC function provides
effective frame authenticity to mitigate man-in-the-middle vulnerabilities. The
MIC augments the ineffective integrity check function (ICV) of the 802.11
standard.
Per-Packet Keying: It provides every frame with a new and
unique WEP key that mitigates WEP key derivation attacks.
Broadcast Key Rotation: Dynamic key rotation for broadcast
and multicast traffic.
802.1x authentication types that support user-based WEP keys
provide WEP keys for unicast traffic only. To provide encryption for broadcast
and multicast traffic, the following need to be done:
-
Employ a static broadcast key configured on the access
point -
Enable broadcast key rotation for dynamic broadcast key
generation
A static broadcast key must be configured on an access point
for 802.1x clients to receive broadcast and multicast messages. In wireless LAN
deployments where a static broadcast key will go through the per-packet keying
process. This reduces the opportunity for statistical key derivation attacks,
but because the base broadcast key remains static, the IV space will recycle,
causing key streams to be reused. Statistical attacks may take much longer to
execute, but they are still possible.
Static broadcast key deployments might be required in some
instances. Broadcast keys are sent from the access point to the client,
encrypted with the client's unicast WEP key. Because the broadcast keys are
distributed after authentication, access points do not have to be configured
with the same broadcast key. The access point generates broadcast WEP keys using
a seeded pseudorandom number generator (PRNG). The access point rotates the
broadcast key after a configured broadcast WEP key timer expires. This process
should generally be in sync with the timeouts configured on the RADIUS servers
for user reauthentication.
Broadcast key rotation is designed for 802.1x-enabled access
point deployments. In mixed static WEP/802.1x deployments, broadcast key
rotation may cause connectivity problems in static WEP clients. Therefore, it is
recommended that broadcast key rotation be enabled when the access point
services an 802.1x exclusive wireless LAN.
Devendra Kamtekar,
Principal Consultant, Cisco Systems, India & SAARC
What Lies Ahead
For many enterprises, managing a wireless network has felt
like riding a runaway horse without a bridle, however, enterprises can focus on
their businesses without worrying of security. In addition, the IEEE is
enhancing WEP with TKIP and providing robust authentication options with 802.1x
to make 802.11-based WLANs more secure. At the same time, the IEEE is looking to
stronger encryption mechanisms. The IEEE has also adopted the use of the
Advanced Encryption Standard (AES), the next-generation encryption function,
approved by the National Institute of Standards and Technology (NIST) to the
data-privacy section of the proposed 802.11i standard.