Wireless Security
Because wireless computing is
so exposed, it requires measures to protect communications between a computer
(called the client) and a wireless base station or access point. Remembering
that all these communications are on predefined radio frequencies, you can
expect an eavesdropping attacker to try to intercept and impersonate. Pieces to
protect are finding the access point, authenticating the remote computer to the
access point, and vice versa, and protecting the communication stream.
SSID
As described earlier in this
chapter, the Service Set Identifier
or SSID is the identification of an access point; it is a string of up to 32
characters. Obviously the SSIDs need to be unique in a given area to
distinguish one wireless network from another. The factory-installed default
for early versions of wireless access points was not unique, such as
"wireless," "tsunami" or "Linksys" (a brand
name); now most factory defaults are a serial number unique to the device.
A client and an access point
engage in a handshake to locate each other: Essentially the client says,
"I am looking to connect to access point S" and the access point
says, "I am access point S; connect to me." The order of these two
steps is important. In what is called "open mode," an access point
can continually broadcast its appeal, indicating that it is open for the next
step in establishing a connection. Open mode is a poor security practice
because it advertises the name of an access point to which an attacker might
attach. "Closed" or "stealth mode" reverses the order of
the protocol: The client must send a signal seeking an access point with a
particular SSID before the access point responds to that one query with an
invitation to connect.
But closed mode does not
prevent knowledge of the SSID. The initial exchange "looking for S,"
"I am S" occurs in the clear and is available to anyone who uses a
sniffer to intercept wireless communications in range. Thus, anyone who sniffs
the SSID can save the SSID (which is seldom changed in practice) to use later.
WEP
The second step in securing a
wireless communication involves use of encryption. The original 802.11 wireless
standard relied upon a cryptographic protocol called wired equivalent privacy or WEP. WEP was meant to provide users
privacy equivalent to that of a dedicated wire, that is, immunity to most
eavesdropping and impersonation attacks. WEP uses an encryption key shared
between the client and the access point. To authenticate a user, the access
point sends a random number to the client, which the client encrypts using the
shared key and returns to the access point. From that point on, the client and
access point are authenticated and can communicate using their shared
encryption key. Several problems exist with this seemingly simple approach.
First, the WEP standard uses
either a 64- or 128-bit encryption key. The user enters the key in any
convenient form, usually in hexadecimal or as an alphanumeric string that is
converted to a number. Entering 64 or 128 bits in hex requires choosing and
then typing 16 or 32 symbols correctly for the client and access point. Not
surprisingly, hex strings like C0DE C0DE… (that is a zero between C and D) are
common. Passphrases are vulnerable to a dictionary attack.
Even if the key is strong, it
really has an effective length of only 40 or 104 bits because of the way it is
used in the algorithm. A brute force attack against a 40-bit key succeeds
quickly. Even for the 104-bit version, flaws in the RC4 algorithm and its use
(see [BOR01, FLU01
, and ARB02 ]) defeat WEP security.
Several tools, starting with WEPCrack and AirSnort, allow an attacker to crack
a WEP encryption, usually in a few minutes. At a 2005 conference, the FBI
demonstrated the ease with which a WEP-secured wireless session can be broken.
For these reasons, in 2001
the IEEE began design of a new authentication and encryption scheme for
wireless. Unfortunately, some wireless devices still on the market allow only
the false security of WEP.
WPA and WPA2
The alternative to WEP is WiFi Protected Access or WPA, approved
in 2003. The IEEE standard 802.11i is now known as WPA2, approved in 2004, and
is an extension of WPA. How does WPA improve upon WEP?
First, WEP uses an encryption
key that is unchanged until the user enters a new key at the client and access
point. Cryptologists hate unchanging encryption keys because a fixed key gives
the attacker a large amount of ciphertext to try to analyze and plenty of time
in which to analyze it. WPA has a key change approach, called Temporal Key Integrity Program (TKIP),
by which the encryption key is changed automatically on each packet.
Second, WEP uses the
encryption key as an authenticator, albeit insecurely. WPA employs the
extensible authentication protocol (EAP) by which authentication can be done by
password, token, certificate, or other mechanism. For small network (home)
users, this probably still means a shared secret, which is not ideal. Users are
prone to selecting weak keys, such as short numbers or pass phrases subject to
a dictionary attack.
The encryption algorithm for
WEP is RC4, which has cryptographic flaws both in key length and design [ARB02]. In WEP the initialization vector for RC4
is only 24 bits, a size so small that collisions commonly occur; furthermore,
there is no check against initialization vector reuse. WPA2 adds AES as a
possible encryption algorithm (although RC4 is also still supported for
compatibility reasons).
WEP includes a 32-bit
integrity check separate from the data portion. But because the WEP encryption
is subject to cryptanalytic attack [FLU01], the integrity check was also subject, so an attacker
could modify content and the corresponding check without having to know the associated encryption
key [BOR01]. WPA includes a 64-bit integrity check that is encrypted.
The setup protocol for WPA
and WPA2 is much more robust than that for WEP. Setup for WPA involves three
protocol steps: authentication, a four-way handshake (to ensure that the client
can generate cryptographic keys and to generate and install keys for both
encryption and integrity on both ends), and an optional group key handshake
(for multicast communication.) A good overview of the WPA protocols is in [LEH05].
WPA and WPA2 address the
security deficiencies known in WEP. Arazi et al. [ARA05]
make a strong case for public key cryptography in wireless sensor networks, and
a similar argument can be made for other wireless applications (although the
heavier computation demands of public key encryption is a limiting factor on wireless
devices with limited processor capabilities.)
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.