Wireless System Security Aspects

Wireless systems are very sensitive to attacks and security violations. The following elements for security in wireless system implementations become apparent [4]:

x Mutual authentication – both the client and server must authenticate with each other in order to not only guarantee that the users allowed to access the network are authorized to do so, but also to help guard against spoofing access points and other wireless devices.

x End-to-end encryption – user data must never be allowed to appear in the clear on the network except at authorized end points.

x Per-client keys – keys must be unique for each authorized user. This prevents the compromising of security keys due to theft or otherwise unauthorized access and also provides for guaranteeing non-repudiation. x Secure automated key distribution – a technique for central management of

security keys is essential. Manual processes are both error-prone and subject to security violations.

x Full support for mobility – finally, any security implementation must take into account the fundamental nature of wireless LANs – that users can

move from access point to access point as they roam throughout a given facility, and even between facilities.

A wide variety of options for meeting the above exist. One of the most obvious is using services which operate at the OSI network layer or above. A popular technique is the use of a virtual private network (VPN), an approach based on “tunneling” encrypted traffic through a network. This has a number of benefits, such as centralized management, uniformity across media, and suitability for both in-building use and remote access. However, VPNs have not been standardized and may have implementation dependencies that can make them complex in operation. The Remote Authentication Dial-In User Service (RADIUS)[22] approach is also popular, and it can be effective for authentication of clients and servers. However, there is currently no support for mobility, no key distribution or support for key exchange, no inherent security features, and fundamental issues with latency that can interfere with roaming. Finally, there exists a range of proprietary techniques that have already been implemented, even by major vendors. The core common issues include lack of extensibility and compatibility with future WLAN products and standards. Though these approaches can be quite secure, their use may result in significant costs of introducing new network elements in the future. Clearly, an open, standards-based approach is the best.

Authentication ensures that only authorized users are allowed to access the network. Again, there are simple authorization techniques included in WLAN 802.11, such as the “SSID” which all clients must know in order to access the network. In some cases a simple mechanism for including or excluding a given wireless client from participation, such as an access control list, exists. However, as the entity being authenticated is a specific wireless network interface card (NIC) and not the human user, such approach results in creating a major security hole. More sophisticated authorization is required to ensure both network and data integrity. A single set of unified security techniques to manage both wired and wireless LANs is most desirable. The key to a successful security solution for a wireless LAN is meeting this requirement while supporting the key benefits of wireless access, most notably the users’ ability to roam while remaining connected to the network [4].

Many encryption algorithms are currently used in IT, and the designers of the WLAN IEEE 802.11 standard included encryption in their original standard as released in 1997. Unfortunately, the “Wired Equivalent Privacy” (WEP) capability included in 802.11 has a number of weaknesses. Perhaps most notably, the key length in 802.11 is only 40 bits. This limit was included to meet export restrictions in place at the time 802.11 was ratified. A 40-bit key is quite easy to break given the inexpensive computer power available today. As a

consequence, most vendors have implemented 128-bit or longer keys. While the 40-bit limitation in the standard will be removed in an update to 802.11, other problems remain. These include the lack of key distribution, key management (must be performed manually), key rotation (a security technique which changes security keys on a regular or irregular basis), and the fact that WEP only encrypts data over the wireless link, between an access point and a client. WEP also shares the same security keys among all WLAN users, creating a big opportunity for the WLAN to be compromised. In order to assure that data appears in clear text on authorized hosts, an end-to-end approach is required. Finally, it has recently been demonstrated that WEP (based on the RSA RC4 algorithm) can be broken in close-to-real time, and can no longer be relied upon when subject to a dedicated attack (such a passive attack is hardly observable in a wireless environment). Thus, WEP cannot be relied upon for complete security, and therefore network managers need to consider alternatives.

One of the most popular solutions is the reuse of the Kerberos [23] network authentication protocol, originally developed at MIT. As of version 5, Kerberos, being operating system- and application-independent, has been applied in a range of operating environments. Kerberos provides mutual authentication between a client and a server, and between servers before opening a network connection. Kerberos assumes that initial transactions take place on an open, insecure network, where packets can be monitored and even possibly modified at will. Such an assumption is accurate for today’s Internet. What makes Kerberos particularly well-suited for WLAN is its low overhead. Its mutual authentication uses a technique that involves a shared secret, which works much like a password. Unlike many authorization techniques, including RADIUS, Kerberos does not send any keys or passwords in clear text – rather than sending the password, an encrypted key derived from the password is sent. This technique can be used to authenticate both sides of the communication. Once authentication takes place, all further traffic is encrypted, allowing even new encryption keys to be communicated securely. The aforementioned virtues of the Kerberos-based approach plus its independence from 802.11 technologies, makes it a valid choice for contemporary and future networks.