1

Figure 2-11: 802.11 Wireless LAN (WLAN) Security

802.11 Wireless LAN Family of Standards

Basic Operation (Figure 2-12 on next slide)

Main wired network for servers (usually 802.3 Ethernet)

Wireless stations with wireless NICs

Access points

Access points are bridges that link 802.11 LANs to 802.3 Ethernet LANs

2

Figure 2-12: 802.11 Wireless LAN

NotebookWith PC CardWireless NIC

EthernetSwitch

AccessPoint

Server

802.11 FrameContaining Packet

802.3 FrameContaining Packet

(2)

(3)

Client PC

(1)

3

Figure 2-12: 802.11 Wireless LAN

NotebookWith PC CardWireless NIC

EthernetSwitch

AccessPoint

Server

802.11 FrameContaining Packet

802.3 FrameContaining Packet

(2)

(1)

Client PC

(3)

4

Figure 2-11: 802.11 Wireless LAN (WLAN) Security

Basic Operation

Propagation distance: farther for attackers than users

Attackers can have powerful antennas and amplifiers

Attackers can benefit even if they can only read some messages

Don’t be lulled into complacency by internal experiences with useable distances

5

Figure 2-13: 802.11 Wireless LAN Standards

StandardRated Speed

(a)UnlicensedRadio Band

EffectiveDistance (b)

802.11b 11 Mbps 2.4 GHz ~30-50 meters

802.11a 54 Mbps 5 GHz ~10-30 meters

802.11g 54 Mbps 2.4 GHz ?

Notes: (a) Actual speeds are much lower and decline with distance. (b) These are distances for good communication; attackers can read some signals and send attack frames from longer distances.

6

Figure 2-11: 802.11 Wireless LAN (WLAN) Security

Apparent 802.11 Security

Spread spectrum transmission does not provide security

Signal is spread over a broad range of frequencies

Methods used by military are hard to detect

802.11 spread spectrum methods are easy to detect so devices can find each other

Used in 802.11 to prevent frequency-dependent propagation problems rather than for security

7

Figure 2-11: 802.11 Wireless LAN (WLAN) Security

Apparent 802.11 Security SSIDs

Mobile devices must know the access point’s service set identifier (SSID) to talk to the access point

Usually broadcast frequently by the access point for ease of discovery, so offers no security.

Sent in the clear in messages sent between stations and access points

8

Figure 2-11: 802.11 Wireless LAN (WLAN) Security

Wired Equivalent Privacy (WEP)

Biggest security problem: Not enabled by default

40-bit encryption keys are too small Nonstandard 128-bit (really 104-bit) keys are

reasonable interoperable

Shared passwords

Access points and all stations use the same password

Difficult to change, so rarely changed

People tend to share shared passwords too widely

Flawed security algorithms Algorithms were selected by cryptographic amateurs

9

Figure 2-11: 802.11 Wireless LAN (WLAN) Security

802.1x and 802.11i (Figure 2-14)

Authentication server

User data server

Individual keys give out at access point

10

Figure 2-14: 802.1x Authentication for 802.11i WLANs

AccessPoint

Applicant(Lee)

1.Authentication

Data

2.Pass on Request to

RADIUS Server

3.Get User Lee’s Data(Optional; RADIUSServer May Store

This Data)

4. AcceptApplicant Key=XYZ

5. OKUse

Key XYZ

DirectoryServer orKerberos

Server

RADIUS Server

11

Figure 2-11: 802.11 Wireless LAN (WLAN) Security

802.1x and 802.11

Multiple authentication options (EAP) TLS

In strongest option, both client and access point must have digital certificates

Difficult to create public key infrastructure of digital certificates to implement this.

Option for only access point to have a digital certificate; no authentication for station. No protection against attacker!

12

Figure 2-11: 802.11 Wireless LAN (WLAN) Security

802.1x and 802.11 Multiple authentication options

TTLS Access point must have digital certificate Station authenticated with password or

other approach that is only moderately strong but better than nothing

MD5 CHAP authenticates only wireless station, with reusable password

Attacker can pretend to be an access point

13

Figure2-11: 802.11 Wireless LAN (WLAN) Security

802.1x and 802.11i (Figure 2-14)

Apparent security weaknesses in 802.11i; severity or ease of exploitation is not known

Temporal Key Integrity Protocol (TKIP)

Temporary stopgap method; many older systems can be upgraded

Key changed every 10,000 frames to foil data collection for key guessing

14

Figure2-11: 802.11 Wireless LAN (WLAN) Security

Virtual Private Networks (VPNs)

Add security on top of network technology to compensate for WLAN weaknesses

Discussed in Chapter 8

WLAN, etc.

VPN

15

Wi-Fi and WPA

Wi-Fi Alliance

Industry group that certifies 802.11 systems

For 2003, will require WPA for Wi-Fi certification Wi-Fi Protected Access Temporal Key Integrity Protocol (TKIP) EAP 802.1x authentication Mutual client and access point authentication Key management Eventually, products will have to ship with WPA

turned on

New:Not in Book

16

The Situation Today in Wireless Security

Wireless security is poor in most installations today

The situation is improving, and technology will soon be good

But old installations are likely to remain weak links in corporate security