Wireless Computing

Introduction to Wireless

Wireless Technologies

Interference

Network Security

Glossary

Bibliography


Valid XHTML 1.0!

802.11b Security Mechanisms

Security Basics - 802.11 - 802.11 Solutions - Bluetooth

When IEEE formed the 802.11 standard for wireless networks, they realized that additional security would be necessary to combat this new susceptibility. Built into the 802.11 standard is the Wired Equivalent Privacy (WEP) protocol, which was developed not as an end-to-end security measure but only to protect the information being transmitted from client device to access point and vice versa. One of the major uses of wireless networks is to extend wired LANs, but WEP does not take into account the security of the data once it leaves the wireless portion of the network. In addition, the WEP security is only in place for infrastructure networks, as the involvement of the access point is crucial to the encryption and authentication processes. In ad hoc networks, where devices are communicating peer-to-peer via 802.11 technology, no extra security is put in place.

SSID
MAC Address filtering
Authentication
WEP Encryption

SSID

The Service Set ID (SSID) is an alphanumeric code that identifies a particular wireless network. All the access points and client devices on the same network have the same SSID entered, which provides a nominal form of protection to keep only authorized devices within a network. However, because the SSID is broadcast in cleartext, it provides very little protection because unauthorized users can easily configure their devices to match the proper SSID.

MAC Address filtering

This form of security consists of a list of MAC addresses for wireless network interface cards that are permitted to associate with a particular AP. However, since these addresses are, like the SSID, transmitted in cleartext, attackers can fairly easily find valid MAC addresses by eavesdropping on the network and can then configure their device with an authorized MAC address.

Authentication

802.11b provided two methods of authentication: open-system and shared-key. The default setting is for open-system authentication, although it is essentially ineffective because it is not based on cryptographic methods. Instead, it grants access to all 802.11b client devices that share the same network name or service set identification (SSID) as the access point. Since this can be freely changed, anyone can gain access to a network operating under open-system authentication.

Open authentication

The other form of authentication used, shared-key authentication, consists of a challenge-response, based on the RC4 algorithm. The access point generates a random challenge and sends it to the client; the client must then use its shared WEP key with the AP to encrypt the challenge and send it back. The access point decrypts it to verify that it matches the original challenge sent and then grants access. However, in this scheme, it is a one-way authentication and only the identity of the client device is verified, as the client has no way of verifying that it is indeed communicating with a genuine access point.

Shared key authentication

Problems with the authentication scheme:
  • No user authentication, therefore if a device is stolen, it can be used by unauthorized users to gain access to the network. This is a bigger issue in wireless networks than in wired networks, due to the ease of portability of wireless devices.
  • Only device authentication exists; in order to assure security, there must be mutual authentication to verify the validity of the access point. Otherwise, rogue access points can pose itself as a legitimate access point and then launch a denial-of-service attack against clients who believe they are dealing with a valid access point.

WEP Encryption

WEP’s encryption algorithm makes use of the RC4 pseudorandom number generation algorithm that was developed in 1987 and is licensed by RSA Data Security, Inc. The algorithm is classified as symmetric because the encryption and the decryption processes use the same key.

First, both the client devices and the AP must share a secret key, which is 40 bits in the original standard but extensions to the standard have provided support for 104-bit keys, which should, in theory, greatly increase the security of the encryption. The shared key is concatenated with the initialization vector (IV), which in 802.11b, is specified to be 24 bits. The resulting 64-bit string is then used to seed the pseudo-random number generator to produce a key sequence with a length equal to the number of data octets to be transmitted, along with four octets in order to transmit the integrity check value (ICV). The integrity check value, a measure meant to preserve the integrity of the transmitted data, is produced by performing the Cyclic Redundancy Check (CRC) algorithm on the plaintext block, resulting in a 32-bit ICV. The generated key sequence is XORed with the plaintext message and then concatenated with the ICV to produce the ciphertext that will be transmitted. The IV used is concatenated to the beginning of this ciphertext as cleartext.

WEP encryption

Once the entire packet reaches the receiver, the decryption is performed in a very similar manner. The cleartext IV is concatenated with the shared secret key and used to generate the key sequence used to encrypt the data. XORing the ciphertext and this key sequence yields the original plaintext and the ICV. The CRC-32 algorithm is executed again to recompute the ICV value. If the two ICVs do not match, then the packet is discarded, because an integrity violation has occurred and the data has been altered en route. The simple CRC is not as cryptographically secure as a hash or message authentication code.

Problems with WEP encryption protocol:
  • The lack of an outline for key management in the 802.11b standard is a major problem because it is left up to the network administrators to determine how the secret keys should be distributed, with no standard to base it on. Another issue that arises is static keys, because since it is left up to the administrator to manage the keys, they must be manually changed by the administrator. Such manual key-changing can be extraordinarily difficult for extremely large networks, because the key must be changed on every station. The static nature of the keys can contribute to its susceptibility to attackers.
  • Security default settings are frequently disabled
  • The initialization vector (IV) is sent in clear text rather than encrypted, and the standard does not specify how to set or change these sequences, so many devices may generate the same IV sequences or simply use a static IV. In addition, since it is short (at 24 bits), it has high repetition in busy traffic. Thus, if an attacker uses a device to passively monitor the traffic on the wireless network, it can collect data until it has over 100 MB of network packets. Within that much data, the 24-bit IV space will be exhausted, which means there will be duplicate cipher texts that have used the same key stream for the encryption. An attacker who is intercepting wireless traffic, waiting for IV collisions (same IV and key sent in different frames), could XOR pairs of packets with the same IV and discover the plaintext contents of the messages.
  • The integrity of the data can be compromised due to the linearity of the CRC-32 algorithm. Its linearity allows an attacker to flip a bit in the encrypted message and actually determine what adjustments must be made to the ICV to yield the correct ICV value for the new, modified message. Thus if an attacker can discover what the plaintext is for an encrypted message, they are able to make a new message, recalculate the ICV, flip the bits of the encrypted message to match their changes, and the integrity check would not discover the problem because the ICV has been properly changed.

Top of page