Security is a particularly important concern in wirless netwroks, where radio waves carrying frames can propogate far
beyond teh buliding containing the wireless base station(s) and hosts. An eye-opening reminder of this fact is the 18-month
"war-driving" effort undertaken by Peter Shipley, who drove around the San Francisco Bay area with a laptop and 802.11 card
looking for wirelsee networks that were "visible" from outside the building.
The issue of security in 802.11 has attracted considerable attention in both technical circles and in the media.
While there has been considerable disuccion, there has been little debate--there seems to be universal agreement that the
original 802.11 specification contains a number of serious flaws.
The security mechanisms intitially standardized in the 802.11 specification, known collectively as Wired Equivalent
Privacy (WEP). As the name suggests, WEP is ment to provide a level of security similar to that found in wired
networks.
Wired Equivalent Privacy (WEP)
The IEEE 802.11 WEP protocol provides authentication and data encryption between a host and a wireless access point using
a symmetric shared key approach. WEP does not specify a key management algorithm, so it is assumed that the host and
wireless access point have somehow agreed on the key via an out-of-band method. Authentication is carried out as in
the ap4.0 protocol that we developed.
Four steps are involved:
- A wireless host requests authentication by an access point
- The access point responds to the authentication request with a 128-byte nonce value.
- The wireless host encrypts the nonce using the symmetric key that it shares with the access point.
- The access point decrypts the host-encrypted nonce.
A secret 40-bit symmetric key, Ks, is assumed to be known by both a host and the access point. In addition, a 24-bit
Initialization Vetor (IV) is appended to the 40-bitkey to create a 64-bit key that will be used to encrypt a single frame.
The IV will change from one frame to another, and hence each frame will be encrypted with a different 64-bit key.
IEEE802.11i
Soon after the 1999 release of IEEE 802.11, work began on developing a new and imporved version of 802.11 with stronger
security mechanisms. The new standard, known as 802.11i, is undergoing final ratification and is due to be approved
in early 2004. WEP provided relatively weak encryptions, only a single way to perform authentication, and no key-distribution
mechanisms, IEEE 802.11i provides for much stromger forms of encryption, an extensible set of authentication mechanisms, and
a key distrubution mechanism,
In addition to the wireless client and access point, 802.11i defines an authentication server with which the AP can communicate.
Separating the authentication server from the AP allows one authentication server to serve many APs, centralizing the decisionsregarding
authentication and access within the single server, and keeping AP costs and complesity low 802.11i operates in four phases:
- Discovery
- Mutual Authentication and Master Key (MK) Generation
- Pairwise Master Key (PMK) Generation
- Temporal Key (TK) Generation.