For several years now, the primary security mechanism used between wireless access points and wireless clients has been WEP encryption. The problem is that although WEP encryption strength has increased a few times since Wi-Fi was introduced, the WEP protocol is still fundamentally weak because it uses a static encryption key. As a result, motivated attackers can easily crack WEP encryption by using freely available hacking tools.
Fortunately, some standard alternatives to WEP are emerging. The Institute of Electrical and Electronics Engineers (IEEE) has defined an expansion to the 802.11 protocol that will allow for increased security. Unfortunately, the standard is presently in draft form and isn't expected to be ratified until the end of 2003. In the meantime, though, most of the Wi-Fi manufacturers have agreed to use a temporary standard for enhanced security called Wi-Fi Protected Access (WPA). Although WPA is a temporary protocol and isn't recognised by IEEE, it is very similar to the revised IEEE standard expected by the end of the year. Therefore, administrators that manage wireless LANs should become familiar with WPA.
802.1X
authentication
If you have been using
Wi-Fi for a while, you are probably familiar with the
802.1X authentication protocol. This protocol allows
users to authenticate into a wireless network by means
of a RADIUS Server. In standard Wi-Fi, 802.1X
authentication is optional. However, 802.1X
authentication is a requirement for WPA.
If your environment does not have a RADIUS server in place, you can still use WPA in spite of the 802.1X requirement. As an alternative to RADIUS, WPA supports the use of a preshared key.
WPA key management
One of
the biggest drawbacks to traditional WEP security is
that changing the encryption key is optional. Even if
you do switch encryption keys from time to time, there
is no option for globally rekeying all access points
and all wireless NICs. Instead, rekeying is a tedious
manual process and is completely impractical for large
organisations. After all, the instant you rekey an
access point, none of the clients will be able to
access it until they are also rekeyed.
But
with WPA, the rekeying of global encryption keys is
required. In the case of unicast traffic, the
encryption key is changed after every frame using
Temporary Key Integrity Protocol (TKIP). This protocol
allows key changes to occur on a frame by frame basis
and to be automatically synchronised between the
access point and the wireless client. Global rekeying
works by advertising the new keys to wireless
clients.
The TKIP is really the heart and
soul of WPA security. TKIP replaces WEP encryption.
And although WEP is optional in standard Wi-Fi, TKIP
is required in WPA. The TKIP encryption algorithm is
stronger than the one used by WEP but works by using
the same hardware-based calculation mechanisms WEP
uses.
The TKIP protocol actually has
several functions. First, it determines which
encryption keys will be used and then verifies the
client's security configuration. Second, it is
responsible for changing the unicast encryption key
for each frame. Finally, TKIP sets a unique starting
key for each authenticated client that is using a
preshared key.
Checksums and replay
protection
When WEP was initially
designed, IEEE took steps to ensure that an encrypted
packet could not be tampered with. WEP-encrypted
packets include a checksum value at the end of the
packet. This value is a 32-bit code that is derived
from the rest of the packet. The idea is that if
something in the packet's payload changes, the
checksum will not match the packet any longer and the
packet can be assumed to be corrupt. This 32-bit code
is called the Integrity Check Value (ICV).
Although ICV is a good idea, it just isn't secure.
There are hacker tools that allow someone to modify a
WEP-encrypted packet and to modify the ICV as well. By
modifying the ICV to match the modified payload, the
receiver will be unable to tell that the packet has
been tampered with.
To counteract this type
of hacking, WPA supports a security measure called
Michael. Michael works similarly to ICV but calculates
a Message Integrity Code (MIC) in addition to the ICV.
The wireless devices calculate the MIC using the same
mechanisms they would normally use to calculate the
ICV.
The first major difference is that the
MIC is only eight bits, as opposed to the ICV's 32
bits. WPA still uses an ICV in the same way that WEP
does, but the MIC is inserted between the data portion
of the frame and the ICV.
The MIC has two
main purposes. First, it is encrypted along with the
rest of the frame and makes it much more difficult to
tamper with a frame's data. Second, the MIC contains a
frame counter. This prevents someone from launching a
wireless replay attack.
Implementing WPA
To take
advantage of WPA, you must have adequate hardware and
software. From a hardware standpoint, this means only
that your wireless access points and your wireless
NICs must recognise the WPA standard. Unfortunately,
most hardware manufacturers won't support WPA through
a firmware upgrade, so you may find yourself forced to
buy new wireless hardware if you want to use WPA.
From a software standpoint, none of the
Windows operating systems will support WPA by
themselves. Windows machines with WPA-compliant
hardware can use WPA, but only after you have
installed the WPA client. The WPA client will work
only for machines running Windows Server 2003 and
Windows XP. You can download
the necessary client from Microsoft.
Mix and match
Obviously,
switching wireless hardware and implementing WPA can
be a big undertaking. Fortunately, it isn't something
you have to do all at once. Wireless access points can
support WPA and WEP at the same time. This allows for
a gradual transition into WPA.
The only
thing you need to know about mixing WEP and WPA is
that doing so prevents the global encryption key from
being automatically rekeyed. Remember that WEP clients
do not support automatic rekeying. To prevent key
recognition problems, automatic rekeying is initiated
by the access point only when no clients are running
WEP. However, all of the other WPA security measures
will work during the transition period.
As
you look ahead to future WLAN deployments, keep in
mind that you will probably want to change your
security methods to encompass WPA and/or the similar
set of security standards that is forthcoming from the IEEE.
TechRepublic is the online community and information resource for
all IT professionals, from support staff to executives. We offer
in-depth technical articles written for IT professionals by IT professionals.
In addition to articles on everything from Windows to e-mail to
firewalls, we offer IT industry analysis, downloads, management tips,
discussion forums, and e-newsletters.
Ã,©2003 TechRepublic, Inc.
1%
2%
