Future of Security in WLAN
Although the solutions suggested in the previous section provide a higher level of security, WEP is still an easy target for serious attackers even after performing these extra safety measures. Thus, it can be concluded that WEP is easy to crack with the right tools and enough patience. The proposed precautions are only intended to alleviate the associated problems with WEP until an improved and much more sophisticated security algorithm is established.
For home and small office environments, WEP remains useful for deflecting eavesdroppers. Larger companies and users wishing to transmit highly classified information might wish to strengthen WEP by deploying it with other third-party security solutions. There are two important upgrades developed for WEP: Temporal Key Integrity Protocol (TKIP) and 802.1X. TKIP is an upgrade for the encryption standard while 802.1X is an upgrade for the authentication standard.
TKIP attempts to fix the well known problems of short encryption keys and small initialization vectors. This protocol, which is downward compatible with research 802.11a, b, and g, still uses the RC4 algorithm so one can upgrade the existing hardware to support the standard. TKIP uses a 48-bit IV, whereas WEP uses 24-bit vectors. The longer IV space reduces the repetition of IV collision, meaning that it limits the cryptographic attacks. In this protocol, the IV is now encrypted instead of being sent in plaintext as it is in WEP. TKIP also utilizes a longer encryption key (128 bits) than WEP in order to address the short key problem.
Another important aspect of TKIP is that it uses per-packet keying. In this protocol keys are dynamically generated and distributed by the authentication server. A client’s MAC address, a shared base key, and a packet’s sequence number create a unique key for each packet [15]. Also, TKIP rotates the broadcast key periodically. This characteristic, combined with the per-packet keying, eliminates the predictability which the attackers depend upon to crack the WEP key. As a final point, TKIP uses a Message Integrity Check (MIC) to prevent problems with undetected WEP modification attacks allowed by the CRC-32 algorithm. The MIC algorithm is much stronger and more secure than the CRC-32 algorithm used by WEP. MIC ensures packet-tampering detection immediately upon encryption by using a cryptographically protected one way hash in the data. Thus, MIC prevents the attacker from capturing, changing, and resending the data packets.
research 802.1X, which was originally designed for Ethernet networks, has useful applications in wireless networks. The important characteristic of 802.1X is that there is support for mutual authentication between the client and the network. In 802.1X, the client sends the user’s credentials to the authentication server via the AP when a user requests access to the network. If the server accepts these credentials, the master TKIP key is sent to both the client and to the AP. “After this four-way handshake, in which the client and AP acknowledge one another and install the keys, the process is completed” [16].
All of the authentication requests in 802.1X are handled by the Extensible Authentication Protocol (EAP). EAP provides a very flexible platform for vendors to implement their own authentication mechanisms. For example, EAP can handle the presentation of all the user credentials in the form of digital certificates, secure IDs, smart cards, and unique user names and passwords. Several common EAP methods in use today are: EAP-Transport Layer Security (EAP-TLS), EAP-MD5, EAP-Tunneled Transport Layer Security (EAP-TTLS), and Protected Extensible Authentication Protocol (PEAP).
Advanced Encryption Standard (AES) is one possible alternative to WEP encryption. This standard was adopted as an official government standard by the U.S. Department of Commerce. Instead of the RC4 algorithm, it uses another mathematical algorithm called Rijndael. This is a symmetric encryption algorithm that has a variable key length and block length (in AES, the block length is restricted to 128 bits). The user can choose from various key sizes such as 128-, 192-, or 256-bits and this makes it much more difficult to decipher the key than WEP. However, there are two downsides for AES. The first is that AES takes a longer processing time than other standards. Also, it requires a new chipset, meaning that it is not downward compatible with today’s WLAN devices using the research 802.11a, b, and g standards.
There are two main protocols that can be permanent replacements for WEP as the research 802.11 wireless standard: Wi-Fi Protected Access (WPA) and research 802.11i (also known as WPA2). WPA, which was introduced in 2002 by the Wi-Fi Alliance, is designed to secure all versions of the research 802.11 devices. It is a software-upgradeable security solution which means it is compatible with WEP enabled systems. WPA combines TKIP encryption scheme with 802.1x/EAP authentication to greatly enhance security. MIC is also added to protect against packet forgery. If WPA is enabled, enterprises can work securely over the wireless network without any add-ons to the network. The research 802.11i standard, created by a committee known as Task Group i (TGi), provides even more enhanced authentication, authorization, and encryption capabilities. This latter protocol was ratified on June 24, 2004.
The newly ratified research 802.11i provides much more security for wireless networks. This standard requires AES for encryption purposes. It does, however, support WPA and is backwards compatible with most legacy WEP equipment. WPA and research 802.11i are compatible with each other assuming AES encryption is available within the network structure. research 802.11i is very similar to WPA in that it uses 802.1X/EAP authentication to ensure mutual authentication and dynamic key management. Counter mode with CBC-MAC Protocol (CCMP) is a required component for protection in research 802.11i standard. It is the equivalent of TKIP in WPA. “CCMP computes a Message Integrity Check (MIC) using the well known, and proven, Cipher Block Chaining Message Authentication Code (CBC-MAC) method.” [18]. Messages are encrypted in 128-bit chunks using CBC mode. This is a much more complicated process and cracking CCMP encryption is significantly harder than cracking RC4 encyption.
It is not necessary for small businesses or home/office users to switch to research 802.11i if they already have WPA technology installed since this switch means new investments in wireless devices. Also, WPA provides the necessary security requirements for these users and it is compatible with research 802.11i. Many businesses looking for new WLANs will find research 802.11i very attractive and they certainly should consider new investments in hardware to improve their security. Enterprises with WPA, however, have to justify whether AES security is worth the cost of replacing the equipment.