The Wi-Fi Alliance announced a new security standard, today. An IEEE standards effort called Wi-Fi Protected Access (WPA) will replace the existing WEP (Wired Equivalent Privacy) which has been proven to be insecure.
The WPA-based security solutions (pdf), is derived from and will be forward compatible with the upcoming IEEE 802.11i security standard. WPA combines TKIP encryption, an upgrade to WEP encryption, along with the latest authentication measures approved by the Wi-Fi Alliance. The Temporal Key Integrity Protocol (TKIP) will initiate key rotation every 10,000 bytes of data. The Wi-Fi Alliance will begin certifying WPA compliance in February 2003, although many of the major Wi-Fi manufacturers announced compliance today.
The earlier WEP security standard scrambled the messages between clients and APs. It’s based on an encryption algorithm generated from a key entered and controlled by the user. All clients and APs share the same key to encrypt and decrypt transmissions of data. WEP keys are 40, 128 bits, or more in length and must be manually entered into every client. MAC address filtering is often used together with this encryption. Unfortunately the key can be easily broken. A firmware upgrade to 128 bit WEP2 should work with most existing hardware but it uses RC4 encryption which is not very secure. By faking or “spoofing” the MAC address and running a simple program like Airsnort, which cracks both 40 bit and 128 bit (WEP-2) encryption, wireless LAN security can be broken.
An improved security system, 802.1x, distributes the encrytion keys in both directions (one up and one down). For encryption, the Advanced Encryption Standard (AES), a new encryption standard for WLANs is used. 802.1x requires a Radius server, not always practical for small networks, but it automatically changes codes, tharting hackers while using the hard-coded MAC address in every Ethernet card. Windows XP uses 802.1x and provides seamless travel between wireless access points.
Exploiting and Protecting 802.11b Wireless Networks is a hot topic. The 802.11 Security Web Page and Wireless Security Tutorial review Wireless Equivalent Privacy (WEP), 802.1X, and Virtual Private Networks (VPNs).
802.x is advised for businesses although researchers have found two security problems in the 802.1x standard that enabled them to hijack user sessions and execute man-in-the-middle attacks. The IEEE 802.1x working group is in the process of fixing the problems now. 802.1x is based on EAP (Extensible Authentication Protocol) and can use RADIUS (Remote Access Dial-in User Service).
Cisco’s propietary LEAP authentication, is an 802.1x authentication type that uses a log-on password. When a wireless access point communicates with a Cisco LEAP-enabled RADIUS server, Cisco LEAP provides access control through mutual authentication between client devices and the wireless network and provides dynamic, per-user WEP keys to help protect the privacy of transmitted data.
Cisco’s LEAP has been adopted by Atheros and is integrated into all of Atheros’ second-generation chipsets including the 802.11a/g/b dual-band solution. Atheros is also integrating WPA with even stronger encryption via the Advanced Encryption Standard (AES) for enterprise and government level security.
Public Wi-Fi networks, with practical operational issues, make securing a public system with an approach like 802.x, a logistical and operational nightmare. Without registering each user, it’s difficult to provide tight security. XtremeTech reviews security options while O’Reilly points out Seven Security Problems of 802.11 Wireless.
Hopefully, the new Wi-Fi Protected Access standard will provide some of the convenience of WEP with additional security. The IEEE security standard, 802.11i, isn’t due to be ratified until September of 2003. At that time, WPA version 2.0 should be fully compliant with 802.11i. The Alliance hopes to eventually require all Wi-Fi products to have WPA security turned on by default. Currently the default in most Wi-Fi products is “off”.
Bad idea. Last weekend’s World Wardriving II, in more than 30 cities around the globe, was a kind of pub crawl for computer geeks. A week of demonstrations, by grass-roots computer security activists collected data that shows hundreds of unsecured networks exist in major world cities.
.gif)
