Wireless communications are becoming ubiquitous in homes, offices, and enterprises with the popular IEEE 802.11 wireless local area network (LAN) technology and the up-and-coming IEEE 802.16 wireless metropolitan area networks (MAN) technology. The wireless nature of communications defined in these standards makes it possible for an attacker to snoop on confidential communications or modify them to gain access to home or enterprise networks much more easily than with wired networks. Wireless devices generally try to reduce computation overhead to conserve power and communication overhead to conserve spectrum and battery power. Due to these considerations, the original security designs in wireless LANs and MANs used smaller keys, weak message integrity protocols, weak or one-way authentication protocols, and so forth. As wireless networks became popular, the security threats were also highlighted to caution users. A security protocol redesign followed first in wireless LANs and then in wireless MANs. This chapter discusses the security threats and requirements in wireless LANs and wireless MANs, with a discussion on what the original designs missed and how they were corrected in the new protocols. It highlights the features of the current wireless LAN and MAN security protocols and explains the caveats and discusses open issues. Our aim is to provide the reader with a single source of information on security threats and requirements, authentication technologies, security encapsulation, and key management protocols relevant to wireless LANs and MANs.
Key Terms in this Chapter
MPDU: MAC protocol data unit is a fancy name for frame. The MPDU does not, however, include PLCP headers.
Institute of Electrical and Electronics Engineers (IEEE): A worldwide professional association for electrical and electronics engineers that sets standards for telecommunications and computing applications.
EAP-PEAP: Protected extensible authentication protocol is a two-phase authentication like EAP-TLS. In the first phase the authentication server is authenticated to the supplicant using an X.509 certificate. Using TLS, a secure channel is established through which any other EAP-Type can be used to authenticate the supplicant to the authentication server during the second phase. A certificate is only required at the authentication server. EAP-PEAP also supports identity hiding where the authenticator is only aware of the anonymous username used to establish the TLS channel during the first phase but not the individual user authenticated during the second phase.
EAP-SIM: EAP-SIM is an authentication mechanism that makes use of the SIM card to perform authentication within the 802.1x framework for WLAN.
Extensible Authentication Protocol (EAP): A protocol used between a user station and an authenticator or authentication server. It acts as a transport for authentication methods or types. It in turn may be encapsulated in other protocols, such as 802.1x and RADIUS.
Certification Authority (CA): An entity that issues digital certificates (especially X.509 certificates) and vouches for the binding between the data items in a certificate.
Integrity Check Value (ICV): The checksum calculated over a frame before encryption by WEP. The ICV is designed to protect a frame against tampering by allowing a receiver to detect alterations to the frame. Unfortunately, WEP uses a flawed algorithm to generate the ICV, which robs WEP of a great deal of tamperresistance.
Medium Access Control (MAC): The function in IEEE networks that arbitrates use of the network capacity and determines which stations are allowed to use the medium for transmission.
OFDM: Orthogonal frequency division multiplexing is a technique that splits a wide frequency band into a number of narrow frequency bands and inverse multiplexes data across the subchannels. Both 802.11a and the forthcoming 802.11g standards are based on OFDM.
Request for Comments (RFC): A series of numbered documents (RFC 822, RFC 1123, etc.), developed by the Internet Engineering Task Force (IETF) that set standards and are voluntarily followed by many makers of software in the Internet community.
Initialization Vector (IV): Generally used as a term for exposed keying material in cryptographic headers; most often used with block ciphers. WEP exposes 24 bits of the secret key to the world in the frame header, even though WEP is based on a stream cipher.
EAP-AKA: This document specifies an extensible authentication protocol (EAP) mechanism for authentication and session key distribution using the authentication and key agreement (AKA) mechanism used in the 3rd generation mobile networks universal mobile telecommunications system (UMTS) and CDMA2000. AKA is based on symmetric keys, and runs typically in a subscriber identity module (UMTS subscriber identity module [USIM], or removable user identity module [RUIM], a smart card like device).
EAP-TLS: Transport layer security is an EAP-Type for authentication based upon X.509 certificates. Because it requires both the supplicant and the authentication server to have certificates, it provides explicit mutual authentication and is resilient to man-in-the-middle attacks. After successful authentication a secure TLS link is established to securely communicate a unique session key from the authentication server to the authenticator. Because X.509 certificates are required on the supplicant, EAP-TLS presents significant management complexities.
EAP-TTLS: Tunneled TLS is an EAP-type for authentication that employs a two-phase authentication process. In the first phase the authentication server is authenticated to the supplicant using an X.509 certificate. Using TLS, a secure channel is established through which the supplicant can be authenticated to the authentication server using legacy PPP authentication protocols such as PAP, CHAP, and MS-CHAP. EAP-TTLS has the advantage over EAP-TLS that it only requires a certificate at the authentication server. It also makes possible forwarding of Supplicant requests to a legacy RADIUS server. EAP-TTLS also supports identity hiding where the authenticator is only aware of the anonymous username used to establish the TLS channel during the first phase but not the individual user authenticated during the second phase.
Access Point (AP): The network access device for an 802.11 wireless network. It contains a radio receiver/transmitter. It may be an 802.1x authenticator.
Open Systems Interconnection (OSI): A baroque compendium of networking standards that was never implemented because IP networks actually existed.
MSDU: MAC service data unit is the data accepted by the MAC for delivery to another MAC on the network. MSDUs are composed of higher-level data only. For example, an 802.11 management frame does not contain an MSDU.
European Telecommunications Standards Institute (ETSI): ETSI is a multinational standardization body with regulatory and standardization authority over much of Europe. GSM standardization took place under the auspices of ETSI. ETSI has taken the lead role in standardizing a wireless LAN technology competing with 802.11 called the high performance radio LAN (HIPERLAN).
EAP-LEAP: Lightweight extensible authentication protocol is a Cisco proprietary EAPType. It is designed to overcome some basic wireless authentication concerns through mutual authentication and the use of dynamic WEP keys.