The currently deployed 802.11 wireless LAN (WLAN) IEEE standard is riddled with security flaws and deficiencies. In short, the standard features no user authentication, offers no mutual authentication between the wireless device and Access Point (AP), and contains a flawed encryption protocol. The encryption protocol permits the modification of specific bits without the receiver recognizing the change, and the different encryption components (key and initialization vectors) fail to provide the encryption process with sufficient randomness. Malicious users, armed with any number of free downloadable tools, can easily break into encrypted wireless traffic.
To improve the standard and close holes in current wireless implementations, IEEE developed the 802.11i Task Group. To address each of the aforementioned flaws, this group has developed a new authentication framework that encompasses several components. First, the use of the Extensible Authentication Protocol (EAP) and 802.1x enforces user authentication and mutual authentication. Second, Message Integrity Code (MIC) detects modifications of bits during transmission. Third, the Temporal Key Integrity Protocol (TKIP) generates random values for the encryption process, which becomes much harder for an attacker to break. To permit an even higher level of encryption protection, the 802.11i standard also includes the new Advanced Encryption Standard (AES) for new WLAN implementations.
The full 802.11i standard is due for release in September 2003, but the ball is already rolling. The Wi-Fi Alliance has announced that it will now certify products based on the 802.11i standard's core components, which the alliance collectively calls Wireless Protected Access (WPA). Let's take a look at the 802.11i standard's encryption processes, then focus on how the separate components of the standard provide far better security than that of Wired Equivalent Privacy (WEP)—the protocol that the original 802.11 standard uses.
Attacking WEP Deficiencies
Wireless devices and networks that use the original 802.11 standard are vulnerable to a long list of attacks. Malicious users can easily sniff wireless traffic, modify data during transmission without the receiver's knowledge, erect rogue APs (which users can authenticate to and communicate with without knowing they're malicious entities), and quickly and easily decrypt encrypted wireless traffic. These vulnerabilities typically provide doorways to the underlying wired network, at which point more destructive attacks can begin.
Several WLAN vendors have developed security techniques and technologies to overcome 802.11 security flaws, but most of these workarounds are the equivalent of wrapping bandages around a badly bleeding, poorly constructed and implemented technology. Also, because many vendors have developed proprietary fixes to these problems, customers face an array of interoperability problems.
The new 802.11i wireless standard uses two approaches to provide better security and protection than WEP. The first approach, which Figure 1 shows, is the aforementioned TKIP implementation, which is backward compatible with the many WLAN products and networks currently implemented around the world. TKIP works with WEP by feeding it keying material—that is, data to be used for generating new dynamic keys. WEP's current implementation of the RC4 encryption algorithm provides little protection. TKIP adds complexity to the key-generation process, complicating attackers' efforts to uncover the encryption keys. The IEEE working group provided TKIP so that customers would need to obtain only firmware or software updates instead of new equipment for this type of protection.
The second approach, which Figure 2 shows, is the use of the AES algorithm in conjunction with Cipher Block Chaining Message Authentication Code (CBC-MAC)—a combination otherwise known as the CCM protocol (CCMP). AES is a much stronger algorithm than RC4 but requires more processing power. AES isn't backward compatible with current WLAN products, so you should implement this configuration only if you haven't yet deployed a WLAN.
The algorithms, technologies, and protocols that make up the new wireless standard are complex. Understanding each component and how the components work together to provide a higher degree of confidence and protection for future WLAN environments is vital. For more information about how the new standard attacks WEP's deficiencies, see the sidebar "How 802.11i Addresses WEP's Core Deficiencies," page 30.