The face of computing is being changed by innovations in wireless technology. For example, users are no longer bound to the traditional "wires" that made up their computing environment. Thanks to technologies like Wireless Local Area Networks (WLANs), handheld computing devices and mobile phones can be connected. Users can now achieve anytime, anywhere access to critical business resources and applications. The result is increased productivity and a corresponding rise in opportunities for both businesses and consumers.
While providing all of their advantages, however, wireless networks also invite risk. The wireless world is an anonymous environment. It exists without boundaries and proper security measures. As a result, almost anyone can access virtually anything (FIG. 1). This article looks at the security issues that impact wireless technology. Specifically, it focuses on the unique challenges of securing 802.11 wireless LANs and communication at the transport level. That level resides between wireless devices and Internet services.SECURE THE NETWORK LAYER In today's fast-paced electronic age, 802.11b-based WLAN technology has become widespread. According to a research report commissioned by RSA Security, the city of London alone has seen the number of business-deployed wireless networks grow 300% in the past year. In the United States, well-known companies like UPS, FedEx, and General Motors use WLANs to give customers and employees more mobility and access to real-time information. This growth will continue because WLAN technology offers what the market wants: cheap and easy wireless bandwidth (FIG. 2).
Yet many business and private WLANs are deployed using default settings with no security in place. Anyone with an 802.11b wireless card can easily access such networks. Even when security settings are turned on, WLANs may remain vulnerable. The lack of privacy in the network traces back to a broken encryption protocol called the Wired Equivalency Protocol (WEP). This protocol has an important function: It outlines a way to encrypt the data packets that travel over IEEE 802.11 networks. Unfortunately, WEP has some flaws. Those flaws severely weakened the security that it was supposed to offer.
WEP encryption is based on a symmetric stream cipher (RC4). As is true for all stream ciphers, it's important that each packet have a different WEP secret key. The WEP standard specified the use of different keys for different data packets, which is a very good idea. This approach relied on the use of so-called initialization vectors (IVs). Originally, these IVs were intended to be unique for each packet. But the space of possible vectors was too small to avoid duplications. As a result, the IVs had to be reused. When an IV is reused, an attacker will yield the plain text.
WEP faced another problem in the manner by which the IV was combined with the base key. When combined with the characteristics of RC4, that approach lends itself to an attack. As described by Fluhrer, Mantini, and Shamir (FMS), the base secret key may be discovered under certain circumstances. Once the shared secret is discovered, a malicious attacker could go back and decrypt the data packets that were being passed along the exposed network.
Clearly, the vulnerabilities in WEP can be traced back to numerous problems. Among them are the limitations of the 24-b initialization vector and the absence of a cryptographic checksum. Another issue is the FMS weakness. This defect is created by the way that the packet encryption keys are derived from the initialization vector.
Back when this protocol's flaws were discovered, it was like a dam bursting. Free tools like AirSnort and WEPCrack appeared as scripts on the Internet. Anyone could use them to attack WEP. Using the FMS attack, the AirSnort authors claimed that their code could decipher WEP keys after gathering information from just 2000 packets with "weak" keys. They estimated that out of 16 million keys that were generated using 128-b WEP encryption, 3000 were typically weak. Network sniffers, such as AirSnort, analyzed the "weak" keys to discover the shared secret between wireless clients and access points. Once that shared secret was discovered, a malicious attacker could access the WLAN network. The attacker could then go back and decrypt the data packets that he or she "sniffed" off the exposed network.
In 2001, RSA Security and Hifn announced a new technology: fast packet keying. It was designed to fix the key derivation problem in the broken WEP standard. This technology took the first step toward enabling 802.11 vendors to create a software patch. This patch could be applied to update the WLAN products that were already being used by their end users. Going forward, the currently known WEP security vulnerabilities may be addressed by Wi-Fi Protected Access (WPA). This emerging security protocol is intended to be available as a firmware upgrade to existing devices.
Unfortunately, the list of WLAN security issues doesn't end with the problems of WAP. Although it was largely ignored early on, the secure authentication of users who are connecting to WLAN access points will prove just as important (FIG. 3). For enterprise users, this issue can prove quite aggravating. After all, they need to re-authenticate if they move from one end of the building to another. For the operators who want to bill their customers for WLAN service, however, it's a little more serious. The WLAN "hot spots" that are beginning to sprout up for public Internet access can be a good source of operator revenue. Before the operators can bill customers for the service, however, they need to know who those customers are and when they're using the services. To obtain this knowledge, certain authentication factors must be considered:
- A universal standard is needed that allows any authentication system (PINs, passcodes, digital certificates, tokens, or smart cards) to interoperate with any WLAN access points.
- To negotiate an authentication based on this standard, devices (PDAs, mobile phones, and laptops) must be able to understand the authentication mechanisms.
- The WLAN network must authenticate users "behind the scenes" as they roam from access point to access point. This authentication must be done without the users knowing that their digital credentials are being challenged and approved somewhere in cyberspace.
To establish strong authentication mechanisms, the first step is the adoption of the Extensible Authentication Protocol (EAP) by IEEE 802.1x. EAP provides a framework in which suitable authentication mechanisms may be negotiated. But 802.1x itself doesn't specify a certain authentication mechanism. This step is left to other bodies.
To deal with this problem, RSA Security, Microsoft, and Cisco tendered a proposal to the IETF. It outlines how to achieve secure authentication in a roaming WLAN environment. This approach is especially useful for scenarios in which users authenticate using legacy methods, such as RSA SecurID. The actual mechanism is termed Protected EAP (PEAP). Currently, the proposal is being considered by the IETF.SECURE THE TRANSPORT LAYER The network layer isn't alone in its struggle to resolve security issues. Many security challenges also are inherent in the transport layer. To many people, securing the wireless Internet has meant securing the transport layer in the Wireless Access Protocol (WAP). Yet even WAP has moved away from the Wireless Transport Layer Security (WTLS) standard in favor of more popular Internet standards.
Indeed, a lot of wireless applications already exist that simply bypassed WAP. Instead, they use SSL to secure communication channels over wireless networks. For example, Pocket PC has SSL built into its operating system. In its latest operating system, Palm uses RSA Security's SSL. For SSL to work in an embedded client that's communicating over a wireless network, however, a number of code changes need to occur. These changes must maximize performance and throughput.
With all of these design issues, tradeoffs are necessary to negotiate the best outcome for a particular environment. By customizing the code, SSL experts can negotiate the tradeoffs that allow SSL to work well in an embedded environment. For example, minimizing code size is critical to ensuring that SSL can be successfully used in embedded environments. Although SSL was designed for a "fat" client/server environment, the code can be minimized and still provide a high level of security and interoperability.
Such minimization can be accomplished with web servers that are running a heavier version of the SSL code. Because these code changes are very complex, commercial-security software development kits (SDKs) will most likely be required. The SDKs can support developers as they try to embed mini-versions of SSL into more wireless applications.A GLIMPSE INTO THE FUTURE Once WLAN security is in place, opportunities should prove to be immeasurable. Users will freely take advantage of anytime, anywhere access to the resources and applications that they need. The organizations behind the WLANs will be able to relax. They'll be empowering their end users while efficiently protecting their critical information assets. After all, those assets are the lifelines of their businesses.
Wireless security will undoubtedly lead to new growth and convenience. It will enable wireless technology to reach its true productivity potential. Thankfully, the companies that focus on security will continue to monitor its progress for WLANs. By keeping an eye on both the network and transport layers, they'll help to build the most secure environment for wireless computing.