Understanding Public Key Cryptography
Page 1 of 1
802.11's Wired Equivalent
Because of the key reuse problem and other flaws,
the current standardized version of WEP does not offer strong enough security
for most corporate applications. Newer security protocols, such as 802.11i and
Access (WPA), however, utilize public key cryptography
Public key cryptography uses asymmetric keys, with one that is private and another one that is public. The private key is (as the name implies) kept secret; the pubic key can be known by anyone. This enables more effective encryption and authentication mechanisms.
A set of public and private keys match from a cryptographic standpoint. For example, the sending station (e.g., NIC or access point) can encrypt data using the public key, and the receiver uses the private key for decryption. The opposite is also true. The sending station can encrypt data using the private key, and the receiving station decrypts the data using the public key. Let's take a closer look at each of these modes.
If the goal is to encrypt data, the sending station will use a public key to encrypt the data before transmission. The receiving station uses the matching private key to decrypt the data upon reception. Each station keeps their private key hidden in order to avoid compromising encrypted information.
Public key cryptography works effectively for encrypting data because the public key can be made freely available to anyone wanting to send encrypted data to a particular station. A station that generates a new private key can distribute the corresponding public key over the network to everyone without worry of compromise. Thus, the public can be posted on a Web server, sent unencrypted across the network, etc.
Some security protocols distribute a new WEP key periodically to a station by encrypting it first with the receiving station's public key. The receiving station uses its secret private key to decrypt the encrypted WEP key and then begin using the new WEP key for encrypting data frames.
In addition to protecting information from hackers, stations can use public key cryptography to authenticate themselves to other stations or access points. This may be necessary before an access point or controller allows a particular station to interface with a protected side of the network. Likewise, the client can authenticate the access point in a similar manner.
A station authenticates itself by encrypting a string of text within a packet using its private key. The receiving station decrypts the text with the sending station's public key. If the decrypted text matches some predetermined text (e.g., the station's name), then the receiving station knows that the sending station is valid. The encryption of a particular string of text acts as a digital signature.
Stay tuned: In future tutorials, I'll discuss how various security protocols implement public key cryptography.
Jim Geier provides independent consulting services to companies developing and deploying wireless network solutions. He is the author of the book, Wireless LANs and offers computer-based training (CBT) courses on wireless LANs.
Join Jim for discussions as he answers questions in the 802.11 Planet Forums.