Administrators concerned over wireless security are now sitting down to an
alphabet soup of security protocols, with a few numbers thrown in to add
more complexity to the broth. The Wi-Fi Alliance standards group recently
introduced an interim standard called WPA (Wi-Fi Protected Access), to
replace the highly crackable WEP (Wired Equivalent Privacy). WPA, though,
will then be superceded by the full-blown 802.11i protocol, probably by the
end of next year.
Still being finalized by the IEEE
802.11 ESN (Enhanced Security Network). WPA, on the other hand, is a
“subset of the 802.11 draft standard, and will maintain forward
compatibility,” according to Wi-Fi Alliance Chairman Dennis Eaton.
WEP’s security flaws have been widely known ever since January of 2001,
when the University of California at Berkeley issued a highly publicized
paper. Since then, WEP has been roundly criticized for flaws that include
weak encryption, characterized by keys that are no longer than 40 bits;
static encryption keys; and lack of a key distribution method.
“Not long after its development, WEP’s cryptographic weaknesses began to be
exposed. A series of independent studies from various academic and
commercial institutions showed that even with WEP enabled, third parties
can breach WLAN security,” acknowledged the Wi-Fi Alliance, in a recent
white paper. “Although such security breaches might take days on a home or
small business WLAN where traffic is light, it can be accomplished in a
matter of hours on a busy corporate network.”
WPA is intended to fix these problems through technologies that include
TKIP (Temporal Key Integrity Protocol) – a set of algorithms meant to
augment WEP – as well as 802.1x. 802.1x is a “mechanism for enhanced
mutual authentication and dynamic key distribution – two shortfalls in the
current WEP standard,” according to Brian Grimm, a Wi-Fi Alliance
spokesperson.
“WPA will be mandatory for Wi-Fi certification before the end of 2003, and
eventually products will have to ship with WPA turned on,” predicted the
Gartner Group, in a recent report. “Gartner recommends that enterprises
install WPA as soon as it’s available if they use only the WEP security
solution.”
Leading vendors of wireless access points (APs) and chip sets have already
announced support for WPA. WPA will also be delivered as software and
firmware upgrades to existing Wi-Fi products. The first WPA-compliant
products are slated for shipment in the first quarter of 2003.
Meanwhile, though, about a year from now, vendors are expected to release
products complying with 802,11i, a protocol that will fold in AES (Advanced
Encryption Standard).
For their part, many administrators are still learning about WEP, let alone
newer technologies like AES and TKIP.
Some network managers remain unconvinced that WEP presents problems on
actual enterprise nets. “Most of us know that the WEP encryption has been
broken and a practice attack has been mounted. In fact there is even free
software such as Airsnort and Wepcrak that supposedly recovers RC4 keys. My
question is: How effective are thee attacks in the real world? Has anyone
found any data to show that weak keys are really numerous enough to be used
practically (for recovering) keys reliably, in the real world?” asked one
administrator in an Internet newsgroup.
“WEP is still a good deterrent for ‘casual’ snoopers,” maintained Grimm.
“You are more secure with WEP on than with WEP off!” WEP, though, “can be
comprised with the appropriate tools and expertise.”
The Wi-Fi Alliance’s current recommendations for large companies call for
implementing end-to-end security through mechanisms such as 802.1x
encryption, RADIUS authentication, and VPNs (virtual private networks).
Wi-Fi Protected Access is not to be confused with Windows Privacy Activation
– another protocol that uses the WPA acronym. Ironically, though, like the
controversial Windows Privacy Activation, the Wi-Fi-supported 802.1x is
built into Windows XP. The 802.1x protocol is also supported on many Wi-Fi
APs now on the market.
In contrast, TKIP is a protocol based on RC4, and “targeted for legacy
equipment,” according to Grimm. In conjunction with 802.1x, TKIP will
provide for dynamic rekeying, generating a new encryption key every 10K
packets.
TKIP surrounds the WEP cipher engine with four new algorithms: extended 48-
bit IV and IV sequencing rules; new per-packet key construction; a key
derivation and distribution method; and an MIC (message integrity code)
dubbed Michael.
The IEEE 802.11 committee adopted the final elements of TKIP at a meeting
on November 21. “The document is now being edited,” said Grimm. WPA
certification began is November, and WPA certification is set to start in
February of next year.
In enterprises, WPA will be used in conjunction with both wireless APs and
an authentication server, for centralized access control and management.
Homes and small offices, though, will be able to use a “pre-shared key
mode” in place of the authentication server, according to Grimm.
Under pre-shared key mode, access to the wireless network and the Internet
will be allowed only if the “pre-shared key” of the computer matches that
of the AP.
AES, the third “major new element in 802.11i,” is a block cipher which will
replace both WEP and RC4. Targeted at “future Wi-Fi equipment,” it will be
hardware-accelerated for faster performance.
Unlike WPA, though, AES looks likely to require hardware replacement,
according to many 802.11i experts. “It won’t be possible to upgrade to
802.11i simply through a software or firmware upgrade,” said Ronald P.
Sperano, program director, Mobile Market Development, in IBM’s Personal
Systems Group.
Will companies be willing to invest in new 802.11 equipment, so soon after
upgrading to the WPA protocol? Alternatively, will customers decide to
‘pass’ on WPA, in favor of waiting for the full-blown 802.11i? The jury is
still out on these questions, waiting for the alphabet soup to settle.