&= nbsp; From their introduction in the 1990’s, small and mobile computers all held= the common goal of making a corporation’s workforce more competitive by giving workers timely information (such as order processing, inventory, ema= il, etc.) and allowing efficient collaboration with other workers either in the field or at the home office. Although desired from the start, organizations attempts at instituting security on their wireless systems were done poorly although with the best intentions and suffered from some misdirection from so-called standards which did not work.
&= nbsp; The result is that now, 10 years later, wireless devices and mobile communicati= ons have exploded on the market place where manufactures are jockeying to make their systems “the standard” and an unsuspecting user community struggle to incorporate some level of security to protect themselves and th= eir data. This paper will examine the path and problems of wireless networking = and describe why a real solution has been difficult to find. This paper then concludes w= ith the challenge that the path to a real solution may be non-technical.
&= nbsp; Compared to the wireless networks, a logical, or wired, local area network is relati= vely simple to secure. Communication lines travel through known courses, computer hosts can have a multitude of physical security devices such a keyed locks, secured offices, secured campuses, biometrics, and the like. Units’ access can be restricted to certain applications and users’ authentication can be reduced to simple id/password combinations.
&= nbsp; An elementary level of security, appropriate for a wired LAN, is completely inappropriate for a wireless LAN (WLAN). This is one reason why the introduction of rouge access points (AP) was problematic. When wireless dev= ices began to appear on the market, workers and managers quickly discovered that= the ability to allow workers mobility, even in the office space, enhanced efficiently and collaboration. The addition of a wireless AP (WAP) was inexpensive with prices in the $100 range and very simple to install. The u= ser only needed to plug the WAP into an existing logical network port, the LAN viewed the AP as just another host, and wireless was up.
&= nbsp; Unfortunately, these rogue AP's were a critical issue for network managers. In many cases, workers hid the rogues. The coverage area of the AP often extended beyond t= he physical boundaries of the facility making the network available to attack = from war drivers. The reason that this is a problem is that while the AP connect= ion itself was inside the firewall, the broadcast of the AP extended beyond and opened the entire network to attack.
&= nbsp; Girard & Pescatore (2002) paint a dismal picture of the lack of standardization and security in the wireless realm. In an effort to get a handle on this quickly changing industry, the Institute for Electrical and Electronic Engineers (IEEE) developed a series of standards with the designation of 802 (for networking) .11 (for wireless). The addition of a lower-case letter af= ter the .11 indicates a subset of the standard or more specifically the task gr= oup assigned to upgrade the original standard. The original 802.11 standard released in June 1997 specified a network that broadcast at 2.4GHz and had a data transfer rate of only 1 to 2 Mbps. It included two deployments Frequen= cy Hopping Spread Spectrum (FHSS) or Direct Sequence Spread Spectrum (DSSS) (Geier, 2002b). By June 1999, the 802.11 Working Group’s Task Group b= egan releasing enhancements on the original standard. Interestingly, the first standard to be released was the IEEE 802.11b. Realize that wireless AP̵= 7;s are nothing more than radio transmitter/receivers, the 802.11b standard broadcasted at the unlicensed 2.4 GHz frequency and had a data transfer rat= e of up to 11Mbps (Wicks & Kremling, 2004). Unfortunately, this frequency is shared by other electronic devices such as microwave ovens, cordless telephones, and others which interfere with the broadcast (Wikipedia, 2005)= .
&= nbsp; One solution was to change the standard for the frequency which resulted in the 802.11a. In the “a” standard, the transmission frequency ranged from 5.15 GHz to 5.875 GHz (Wicks, 2004) and a data transfer rate of= up to 54 Mbps. However, by this time, the b standard had become the overwhelmingly popular standard for small business, homes, and public spaces (Arar, 2002) as well as medical facilities (see also Geier, 2002a).
&= nbsp; The problem with security in the "a" and "b" standards was = that they were both based on a concept called Wireless Encryption Privacy (WEP).= WEP was designed to provide confidentiality using a stream cipher called RC4 (Rivest Cypher 4) by Ron Rivest in 1987 (RC4 Wikipedia, 2005). This is the = same ciphering technique used on the Internet’s Secured Socket Layer (SSL). RC4 utilized the exclusive disjunction or XOR technique to encrypt data (see Exclusive Disjunction Wikipedia, 2005). Although deemed secure, a landmark publication by Fluhrer, Mantin, & Shamir (2001) entitled “Weaknes= s in the key scheduling algorithm of RC4” demonstrated the weakness in both the 24-bit WEP and the subsequent 128-bit WEP2 cryptology (see also Borisov, Goldberg, & Wagner, 2001). Any attacker with a moderate ability to crack code now could. An excellent device to do just that became available for download on the Internet called AirSnort. According to the website, “AirSnort operates by passively monitoring transmissions, computing t= he encryption key when enough packets have been gathered” (AirSnort, n.d= .) approximately 5-10 million encrypted packets.
&= nbsp; Soon, several new 802.11 standards were released (see Geier, 2002b). 802.11c hand= led bridge operations. 802.11d standardized the 5GHz bands globally. 802.11e provided for strong quality of service (QoS) at the Medium Access Layer (MA= C) for improved video and audio quality. The 802.11f standard examines inter-a= ccess point protocols. Unlike a cell phone, a wireless device cannot move from AP= to AP. The “f” protocol will allow for user roaming. 802.11h allow= ed for spectrum management of the 802.11a devices in the 5GHz band.
&= nbsp; The 802.11g standard, released in June 2003 (Wikes, 2004), provided for higher = transfer rated, up to 54Mbps at the original 2.4GHz frequency band but did not interoperate well with the old 802.11b standard (Moore, 2003). By this time, the WEP security standard started to be replaced by a new standard called Wireless (Meyers, 2003) or Wi-Fi (Wi-Fi Wikipedia, 2005) Protected Area or = WPA. WPA, and the subsequent WPA2, although not infallible provide for a more serious encryption standard called Advanced Encryption Standard (AES) and is based on the 802.11i “standard” (Wireless Connectivity, n.d.).
&= nbsp; Like the "a" and "b" standards, 802.11i works on the MAC lev= el and uses encryption similar to RC4. However, WEP was severely flawed and was replaced by WPA in 2003 and the 802.11i or WPA2 in 2004 (Wired Equivalent Privacy, n.d.). Additionally, the 802.11i standard utilizes a technique cal= led Temporal Key Integrity Protocol (IEEE 802.11, 2004) which generates a new k= ey with every 10 kb of data transmission (Arar, 2002). Though not considered a= s a long term solution (Arar, 2002) it can act as a stop-gap until full release= of the AES which is considered as more robust than TKIP.
&= nbsp; As manufacturers and product releases vie for attention and control of the standardization procedure, several different directions are being pursued to deal with security. One typical low-cost solution is to simply reduce the p= ower on the AP to keep its range within the physical confines of the facility and then lock down the facility. This solution is ideal for a SOHO (Small Office/Home Office) user but is impractical for public space uses such as coffee shops or campuses.
&= nbsp; An interesting recreation of an existing solution is to place the emphasis of = the broadcast less on the encryption and more on authentication. This moves the solution to security up from the MAC layer. A new encryption standard called 802.1X defines port-based network access control. Here, the AP is outside t= he network firewall and communications must come in through an authentication server (IEEE 802.11, 2004). The authentication server must verify the credentials of every wireless customer by comparing them with the hand-ente= red information provided by the network manager; easily done on a logical LAN f= or small organizations but a tremendous task for larger entities. Then, the authentication server forwards the data to a Remote Authentication Dial-In = User Service or RADIUS.
&= nbsp; For the 802.1X protocol, IEEE enlisted the existing Extensive Authentication Protocol (EAP) which was designed to be point-to-point protocol (PPP) authentication mechanism used on point-to-point LANs. IEEE 802.1X defines E= AP over LAN (EAPOL) as the standard encapsulation method for EAP messages (IEEE 802.11, 2004). It is important to note that 802.1X is simply a standard for= defining EAPOL packets and nothing more (Snyder, 2002). The EAP packet is then authenticated by the RADIUS server using access requests and challenges. Encryption utilizes a code called Michael which is an 8-byte key (for detai= led information on Michael and RADIUS challenge techniques, see IEEE 802.11, 20= 04).
&= nbsp; Garcia (2005) points out that while Microsoft’s WPA2-compliant 802.1x softwa= re called “Wi-Fi Protected Access 2 Wireless Provisioning Services Information Element update for Windows XP with Service Pack 2” (!) ad= opts strong wireless encryption and authentication, administrators should consid= er third-party supplicants instead. At issue here, again, is the desire of eve= ry vendor to have their product to be “the standard” for all simil= ar products. Dangerous territory for the development of standards which are not standards (Girard, 2002) are the development of the IEEE 802.16 standard for Wireless Local Loop (WLL) links which “offers so many options that the first 802.16 systems are likely to be proprietary in all but name” (Dornan, 2004). Dornan (2004)= warns that 802.16 could become another IMT-2000, the ITU’s global standard = for 3G, which already encompasses five incompatible systems.
&= nbsp; Regardless of the encryption, algorithms, and challenges; regardless of whether securi= ty takes place at the MAC layer, transport, layer, or even the application lay= er; there are several issues which must be understood. First, no matter what encryption style is used, wireless MAC packets are transmitted in the clear. This means that anyone who so intends can intercept, capture, and collect a= ny number of packets and can then determine the encryption keys, port addresse= s, and any information necessary to launch an attack. Because packet formats a= re standardized, an attacker can extract keys, code, and data bytes easily. Ad= ding additional bits to the encryption is a good start, but it is not the soluti= on.
&= nbsp; Second, in order for the mobile worker to be effective, data must be available thro= ugh the WLAN or else the mobility is unnecessary. There is a non-technical solu= tion to this problem and that is to create policies surrounding the availability= and distribution of data. Certainly, a policy will not deter an attacker; howev= er, if the attacker with a spoofed authentication cannot enter in certain realm= s of the network, certain attacks can be prevented. For example, there is no rea= son that any mobile worker has access to payroll data. A policy limiting access= to specifically and thoroughly authenticated users (perhaps using swipe-cards, biometrics, specific units or any combination) would eliminate attacks from= a wireless intruder.
&= nbsp; Policies could restrict data access to the wireless users in much the same manner as= a VPN tunnel through the internet. Information that is available to the user, such as email, Internet access or inventory data, would be information that would be available via the company web page or from customer service representatives anyway. Additionally, internet filtering software similar to Net Nanny installed on the wireless devices would help control the actions = that an attacker can take (elimination of access to illegal or pornographic sites and downloads). The mobile unit belongs to the company and not the employee= .
&= nbsp; Third, risk analysis on the network needs to include attacks on the mobile user themselves. The mobile device is also at risk of attack from another nearby device. And the device itself is susceptible to theft or loss. There is no fundamental difference between the loss of a data file and the loss of simi= lar data printed and carried by a sales person with the exception of the quanti= ty of data storage available. Here again, policies can work to minimize loss. = Not all salespeople need all data. By restricting the amount or type of data th= at the mobile user carries, appropriate and intelligent boundaries, like fire bloc= ks, can protect the remaining data as well as the networks over which they trav= el.
&= nbsp; Wireless networking has allowed businesses a greater opportunity for competitiveness= and efficiency in the world marketplace. In their zeal to produce more products= and take advantage of this large niche, the industry moved so fast that adequate security measures could not keep up. With a hodge-podge of security devices, cryptography, and techniques, and no real standardization policies in the n= ear future, businesses are &n= bsp; left trying to make “good enough” decisions concerning the security = of their most precious data.
&= nbsp; Certainly the solution to security is not the simple implementation of policies and t= he hope that people will abide by those policies; however, an intelligent netw= ork design that includes a competent eye towards keeping the networks secure wh= ile building availability to a new mobile community can make the most differenc= e. As the saying goes, “well begun is half done.”
AirSnort. (n.d.). Retrieved on July 8, 2005 from the AirSnort homepage at http://airsnort.shmoo.com/.
Borisov, N., Goldber= g, I., & Wagner, D. (2001). Intercepting mobile communications: the insecurity of 802.11. Paper presented at Proceedings of the 7th annual International Conference on Mobile Computing and Networking, Rome, Italy. Retrieved on October 10, 2003 from http://www.isaa= c.cs.berkeley.edu/isaac/mobicom.pdf. Also available at = http://portal.acm.org/toc.cfm?id=3D381677&type=3Dproceeding&coll=3D= GUIDE&dl=3DACM&idx=3DSERIES395&part=3DProceedings&WantType= =3DProceedings&title=3DInternational%20Conference%20on%20Mobile%20Compu= ting%20and%20Networking&CFID=3D12983865&CFTOKEN=3D65326071
Dornan. A. (2004, March). When is a standard not a standard? Network Magazine 19(3). 1= 4.
Exclusive Disjunctio= n. (2005, July 2). Retrieved on July 8, 2005 from the Wikipedia website at http://en.wikipedia.org/wiki/XOR<= /a>.
Fluhrer, S., Mantin,= I., & Shamir, A. (2001 August). Weakness in the key scheduling algorithm= of RC4. Paper presented at the Eighth Annual Workshop on Selected Areas in Cryptography, Toronto, Canada.
Geier, J. (2002a, January 24). The big question: 802.11a or 802.11b? Retrieved on July= 9, 2005 from the Wi-Fi Planet website at http://www.w= i-fiplanet.com/columns/article.php/961181.
Geier, J. (2002b, Au= gust 5). 802.11 Alphabet soup. Retrieved on July 8, 2005 from the Wi-Fi Planet website at http://ww= w.wi-fiplanet.com/tutorials/article.php/1439551.
Girard, J. & Pescatore, J. (2002, October 6-11). Security on the run: mobile and wireless security. Gartner Symposium ITxpo 2002. Walt Disney World, Orlando, FL. Retrieved on July 8, 2005 from http:/= /symposium.gartner.com/docs/symposium/itxpo_orlando_2002/documentation/sym1= 2_48f.pdf#search=3D'wireless%20security%20nonexistant'.
IEEE 802.11 wireless= LAN security with Microsoft Windows XP (2004, June). Retrieved on June 30, 2005 from http://www.microsoft.com= /downloads/details.aspx?familyid=3D67fdeb48-74ec-4ee8-a650-334bb8ec38a9&= ;displaylang=3Den.
Meyers, R. (2003, November). Combine VPN and encryption. Communication News 40(11). 34= .
Moore, B. (2003, Apr= il). 802.11 (g). Jumping the Gun. Material Handling Management 58(4). 54.=
RC4. (2005, June 17). Retrieved on July 8, 2005 from the Wikipedia website at http://en.wikipedia.= org/wiki/RC4_%28cipher%29.
Snyder, J. (2002, May 6). What is 802.1x? Retrieved on July 8, 2005 from the Network World websit= e at htt= p://www.networkworld.com/research/2002/0506whatisit.html.
Wi-Fi Protected Area= s. (2005, May 13). Retrieved on July 8, 2005 from the Wikipedia website at http://en.wiki= pedia.org/wiki/Wi-Fi_Protected_Access.
Wired Equivalent Privacy. (n.d.). Retrieved on July 9, 2005 from the BrainyEncyclopedia webs= ite at http://search.yahoo.com/sear= ch?p=3D802.11i+%22512+bit%22&fr=3DFP-tab-web-t-271&toggle=3D1&e= i=3DUTF-8.
Wireless connectivit= y, security and VIA3: a true checks and balances solution for WiFi. (n.d.) Via= ck Corporation. Washington, DC.
Wayne Machuca &= nbsp; &nbs= p; &= nbsp; &nbs= p; &= nbsp; &nbs= p; Wireless Security 2005 = - 2
MIS504 – Research P=
aper &=
nbsp; &nbs=
p;
11/1/2005