Wireless networks are a relatively new phenomena and carry with them higher security risk because they operate on a medium that lends itself to granting easy physical access to unauthorized parties. Wi-Fi networks that are open (unencrypted) can be monitored and used to read and copy data (including personal information) transmitted over the network unless another security method like TLS is used to secure the data. Such vulnerable networks make it very easy for malware such as worms to propagate from and between unprotected hosts or to saturate the available bandwidth with unwanted traffic.

Adding to the risk is the fact that because of the tendency to sacrifice security for convenience Wi-Fi Access Points (WAPs) typically default to an open (encryption-free) mode. Novice users benefit from a zero configuration device that works out of the box but without security enabled providing open wireless access to their LAN. To turn security on requires the user to configure the device, usually via a software GUI.

Another overlooked risk factor is that even encrypted networks are vulnerable. The most common wireless encryption standard, Wired Equivalent Privacy or WEP, has been shown to be easily breakable even when correctly configured. Wi-Fi Protected Access (WPA and WPA2) which began shipping in 2003 aims to solve this problem and is now available on most products.

Wired Equivalent Privacy (WEP) is a scheme to secure IEEE 802.11 wireless networks. It is part of the IEEE 802.11 wireless networking standard. Because wireless networks broadcast messages using radio, they are susceptible to eavesdropping. WEP was intended to provide confidentiality comparable to that of a traditional wired network. Several serious weaknesses were identified by cryptanalysts; a WEP connection can be cracked with readily available software in one minute or less. WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, followed by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite its weaknesses, WEP provides a level of security that may deter casual snooping.

WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. Standard 64-bit WEP uses a 40 bit key, which is concatenated to a 24-bit initialization vector (IV) to form the RC4 traffic key. At the time that the original WEP standard was being drafted, U.S. Government export restrictions on cryptographic technology limited the key size. Once the restrictions were lifted, all of the major manufacturers eventually implemented an extended 128-bit WEP protocol using a 104-bit key size.

Figure 7.7. Wired Equivalent Privacy

A 128-bit WEP key is entered by users as a string of 26 Hexadecimal (Hex) characters (0-9 and A-F). Each character represents 4 bits of the key. 4 × 26 = 104 bits; adding the 24-bit IV brings us what we call a "128-bit WEP key". A 256-bit WEP system is available from some vendors, and as with the above-mentioned system, 24 bits of that is for the I.V., leaving 232 actual bits for protection. This is typically entered as 58 Hexadecimal characters. (58 × 4 = 232 bits) + 24 I.V. bits = 256 bits of WEP protection.

Key size is not the only major security limitation in WEP. Cracking a longer key requires interception of more packets, but there are active attacks that stimulate the necessary traffic. There are other weaknesses in WEP, including the possibility of IV collisions and altered packets, that are not helped at all by a longer key.

Remedies for the above security weaknesses in the WEP standard include:

Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. It was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards. Both provide good security, with two significant issues:

WPA is designed for use with an IEEE 802.1X authentication server, which distributes different keys to each user; however, it can also be used in a less secure "pre-shared key" (PSK) mode, where every user is given the same pass-phrase.

IEEE 802.1X is an IEEE standard for port-based Network Access Control; it is part of the IEEE 802 (802.1) group of protocols. It provides authentication to devices attached to a LAN port, establishing a point-to-point connection or preventing access from that port if authentication fails. It is used for certain closed wireless access points, and is based on the EAP, Extensible Authentication Protocol (RFC 3748).

802.1X is available on certain network switches, and can be configured to authenticate hosts which are equipped with supplicant software, denying unauthorized access to the network at the data link layer.

Some vendors are implementing 802.1X for wireless access points, to be used in certain situations where an access point needs to be operated as a closed access point, addressing the security vulnerabilities of WEP (see 802.11i). The authentication is usually done by a third-party entity, such as a RADIUS server. This provides for client-only authentication, or more appropriately, strong mutual authentication using protocols such as EAP-TLS.

Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations. Most ISPs (commonly modem, DSL, or wireless 802.11 services) require you to enter a username and password in order to connect on to the network. Before access to the network is granted, this information is passed to a Network Access Server (NAS) device over the link-layer protocol (for example, Point-to-Point Protocol (PPP) in the case of many dialup or DSL providers), then to a RADIUS server over the RADIUS protocol. The RADIUS server checks that the information is correct using authentication schemes like PAP, CHAP or EAP. If accepted, the server will then authorize access to the ISP system and select an IP address, L2TP parameters, etc.

Windows XP and Windows Vista support 802.1X for all network connections by default. Windows 2000 has support in the latest service pack. Juniper Networks Odyssey 802.1X client, and other third party implementations, are offered for these and other versions of Windows, including handheld devices.

A project for Linux known as Open1X produces an open source client, Xsupplicant. The more general wpa_supplicant can be used for 802.11 wireless networks and wired networks. Both support a very wide range of EAP types.

Figure 7.8. 802.1x and RADIUS server

The Wi-Fi alliance has announced the inclusion of additional EAP (Extensible Authentication Protocol) types to its certification programs for WPA- and WPA2- Enterprise. This was to ensure that WPA-Enterprise certified products can interoperate with one another. Previously, only EAP-TLS (Transport Layer Security) was certified by the Wi-Fi alliance.

The EAP types now included in the certification program are:

Other EAP types may be supported by 802.1X clients and servers developed by specific firms. This certification is an attempt for popular EAP types to interoperate; their failure to do so is currently one of the major issues preventing rollout of 802.1X on heterogeneous networks.

Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.

In addition to authentication and encryption, WPA also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key. A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael". The MIC used in WPA includes a frame counter, which prevents replay attacks being executed. By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, WPA makes breaking into a Wireless LAN far more difficult. The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards. Due to inevitable weaknesses of Michael, WPA includes a special countermeasure mechanism that detects an attempt to break TKIP and temporarily blocks communications with the attacker.

WPA2 implements the mandatory elements of 802.11i. In particular, in addition to TKIP and the Michael algorithm, it introduces a new AES-based algorithm, CCMP, that is considered fully secure. Note that from March 13, 2006, WPA2 certification is mandatory for all new devices wishing to be Wi-Fi certified.

Pre-shared key mode (PSK, also known as personal mode) is designed for home and small office networks that cannot afford the cost and complexity of an 802.1X authentication server. Each user must enter a passphrase to access the network. The passphrase may be from 8 to 63 printable ASCII characters or 64 hexadecimal digits (256 bits). If you choose to use the ASCII characters, a hash function reduces it from 504 bits (63 characters * 8 bits/character) to 256 bits (using also the SSID). The passphrase may be stored on the user's computer at their discretion under most operating systems to avoid re-entry. The passphrase must remain stored in the Wi-Fi access point.