QuickStudy: Wireless Security

Computerworld - Some people think that the term wireless security is an oxymoron, but in fact, wireless security isn't very different from wired security. To protect data going out from an organization, whether over radio waves that anyone can listen in on or over phone lines or network cabling that can be wiretapped or sniffed, you need the same basic controls as with any other connection.

• A host system needs to authenticate the user or device that it's communicating with.

• The data must be protected as it travels from the user device to the destination host, whether to preserve confidentiality or to ensure that the message isn't changed or destroyed en route.

This discussion centers around security for wireless Ethernet networks using IEEE standard 802.11b (also called Wi-Fi), which offers speeds of up to 11M bit/sec. There are other standards and protocols for wireless communications, but most of the same security principles will apply to them. The vast majority of wireless networks now in operation are based on the 802.11b standard.

The first security mechanism built into Wi-Fi was Wired Equivalent Privacy (WEP), which allowed the encryption of wireless traffic. However, encryption is turned off by default in wireless devices and software, and in many cases, it's never turned on. But even when WEP is used, it isn't terribly secure.

WEP relies on a secret key to encrypt packets transmitted between a mobile station (a device with a wireless Ethernet card) and an access point (a base station connecting to a wired network). An integrity check ensures that packets aren't modified in transit. In the real world, most installations use a single key that's shared by all mobile stations and access points.

A 40-bit key is standard, but even the 128-bit version is vulnerable to attacks from crackers who can analyze traffic statistics; send messages of known content through networks from their own, unauthorized mobile stations; trick access points and reconfigure them; or build dictionaries of initialization vectors based on traffic analysis.

Last year, Ian Goldberg, a cryptologist at security and privacy software developer Zero-Knowledge Systems Inc. in Montreal, working with researchers at the University of California, Berkeley, broke WEP. Researchers at Rice University in Houston and AT&T Labs in Florham Park, N.J., later discovered an even easier method for breaking WEP.

Future Developments

Help is on the way. Task Group I (TGi) of the IEEE 802.11 Working Group has been busy trying to fill in the cracks of wireless network security. TGi is looking for a WEP replacement that can be implemented without making the current generation of wireless network equipment obsolete. Last year, TGi approved a measure to ensure a backward-compatible interim security improvement.