Wireless communication has become common in both home and business networking environments, releasing convectional internet users from cables. Some specialized networks rely exclusively on wireless Local Area Network (WLAN). Wireless Network provides workers with an always on connectivity to organization network resources and provides the needed mobility that results in increased productivity. (Bragg & Rhodes-Ousley, 2004) As businesses continue to benefit from the wide deployment of WLAN, there is growing concern over wireless technology security. Network managers and administrators are facing a huge responsibility of deploying wireless LANs that are scalable; comply with industry standards and are extensible enough to accommodate emerging new technologies (Harrington, 2005)
Need for Security
Wireless networks make use of radio waves which carry “wireless signals through the air along electromagnetic waves” (Dean, 2006). The open nature of wireless media is the source of increased concern over the security of wireless networks. A person just needs to be within coverage area of a Wireless Access Point (WAP) to connect to a wireless network. Wireless LANs are not limited to buildings as the radio waves can pass through modern building materials. Armed with the right technology, intruders can easily gain access to corporate networks. This creates a need for a robust secure network, that integrates encryption and strong authentication to minimize and “prevent authorized network access” (Madge Limited, 2003).
Known Risks to WLAN
Wireless Network security can never be addressed without understanding known WLAN security risks. The most current risks associated with 802.11 wireless technologies fall into the following broad categories namely:- Insertion; Jamming; interception and unauthorized monitoring; Brute force attack; Client to Client attack; Encryptions attacks and Mis-configuration.
Insertion risk occurs when new wireless networks are deployed or created without following the laid down security process and evaluation. Unauthorized connection to an access point using PDA, laptop or connecting unauthorized access point by an attacker also poses a huge risk to a WLAN network. This occurs when a WLAN is configured to allow access without a password or the use of one access password.
WLAN faces the risk of Interception and traffic monitoring, especially when an attacker is within the range of an access point and has the necessary technology. Usually attackers intercept data transmitted through a WLAN by using Wireless Packet Analyzer and steal usernames and passwords and monitor sensitive data. Jamming occurs when the WLAN operation frequency, in this case 2.4GHZ frequency, is flooded with illegitimate traffic. Attackers make use of readily available tools and overwhelm the frequencies rendering the wireless network inability to receive or send data. Jamming leads to denial of basic networking services to legitimate users.
The use of a single password or key that is shared by all devices to connect to a WLAN makes a network vulnerable to Brute Force Attacks. Network intruders take advantage of available technology to compromise network passwords and keys by systematically testing possible passwords that eventually enable them to gain access to a WLAN.
When access points are not configured properly, they can pose a risk to a network. Usually, access points are shipped with default user names and passwords, and it’s up to the network administrator to understand and properly configure them before they are deployed to the network. Default passwords are known within the networking industry, making them weak and unreliable to secure a network.
WLAN Authorization Standards IEEE:- 802.11x
The 802.11 also denoted as 802.11x, protocol refers to a family for Wireless LAN specification as defined by IEEE and include WLAN standard such 802.11b, 802.11a and 802.11g. The 802.11 standards differ in transmission ranges, speed and frequency although they are all implemented in a similar manner. All standards use the same security protocol and can use either ad hoc or infrastructure network design. In the following section, I will briefly go through some of the standards under the 820.11x family.
802.11b standard is the most widely used standard for wireless transmission, using unregulated radio signaling frequency in the 2.4GHz band (Dean, 2006). The wide use of this standard has been occasioned by the low cost equipment for implementing the 801.11b network. 802.11 LAN supports a maximum data rate of 11 Mbps (Mitchell, 2010).
Supporting a theoretical throughput of 54Mbps, 802.11a has an edge over 802.11b, leading to improved performance. The high cost of networking equipment associated with the deployment of the 802.11a network makes this networking standard less widely used than 802.11b. Unlike 802.11b which transmit at 2.4GHz frequency, the transmission frequency range for 802.11a radio signal is regulated, usually above 5GHz. This makes the 802.11a network experience less interference.
802.11 Standard was introduced in 2003, with the aim of combining the best features from 802.11a and 802.11b. (Networked World, 2006)The fact that 802.11g is compatible with 802.11b means that 802.11b networking adapter and access point can work on 802.11g network and vice versa. Although the signal range of 802.11g is not easily obstructed, 802.11g operates on the unregulated 2,4GHz frequency, making the network prone to interference.
The IEEE 802.11n standard was ratified in late 2009, with the aim of upgrading the 802.11 network devices to provide high throughput of up to 200Mbps, improve reliability of 802.11 wireless communications and predict the coverage of 802.11 devices. Unlike 802.11a, b and g which were ratified to just provide high through put to 802.11 communications, 802.11n is packed with new features such as changes to the basic frames format, use Multiple-input multiple outputs (MIMO) technology thereby improving the amount of bandwidth supported by the network by using multiple antennae and wireless signals, increased radio channel size, reduced overhead and increased rate of modulation (Mitchell, 2010)
Wired Equivalent Privacy (WEP) Standard
By default, the 802.11 standard does not require client to authenticate before communicating with an Access Point, as the client just needs to know the Access point SSID to connect to the network. This means that this standard does not offer any security by default. However, the 802.11 standard instead allows for optional encryption using Wire Equivalent Privacy (WEP) standard.
WEP makes use of network keys to authenticate network clients and to encrypt the data being transmitted. The network key is created when one is configuring WEP on an Access Point, by establishing a string character that will be required to be associated with the access point. It important to note at this point that 802.11 WEP encrypts data as they are transmitted between two stations only. When activated the network Interface Card encrypts the payload of each 802.11 frame before they are transmitted using RC4 stream cipher that is generated by a 64/128-bit RCA Key (Laudon & Laudon, 2007). Receiving station access point performs decryption once the frame arrives. When using a 64bit key, 24 bits are used as Initialization Vector and 40 bits represent WEP key. The RC4 stream and the bitwise exclusive OR of the original packet are used to generate the encrypted key. The sender chose the Initialization Vector (IV), which is sent in clear text. In addition to the Initialization Vector, an additional 4 byte integrity Check Value on the original packet is computed, encrypted with the RC4 Cipher stream and affixed to the end of the packet. The Initialization Vector key can be changed periodically so that packets are not encrypted using the same cipher stream ( (Networked World, 2006)
When the client detects the presence of an Access point, the user is prompted to provide a network key before client can gain access to a network through the Access Point. Many operating systems provide an option for saving the network key as part of the wireless connection’s properties (Dean, 2006)
Advantages of 802.11x WEP
Wired Equivalent Privacy (WEP) is not the best encryption option available but it offers some privacy to the network. As a matter of fact, WEP is the most deployed encryption option on most wireless networks. The shared key must be entered correctly on the client and on the Access point in order to gain access to network resources. To some extent, this blocks unauthorized wireless clients from associating with an Access point thus providing a fair authentication mechanism. The current version of WEP allows for more secure encryption using 128-bit keys (Dean, 2006).
Drawbacks of 802.11x WEP
One of the major drawbacks of WEP is the use of shared keys for authenticating all clients and for exchanging data. This makes WEP more vulnerable to discovery by eavesdropping and can easily be compromised. Once the key is compromised, the network administrator will have to change the key in all clients and access points, a task that can be very daunting especially in a large organization where numerous AP have been deployed. In most cases, the network key chosen is poor, making it vulnerable to easy cracking.
Although most 802.11 equipment vendors have implemented various WEP extensions such as a fast rotation scheme, these implementation are not part of the 802.11 standards. This means that such extensions are not compatible with each other and networking equipment from different manufacturers will not work together.
The WEP 4 byte Integrity Check Value (ICV) is based on CRC-32, which is an exceptional checksum for discovering error but a terrible choice for a cryptographic hash. Use of SHA-1 or MD5 algorithm can result to a better WEP encryption system (Limehouse Book Sprint Team, 2007)
Temporal Key Integrity Protocol
To address the drawbacks associated with WEP, 802.11 vendors came up with Temporal Key Integrity Protocol (TKIP) to correct weaknesses in WEP (Kaeo, 2003). TKIP uses RC4 encryption just like the WEP standard but a new network key is generated after transmitting every 10KB of data, or after every 10,000 packets. The sequencing rule, Messaging Integrity Check and Initialization Vector have all been improved, making it hard for sniffing attacks.
To further enhance wireless LAN security, IEEE devised a new wireless security protocol called 802.11i. 802.11i uses Extensible Authentication Protocol (EAP), which provides a strong encryption scheme, which assigns a dynamic key to every transmission. Logging to a wireless network is very complex with EAP, compared to WEP. In 802.11i, the Access point acts as a proxy between the client and access server. The AP receives request from the client, and prevent any transmission between them before the client has been successfully authenticated with the server. The 802.11i “requires mutual authentication” (Dean, 2006, p760) where the client authenticates with the remote access server and the server in turn authenticates with the client. Mutual Authentication requires that authentication data be repackaged before the AP sends transmit. After mutual Authentication is complete, the remote server sends instructions to the AP to allow traffic from the client without repackaging the data from the client. The server and the client agree on the network key to be used in transmission during that particular session. (Dean, 2006)
Wi-FI Protected Access (WPA) and WPA2
Before 802.11i was ratified, an alliance made up of international organizations, which aim at ensuring that 802.11 compatible equipments came up with WPA to provide a secure alternative to WEP. WPA authentication scheme is the same as that used in 802.11i with the only difference being the encryption scheme, using RC4 encryption instead of AES. WPA2 is an updated version of WPA although it very similar to 802.11i.
Before WPA and 802.11i came into the industry, IEEE ratified 802.1 x standards, aimed at passing Extensible Authentication Protocol (EAP) over both the wired and wireless LAN. It’s important to note that “802.1x is not a single authentication protocol; instead it uses EAP as it’s authentication protocol” (Kaeo, 2003, p173). 802.1x requires that the client associated with Access point is properly authenticated before accessing the network. After authentication, the server and the client exchange EAP messages to perform mutual authentication with the client verifying authentication server credentials and vice versa. (Kaeo, 2003). 802.1x is ideal for typically small wireless AP, that have little processing power and memory.
CISCO Lightweight Extensible Authentication Protocol (LEAP)
LEAP is Cisco proprietary protocol where mutual authentication is based on a secret password known to both the RADIUS server and the wireless client. The RADIUS server sends authentication challenges to a client to signal the start of the authentication process. In response, the client uses a way harsh of the password supplied by the user, and include “message digest” and send back to the server. The RADIUS server extracts the message digest and performs one way harsh using the username associated with the password from it database. The client is authenticated if both messages digest match. The reverse process takes place to authenticate the RADIUS server. Once mutual authentication is complete, a dynamic WEP key is generated (Kaeo, 2003)
As Wireless communications continue to grow and organization continues to benefit, there is an increased need for network administrator to provide enterprise-class, robust secure wireless network. This is because as more data is transmitted over the WLAN, threats to this data continue to grow. Some of the knows threats to WLAN include:- Jamming; interception and unauthorized monitoring; Brute force attack; Client to Client attack; Encryptions attacks and Misconfiguration.
IEEE defines wireless LAN under 802.11 standards, which refer to a family of WLAN standards. Included in this family are 802.11b, 802.11a and 802.11g, 802.11n standard. The 802.11 standard does not offer data security but instead allows for optional encryption using the WEP standard. WEP make use of shared network key for authentication and transmission by all clients making it vulnerable to compromise and eavesdropping.
Wi-Fi Protected Access (WPA) and Temporal Key Integrity Protocol (TKIP) were derived to address the drawbacks associated with and to provide an alternative to WEP. Later IEEE ratified the 802.11i standard to enhance WLAN security. This standard makes uses Extensible Authentication Protocol (EAP), providing strong encryption, by assigning dynamic key to every client and transmission. Another standard currently in use to secure WLAN include CISCO LEAP and 802.1x standard.
Bragg, R., & Rhodes-Ousley, M. (2004). Network security: the complete reference. Atlanta: McGraw-Hill.
Dean, T. (2006). Network+ Guide to Networks. Boston: Thomson Course Technology.
Harrington, J. (2005). Network security: a practical approach. San Francisco: Elsiever Inc.
Kaeo, M. (2003). Designing Network Security. New York: Cisco Press.
Laudon, J., & Laudon, K. (2007). Management Information Systems. New Jersey: Prenhall.
Limehouse Book Sprint Team. (2007). WEP and WAP Encryption. Web.
Madge Limited. (2003). Wireless LAN Security. Baltimore: Madge Limited.
Mitchell, B. (2010). Wireless/Networking. Web.
Networked World. (2006). WEP (wired equivalent privacy). Web.
Scarfone, K., & Dicoi, D. (2008). Guide to Securing Legacy IEEE 802.11 Wireless Networks. Web.