test me

Site Search:

An overview of Wireless Security

Back>
There are many types of wireless LAN security threats, for example:

  • War Drivers: War drivers are hackers who drive around trying to discover unsecured wireless access points, and use them for further exploit.

  • Rogue Access Points: A rogue access points (AP) is an access point that pretends to be a valid AP on a WLAN, but in fact is used by hackers to capture sensible informations, spoof data packets and gain access to servers and files. The most common rogue APs are those unsecured APs installed by unintentional employees on the enterprice network, causing security risk for the cooperation network.

  • Hackers: Hackers can use computer program to exploit weakness in WLAN security, crash the WLAN, obtain sensitive network infomations such as user name, passords and client's MAC addresses.

There are also many ways to secure a WLAN:

  • Authentication: Authentication is an mechanism to ensure that both clients and access points are legitimate.

  • Encryption: The user data can be encrypted during the wireless data transmission. Even though packet sniffers captured the network traffic, they can not read the encrypt data without decryption.

  • Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS): Though Authentication and Encryption is sufficient for most SOHO wireless networks, for larger cooperations, they may need IDS and IPS to detect and proivde againt wireless network attacks.

To counter wireless LAN security threats, the 802.11 and later 802.11i were created.

The 802.11 security defined 64-bit static WEP keys for both authentication and encryption. The authentication method was soon compromised. Techniques such as Service Set Identifier (SSID) and MAC address filtering were invented to address the security issue. As both methods proved to be non-effective, 802.11i was created to upgrade the WLAN security and Advanced Encryption Standards (AES) has replaced WEP as the latest and most secure method of encrypting data.

By default, all Wi-Fi Certified wireless LAN products are shipped in "open-access" mode, a mode without any security features. In "open-access" mode, the wireless access point accepts connection from any computers.

Althogh "open-access" mode may be appropriate for public hot spots such as coffee shops, college campus, in enterprise enviroments, security features needs to be enabled.

There are many security features defined in IEEE 802.11 and IEEE 802.11i.

  • SSID

  • Open or Shared-Key Authentication

  • WEP

  • MAC Address Authentication

  • WPA and WPA2

Service Set Identifiers (SSID) is a common network name for the devices in a WLAN system that create the wireless LAN. An SSID prevents access by any client device that doesn't have the SSID.  By default, an access point broadcasts its SSID, so client machine can discover it. The clients sends out a probe request for probe responses from the access points. The clients then associates to the access points with the strongest signal. If the signal becomes low, the client can associate with other access point by scanning all avialable channels again. During association, the SSID, MAC address, and security settings are sent from the client to the AP and checked by the AP. Disable SSID broadcast does not improve security, because then the client must broadcast its SSID in order to associate to an access point. The hacker can send a null string (no value in the SSID field) as SSID and discover an access point.


Two types of authentication were specified by the IEEE 802.11 committee:

  • Open System Authentication -- the WLAN client need not provide credentials to the Access Point during authentication. Thus, any client can authenticate itself by little more than supplying the correct SSID.

  • Shared-key authentication -- The Access Point sends a challenge-text packet to the clent. The client then encrypt the challenge-text with the correct Wired Equivalency Protocol (WEP) key and return to the Access Point. Only when the WEP key is correct, the authentication will be success and the client will be allowed to associate with the access point. Since the challenge-text is clear-text, the intruder can decipher the WEP key by studying the clear-text challenge and the same challenge encrypted with a WEP key.  Moreover, WEP use One-way authentication, that is, clients don't authenticate AP, making it easier for rogue access points to infiltrate the WLAN. WEP is now a deprecated algorithm to secure IEEE 802.11 wireless networks.

MAC Address Authentication -- client MAC address can be statically stored on the Access Point, so that clients without their MAC addresses in the filter table will be denied of access. MAC Address Authentication also have limits: since all MAC layer information must be sent in the client packets, intruder can sniff and read the client packets sent to the Access Point and spoof the MAC address.

Wi-Fi Protected Access (WPA and WPA2) is a certification program created by the Wi-Fi Alliance to indicate compliance with the security protocol created by the Wi-Fi Alliance to secure wireless computer networks. The protocol was created in response to several serious weakness researchers had found in the Wired Equivalent Privacy (WEP). Advanced Encryption Standard (AES) has replaced WEP as the latest and most secure method of encrypting data.


wpa, wpa2
wpa, wpa2


  • By 2003, the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA), which was a subset of then upcoming 802.11i amendment.

  • Finally in 2004, with the finish of the full 802.11i standard, the WPA is replaced by WPA2

  • WPA and WPA2 use Two-way authentication -- As indicated in 802.x protocol, the AP acts as an authenticator sitting between the clients located in the 802.11 network and the authentication server located in the enterprise network. Upon receiving traffic from the client to the authentication server, the AP encapsulates and sends only 802.1x traffic but blocks other types of traffic; Upon receiving RADIUS traffic from the authentication server to the client, the AP encapsulates and passes it to the client.  Server authenticates the client, and client also authenticates the server.

  • WPA an WPA2 are very similar, they both use IEEE 802.1x/EAP and Pre-shared Key (PSK) for authentication. For SOHO use, PSK authentication is commonly used, while for enterprise users, IEEE 802.1x/EAP authentication is recommended. What make difference between WPA2 and WPA is their encryption protocol. WPA us TKIP/MIC for encryption, WPA2 use AES-CCMP instead.

  • During PSK authentication, a password (so called passphrase) is stored on both the client and the Access Point. A client gains access by matching its password with the Access Point's. The PSK also provides keying material that TKIP or AES uses to generate an encryption key for each packet of transmitted data. PSK have shortcomings: the PSK is stored on the client computer and can be found by determined hackers. A strong PSK passphrase is recommanded, even better way is to use dynamic encryption keys that change each time a client establishes a connection.

  • The IEEE 802.11i standard replaced WEP with the Counter Mode Cipher Block Chaining-Message Authentication Code Protocol (CCMP), which is a new Advanced Encryption Standard (AES) based algorithm. AES-CCMP is considered fully secure.

No comments:

Post a Comment