WLAN Security: Overview

Saad Hamid, MSEE-12

Abstract- Wireless LAN is a popular technology for communication. Its usage is rapidly growing. As boundaries of a wireless network are not strictly definable, so the WLANs security problems continue to be a major thorn in its growth. In this paper, we present the basic techniques used for WLAN security and analyze them. Keywords: WLAN-Wireless LAN, AP-Access Point, WEP-Wired Equivalent Privacy, CRC-Cyclic Redundancy Check, TKIP-Temporal Key Integrity Protocol, AES-Advanced Encryption Standard, EWGEnterprise Wireless Gateways. Introduction Many companies, organizations and even individuals implement wireless local area networks (WLANs) in various locations such as their offices, conference rooms, homes, and business areas. This type of connections offers users portability because they can move from one location to another while maintaining access to the corporate network, but it does not offer access between locations. Mobility, on the other hand, lets users access the corporate network not only near multiple access locations but also everywhere in between. WLANs let users access a high-speed connection in areas where physically wired networks cannot penetrate or are not cost effective. Many companies use WLANs as add-ons to their main wired networks. A recent study found that corporations that implemented WLANs increased the availability of their corporate network by 70 minutes per day for the average user, which in turn also enhanced productivity within the corporation by as much as 22 percent. WLANs also offer much-needed flexibility in a world of high-speed data networks. Administrators can install them quicker, easier, and more cost-efficiently than traditional wired networks. A WLANs flexibility provides an easy way to install a new network, whether as extension of wired network or a pure WLAN. The ease and speed with which these networks can be

installed is unprecedented: high-speed networks can be installed for a week or a day and then removed once they are no longer needed. The fact that such temporary installations can be created cost-effective is a major selling point for WLAN integrations. Although WLANs solve some problems that exist in traditional wired LANs, they also introduce new security issues. The risk that WLAN services present can only be mitigated rather than completely eliminated. Although there is no single solution for perfect WLAN security, we believe that acceptable level by a proper combination of countermeasures. The chief concern in migrating to WLAN access is security problems. Physical wires turn out to be one of the primary obstacles to attackers looking to hack their way onto a LAN. It is unlikely that a stranger plugging into a corporate network would go unchallenged, either by the network security thats already in place, or by surrounding workers. The security of a WLAN is very important, especially for applications hosting valuable information. For example, networks transmitting credit card numbers for verification or storing sensitive information are definitely candidates for emphasizing security. In these cases and others, proactively safeguard your network against security attacks is a very important problem. In the WLAN, there exist some secure methods, but many of them will have the basic security problems. WLAN (IEEE 802.11) The IEEE 802.11 standards define the MAC (Medium Access Control) and PHY (Physical) layers of wireless LAN. The original standard described a wireless communication technology that operated at 1 Mbps. The IEEE 802.11b amendment introduced in 1999 increased the maximum throughput to 11 Mbps, while IEEE 802.11a & 802.11g standards have introduced new technologies to increase the maximum theoretical throughput of this wireless communication technology to 54 Mbps.

_____________________________________________________________________________ WLAN Security: Overview 1 Military College of Signals

WLAN Security As IEEE 802.11 is a form of wireless communication, it doesnt offer the inherent security of a wired LAN, as wireless communications disseminate information indiscriminately. To offer a level of security similar to that of wired LANs the optional Wired Equivalent Privacy amendment was introduced. This provided a means of confidentiality and authentication in the packetized data. What is WEP (Wired Equivalent Privacy)? The IEEE 802.11 standard defines the Wired Equivalent Privacy (WEP, encapsulation of 802.11 data frames. The goal of WEP is to provide data privacy to the level of a wired network. IEEE 802.11 defines a mechanism for encrypting the contents of 802.11 data frames. The operation of WEP is the following steps. First, each member of the BSS is initialized with the shared key via an unspecified, implementation specific, out-of-band mechanism. To send a WEP encapsulated frame, the sender calculates the CRC of the frame payload and appends it to the frame. It then selects a new IV, appends this to the shared key to form a per-packet key, and uses the result to generate an RC4 key schedule. The sender then uses RC4 to generate a key stream equal to the length of the frame payload plus CRC. The sender XORs the generated key stream against the plain text payload data and CRC. The sender also inserts the IV into the appropriate field in the frame header, and sets a bit indicating that its a WEP encrypted packet. At this point, the WEP encapsulation is complete, and the frame can be sent to the peer. To process a WEP frame, the receiver checks the encrypted bit in the arriving frame. If it is set, the receiver extracts the IV from the frame, appends it to the BSS shared key, and generates the per-packet RC4 key schedule. RC4 is applied to the key schedule to produce a key stream the length of the packets encrypted payload. The receiver then XORs this key stream against the encrypted payload to extract plain text. Finally the receiver verifies the CRC of the decrypted payload data to verify that the frame data correctly decrypted. WEP Vulnerabilities Currently, WEP is the security standard outlined for all 802.11 standards (see Figure 1); its goal is to secure WLANs at the same level as wired networks. WEP is based on the RC4 symmetric algorithm. Administrators deploy a secret key on both the access point and

wireless devices, which use the key to encrypt data and check data integrity. In addition, the AP can use the key to authenticate its clients. Although RC4 algorithms overall cryptography is quite powerful, the WEP standard takes a poor approach to using it. One of WEPs biggest downfalls is that its secret keys (which wireless devices and their access points share) are relatively shorter than other security protocols keys typically, 40 bits long in WEP, although the standard does allow up to 104-bit keys. WEP concatenates a shared secret key with a short 24-bit initialization vector (IV) to create the RC4 key stream. For instance, after WEP concatenates a 40bit secret key with 24-bit IV, it generates a 64-bit RC4 key stream. The IV is sent to the receiver in plain text so that the receiver can generate the same key stream, which means that attackers can see the first 24 bits of every key sent using WEP. Furthermore, the fact that the IV is so short nearly guarantees that it will be used for multiple messages. In fact, the same IV might be reused in as little as half a day if there is significant activity over a companys WLAN. This leads to a widespread key abuse; a single access point BSS running at 11Mbps and with a typical packet distribution can exhaust the derived key space in about an hour. A

multi-access point network with tens or hundreds or thousands of access points can exhaust the key space at a faster rate, indeed, inversely proportional to the number of access points. An attacker could easily collect an IV and use it to retrieve the key that the AP and wireless devices use.

_____________________________________________________________________________ WLAN Security: Overview 2 Military College of Signals

The current 802.11 standard has no guidelines for how, or even if, the IV should be changed. Some vendors equipment actually uses the same IV for every key stream, which means an eavesdropper is guaranteed to uncover the IV. In response to widespread discussion of WEPs flaws, other systems generated the IVs sequentially, incremented with the transmission of each packet. WEP security also suffers from a poor solution for key management, which can leave the keys in a device unchanged for long periods of time. If the device were lost or stolen, an attacker could use the key to compromise not only that device but any other devices sharing the same key. Dynamic key management solutions could help mitigate the threat of WEP keys falling into the wrong hands, as well as increase complexity. Further adding to the protocols shortcomings is WEPs implementation of the Cyclic Redundancy Check (CRC)-32 algorithms, which calculates a 32-bit checksum to check the integrity of packets sent over the WLAN. Because the checksum that CRC-32 creates is a non cryptographic value, known attacks, such as side-channel attacks, can compromise the datas integrity. RC4 Stream Cipher RC4 invented by Ron Rivest was kept secret by RSA Data Security Inc. until the source code was anonymously leaked to a newsgroup in 1994. Restricted to 40 bit keys by U.S. export regulations until recently RC4 acquired an image of being insecure. Nevertheless when used with 128 bit keys RC4 is still regarded as a secure and very elegant stream cipher by most experts. RC4s biggest advantage is its extremely simple, byteoriented structure leading to extremely compact software implementations. RC4 possesses an internal state of 256 byte-wide registers which are initialized during startup by loading them with repeatedly concatenated versions of the secret key. TKIP TKIP could be a short-term solution to counter WEPs weaknesses. TKIP use a 128-bit temporal key, but all users on a specific AP would share the same key: if one user is compromised, then all users on that AP become vulnerable to attacks. The major difference between WEP and TKIP is that a temporal key changes every 10,000 packets in TKIP, whereas WEP keys are static.

AES (Advanced Encryption Standard) The AES is the basis of WEPs next generation adopted as 802.11i standard, in June 2004. AES lets administrators specify the key size to 128, 192, or 256 bits. The revised WEP standard known as WPA (WiFi Protected Access) use a true 128-bit default key size. Using AES also eliminate the use of the 24-bit IV, which is one of the largest downfalls of the current version of WEP. The basic outline of the processing layers in an IEEE 802.11 station is illustrated in Figure 1. The MAC layer accepts data for transmission in the form of MDUs

(MAC Data Units) from the LLC (Logical Link Layer) in the system. The MAC creates and passes MPDUs (MAC Physical Data Units) and other Control and Management packetised data (known as frames) to the PHY layer. The PHY performs modulation of the input frames to produce output data suitable for transmission over the wireless medium. By monitoring the activity on the wireless medium through the PHY, the MAC will determine if it can transmit data if it believes the wireless medium is inactive. Encryption and other cryptographic processing of frames in IEEE 802.11i occur at the MAC layer, prior to passing frames to the PHY. All frames delivered to the PHY from the MAC are composed of header fields, an optional data payload field, and a Frame Check Sequence (FCS) composed of a CRC32 checksum for error detection purposes. The security schemes in IEEE 802.11i only alter the data payload, and subsequently the FCS field that is calculated over the data field. AES Standard AES operates on an array of bytes. For encryption, each round of AES (except the last round) consists of four stages: AddRoundKey: Each byte of the state is combined with the round key; each round key is derived from the cipher key using a key schedule. SubBytes: A non-linear substitution step where each byte is replaced with another according to a lookup table.

_____________________________________________________________________________ WLAN Security: Overview 3 Military College of Signals

ShiftRows: A transposition step where each row of the state is shifted cyclically a certain number of steps. MixColumns: a mixing operation which operates on the columns of the state, combining the four bytes in each column using a linear transformation.

prevent possible unauthorized access to the WLAN through the stolen cards MAC address. Enterprise wireless gateways (EWGs) offer a possible solution to this problem by providing a centralized point of security. EWGs reduce the overhead for administrators by letting them implement all changes to WLAN security features in a single location.

The final round replaces the MixColumns stage with another of AddRoundKey. Drawbacks of AES AES does, however, have a few drawbacks. Firstly, it is a huge undertaking for a company to replace all of its existing WLAN APs and other equipment in order to be compatible with the new standard (802.11i). The use of a large key size (at minimum 128 bits) also means client devices will need extra processing power to encrypt and decrypt it. This could slow down the devices and ultimately disturb many users. AES will also require considerably more power consumption than most existing WLAN cards provide. Users fearing extra drain on their mobile devices (laptops, handhelds, and so on) have continually dismissed the idea of increasing WLAN cards power consumption. SOME OTHER CONCERNS MAC Address Spoofing A wireless network interface component (NIC) cards MAC address can be used for access-control decisions in WLAN environments. Because WEP broadcasts MAC addresses in plain text during packet transfers, an attacker can easily eavesdrop to get the addresses associated with clients accessing the WLAN. The attacker can thus gain unauthorized access to the network by using a wireless NIC card with a spoofed MAC address. The attack is particularly useful if the attacker can identify a MAC address that has recently disconnected from the network, thus avoiding any conflicts at the MAC layer. Another grave concern for network administrators is the theft of wireless NIC cards with MAC addresses defined as allowed on a MAC filter. If the owner of a stolen NIC card does not immediately report the theft, an attacker can use the card to gain access to the WLAN. Once the theft is reported, the administrator must update the MAC address filter on each AP to

Default Configuration Before deploying APs in a WLAN environment, the administrator must properly configure them. Although critical to securing a WLAN, unfortunately, almost all manufacturers ship APs with WEP disabled. WEP does not provide full security, but with proper configuration, it does enhance WLAN security. APs often ship with other default security settings that must be changed; of these, the most critical are the APs passwords, the simple network management protocol (SNMP) parameters, channel selection, dynamic host configuration protocol (DHCP) setup, and the integrated firewall configuration. Otherwise, an attacker can easily get access to the WLAN or compromise the system using those default values. Because most products from a specific vendor have the same default service set identifier (SSID), which is required to access the vendors AP, it is essential to network security that the default SSID be changed. Otherwise, an attacker who knows the SSID for that vendors AP can easily access the network. It is also critical to turn off the APs broadcast mode, which broadcasts the units SSID. While broadcast mode is enabled, anyone with a wireless NIC card could get the SSID from the AP itself, which would defeat the

_____________________________________________________________________________ WLAN Security: Overview 4 Military College of Signals

purpose of changing its SSID. Changing an APs factory defaults is a simple yet effective step in securing WLANs, although WLAN administrators often overlook it. Physical Access to APs To keep APs secure, administrators should locate them in physically protected areas rather than places where anybody can physically access them. Many companies have mistakenly placed APs in lobbies or other public areas, where attackers can access them and reset the default factory settings (which are easy to locate on most vendors Web sites). This takes much less technical skill than other WLAN attacks, but is just as dangerous. Another growing threat to corporate network security is from so-called rogue APs. Employees can deploy personal APs in their cubes or offices, for example, and connect to the corporate network, thus becoming an extension of the physical wired network without the IT departments knowledge. Because many employees do not fully understand WLANs, they can incorrectly implement security measures and unknowingly open a security hole in their companys network. Service Coverage Area Attackers must gain access to a target APs signal before they can penetrate the network. An APs signals can travel beyond desired service coverage areas. For instance, an attacker outside an office can access a companys private network through an AP on a WLAN whose signal has gone beyond the buildings physical boundaries. This type of attack, known as war driving, often happens in office parking lots. Attackers attach antennas to their automobiles to find WLAN signals and then use sophisticated equipment to sniff packets sent over the network. Sniffing lets attackers intercept each packet, which they can then analyze to find the information they need to penetrate a companys network. The same type of attack can occur if the signal penetrates a buildings walls and then leaks into public places or another companys office. Difficulties in controlling a WLAN coverage area can lead to loss of confidentiality, integrity, and ultimately to denial of service attacks on the network. The only real solution to this problem is to actually walk an office buildings perimeter with a spectrum analyzer to ensure that signals are not leaving the desired area. Network administrators should perform signal tests regularly to ensure network security. Doing so also makes it possible to detect rogue APs that non-IT employees have added to the network. If an administrator detects a signal beyond a companys office walls, there are a few effective ways to alter the APs signal so that it is contained within the offices physical boundaries.

The administrator can Lower the APs signal strength, Move it to a location where its signal will not break the offices physical barriers, or Use different types of antennas that control signal strength and direction. The best solution might be to use more than one of these methods to control WLAN coverage; using none can pose a serious threat to a companys private network. Public WLAN Concerns An individual attempting to connect to a corporate network via a public network can present another threat to a private network. For example, users accessing a public WLAN hotspot in a coffee shop or airport open a channel to their corporate network. Usually, public networks offer no security; this lets attackers in the area sniff the network and view all packets transferred in plain text on the WLAN. This type of attack has increased in recent years as public networks have become more popular and will continue to grow as more hotspots pop up around the world. Users have no idea that they have just opened up a back door into their companys network. Attackers miles away from the networks physical location can thus gain full access. Rather than hacking through a firewall and other security measures to gain access, they can merely monitor usage on public WLANs. Administrators can configure their systems to disallow network access from public WLANS, but this limits the users mobility and service availability. WLAN Security Enhancements Network administrators must ensure their products have the latest firmware upgrades, which play a key role in a products performance, security, and management capability. Administrators can use EWG to authenticate WLAN users and filter out unauthorized users. If administrators use centralized key-distribution servers, they can easily and effectively manage WEP keys. However, this increases the possibility of single-point failure, which is a generic problem in centralized network architecture. An intrusion detection system (IDS) can help network administrators keep a close eye on the WLAN. Some types of IDSs let network administrators set up WLAN policies and rules while other types of software help with WLAN auditing and assessment. Furthermore, virtual private network (VPN) offers a secure connection through a public WLAN by creating a tunnel, or secure encrypted connection, between the users device and the destination.

_____________________________________________________________________________ WLAN Security: Overview 5 Military College of Signals

This adds much-needed security to public WLAN connections and lets those traveling for business use their devices in public places without worrying about attackers sniffing any packets associated with their connection. A personal firewall loaded on the users equipment can add an extra layer of security in such scenarios. Finally, administrators can implement a public key infrastructure (PKI) on a WLAN to provide reliable security services. As with traditional wired networks, policies are important in the world of WLANs. There is no perfect policy that every company should abide by, but all should have and enforce a set of security policies tailored to the needs of their WLAN environment. For instance, WLAN policies should forbid employees to add APs to the network by themselves. The Future of WLAN Security Other types of physical components are being investigated to promote WLAN security. As we mentioned, EWGs are proving to be an important part of WLANs, and their popularity will continue to grow as the security they provide improves. Several vendors are also unveiling new products that take a more centralized approach to implementing WLANs with dumb physical APs connected to centrally switched brains. This approach could help simplify WLAN implantation and administration. Antennas might also increase security. Various types of smart antennas are currently in development; some can control an APs signal to confine it to a specific area and ensure that it does not pass through physical matter. Antenna technology is still in its infancy, but this area of wireless technology might enhance WLAN security in the near future.

REFERENCES
[1] [2] [3] Wang Shunman, TaoRan, WangYue, ZhangJi, BeiJing Institute of Technology, BeiJing, P.R. China, 100081, WLAN and Its Security Problems, IEEE, pp.241-244, 2003. Joon S. Park, Derrick Dicoi, Syracuse University, WLAN Security: Current and Future, IEEE Computer Socirty, pp. 6065, September- October 2003. Andreas Steffen, Zrcher Hochschule Winterthur, Secure Network, 200-2002.

_____________________________________________________________________________ WLAN Security: Overview 6 Military College of Signals