Free Monthly Newsletter...and much more!

5 Star Support - Free Computer Help and Technical Support

 

 .
 
Google

 

Wireless Security

02/28/09

Posted by Dave
5 Star Support Security Specialist

Introduction

Many computer users have a small wireless network at home even if they only have one computer and it is a laptop. Referred to as a WLAN (Wireless Local Area Network) this kind of network offers ease of connectivity as well as portability, allowing you to easily move around and still remain connected. The standard for this was first released in 1999 as 802.11b and for protection, WEP was specified. This standard is still in use today and supported by just about all wireless routers. What many users are unaware of is that WEP is basically broken, and not secure, even though it is still widely used to this day. In this paper I hope to explain wireless and how it should be properly secured for today.

Beginnings

As I already stated, wireless began in 1999 with the 80211.b standard, and the WEP security protocol was specified. WEP stands for Wired Equivalent Privacy and was originally thought to provide a level of security and privacy that is equivalent to what is expected in a wired LAN. In actuality, it provided a level of security that protected against casual eavesdropping. The other problem faced by wireless users is physical security. Although a wired LAN is physically secure by nature of being contained in a building or room, wireless connections have no such restrictions, as the signal is not contained by physical structures.

WEP

Enter WEP. WEP seeks to establish similar protection to that offered by the wired network's physical security measures by encrypting data transmitted over the WLAN. Data encryption protects the vulnerable wireless link between clients and access points; once this measure has been taken, other typical LAN security mechanisms such as password protection, end-to-end encryption, virtual private networks (VPNs), and authentication can be put in place to ensure privacy. Unfortunately, the additional security measures that the original designers of WEP assumed would be put in place were usually not added, especially in home networks, but also in many commercial installations as well.

Lets take a closer look at what WEP actually is. When WEP is active in a wireless LAN, each 802.11 packet is encrypted separately with an RC4 cipher stream generated by a 64-bit RC4 key. This key is composed of a 24-bit initialization vector (IV) and a 40-bit WEP key. The encrypted packet is generated with a bitwise exclusive OR (XOR) of the original packet and the RC4 stream. The IV is chosen by the sender and can be changed periodically so every packet won't be encrypted with the same cipher stream. The IV is sent in the clear with each packet. An additional 4-byte Integrity Check Value (ICV) is computed on the original packet and appended to the end. The ICV (be careful not to confuse this with the IV) is also encrypted with the RC4 cipher stream.

This worked well in the beginning, and many thought the 128-bit encryption it offered would be more than enough to keep you secure, but as already stated, extra security measures were almost universally ignored in wireless installations. By 2003, WEP was basically broken, and it had become an easy target for many hackers. Lets take a look at the inherent weaknesses:

  • Key management and key size - Key management is not specified in the WEP standard; without interoperable key management, keys will tend to be long-lived and of poor quality. Most wireless networks that use WEP have one single WEP key shared between every node on the network. Access points and client stations must be programmed with the same WEP key. Since synchronizing the change of keys is tedious and difficult, keys are seldom changed. Also, the 802.11 standard does not specify any WEP key sizes other than 40 bits. Keep in mind that these keys are also static, meaning that they never change.
     
  • The IV is too small - WEP's IV size of 24 bits provides for 16,777,216 different RC4 cipher streams for a given WEP key, for any key size. Remember that the RC4 cipher stream is XOR-ed with the original packet to give the encrypted packet that is transmitted, and the IV is sent in the clear with each packet. The problem is IV reuse. If the RC4 cipher stream for a given IV is found, an attacker can decrypt subsequent packets that were encrypted with the same IV or can forge packets.
     
  • ICV Algorithm - The WEP ICV is based on CRC-32, an algorithm for detecting noise and common errors in transmission. CRC-32 is an excellent checksum for detecting errors, but an awful choice for a cryptographic hash. Better-designed encryption systems use algorithms such as MD5 or SHA-1 for their ICVs.
     
  • Authentication messages can be easily forged.

Despite the flaws, WEP is better than nothing, and you should enable WEP as a minimum level of security. Many people have taken to the streets to discover wireless LANs in neighborhoods, business areas, and colleges using protocol analyzers, such as AiroPeek and Airmagnet. Most of these people are capable of detecting wireless LANs where WEP is not in use and then use a laptop to gain access to resources located on the associated network.

By activating WEP, however, you significantly minimize this from happening, especially if you have a home or small business network. WEP does a good job of keeping some people out, at least those that are honest. Beware, though, there are many true hackers around who can exploit the weaknesses of WEP and access WEP-enabled networks.

WPA

The solution to the weaknesses inherent in WEP is WPA, a newer protocol that Microsoft was heavily involved in developing. WPA is short for Wi-Fi Protected Access, and is a standard designed to improve upon the earlier WEP standard. This technology is designed to work with exist Wi-Fi products by making use of software or firmware upgrades to existing hardware. It includes two major improvements over WEP:

  • Improved data encryption through the temporal key integrity protocol (TKIP). TKIP scrambles the keys using a hashing algorithm and, by adding an integrity-checking feature, ensures that the keys haven’t been tampered with.
     
  • User authentication, which is generally missing in WEP, through the extensible authentication protocol (EAP). WEP regulates access to a wireless network based on a computer’s hardware-specific MAC address, which isrelatively simple to be sniffed out and stolen. EAP is built on a more secure public-key encryption system to ensure that only authorized network users can access the network.

WPA is designed as an interim improvement that is to be replaced by the new IEE 802.11i standard when completed. In order to make use of WPA, all computers on the network must be running Windows XP Service Pack 1 or greater. It cannot be configured on older versions of XP or Windows.

Specific improvements offered in WPA include the Temporal Key Integrity Protocol, or TKIP. TKIP could be implemented on pre-WPA wireless network interface cards that began shipping as far back as 1999 through firmware upgrades. Because the changes required fewer modifications on the client than on the wireless access point, most pre-2003 APs (Access Point) could not be upgraded to support WPA with TKIP.

In November, 2008, a weakness in TKIP was uncovered by researchers at two German technical universities. The weakness relies on a previously known flaw in WEP that could be exploited only for the TKIP algorithm in WPA. The flaw can only decrypt short packets with mostly known contents, such as ARP messages, and 802.11e, which allows Quality of Service packet prioritization for voice calls and streaming media.

The above weakness has led us to the latest WPA2 certification that indicates compliance with an advanced protocol implementing the full 802.11i standard. WPA2 includes Pre-shared key mode. PSK (also known as Personal mode) is designed for home and small office networks that don't require the complexity of an 802.1X authentication server. Each wireless network device encrypts the network traffic using a 256 bit key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters. Pre-shared key mode is used because shared-key WPA is vulnerable to password cracking attacks if a weak passphrase is used. To protect against a brute force attack, a truly random passphrase of 13 characters (selected from the set of 95 permitted characters) is probably sufficient.

In simple terms, WPA-PSK is extra-strong encryption where encryption keys are automatically changed (called rekeying) and authenticated between devices after a specified period of time, or after a specified number of packets has been transmitted. This is called the rekey interval. WPA-PSK is far superior to WEP and provides stronger protection for the home/SOHO user for two reasons. The process used to generate the encryption key is very rigorous and the rekeying (or key changing) is done very quickly. This stops even the most determined hacker from gathering enough data to break the encryption.

Recently, the Wi-Fi alliance has announced the inclusion of additional EAP (Extensible Authentication Protocol) types to its certification programs for WPA- and WPA2- Enterprise certification programs. This was to ensure that WPA-Enterprise certified products can interoperate with one another. Previously, only EAP-TLS (Transport Layer Security) was certified by the Wi-Fi alliance.
The EAP types now included in the certification program are:

  • EAP-TLS (previously tested)
  • EAP-TTLS/MSCHAPv2
  • PEAPv0/EAP-MSCHAPv2
  • PEAPv1/EAP-GTC
  • EAP-SIM

Most of the newer model Wi-Fi CERTIFIED devices support the security protocols discussed above, out-of-the-box, as compliance with this protocol has been required for a Wi-Fi certification since September 2003.

The protocol certified through Wi-Fi Alliance's WPA program (and to a lesser extent WPA2) was specifically designed to also work with wireless hardware that was produced prior to the introduction of the protocol, which usually had only supported inadequate security through WEP. Many of these devices will support the security protocol after a firmware upgrade. Firmware upgrades are not available for all legacy devices.
What you need to do

Now that we know about WEP, WPA and WPA2, what’s next? You need to verify your Wi-Fi access point capabilities and upgrade the firmware if necessary so that you can configure WPA2, and then set up WPA (or better, WPA2) on your Windows XP computer(s).

There are a number of setup steps involved to employ WPA on your wireless network, but the time spent is well worth it for your security and peace of mind. The setup difficulty and time involved, as well as the specific steps you need to follow, will vary depending on your particular hardware and wireless cards. Plan on a couple of hours anyway. How to do this on a step-by step basis is beyond the scope of this paper, but I can direct you to two excellent sources to guide you through setting it all up.

One source is on about.com in the Wireless/Networking section located here:

http://compnetworking.about.com/cs/winxpnetworking/ht/wpainwindowsxp.htm

There is also an excellent article covering this subject on Microsoft’s XP site written by Barb Bowman located here:

http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx

These articles have been around for a while, but then, so has the technology. Most users just haven’t been aware of it. Do yourself a big favor and update and secure your home wireless network soon. I would recommend that you make it a priority project.

Conclusion

We have covered wireless network security since the beginnings of wireless networks in 1999, to the current status of Wi-Fi in 2009. You now have all the information you need to hopefully understand the technology and the basics that make it work. All that remains is for you to upgrade your wireless network to the current standards and you will be safe and secure.

Until we meet again.

Dave

[Top]
 
 

 
 

   Site Map  | About 5 Star Support  | Links | Comments
    Privacy Policy  | Terms of Use  | Newsletter Archive  | Awards
Usage of this site constitutes acceptance of our Terms of Use
Copyright © 2000-2009  5 Star Support All rights reserved.