IEEE 802.11 Security Standard
The Institute of Electrical and Electronics Engineers 802.11 standard is the most widely accepted and deployed wireless LAN technology today.
The 802.11 standard defines two mechanisms for providing security to the wireless LANs that comply with this standard: service set identifiers (SSIDs), which are used for access control to an AP, and Wired Equivalent Privacy (WEP) protocol intended to provide data security and for over−the−air transmission.
Service Set Identifiers (SSID)
Each AP on a wireless LAN based on the IEEE 802.11 standard is identified with an identifier or name called an SSID. An SSID is a unique identifier of up to 32 characters that is attached to the data sent over a wireless LAN and acts as a password when a wireless LAN device tries to connect to an AP.
The implementation of SSID varies among the manufacturers of the 802.11 devices. Some devices allow only one identifier, while others may allow up to four or more SSIDs.
The SSID can be used to differentiate one wireless LAN from another, so all access points and all devices attempting to connect to a specific wireless LAN must use the same SSID. A device will not be permitted to join the wireless LAN unless it can provide the unique SSID that is used by the AP.
SSID is contained in the radio beacon messages (periodic radio signals) that all APs send out at regular intervals over the air to announce their presence. These beacons are sent in cleartext; since an SSID can be sniffed in plain text from beacon data, it does not supply any security to the network.
Wired Equivalent Privacy (WEP)
Protocol Because wireless is a shared medium, everything that is transmitted or received over a wireless network can be intercepted.
To protect the integrity of the data, ensure the privacy and authentication of over−the−air transmission between wireless LAN APs and the wireless LAN adapters, the IEEE 802.11 standard stipulates an optional encryption protocol called Wired Equivalent Privacy (WEP).
The goal of adding these security features is to make wireless traffic as secure as wired traffic. The IEEE 802.11 standard provides a mechanism to provide security by encrypting the traffic and authenticating wireless LAN adapters. WEP is the most criticized topic among the wireless LAN critics.
Although WEP is optional, support for WEP with 40−bit encryption keys is a requirement for wireless fidelity (Wi−Fi) certification by the Wireless Ethernet Compatibility Alliance (WECA), an organization set up by wireless LAN equipment manufacturers to ensure interoperability of their products and issue Wi−Fi certificates to all interoperable devices, so WECA members invariably support WEP.
It is important to understand the features and vulnerabilities of WEP to decide whether 802.11−standard security is enough or additional security might be desired for a given deployment.
WEP Implementation Details
WEP is implemented at the data−link layer of all Wi−Fi−compliant devices to provide an equivalent level of privacy as is ordinarily present with a wired LAN.
The WEP protocol provides both privacy and authentication services and consists of an encryption algorithm, a shared−secret key, and an initialization vector. The protocol components and services are described next.
- Ron's Code 4 (RC4) : The WEP Encryption Algorithm
WEP uses the Ron's Code 4 (RC4) stream cipher as its encryption algorithm that was invented by Ron Rivest of RSA Security, Inc.
The RC4 encryption algorithm is a symmetric cipher (an encryption algorithm that uses the same key for both encryption and decryption) that supports a variable−length key. Research has shown that the strength of an encryption technology often depends on its key length.
The performance of encryption technology in the WEP protocol was compromised to a lower size key due to the United States export control regulations that did not allow any encryption technology over 40 bits (5 characters long) to be exported outside the United States.
To avoid conflicting with United States export controls that were in effect at the time the standard was developed, 40−bit encryption keys were required by IEEE 802.11, though many vendors now support the optional 128−bit (64 characters long) standard.
- WEP Shared Key: The WEP Encryption and Authentication Key
RC4 requires the use of a shared symmetric key. The IEEE 802.11 standard provides two schemes for defining the WEP keys to be used on a wireless LAN.
With the first scheme, a set of as many as four default keys are shared by all wireless LAN adapters and APs in a wireless subsystem. When a client obtains the default keys, that client can communicate securely with all other stations in the subsystem.
The problem with default keys is that when they become widely distributed, they are more likely to be compromised. In the second scheme, each client establishes a "key mapping" relationship with another station.
This is a more secure form of operation because fewer stations have the keys, but distributing such unicast keys (keys that are used by only two systems) becomes more difficult as the number of stations increases.
- Initialization Vector (IV)
An initialization vector (IV) refers to a set of characters that are randomly generated and are used with shared keys to create the true encryption keys. The shared key remains constant while the IV changes periodically.
The IV extends the useful lifetime of the secret key and provides the self−synchronous property of the algorithm. Each new IV results in a new key sequence, thus there is a one−to−one correspondence between the IV and the output.
The IV may change as frequently as every message, and since it travels with the message, the receiver will always be able to decrypt any message. Therefore the data of higher layer protocols (for example, IP) are usually highly predictable.
An eavesdropper can readily determine portions of the key sequence generated by the (Key, IV) pair. If the same pair is used for successive messages, this effect may reduce the degree of privacy. Changing the IV after each message is a simple method of preserving the effectiveness of WEP.
The WEP Protocol Operation
The WEP algorithm provides both authentication and encryption to 802.11 LAN devices. WEP uses a shared key, and the same key is used to encrypt and decrypt the data.
In other words, WEP uses a string of up to eight characters and the same shared key is used by the AP and the wireless LAN adapters. The WEP encryption algorithm works as shown in the steps that follow.
WEP Encryption Procedure for Data Security and Privacy
- Generate the encryption key generation from the shared key.
The 40−bit shared key is concatenated with a 24−bit long initialization vector (IV), which is a randomly generated data, resulting in a 64−bit total key size. The resulting key is fed into the RC4 algorithm to create the actual encryption key.
- Encrypt the data using encryption key.
A 32−bit cyclic−redundancy−check (CRC32) operation, an integrity algorithm used to protect against unauthorized data modification (a method used for the detection of errors when data is being transmitted. A CRC is a numeric value computed from the bits in the message to be transmitted.
The computed value is appended to the tail of the message prior to transmission, and the receiver then detects the presence of errors in the received message by recomputing a new CRC and compares it with the CRC that is sent with the data), is performed on the data by feeding the data to be encrypted into the CRC algorithm, which results in 4 bytes.
The resulting 4 CRC bytes are concatenated to the original message. The resulting sequence is then encrypted using the encryption key generated in Step 1 by performing a mathematical operation called the bit−wise exclusive−or (XOR).
Exclusive−or is a mathematical operation that compares the 2 bits at each bit position in two given values, for example value A and value B. If the bit at the specified position is 1 in either value A or value B, but not in both, then that bit will be set to 1 in the result.
XOR is often used in symmetric cryptographic algorithms, where data to be encrypted is XORed with an encryption key for encryption; and to recover the original data, encrypted data is XORed with the encryption key.
The result is an encrypted message equal in length to the number of data bytes (original data) plus 4 bytes. The final message, the encrypted message, is sent to the peer (that is, from AP to adapter or adapter to AP) with the IV pre−pended to the encrypted message.
- Decrypt data and authenticate the message.
The encrypted message−receiving entity, whether AP or adapter, performs the reverse steps to recover the original data and authenticate that the message was sent by someone with whom the recipient has a shared key.
In decryption, the IV from the incoming message along with the shared key (remember we are using a shared key and both peers are using identical shared keys) is used to generate the encryption key (as in Step 1), which is then used to decrypt the incoming message by XORing the encrypted message with the encryption key.
- Authenticate the received message.
Performing the integrity check algorithm on the recovered plaintext and comparing the output CRC32 algorithm with the last 32 bits of the transmitted data verifies the decryption and authentication.
If the calculated CRC is not equal to the CRC value received in the message, the received message is in error, and an error indication is sent to the media access control (MAC) management and back to the sending station. Mobile units with erroneous messages (due to inability to decrypt) are not authenticated.
CRC−Value = CRC32(Decrypted−Message)
The same shared key used to encrypt/decrypt the data frames is also used to authenticate the station. It is considered a security risk to have both the encryption keys and authentication keys be the same.
There is also a method where users and APs can utilize WEP alone without shared−key authentication, essentially using WEP as an encryption engine only.
This is done in open system mode. This is considered to be the most protected implementation in 802.11 thus far and still enables reasonable authentication.
802.11 WEP Authentication
WEP provides two authentication modes:
Open−System Authentication
The open−system authentication is also known as null authentication because a wireless LAN adapter can associate with any access point and listen to all the data that is sent in plaintext.
This is usually implemented where ease of use is the main issue, and the network administrator does not want to deal with security at all. This is the default authentication service that does not have authentication.
Shared−Key Authentication
This involves a shared secret key to authenticate the wireless LAN adapter to the AP. The shared−key authentication approach provides a better degree of authentication than the open system approach.
For a station to utilize shared−key authentication, it must implement WEP Encryption Protocol, as discussed earlier. The 802.11 standard does not specify how to distribute the keys to each station, however.
The process is as follows:
- A requesting wireless LAN adapter sends an authentication frame (a frame is a data of fixed length) to an AP it wants to authenticate.
- When the AP receives an initial authentication frame, the AP will reply with an authentication frame containing 128 bytes of random challenge text generated by the WEP engine in standard form.
- The requesting wireless LAN adapter will then copy the challenge text into an authentication frame, encrypt it with a shared key, and send the frame to the responding station.
- The receiving AP will decrypt the value of the challenge text using the same shared key and compare it to the challenge text sent earlier.
- If a match occurs, the responding wireless LAN adapter will reply with an authentication indicating a successful authentication. If not, the responding AP will send a negative authentication.