The widespread deployment of wireless networks using the 802.11(b) standard across the country presents a rebirth of age-old network security problems along with a number of new ones. The wireless network, much like a shared network using broadcast devices such as network hubs, travels across a shared medium. Because of the structure any member of the wireless network can observe and intercept data being sent or received by other members. Unlike 'wired' networks there is no means to isolate traffic from other network members. The second security issue for wireless networks is the transmission of data 'clear text' so that if it is intercepted it can be read and used. Wireless networks bring about another problem that compounds the first two concerns that all shared networks must deal with, that is, anyone within the transmission range of the wireless network can join. No longer must a person enter a building to infiltrate a business network, they need only park across the street. The first implementation of network security for wireless was the WEP (Wired Equivalent Privacy) protocol. WEP attempts to make a wireless network at least as secure as a switched 'wired' network. The WEP protocol intends to secure the traffic integrity with the use of a RC4 cipher and a CSC-32 checksum. In the passphrase used for the RC4 encryption is also used as a form of access control. There are several critical faults in the WEP implementation that allow both passive data acquisition and active data modification. At 11 Mbit, capturing approximately 5 hours of clear text data can guarantee the capture of two packets with the same initialization vector (IV). Once the packets are used to get the clear text packet, that information can be used to decrypt any packets with the same IV. Since the IV's are only 24 bits the decryption of entire network becomes only an exercise in patience, with a 24 hours of continuous monitoring the WEP encryption can be defeated completely and a simple approximately 15 Gigabyte table of IV values can be used to encrypt any packet. On a network only partially infiltrated, bit-wise manipulated packets can spoof their validity using the linear nature of the CSC checksum. Any combination of passive and active attacks can be used to modify commands as they are being sent or login information can be taken for use on another network to access personal accounts. WEP also has a critical flaw outside of the sophisticated attacks that can be used to subvert its security. WEP uses a shared key known by both the client machines and the base stations. For this reason the key can be lost through human security problems. This includes the loss of equipment to theft, employee turnover and general mishandling of key information. In order to implement secure wireless networks it has become clear that a new scheme must be developed which can address the 3 security concerns mentioned earlier and at the same time function on existing hardware and software.
|