If you have been reading about potential vulnerabilities in the new 802.11i security standard lately, stop fretting.
There's nothing inherently vulnerable about 802.11i per se (at least, not that we know of yet), except that the 802.1x authentication framework specified in 802.11i and its precursor, Wi-Fi Protected Access, revolves around the decade-old RADIUS authentication, authorization and accounting (AAA) protocol.
And the RADIUS protocol, which uses a shared secret authentication mechanism, is known to be subject to off-line dictionary attacks when not implemented as recommended by the relevant Internet Engineering Task Force (IETF) Requests for Comments (RFC). According to RADIUS experts, it sounds as though RADIUS has been "casually" implemented by many vendors and enterprises - at least when compared to IETF RFC recommendations.
IETF RFCs state that shared secrets should be as large and unguessable as a well-chosen password, and IP Security (IPSec) should be used to encrypt RADIUS shared secrets, for example. Since these recommendations often aren't followed, many common implementations are vulnerable to dictionary attacks.
"RADIUS has become the weak link in the [wireless] security chain," says Joshua Wright, deputy director of training at the SANS Institute in Bethesda, Md. Wright has co-authored an Internet-Draft, along with two security experts from Aruba Wireless Networks, to be submitted to the IETF. It recommends stronger language in RADIUS-related RFCs for protecting RADIUS communications, since so many security architectures now rely upon the protocol.
Lisa Phifer, vice president at Core Competence, a networking consulting firm, doesn't see the RADIUS issue as a huge deal, but acknowledges: "Increased use of 802.1x [part of 802.11i] has increased the use of RADIUS and, therefore, the threat level associated with this risk. Companies that haven't previously used RADIUS do need to be aware of existing risks and recommended practices."
Wright, however, observes that wireless LANs can exacerbate the RADIUS vulnerability in a couple of ways:
- Because wireless encryption keys are transported within the RADIUS protocol, if the RADIUS conversation between access point (AP) and RADIUS server is cracked by sniffing the LAN segment between the two devices, a hacker can decrypt wireless packets and authentication information, and gain access to both the wireless traffic and the network.
- If encryption/decryption takes place in many distributed APs, as opposed to a centralized device, there are many more potential places where a hacker could potentially crack the conversation.
- If a rogue AP goes undetected, a hacker could sniff, then passively decrypt, any Extensible Authentication Protocol credentials and Layer 2 encryption, then decrypt wireless traffic.
As best practices, Aruba recommends use of IPSec encryption for RADIUS communications, as currently recommended in IETF RFC 3579, and is recommending that the IETF amend the RFC to require it. Aruba also recommends centralized authentication and encryption in the data center (rather than storing shared secrets and keys in distributed access points).
Not surprisingly, Aruba's own WLAN architecture is set up this way. Other WLAN vendors that encrypt/decrypt in a centralized switch include Legra Systems and Symbol Technologies.
Craig Mathias, founder of Farpoint Group, a wireless consultancy, sums up the RADIUS/wireless issue:
"I think this is an example of a well-known class of security vulnerabilities, involving poor choices in keys (too short, alphanumeric, etc.) The right keys are long and binary, making a dictionary attack impossible. Note also this isn't really a wireless issue, but, since RADIUS is a network AAA system, it is often used on wireless LAN systems even where no authentication is used on the wired side. Thus the issue may be more obvious on wireless networks, especially since the sniffing required is very easy in that case."