Analysis: Key to Wi-Fi security

Conventional wisdom says wireless LAN access to an enterprise adds enormous risk because the broken security model at the heart of Wi-Fi networking allows crackers to break encryption, snoop traffic, insert packets, and associate at will. WLAN access points must be outside the firewall, with VPN connections tunneling through. No exceptions.

Enter the Wi-Fi Alliance, with members that include Microsoft Corp., Intel Corp., Cisco Systems Inc., and Apple Computer Inc. Seeking to quell consumer and enterprise concerns about Wi-Fi security holes, the group has essentially lifted the construction engineer's drawings for the work-in-progress IEEE 802.11i security draft and started to pour and smooth the macadam that leads to the golden city on the hill: full 802.11i completion and ratification. This ad hoc engineering project comes with member approval; the move isn't as radical as it seems.

The alliance's new WPA (Wi-Fi Protected Access) standard uses most of the current 802.11i draft to repair problems in WEP (Wired Equivalent Privacy), the first line of defense for Wi-Fi networks. WEP's goal was to encrypt packets in transit at the data link layer to deter unauthorized network access.

WEP failed in its attempt, however, through several cryptographic flaws that resulted in rapid key reuse. These flaws leave the link layer unprotected by Wi-Fi, and thus banished it outside the firewall where protection is provided at higher network layers by VPN, SSH, or other tunneled encryption methods.

WPA solves the problem by abandoning WEP in favor of 802.11i's vastly improved TKIP (Temporal Key Integrity Protocol). WPA ensures that TKIP keys vary for each packet through key mixing. WPA also increases part of the keyspace and adds encrypted packet integrity to reject inserted packets. Current Wi-Fi puts weak integrity outside the encrypted payload.

WPA includes full support for server-based authentication using the 802.1x protocol and EAP (Extensible Authentication Protocol), both part of the interim 802.11i draft.

Although EAP lacks a built-in encryption method -- it's merely a generic messaging method -- three overlays that embed EAP inside an encrypted tunnel have emerged to solve different parts of the problem.

An early version, EAP-TLS (Transport Layer Security), required a client-side public-key certificate to be preinstalled before the first wireless session. Although this was the method that Microsoft uses for its campuswide WLAN, EAP-TLS is complicated because an enterprise must establish a PKI.

Instead, vendors are focusing on two methods: EAP-TTLS (Tunneled TLS) and PEAP (Protected EAP), both of which build a tunnel within a tunnel. The outer tunnel is entirely anonymous, allowing a second tunneled session to begin inside it, which itself encapsulates EAP or other protocols. This approach avoids client certificates but still allows for them.

Microsoft and Cisco have backed PEAP. Although virtually identical in principle to EAP-TTLS, PEAP handles only EAP and MS-CHAP V2. Microsoft has offered PEAP clients for Windows XP and 2000 for free and plans a full Win32 rollout for Windows 98, NT 4, and Me.

Neither company representatives nor industry observers can explain the necessity for both EAP-TTLS and PEAP, the main difference between the two being the latter's lack of legacy authentication support. It's easy to assume that Microsoft and Cisco's agenda was to push enterprises to upgrade to newer authentication servers, but PEAP could wind up as widely available as EAP-TTLS.

Both EAP-TTLS and PEAP are passing through the IETF (Internet Engineering Task Force) process toward hopeful reconciliation or at least standardization. During this process, two man-in-the-middle attacks have been theorized that must be addressed before the standards can be deployed with absolute security.

One attack relies on supplicants performing authentication in the clear when asked to do so; the other attack lies in a lack of cryptographic binding between network layers, which allows a man-in-the-middle to spoof a network identity without detection.

All current support for 802.1x/EAP, tunneled or not, still relies on WEP as the link encryption method, which means that a VPN is still required for definitive link security until WPA with TKIP starts appearing in access points and clients.

As we survey the road ahead, it's clear that the arrival of WPA and eventually 802.11i will reduce the administrative burden of WLANs, integrating them with existing authentication mechanisms and making the security issue disappear.

- Glenn Fleishman is author of The Wireless Networking Starter Kit. Contact him at

Wi-Fi poised for enterprise integrationThis could be the year that the Wi-Fi industry offers the kind of enterprise-level security that would allow wireless LANs to be fully incorporated into the corporate network. However, that promise rests on a number of moving targets, any one of which could set the industry back at least a year.The Wi-Fi Alliance's decision to take a snapshot of the ongoing work of IEEE 802.11i committee's work on the ultimate standard carries inherent risk.The Alliance promises to begin interoperability testing in February but some vendors say that's not soon enough."There is a huge need now and we have our own keycard algorithm that works well," said Yangmin Shen, director of technical marketing at Symbol Technologies in San Jose, Calif.Symbol is one of many companies anxious to put customers' security fears to rest. And if that takes a proprietary solution, vendors don't need much prodding."Symbol and others will offer proprietary solutions until WPA," Shen said. The trick is for corporate IT managers to be sure there is a path out of the proprietary technology, he warned.Although there is no guarantee that products after February that adhere to the WPA standard will also be compatible with the final 11i security solution -- which isn't expected until the end of 2003 at the earliest -- industry analysts say any differences can be resolved through a software or firmware upgrade. If each access point must be flashed this will be time intensive but relatively simple.If companies are waiting for a higher level of encryption, such as that offered by AES technology, they may want to stay on the fence until 11i is ratified. However, if dynamic WEP key generation, as found in TKIP, is enough, then WPA is the answer, according to Chris Kozup, senior research analyst at Meta Group.Whereas WPA security was at least in part a marketing effort by major industry players, companies may merely be paying lip service."If vendors are looking to drive their own solution as a way to lock vendors into their own hardware, watch for them to drag their feet [in support of WPA]," Krozup said.-- Ephraim Schwartz

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AES EnvironmentalApple ComputerCiscoIEEEIETFIntelInternet Engineering Task ForceMeta GroupMicrosoftSymbol Technologies

Show Comments