Wireless Security Initiatives




старонка1/8
Дата канвертавання28.04.2016
Памер398.53 Kb.
  1   2   3   4   5   6   7   8

Wireless Security Initiatives

Keith Fleming




Wireless Security Initiatives

The Wireless LAN (WLAN) industry is the fastest growing networking market, only overcome by limitations to secure it. There has been a widespread adoption of wireless networks in the SOHO user market. Wireless LAN technology is recognized, accepted and adopted by many organizations worldwide. Many companies and government entities are realizing the competitive advantage of deploying wireless technology in the workplace. Wireless technologies are continually evolving and providing advancements in speed, bandwidth, and security. However, large enterprises have been reluctant to deploy wireless networks due to perceived limitations in wireless security and the risks it poses to the organization.


Simply, WLAN’s are a disruptive technology that has many challenges with securing its networks. Today, the WLAN industry can be categorized as “overheated”, where technology adoption is being driven by an impatient user base demanding more features, and an all out effort by vendors to address known wireless security vulnerabilities. There is a high priority in the industry, especially with the federal government, to push the technology to a point where the risk of compromise is minimized.
The intent of this paper is to address the security issues surrounding wireless networks in an enterprise environment. This paper will provide a high level overview of all the challenges and components associated with securing a wireless network. The fundamental question plaguing the industry today is if wireless networks can be deployed securely. There is a mindset prevailing that wireless networks are inherently insecure. Can this be actually true, a fact or fabrication? What known security holes limit enterprise deployments of a WLAN and can they be fixed? This paper will shed light on these questions and detail how wireless networks are secured and point out their limitations. Additionally, this paper will explore current and future initiatives to secure wireless networks in a large enterprise environment, and provide a roadmap where wireless security is headed in the future.

WLAN Overview, Standards and Organizations


WLAN technology first dates back to the mid-1980s when the Federal Communications Commission (FCC) made the RF spectrum available to the industry. In 1990, the Institute of Electrical and Electronics Engineers (IEEE) formed a working group (WG) to develop a wireless standard to provide wireless networking technology to be similar to the wired Ethernet (802.3).1 This group focused on developing a general standard for radio equipment and networks working at 2.4 GHz, with access time of 1 and 2 Mbps. In June 1997, the IEEE released the wireless standard describing the operations for WLAN, known as 802.11. The 802.11 specifications is the fundamental standard for WLAN. The new standard defined the following functions and technologies: WLAN architecture, MAC layer services such as association, re-association, authentication and privacy, frame formats, signaling functions, and WEP algorithm.
In September 1999, the IEEE ratified 802.11b that provided the same basic architecture, features and service as 802.11, but improved upon the standard by adding higher data rates (5.5 and 11 Mbps) and more robust connectivity. 2 The 802.11b standard established operations in the unlicensed 2.4 –2.5GHz frequency range using direct sequence spread-spectrum (DSSS) technology.3
In late 2001, 802.11a was ratified that improved the data rate to 54 Mbps, operating at a licensed frequency range of 5 GHz, and using orthogonal frequency division multiplexing (OFDM) technology to reduce interference. 4 This was a dramatic technology shift from 802.11b providing fast data transfers at a higher frequency range that was not susceptible to interference from other devices. However, the 802.11a standard sacrificed decreases in range comparable to 802.11b.
In 2003, the IEEE published 802.11g Amendment 4 that provided a higher data rate extension in the 2.4 GHz unlicensed frequency band up to 54 Mbps (similar to 802.11a). It provided backward compatibility to 802.11b, a major advantage, by still supporting the complimentary code key (CCK) modulation. The 802.11g provided the best of both worlds (802.11a and 802.11b) with higher speeds, and employing OFDM technologies (like 802.11a), but in the 2.4 GHz frequency bands where range was not compromised (like 802.11b).
The above IEEE standards (802.11a, 802.11b, and 802.11g) serve as the major players in the world of wireless networking. However, there are various other standard tasks and WGs involved with promoting the overall functionality of the 802.11 protocol. Two important standards that directly addressed security limitations in the 802.11 protocols were the IEEE 802.11i and 802.1x standards.
The IEEE 802.11i and 802.1x specifications addressed several separate initiatives for improving WLAN security. The IEEE Task Group i (TGi) developed the 802.11i standard, published in 2004, to provide short-term and long-term solutions for wireless security to ensure message confidentiality and integrity. 5 The TGi developed the Temporal Key Integrity Protocol (TKIP) as a short-term solution, known as WiFi Protected Access (WPA), to address problems with WEP and to support legacy systems.6 It is a cipher suite that consists of three protocols: a cryptographic message integrity algorithm, a key mixing algorithm, and an enhancement to the initialization vector (more on this later). The long-term solution defined in 802.11i is the Counter Mode/CBC-MAC Protocol (CCMP) based on the newly released Advanced Encryption Standard (AES). CCMP is a highly robust algorithm solution that is not compatible with older WEP-oriented hardware, as thus will require new hardware and protocol changes. 7 The AES (CCMP) protocol provides WLANs with a stronger encryption (confidentiality) capability, and message integrity than TKIP. Also, it incorporates replay protection. 8 The future of WLAN deployments is moving towards CCMP as the accepted compliance standard.
The 802.1x technology was primary developed to support 802 LANs, and is included in the 802.11i standard to provide MAC layer security enhancements.9 The 802.1x is a port authentication algorithm that provides a framework at the link layer allowing for a variety of authentication algorithms to operate over it. It primarily uses the Extensible Authentication Protocol (EAP) to exchange authentication information. It allows WLAN clients to communicate with an authentication server to validate their credentials, and supports strong mutual authentication and key management. 10
In WLANs, the 802.1X framework consists of three entities: the client (resides on the wireless client), the authenticator (resides on the access point), and the authenticator server or AS (resides on a RADIUS server). The 802.1X protocol is an end-to-end communication authentication process between the client and the AS, with the AP serving as the conduit for the authentication messages. The client and AP communicate by means of the EAP encapsulation over LAN (EAPOL) protocol. The AP and the AS communicate through RADIUS. 11 It should be noted that the 802.1X protocol supports several different authentication protocols in addition to RADIUS such as Diameter, and Kerberos. The 802.1X can be implemented with different EAP types (to be covered later). Figure 1 illustrates the communication paths of the client, AP and AS, and the 802.1X authentication process.

Figure 1 - 802.1x Authentication Process (WPA2)




  1. Client request access with AP.

  2. Authenticator detects client association and enables the client’s port.

  3. Port is forced into an unauthorized state to forward only 802.1x traffic (all other traffic is blocked).

  4. The AP passes request to the RADIUS server.

  5. The AS and client exchange authentication messages for server to verify client’s identity (password). Mutual authentication also possible where client is verifying the AS identity.

  6. The AS instructs the AP via a RADIUS-ACCEPT message to let the client onto the network if the client has satisfied the authentication criteria. If not, an RADIUS-REJECT message is sent to the AP.

  7. Upon receipt of the RADIUS-ACCEPT message, the AP transitions the client port to an authorized state allowing the client onto the network.

Since the ratification of the initial 802.11 standard, the IEEE 802.11 WG has made numerous revisions through various task groups to improve wireless technologies and security. 12 Table I provides a summary of the 802.11 standards. (Note: Standards highlighted in blue will be the main focus of this paper.)


Table I – Summary of 802.11 Standards




Specification

Description

Main Purpose

Interest to Security

Availability

802.11: Wireless LAN Media Access Control (MAC) and Physical Layer Specifications

Original WLAN standard designed for 1 to 2 Mbps wireless transmissions at 2.4 GHz frequency range. Defined the WLAN infrastructure, MAC level services, Frame formats, FHSS and DHSS functions, and WEP algorithm. Operates at the physical and data link layer of the OSI model.

Basic wireless technology standard

Low

Completed in June 1997

802.11a: Wireless LAN MAC and PHY Specifications

A physical layer standard in the 5 GHz frequency band. Second major revision to 802.11 standard that provided significant increases in the transfer rate to a maximum theoretical speed of 54 Mbps per channel, and 8 available channels.

Higher Performance

Low

Approved and ratified by IEEE in 2001

802.11b: Wireless LAN MAC and PHY Specifications

A physical layer standard in the 2.4 GHz unlicensed frequency band. First major revision to 802.11 standard that provided enhancements with a maximum link rate of 11 Mbps per channel, and 3 available radio channels. Provided a major leap forward in speed, ease of use, implementation flexibility, and relative cost.

Performance Enhancements

Low

Approved and ratified by IEEE in September, 1999

802.11d-2001 Amendment 3

A supplementary standard to the MAC layer in 802.11 to add features and restrictions to allow WLANs to operate within the rules of other countries. It will allow APs to communicate information on the permissible radio channels with acceptable power levels for user devices.

Promote Worldwide Use

Low

Published in 2001 as Amendment 3 to 802.11

802.11e: Wireless LAN MAC and PHY Specifications: Amendment 7: MAC Quality of Service (QOS) Enhancements.

A supplementary standard to the MAC layer in 802.11 to support applications that require QOS such as VoIP, and video over 802.11wireless networks.

QOS Enhancements

Low

Active

802.11f: IEEE Trial-Use Recommended Practice for Multi-Vendor Access Point Interoperability via an Inter-Access Point Protocol Across Distribution Systems Supporting IEEE 802.11 Operation

A "recommended practice" standard designed to enhance AP interoperability within multi-vendor WLAN networks. The specification addresses the information that needs to be exchanged between APs, use of RADIUS protocol, and context handling for faster roaming to support interoperability.

Interoperability

Medium

Published in 2003

802.11g: Wireless LAN MAC and PHY Specifications and Amendment 4

Developed a higher data rate extension in the 2.4 GHz unlicensed frequency band up to 54 Mbps (similar to 802.11a). Provided backward capatibility to 802.11b, and supports OFDM, CCK, and PBCC modulations.

Higher Performance with 802.11b Backward Compatibility

Low

Published in 2003 as Amendment 4 to 802.11

802.11h: Wireless LAN MAC and PHY Specifications

A supplementary standard to the MAC layer to satisfy regulatory requirements for operations in the 5 GHz band in Europe. Defines the use of Transmit Power Control (TPC) and Dynamic Frequency Selection (DFS) to comply with European regulations.

European Regulation Compliance

Low

Published in 2003

802.11i: Wireless LAN MAC and PHY Specifications: Amendment 6: MAC Security Enhancements

A supplementary standard to the MAC layer to enhance security and authentication mechanisms. Supports the 802.11 a, b & g standards, and is an alternative to WEP. IEEE 802.1x forms a major part of 802.11i.

Security Improvements

High

Published in 2004

802.11j: Wireless LAN MAC and PHY Specifications: Specification to Enhance Japanese Compliance

An enhancement to 802.11 standard and amendments to operate in the Japanese 4.9 GHz and 5 GHz frequency bands.

Japan Compliance

Low

Published in 2004

802.11K: Wireless LAN MAC and PHY Specifications: Specification for Radio Measurement

Standard to define Radio Resource Management measurement enhancements for external use. Originally designed for internal use only, these enhancements will provide radio and network information to higher layers for management, maintenance, and enhanced data that will provide such services as roaming, and coexistence to external entities.

Radio Resource Management (External Source)

Low

Active

802.11n

Study group formed to investigate a standard for higher throughput (108 - 320 Mbps), and to enable newer applications and market segments.

Higher Performance

Low

Active (High Throughput Study Group (HTSG)

802.11p

An amendment to 802.11 standard to make it suitable for interoperable communications to and between vehicles in the 5 GHz frequency bands.

Improvement in Latencies and Communications Between Transport Environments

Low

Active

802.11r

Provide enhancements to 802.11 MAC layer by improving the Basic Service Set (BSS) transition with Extended Service Set (ESS), and support real-time constraints imposed by latency sensitive applications such as VoIP.

802.11 MAC Enhancements for BSS

Low

Active

802.11s

Develop a protocol between an ESS mesh and a Wireless Distribution System (WDS) to support broadcast/multicast and unicast delivery over self-configuring multi-hop topologies.

802.11 MAC & PHY Enhancements

Low

Active

802.11t

Develop recommended practices to enable measuring and predicting the performance of 802.11 WLAN devices based on a common and accepted set of performance metrics, measurements and methodologies and test conditions.

Improvements to Methodology & Processes to Predict WLAN Performance

Low

Active

802.11u

Amendments to 802.11 MAC and PHY layer to enable Inter-Working with external networks.

802.11 MAC & PHY Enhancements

Low

Active

802.11v

Amendments to 802.11 MAC and PHY layer to support wireless management of attached stations in a centralized or in a distributed fashion, and create an Access Port Management Information Base (AP MIB).

802.11 MAC & PHY Enhancements

Low

Active

802.11w

An amendment standard to 802.11 MAC layer to enhance security of 802.11management frames, including de-authentication and disassociation frames. Goal is to develop a host of security features including data integrity, data confidentiality, data origin authenticity, and replay protection.

Security Enhancements

High

Active (WG formed in 2005)

802.1x: Port-Based Network Access Control

Primary developed to support 802 wired LANs, the 802.1x authentication framework is included in the 802.11i MAC layer security enhancements. The 802.1x standard provides a framework at link layer for extensible authentication allowing a variety of authentication algorithms to operate over it. Establishes a framework for WLAN client to communicate with an authentication server to validate the client credentials. It is only focused on authentication and key management, and does not provide encryption. 802.1x is used in combination with an encryption cipher.

Security Enhancements

High

Published in June, 2001

Besides the IEEE, there are several other organizations that have played a major role in defining the security standards for WLAN. The Internet Engineering Task Force (IETF) has been the primary architect for EAP protocols such as EAP-TLS, Protected EAP (PEAP), and EAP-Fast.13 EAP is a flexible and transport protocol that is used to carry authentication information that can support multiple authentication mechanisms.14 EAP is versatile and may be used on dedicated links, switched circuits, and wired/ wireless networks. Table II provides a summary of the EAP protocols – IETF.
Table II – Summary of the EAP Protocols -IETF




Specification

Description

Main Purpose

Interest to Security

Availability

Extensible Authentication Protocol (EAP)

RFC 2284


EAP is the original 1998 RFC standard (RFC 2284) for authentication exchange. It provides an authentication method for the Point-to-Point (PPP) Protocol at the transport layer. A versatile framework that supports multiple authentication extensions (i.e. EAP-TLS, EAP-MD5, EAP-TTLS, etc.) 15

Authentication Exchange

High




EAP-TLS (Transport Layer Security)

RFC 2716



Based on the TLS protocol, similar to SSL version 3 (Secure Sockets Layer) protocol used for secure WEB traffic. EAP-TLS provides mutual authentication and the capability to dynamically change encryption keys.

Uses digital certificates, and requires an infrastructure to manage (i.e. issue, revoke, and verify) the certificates and keys.



Mutual Authentication &

Key Management



Medium




Protected EAP (PEAP)

PEAP is an EAP extension that is similar to EAP-TLS but adds capabilities needed for the wireless domain. PEAP provides the security framework for mutual authentication between an EAP client and an EAP server, and adds client authentication and key exchange not available from EAP-TLS. PEAP addresses gaps in EAP by securing the initial exchange, add user database extensibility, and support for one-time token authentication and password change or aging. 16

Authentication Enhancements

High

Based on an Internet-Draft from (I-D).17 Still in draft (not yet a standard)

EAP-FAST

EAP-FAST is considered the most comprehensive and secure WLAN scheme. 18 Provides a mutually authenticated (protected) tunnel to EAP, and incorporates deployment flexibility and extensibility by enabling support for most password authentication interfaces.

Authentication Enhancements

High

Based on an (I-D).19 Still a work in progress (not yet a standard)

Cisco Lightweight EAP (LEAP)

LEAP was developed by Cisco to provide security advantages including username/password-based mutual authentication between a wireless client and a RADIUS server, and dynamic key generation and key exchange to enhance confidentiality and encryption. 20

Authentication Enhancements to 802.11

High

Introduced in December 2000 by Cisco.
  1   2   3   4   5   6   7   8


База данных защищена авторским правом ©shkola.of.by 2016
звярнуцца да адміністрацыі

    Галоўная старонка