A Brief Guide To Wi-Fi Standards and Security
 
Introduction


IEEE 802.11, the Wi-Fi standard, denotes a set of Wireless LAN/WLAN standards developed by working group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802). The term is also used to refer to the original 802.11, which is now sometimes called "802.11legacy." For the application of these standards see Wi-Fi.

The 802.11 family currently includes six over-the-air modulation techniques that all use the same protocol, the most popular (and prolific) techniques are those defined by the b, a, and g amendments to the original standard; security was originally included, and was later enhanced via the 802.11i amendment. Other standards in the family (c–f, h–j, n) are service enhancement and extensions, or corrections to previous specifications. 802.11b was the first widely accepted wireless networking standard, followed (somewhat counterintuitively) by 802.11a and 802.11g.

Standards are made for very specific reasons. Foremost, they ensure that devices can operate with devices made by other manufacturers. Essentially, when a company releases a product before the ratification of the standard, they must infer what the IEEE is going to set. These inferences mean that the product may be incompatible with the final standard. If this does occur, an organization may be locked in to purchasing only identical hardware to that which they own. This would ensure compatibility.

 

802.11b and 802.11g standards use the 2.4 gigahertz (GHz) band, operating under Part 15 of the FCC Rules and Regulations. The 802.11a standard uses the 5 GHz band. Operating in the 2.4 gigahertz frequency band, 802.11b and 802.11g equipment can incur interference from microwave ovens, cordless phones, and other appliances using the same 2.4 GHz band.

 

While it is true that operation of an 802.11a and g devices may be legally operated without a license it is not true that 802.11a and g operate in an unlicensed portion of the radio frequency spectrum. Unlicensed (legal) operation of 802.11 a & g is covered under Part 15 of the FCC Rules and Regulations. Frequencies used by channels one (1) through six (6) (802.11b) fall within the range of the 2.4 gigahertz Amateur Radio band. Licensed amateur radio operators may operate 802.11b devices under Part 97 of the FCC Rules and Regulations.

All of the different 802.11 and NIMO standards have different levels of throughput and security. Before you make a purchase of any wireless technology it's useful to be able to make sense of the various designations and what those designations may mean to you in terms of your use. How can you sort out the mess of WiFi standards? Here's the rundown on what the major standards are, and what you need to know about them.

802.11a This was the first of the IEEE standards for wireless LANs. Like the underlying 802.11 architecture, 802.11a was introduced in 1997 and approved in 1999. This enabled companies such as Linksys, NETGEAR, and others to produce inexpensive, commodity-level wireless networking gear.

802.11a  didn't receive wide adoption because it operates in the 5 Ghz band, which doesn't penetrate through walls and floors very easily (the higher the frequency, the less penetration or distance travelled). Therefore, there were problems with absorption of the signal throughout an office. There are products (wireless access points, routers and cards) built for this standard and they are available today, although at somewhat higher cost than their cousins. There are two significant reasons to take a serious look at 802.11a:

  • Immunity to interference from 2.4 and 5.4 gHz wireless telephones
  • Maximum 54 Mbs speed

If immunity from other wireless 'noise' is crucial to your business operation's wireless LAN, then it will be worth the extra cost to acquire 802.11a gear and the repeaters and range extenders that you may need to cover your intended area of operation.

802.11b This was the first wireless standard to receive wide adoption. Operating at 2.4 Mhz, signals with this standard didn't have the absorption problems of the 802.11a standard, but the slow speed (11 Mbps under optimal conditions) also meant that anyone used to broadband in an office or home setting would see achingly slow speeds. Adoption started picking up, as wireless LANs, chips, etc., started becoming available in the late 1990s and early 2000. Some older equipment still uses 802.11b, though slow speed and signal interference from other 802.11b users and some wireless telephones can be a problem in locations where there are several users in close proximity.

However, the average age of a laptop is less than three years, so much of the 802.11b equipment has been replaced, though the standard remains popular for many home networking applications where speed isn't critical and cost is the paramount factor.

802.11g This is significantly faster than the older 802.11b standard, thus 802.11g is the one found in most locations today. First launched in 2003, it was quickly welcomed by early adopters because it offered the speed (54 Mbps) that enabled better, faster connections, making Internet downloads much more practical than through the 802.11b standard. It's standard on most equipment today.

Due to the proliferation of existing 802.11 b LANs, access points and Wi-Fi cards, most, but not all manufacturers of the equipment meeting the new standard also ensured their products were backwards compatible to the older standard. This meant not only that the products could be used interchangeably, but also that anyone or any company looking to upgrade could do so as necessary without concerns about a "forklift" upgrade. So the LAN could be upgraded immediately, then laptops as necessary.

802.11n, or Pre-N Many organizations use wireless local area networks (WLAN) because of their convenience. The trade-off is convenience of wireless over the speed of wired network connections. Today’s most advanced wireless standard, IEEE 802.11g, operates at roughly half the speed of the most common 100 Mbit/s wired LAN. The Institute of Electrical and Electronics Engineers (IEEE) began to address this speed differential in the middle of 2003. Their vision was IEEE 802.11n, which would provide speeds equal to or greater than 100 Mbit/s LANs. Their work has yet to be completed. The lack of approval has led some to release so-called Pre-N equipment, which seeks to give the benefits of the 802.11n standard without an official standard. Because there is no official standard, implementing these products has future implications to customers.

Under 802.11n, speeds would increase to more than double that of 802.11g at 54mbps. Additionally, pre-N devices promise wider reach, or longer range than 802.11g devices. While this helps make wireless LANs wider reaching, it also raises some security issues. If, by late 2006, ratification looks immanent, consumer electronics stores will be swamped with 802.11n equipment -- pre-N equipment is designed for the "expected" standard -- for the 2006 holiday shopping season.

Cautionary note: The fact that this is currently NOT an established standard means that the Pre-N device you purchase today may not be upgradeable to the finalized 802.11n standard. In short, you may either be stuck with what you have or find yourself re-purchasing your wireless networking infrastructure - that's that "forklift" upgrade plan. If you find yourself in the latter position, then that means that you must also repeat the the entire wireless LAN configuration procedure that you used in your original setup. This last is potentially far more costly than the re-purchase of the newer gear itself. No big deal if it's your home network, but potentially a very big deal indeed if it's your business that's affected.

MIMO (multiple-input multiple-output)

This enables Wi-Fi devices to use multiple channels, enabling faster speeds, much like dual chipsets in a computer.

MIMO algorithms in a radio chipset send information out over two or more antennas. The radio signals reflect off objects, creating multiple paths that in conventional radios cause interference and fading. But MIMO uses these paths to carry more information, which is recombined on the receiving side by the MIMO algorithms

Many wireless-LAN vendors expect that some form of MIMO will be the basis of work just starting in the IEEE 802.11n Task Group, which is creating a specification for WLANs having at least 100M bit/sec throughput. The 3rd Generation Partnership Project, a collaboration of telecom standards groups, also is evaluating MIMO techniques for use in cellular networks.

MIMO doubles the spectral efficiency compared with that of current WLANs. The maximum data rate for 802.11g and 802.11a networks is 54M bit/sec, though actual throughput is closer to 20M to 30M bit/sec. Current MIMO techniques can boost raw WLAN throughput to 108M bit/sec, supporters say. Again, that cautionary note: business users should wait for the standards to settle out and stick with 802.11g. SOHO users should fee lfree toexperiment.

802.16 Like 802.11n, this standard has yet to be finalized. It's the standard WiMAX and competing technologies will use to provide urban-wide wireless coverage. Right now the different wide area network technologies don't work with one another. Once 802.16 is approved, they should - but wait for proof before buying.

WiFi Security

802.11i This is the basic wireless security standard. While 802.11i provides some security, it's cryptographically weak, so most companies require additional security. However, many individuals, despite warnings in computer columns and consumer-oriented technology publications, use this if they use any security at all.

802.1x This is a higher-level security standard than 802.11i and, like it, underlies the other 802.11 standards. This provides high-level authentication and security on the wireless networks, as well as access control. However, there are still some unsettled issues with this standard, so the IEEE has yet to ratify it.

WiFi Encryption Standards

 

WEP, or Wired Equivalent Privacy

From Wikipedia, the free encyclopedia.

 

Wired Equivalent Privacy (WEP) is a scheme to secure wireless networks (WiFi). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping. WEP was intended to provide comparable confidentiality to a traditional wired network, hence the name. Several serious weaknesses were identified by cryptanalysts, and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping.

 

WEP is part of the IEEE 802.11 standard ratified in September 1999. WEP uses the stream cipher RC4 (Rivest Cipher) for confidentiality and the CRC-32 checksum for integrity.

 

Standard 64-bit WEP uses a 40 bit key, to which a 24-bit initialisation vector (IV) is concatenated to form the RC4 traffic key. At the time that the original WEP standard was being drafted, US Government export restrictions on cryptographic technology limited the keysize. Once the restrictions were lifted, all of the major manufacturers eventually implemented an extended 128-bit WEP protocol using a 104-bit key size. A 128-bit WEP key is almost always entered by users as a string of 26 Hexadecimal (Hex) characters (0-9 and A-F). Each character represents 4 bits of the key. 4 * 26 = 104 bits. Adding the 24-bit IV brings us what we call a "128-bit WEP key". A 256-bit WEP system is available from some vendors, and as with the above-mentioned system, 24 bits of that is for the I.V., leaving 232 actual bits for protection. This is typically entered as 58 Hexadecimal characters. (58 * 4 = 232 bits) + 24 I.V. bits = 256 bits of WEP protection.

 

Key size is not the major security limitation in WEP. Cracking a longer key requires interception of more packets, but there are active attacks that stimulate the necessary traffic. There are other weaknesses in WEP, including the possibility of IV collisions and altered packets, that are not helped at all by a longer key. See stream cipher attack.

 

Flaws

Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plaintext, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack.

 

Many WEP systems require a key in hexadecimal format. Some users choose keys that spell words in the limited 0-9, A-F hex character set, for example C0DE C0DE C0DE C0DE. Such keys are often easily guessed.

 

In August 2001, Fluhrer et al. published a cryptanalysis of WEP that exploits the way the RC4 cipher and IV is used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network for a few hours. The attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely-available software.

 

Cam-Winget et al. (2003) surveyed a variety of shortcomings in WEP. They write "Experiments in the field indicate that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target." They also reported two generic weaknesses:

  • the use of WEP was optional, resulting in many installations never even activating it, and

  • WEP did not include a key management protocol, relying instead on a single shared key amongst users.

In 2005, a group from the U.S. Federal Bureau of Investigation gave a demonstration where they cracked a WEP-protected network in 3 minutes using publicly available tools.

 

Remedies

The most widely recommended solution to WEP security problems is to switch to WPA or WPA2. Either is much more secure than WEP. Some old WiFi access points might need to be replaced to do this or have their operating system flash in memory upgraded; however, replacements are relatively inexpensive. Another alternative is to use a tunneling protocol, such as IPsec.

 

WPA, or Wi-Fi Protected Access

From Wikipedia, the free encyclopedia.

 

Wi-Fi Protected Access (WPA and WPA2) are systems to secure wireless (Wi-Fi) networks. They were created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards. Both provide good security, with two significant issues:

  • either WPA or WPA2 must be enabled and chosen in preference to WEP. WEP is usually presented as the first security choice in most installation instructions.

  • in the "Personal" mode, the most likely choice for homes and small offices, a passphrase is required that, for full security, must be longer than the typical 6 to 8 character passwords users are taught to employ.

History

WPA was created by The Wi-Fi Alliance, an industry trade group, which owns the trademark to the Wi-Fi name and certifies devices that carry that name. Certifications for implementations of WPA started in April 2003 and became mandatory in November 2003. The full 802.11i was ratified in June 2004.

 

WPA is designed for use with an 802.1X authentication server, which distributes different keys to each user; however, it can also be used in a less secure "pre-shared key" (PSK) mode, where every user is given the same pass phrase. The WiFi Alliance calls the pre-shared key version WPA-Personal or WPA2-Personal and the 802.1X authentication version WPA-Enterprise or WPA2-Enterprise.

 

Data is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit initialization vector (IV). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used. When combined with the much larger IV, this defeats the well-known key recovery attacks on WEP.

 

In addition to authentication and encryption, WPA also provides vastly improved payload integrity. The cyclic redundancy check (CRC) used in WEP is inherently insecure; it is possible to alter the payload and update the message CRC without knowing the WEP key. A more secure message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity Code") is used in WPA, an algorithm named "Michael". The MIC used in WPA includes a frame counter, which prevents replay attacks being executed; this was another weakness in WEP.

 

WPA was formulated as an intermediate step towards improved 802.11 security for two reasons: first, 802.11i's work lasted far longer than originally anticipated, spanning four years, during a period of ever-increasing worries about wireless security; second, it encompasses as a subset of 802.11i only elements that were backwards compatible with WEP for even the earliest 802.11b adopters. WPA firmware upgrades have been provided for the vast majority of wireless network interface cards ever shipped; 802.11 access points sold before 2003 generally needed to be replaced.

 

By increasing the size of the keys and IVs, reducing the number of packets sent with related keys, and adding a secure message verification system, WPA makes breaking into a Wireless LAN far more difficult. The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards; however it is subject to a packet forgery attack. To limit this risk, WPA networks shut down for 30 seconds whenever an attempted attack is detected.

 

WPA2

WPA2 is the certified form of IEEE 802.11i tested by the Wi-Fi Alliance. WPA2 implements the mandatory elements of 802.11i. In particular, the Michael algorithm is replaced by a message authentication code, CCMP, that is considered fully secure and RC4 is replaced by AES. Official support for WPA2 in Microsoft Windows XP was rolled out on the 1st of May 2005. Driver upgrades for network cards may be required. Apple Computer supports WPA2 on all AirPort Extreme-enabled Macintoshes, the AirPort Extreme Base Station, and the AirPort Express. Firmware upgrades needed are included in AirPort 4.2, released July 14, 2005.

 

Security in pre-shared key mode

Pre-shared key mode (PSK, also known as personal mode) is designed for home and small office networks that cannot afford the cost and complexity of an 802.1X authentication server. Each user must enter a passphrase to access the network. The pass phrase may be from eight to 63 ASCII characters or 64 hexadecimal digits (256 bits). The pass phrase may be stored on the user's computer at their discretion under most operating systems to avoid re-entry. The pass phrase must remain stored in the Wi-Fi access point.

Security is strengthened by employing a PBKDF2 key derivation function. However, the weak pass phrases users typically employ are vulnerable to password cracking attack. Password cracking can be defeated by using a pass phrase of at least 5 Diceware words or 14 completely random letters with WPA and WPA2. For maximum strength, 8 Diceware words or 22 random characters should be employed. Passphrases should be changed at regular intervals, or whenever an individual with access is no longer authorized to use the network or when a device configured to use the network is lost or compromised.

 

Some consumer chip manufacturers have attempted to bypass weak pass phrase choice by adding a method of automatically generating and distributing strong keys through a software or hardware interface that uses an external method of adding a new WiFi adapter or appliance to a network. These methods include pushing a button (Broadcom SecureEasySetup and Buffalo AirStation One-Touch Secure Setup) and entering a short challenge phrase through software (Atheros JumpStart).

 

EAP Types under WPA- and WPA2- Enterprise

The Wi-Fi alliance has announced the inclusion of additional EAP (Extensible Authentication Protocol) types to its certification programs for WPA- and WPA2- Enterprise. This was to ensure that WPA-Enterprise certified products can interoperate with one another. Previously, only EAP-TLS (Transport Layer Security) was certified by the Wi-Fi alliance.

The EAP types now included in the certification program are:

  • EAP-TLS (previously tested)

  • EAP-TTLS/MSCHAPv2

  • PEAPv0/EAP-MSCHAPv2

  • PEAPv1/EAP-GTC

  • EAP-SIM

Other EAP types may be supported by 802.1X clients and servers developed by specific firms. This certification is an attempt for popular EAP types to interoperate; their failure to do so is currently one of the major issues preventing rollout of 802.1X on heterogeneous networks.

 

References

External links

Back to Educate Me

Back to Top

 

  | Sat Services | Networks | Data Security | Products | Solutions |                                                | Educate Me | Home |  
Copyright 2003 - StarLAN Consulting Services