Tightening the Line on Wi-Fi Security: A Look at WPA2
The security and privacy we have come to trust (primarily through wired networks) has quickly been disappearing, resulting in the requirement for a new form of network connection security. Wireless Ethernet tackled this problem not once, but twice. The second attempt, so far, looks to put an end to security problems “in-the-air” for Wi-Fi.
Known as WPA2, or IEEE 802.11i, this latest security solution for wireless Ethernet is complex and involves numerous technologies and protocols all working in conjunction to create a safe and secure network for everyday use. To better understand all the pieces in play in WPA2, we will take a quick look at Wi-Fi itself, the initial security solution that is now debunked, and then dig into the details behind 802.11i and the protocols in use.
What is Wi-Fi?
Wi-Fi stands for Wireless Fidelity and is a term used when referring to a network that is designed based on IEEE 802.11 specifications. Wi-Fi came into being to advance the Local Area Network (Ethernet LAN) within the wireless domain. Naturally, there are differences when using a wired medium as the physical layer compared to using a wireless medium. This difference generates a number of unique and peculiar aspects out of which we will focus on the need for security protocols, since the inherent security provided by wires is no longer provided. To consolidate efforts, the Wi-Fi market has converged on a single standard, IEEE 802.11.
IEEE 802.11 STD
This standard was initially completed in 1997 and revised in 1999. It targets the frequency band of 2.4GHz and has been extended by additional standards, sometimes referred to as amendments. These are namely the IEEE 802.11 a/b/g/i standards. These standards address performance improvements over the original IEEE 802.11 with the exception of IEEE 802.11i, which addresses security improvements. The features that each of these standards provide is summarized in Table 1.
In addition to the above standards, there are additional amendments that deal with issues such as QoS (IEEE 802.11e), global unlicensed frequency configuration (IEEE 802.11d), Japanese regulatory configuration (IEEE 802.11j), etc. that are outside the scope of this article.
Nodes in a Wi-Fi Network
So far, this document has referred to nodes on the Wi-Fi network as simply Wi-Fi nodes, however, IEEE 802.11 has defined exact terms for them.
Station A station (STA) is a device that has the ability to connect to either one or many other STAs, or to a single IEEE 802.11 Access Point by which it becomes part of a larger network.
Access Point an access point (AP) is a device that allows multiple IEEE 802.11 STAs to connect with it and in the process, provides a communication link between other STAs via the AP and/or connectivity to the LAN.
IEEE 802.11 Security Measures
In IEEE 802.11-based wireless networks, it is impossible to restrict unauthorized access because of the nature of the network. Any IEEE 802.11-compliant STA may hear all traffic within range. To bring the security of wireless Ethernet up to a level implicit in a wired LAN the following security measures were defined:
Two authentication methods: Open System and Shared Key The use of the WEP encryption algorithm for frame encryption 㩔-bit integrity check value (ICV) appended with data and encrypted using WEP algorithm.
Open System Authentication In open system authentication, the STA can freely join and associate with the AP and the AP will not impose restrictions on which STA may join and which may not.
Shared Key Method in the shared key authentication model, the same shared key at both the sender and receiver end is used along with WEP encryption to authenticate the STA requiring association.
WEP WEP is a MAC layer encryption algorithm based on the RC4 cipher. When WEP is activated, the Wi-Fi chipset will encrypt/decrypt the payload of each 802.11 frame during transmission/reception. WEP only encrypts data between 802.11 stations/access points. Once a frame enters the wired part of the network WEP no longer applies.
WEP specifies a 40-bit or 104-bit key for encryption and decryption. Additionally, WEP prepares a key schedule ("seed") by concatenating an identification number to the shared secret key with a random-generated 24-bit initialization vector (IV). The IV lengthens the life of the secret key because the station can change the IV for each frame transmission. The IV is sent as part of the header in an un-encrypted form.
IEEE 802.11 Security Weaknesses
The security mechanism introduced in the original 802.11 Std. did not support the following:
User level authentication Any type of dynamic key management.
The original IEEE 802.11 Std. required static pre-shared keys, which had to be configured manually, and which led to the same key being used for longer periods of time because of the manual effort required to change the key. Using the same key for longer periods of time leads to a security flaw and the possibility to crack the WEP key.
Weaknesses in WEP
Even with the implementation of the IV, there are still weaknesses in WEP.
The choice of RC4 as the underlying encryption algorithm is considered a weakness because RC4 is now considered weak.
A key size of 40 bits is considered too small and makes the cracking process that much easier.
The choice of CRC-32 for use an ICV is not good because CRC-32 is designed for identifying errors due to noise and not hashing.
With the shared key authentication system one exposes the keys to be cracked during STA to AP association.
Taking into consideration the above weaknesses, there are already capable tools on the market and in the open source community that can crack WEP keys in considerably short time.
A Solution to Wi-Fi Security: IEEE 802.11i
The IEEE 802.11i amendment takes care of the above-mentioned flaws by providing stronger encryption, user-level authentication and key management. The security measures introduced in this amendment are:
IEEE 802.1X user level authentication
Stronger data encryption protocols:
1. Temporal Key Integrity Protocol (TKIP)
2. Counter Mode with CBC-MAC Protocol (CCMP)
Dynamic keys via a revised IEEE 802.1X key distribution mechanism to control access to wireless networks.
Other features introduced in the IEEE 802.11i amendment are support for:
Support of pre-shared keys for deriving session keys instead of the revised IEEE 802.1X key distribution mechanism.
IEEE 802.11i introduces the concept of a Robust Secure Network (RSN) in a bid to secure the wireless medium. An RSN introduces numerous security measures in the basic IEEE 802.11i network that ensures no loop-hole remains for a hacker to take advantage of. This means numerous new components, listed below, become a part of the wireless LAN. Together these components work to provide the most comprehensive wireless LAN security solution existing today.
How 802.11i Works
The security processes in Pre-RSN and RSN (IEEE 802.11i enabled) LANs differ greatly. The RSN environment setup consists of multiple phases. Right from start, when the 802.11 association is made between the two peers, to the time when the encryption keys are actually installed, several different components come into play. This section takes a look at these phases.
From a functional standpoint, RSN security establishment can be divided into following phases:
a) 802.11 Association
b) 802.1X Authentication
c) 4-way Pairwise Key Handshake
1. 802.11 Association
This is the first step in the establishment of a secure WiFi connection between a STA and an AP (or another STA). The 802.11 association and authentication occur just as in pre-RSN WLANs.
2. 802.1X Authentication
This is the second phase in the establishment of a secure Wi-Fi connection. Following the first step above, the 802.1X Supplicant entity on the STA and the Authenticator entity on the Access Point take over and initiate the 802.1X authentication process. The following major steps are involved during this authentication:
a) Supplicant sends its identity to the Authenticator.
b) The Authenticator forwards the Supplicant identity to the Authentication Server (AS).
c) The AS verifies that the identity is present in its user database.
d) The Supplicant in response starts the EAP authentication method and sends the first EAP type specific packet over a secure SSL tunnel to the AS.
e) At the completion of EAP authentication, the AS indicates the result of the authentication process in the form of either a Success or a Failure packet.
Even though a Success packet may have been received access still remains closed, since 802.11i does not allow traffic to flow before encryption keys have been generated and installed.
3. 4-way Pairwise Key Handshake and Group Key Handshake
A Pairwise Master Key (PMK) is generated as part of the EAP authentication process. This stage follows right after the Success packet has been received by the Supplicant. Once both the Supplicant and the Authenticator know the PMK, a 4-Way Handshake between the two entities helps establish a trust between them. During this handshake, the two entities exchange information needed to derive the Pairwise Transient Key (PTK). The PTK provides the following:
Confirmation Key used for checking the integrity of the received key packet.
Encryption Key used to encrypt the Key Data field of the key packets.
Temporal Key used for encrypting the data packets exchanged between the Authenticator and the Supplicant.
As part of the 4-Way Handshake, the Authenticator sends a new group encryption key, known as Group Transient Key (GTK), to the Supplicant. The GTK allows the Supplicant to receive broadcast/multicast packets. Successful completion of the 4-Way Handshake results in successful establishment of RSNA. The controlled port is unblocked allowing the normal flow of traffic.
When designing Wi-Fi enabled devices or building a Wi-Fi network, it is important to keep security at the forefront. Casual eavesdropping is far too easy for a data thief to perform. Including products such as Nucleus 802.11i from Mentor Graphics in a wireless design provides the required Wi-Fi security discussed in this article. No matter what your choice in a solution to security is, choose a robust and standards- approved method. Doing so will keep all data and privacy secure in a world without wires.
Uriah Pollock is currently a product manager for Mentor Graphics. Bilal Shahid works in the Networking R&D group of Mentor Graphics Corporation, and Iftikhar Zubair works in Mentor’s Network Protocols group. For additional information contact the company at (251) 208-3400; firstname.lastname@example.org; or www.mentor.com/embedded.Table 1. Features of the IEEE 802.11 a/b/g/i standards.(Figure 1.) Figure 2. 802.11 Data Frame (Shaded region is WEP encrypted). Figure 3. IEEE 802.1X Authentication Phase of WPA2 (802.11i) Secure Network.