WLAN Network Security
By Heidi Kriz, Tue Nov 20 00:00:00 GMT 2001

Will security issues continue to plague IEEE 802.11b, the Wi-Fi protocol, or has the working group defining it got things covered?

In the cryptography world, it was the equivalent of a really great party trick.

But when leading cryptography experts from Israel and the United States recently announced they had cracked the security system used in Wireless Local Area Networks (WLANs) in under 15 minutes the wireless industry was hardly amused.

That's because there is a lot of money, and a lot of delicate data, at stake here. Cahners In-Stat Group projects the WLAN market to be worth $4.6 billion dollars by 2005. And the Gartner Group says that half of all US corporations will have integrated wireless networks by the end of this year. Worldwide, WLANs are even being touted as the salvation of the wireless industry the application that will help shelter the industry from the general economic pummeling of most of the technology sectors.

Strengths and weaknesses

WLANs have been around for years, but they are finally beginning to take off in popularity and use. Part of that is because WLAN systems are becoming more and more affordable, with ever widening radius of range.

The way they work is by transferring data through the air through radio frequencies instead of cables. They can reach a radius of 500 feet indoors, and 1000 feet outdoors, but the additional use of other access devices can increase that radius.

But it's the newfangled convenience of WLANs that also make them more vulnerable than wired networks in certain ways. That's because their signals travel through public airspace. According to experts, someone can break into practically any businesses WLANs, with just very simple, laptop-based software.

"The RC4, which is the foundation for WLANs wireless encryption scheme, has some serious weaknesses in its key scheduling algorithm," says Dr. William Whyte, cryptographer and director of R&D for security company NTRU.

Cryptographers Scott Fluhrer of Cisco Systems and Istik Mantin and Adi Shamir of Israel's Weizmann Institute dramatically demonstrated these weaknesses.

The scientists, whose findings were published in a paper called "Weaknesses in Key Scheduling Algorithm of RC4," were able to break into the current Wi-Fi standard (802.11b) security in just fifteen minutes.

This is because the RC4, which is a widely used stream cipher in software applications, can provide unauthorized users or hackers with a few key bits, that they can use to reconstruct the WEP key, enabling them to gain access to a network.

How serious is the problem?

According to a July survey by Jupiter Media Metrix, 49.5 percent of web site managers and CIO's say that their data's sensitivity is "low."

But that was obviously before the terrorist events in the US on September 11. Now industry analysts believe that businesses are sitting up and taking notice in ways they hadn't before.

According to Kattur Nagesh, a colleague of Fluher's at Cisco, the chief areas of concern, when it comes to WLAN security, are privacy, and access control.

Access control means that sensitive data can only be accessed by authorized users. Privacy means that data can only be received and understood by the intended recipient.

With the existing flaws of the 802.11 standards, an "adversary" can penetrate a competitor's network access point. And, because of the flaws in the RC4's algorithm schemes, even encryption under the current scheme will not provide sound security.

Solutions: short-term and long

So what can corporations who've already deployed WLANs do to protect themselves?

Well, not surprisingly, it depends on whom you ask - and what security "solutions" their companies have developed in response to the highlighted weaknesses.

The people at Cisco Systems say they have come up with a security solution that addresses what they believe are the current WEP's most important weaknesses - key management techniques.

"Our Cisco Aironet security enables the WEP encryption key to change frequently, with every user, so the vulnerability to certain attacks is greatly reduced," says Nagesh, who is Product Line Manager of Cisco's Wireless Networking Business.

But other industry experts maintain that is enough. Dr. Whyte, of the Massachusetts-based NTRU is convinced that the current version of WEP is so flawed that it will have to be redesigned from the ground up.

"It's not simply a matter of using longer keys, since investigations demonstrate that the WEP attack scales linearly with the number of bits used," says Whyte.

Whyte is one of a group of experts who believes that wireless security now belongs not solely with the device, but with the end user.

He recommends the use of end-to-end mechanisms, like Virtual Private Networks or VPNs.

"The problem with WEP is that a wireless device 'authenticates' itself with a shared secret. But every machine in that wireless network shares the same secret. So it's possible that any employee could break it," points out Whyte.

So just because the data has been encrypted from the point of the machine, doesn't mean it's safe elsewhere in the network, he says.

As far as encryption goes, Whyte believes that should be in the hands of the end-user and done end-to-end.

Whyte says that VPNs would do the trick.. The way this would work is that it would put the WLAN outside a company's firewall, require devices to IPsec in, which in turn would ensure that each machine is separately authenticated.

Industry groups, like the Wireless Ethernet Compatibility Alliance recommend all of the above; the installation of 802.11 outside the firewall, frequent changing of the encryption key and the use of a VPN.

One company, Finland's NetSeal Technologies, recently announced the release of its Mobile Private Network architecture, which it says secures existing 802.11b networks against unauthorized access - while it allows global IP roaming.

Meanwhile, the IEEE is rushing to improve WLAN security. And that is not the only thing that may plague the widespread adoption of WLANs. If there are too many WLAN users in the same area, then the airwaves they transmit signal over can become crowded, causing signal interference.

Nevertheless, WLANs are sure to rapidly gain in popularity, say industry observers worldwide, in part because WLAN technology can offer date transfer of up to 100 megabits per second, which is much faster than 3G.

"WLANs are the going to be a dominant force in the industry, " says Kurdesh. "It's simply a matter of working out the security issues - and we will."

Heidi Kriz is a San Francisco-based freelance writer whose work has appeared in Wired, Red Herring, and PC Computing.