Beruflich Dokumente
Kultur Dokumente
i
Introduction
Nowadays, wireless network has been widely used throughout various different sectors
as the result of the system’s cost-of-ownership that is greatly reduced, installation process that
is easy and simple as well as its flexibility, portability and scalability. Not to mention that in
today’s world, Wi- Fi network can practically be easily accessed through cameras, game
consoles, laptops, mobile phones and of course many other consumer electronic gadgets. This
has since brought a great impact on our daily lives since Wireless Local Area Network
technology or better known as WLAN in short has changed the ways of communication and
information sharing (Dhiman, 2014). The situation that acted as the key factor for this is
basically the elimination of the barriers for such activities which includes the distance and
location involved in the process. As the result, wireless networking usage has been growing
rapidly as more and more users extended their typical wired local area networks (LAN) to
include WLAN.
It is undeniable such situation had led WLANs to go through rapid changes in recent
years. These changes were mainly performed for the purpose of further improving and
strengthening the security architecture of WLAN. One of the views on these changes covered
the incorporation of current WLANs under the already existing umbrellas of virtual private
network or VPN in short. This however is to be viewed as a mere alternative access method,
thus, conserving the existing infrastructure of the VPN. In addition to this, another view on the
changes for WLANs involved the security of the airwaves to be addressed. This is in
conjunction to the fact that the security of the airwaves had been proven to be extremely
vulnerable. As the matter of fact, the security standardisation has been evolving in accordance
to the work of the IEEE in evolving from WEP to WPA. This development had since presented
a new key management and integrity mechanisms through to IEEE 802.11i or better known as
WAP2. This development of WAP2 maintained WPA’s management and integrity
mechanisms while simultaneously introduced advanced encryption standard or AES and
moved most of the functionality in regard to security to the hardware (Mathews & Hunt, 2007).
In conjunction to this, the development and evolution of security architecture of WLAN will
further be discussed and explained in this current study.
1
the three, MAC address filtering was not considered as part of the standard of 802.11 and was
only included due to its wide deployment. The implementation of this access control method
actually comprised of the access points’ configuration for the purpose of allowing authorised
MAC addresses only to enter the network since every network interface will possess a unique
MAC address at layer two (Arbaugh, et al., 2001). SSID on the other hand that acts as an
identifier for a specific WLAN refers to a service set’s network name in the form of 32-byte or
lesser (Yasir & Yang., 2004). Further explanation on the SSID will be provided on the later
part of this study. As for the WEP, it was a security standard established under the ratification
of 802.11 protocol. This stand of security for WLAN has the purpose of offering the same
amount of privacy in the wireless network just as being provided in a wired network. This
standard for WLAN security, consists of three main areas of interest, namely the authentication,
encryption and data integrity (Mathews & Hunt, 2007).
Second Stage: Wi-Fi Protected Access (WPA)
The security structure of Wi-Fi Protected Access or WPA that consists of the Temporal
Key Integrity Protocol (TKIP) was introduced by IEEE 802.11 Task Group I (TGi) in the
second stage of the development for WLAN in order to correct the flaws that existed in WEP.
This evolution of the security structure for WLAN has resulted in two possible modes that
WPA can operate, which is through the use of Pre-shared Key or also known as PSK as well
as Enterprise (UBM, 2004). Between these two modes, WPA-PSK is considered to be less
secure since it offers a shared secret compared to the Enterprise but it is much easier to be
installed. In this stage of development for WLAN security architecture, the TKIP mentioned
earlier acts as the patch for the WEP from the previous development in order to allow the
protocol to run of the latest hardware by wrapping the WEP protocol with three new elements.
These are a message integrity code or MIC in short named Michael, a per packet mixing
function as well as a packet sequencing procedure (Mathews & Hunt, 2007). Michael is
basically the algorithm checks used in ensuring the integrity of the data as well as checking for
forgeries. Packet sequencing on the other hand is used to avoid replay attacks. The procedure
requires TKIP to use 48-bit sequence number that will change with the replacement of a MIC
key. As for per packet key mixing, the function involves mixing the key, the MAC address of
the transmitter and packet sequence number to produce a new WEP key (Cam-Winget, et al.,
2003). Subsequent to this stage of WLAN’s evolution, the initialisation vector is no longer
concatenated with the key as in the previous stage.
Third Stage: IEEE 802.11i (WPA2)
Subsequent to the above-mentioned stages, WLAN has undergone another stage of
development in 2004 where the ratification of IEEE 802.11i standard has took place. This
ratified standard of IEEE 802.11 is also referred to by the name of Wi-Fi Alliance or WPA2.
The result of this development has led to the implementation of 128-bit Advanced Encryption
Standard block cipher or AES in short for the purpose of encrypting and authenticating under
this newly developed 802.11i standard. Not to mention that this evolution of 802.11 protocol
can actually use application layer authentication. Prior to the authorisation process in 802.11i,
the requests shall be made by utilising uncontrolled ports. Clients that has been authenticated
will then be granted with the access on the controlled ports to the resources of the network. In
addition to the fact that 802.11i standard actually offered a network infrastructure that is secure
for the users, it also is considered to be flexible in terms of leaving the actual choice of
authentication to the enterprise. Despite this, any authentication scheme that was selected by
the enterprise will need to be capable of operating with 802.1x (Mathews & Hunt, 2007).
IEEE 802.1x is basically an IEEE standard that was introduced in the second stage of
802.11 evolution to be used in both wired and wireless networks for the purpose of offering a
means to authenticate clients onto a network (Liu & Yu, 2008). As the point-to-point protocol
evolved from purely being used for dial-up Internet access, the demands for a variety of more
secure authentication systems had continuously increased as time flies. As the solution to this
surge in demands for more secure authentication systems, a protocol known as the Extensible
Authentication Protocol or EAP in short has been developed (Mathews & Hunt, 2007). This
development holds the purpose of forming a framework within point-to-point protocol upon
which other methods of authentication could possibly operate. The authentication process as
standardised by EAP allows remote servers to be able of passing the methods of authentication
onto the authenticating servers such as RADIUS or DIAMETER with no deciphering processes
involved for each protocol. This authentication procedure is then adopted for LANs usage
through the utilisation of Ethernet instead of point-to-point protocol. In conjunction to this, a
protocol called EAP Encapsulation over LANs or EAPOL has been developed and defined
within the IEEE standard of 802.1x (Mendez, et al., n.d.). Due to this, IEEE 802.1x standard
permits the authenticator to not have to have huge processing and memory capabilities
especially since most of them will be performed at the authenticating server and client ends.
Conclusion
Conclusively, a deduction can be made on the fact that an organisation will have to
comprehend the significance of current security threats posed on the wireless networks. In
addition to this, it is also important for the organisation to understand the needs for the
implementation of strong protection against the potential attacks on the wireless network that
a corporate WLAN might be faced. The development of several new security standards such
as 802.11i, WPA and WPA2 helps to offer varying degrees of protection. Due to this,
organisations will have to understand each of the standards and decides on which is considered
to be the most feasible for them.
References
Al Naamany, A. M., Shidhani, A. & Bourdoucen, H., 2006. IEEE 802.11 wireless LAN
security overview. International Journal of Computer Science and Network Security, 6(5B),
pp. 138-186.
Arbaugh, W. A., Shankar, N. & Wan, Y. J., 2001. Your 802.11 Wireless Network has No
Clothes. pp. 1-13.
Berghel, H. & Uecker, J., 2004. Wireless infidelity II: airjacking. Communications of the ACM,
47(12), pp. 15-20.
Borisov, N., Goldberg, I. & Wagner, D., 2001. Intercepting Mobile Communications: The
Insecurity of 802.11. Rome, ACM SIGMOBILE.
Borisov, N., Goldberg, I. & Wagner, D., 2001. Security of the WEP Algorithm. [Online]
Available at: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html.
Cam-Winget, N., Housley, R., Wagner, D. & Walker, J., 2003. Security flaws in 802.11 data
link protocols. Communications of hte ACM, 46(5), pp. 35-39.
Choi, Y. B., Muller, J., Kopek, C. V. & Makarsky, J. M., 2006. Corporate wireless LAN
security: threats and an effective security assessment framework for wireless information
assurance. International Journal of Mobile Communications, 4(3), pp. 266-290.
Dhiman, D., 2014. WLAN Security Issues and Solutions. IOSR Journal of Computer
Engineering, 16(1), pp. 67-75.
Feng, P., 2012. Wireless LAN security issues and solutions. s.l., s.n.
Fluhrer, S., Mantin, I. & Shamir, A., 2001. Weakness in the Key Scheduling Algorithm of RC4.
Selected Areas of Cryptography, Volume 2259, pp. 1-24.
Hamid, R. A., 2003. Wireless LAN: Security Issues and Solutions, s.l.: SANS Institute.
Housley, R. & Arbaugh, W., 2003. Security problems in 802.11-based networks.
Communication of the ACM, 46(5), pp. 31-34.
Liu, C. & Yu, J., 2008. Rogue access point based dos attacks against 802.11 WLAN. s.l., s.n.
Mathews, M. & Hunt, R., 2007. Evolution of Wireless LAN Security Architecture to IEEE
802.11i (WPA2). Phuket, ACTA Press Anaheim, pp. 292-297.
Mendez, G. A., Silva, L. C. D. & Punchihewa, A., n.d. Review of Present IEEE 802.11 “Wi-
Fi” Security Issues and of Other Possible Vulnerabilities, New Zealand: Institute of
Information Sciences & Technology.
Stubblefield, A., Ioannidis, J. & Rubin, A., 2004. A key recovery attack on the 802.11b wired
equivalent privacy protocol. ACM Transactions on Information and System Security (TISSEC),
7(2).
UBM, 2004. Examining 802.11i and WPA. [Online]
Available at: https://www.networkcomputing.com/wireless/examining-80211i-and-
wpa/1094618365/page/0/6
Woody, A., 2013. Enterprise Security: A Data-Centric Approach to Securing the Enterprise.
Birmingham: Packt Publishing Ltd.
Yasir, Z. & Yang., T., 2004. Wireless LAN security and laboratory designs. Journal of
Computing Sciences in Colleges, 19(3), pp. 44-60.
Ye, P. & Yue, G., 2010. Security Research on WEP of WLAN. Jinggangshan, s.n.
Appendix A: Feature Comparison of Security Protocol
Table 1: Feature comparison of WLAN's security protocol (Mathews & Hunt, 2007).
Security
Method WPA2 (802.11i) WPA WEP
Property
Enforce IV Enforce IV
Replay Detection None
sequencing sequencing