Wireless LAN technology is the fastest growing segment of the communication market. According to Gartner Research, worldwide shipment of WLAN units will grow at an annual rate of 42% through 2007. Frost & Sullivan predicted a 125% growth in India in 2003 followed by a compounded annual growth rate of 48.6% until 2009.

While wireless LAN connectivity has transported us to the frontiers of phenomenal productivity, it comes along with the resident Achilles heel — grim security vulnerabilities — the bane of WLAN as we see it today. A plethora of reports have been published describing attacks on 802.11 wireless networks. Malicious attackers are able to passively eavesdrop or analyze traffic; even actively subvert WLAN security by replaying, inserting or modifying messages; masquerading or launching denial-of-service attacks.

802.11 security mechanisms
To protect wireless networks, the 802.11 standard provides three security mechanisms — Service Set Identifier (SSID), Media Access Control (MAC) address filtering, and Wired Equivalent Privacy (WEP). Each Access Point (AP) is programmed with an SSID that corresponds to a specific WLAN. The SSID acts as a simple password that clients must present to access the AP. APs can also be programmed with a list of MAC addresses of clients who are authorized to access the AP. If a client's MAC address is not included in this list, the client is not allowed to associate with the AP.

The WEP security protocol provides encrypted communication between the client and an AP by using the RC4 algorithm. It also provides a shared key authentication mechanism, where a static, manually preset WEP key on both the AP and the clients is used for authentication. The WEP protocol also insures message content integrity through Cyclic Redundancy Code (CRC) checksums.

802.11 security weaknesses
A crucial flaw in WEP is that the encryption/authentication keys remain static. Moreover, 802.11 standard does not provide key management. To update the keys, each machine needs to be manually configured - something that is not feasible in large WLAN settings, and simply impossible in public hot spots. The poor alternative is to leave the keys unchanged, which of course exposes the system to hackers.

Another flaw in WEP is that the size of the initialization vector (IV) used by the RC4 algorithm is only 24-bits, which forces the same IV to be repeated frequently. An attacker can gather transmitted packets to capture the duplicate IVs — from which key streams can be inferred to decipher encrypted packets.

If the first two bytes of enough key streams can be observed, then the RC4 encryption key can be recovered. This exploit is called an FMS attack. Tools like WEPCrack and Airsnort, freely downloadable from the Internet, make this task effortless.

The WEP shared key authentication is poorly designed and WEP offers no protection against replays. An attacker can sniff the information of someone else's valid authentication with which to authenticate himself later.

WEP does not provide any protection against forgery. The WEP CRC-32 checksum function is linear, which allows an attacker to modify the message yet leave the checksum unchanged — making man-in-the-middle and session hijacking attacks successful.

While the 802.11 standard's WEP-based encryption is weak, its authentication is virtually worthless. An attacker can easily circumvent MAC address lists by spoofing his MAC address. Using SSID as a secret password is of little use because the SSID is transmitted in clear text and can be sniffed for subsequent use by attackers. Moreover, unless explicitly turned off, APs broadcast their SSID, which can be received by anyone within range (including war drivers) to access the AP.

Security upgrade for 802.11 standard
To overcome the weaknesses of the 802.11 standard, the IEEE 802.11 Working Group instituted Task Group i (TGi) in 2000 to develop a security upgrade for the 802.11 standard. The security upgrade will be released as a new standard — IEEE 802.11i by the end of 2003. The 802.11i includes two main developments: Wi-Fi Protected Access (WPA) and Robust Security Network (RSN).

Wi-Fi Protected Access
The WPA was developed by the Wi-Fi Alliance in collaboration with the TGi, as an interim software-based security upgrade for 802.11 before 802.11i became available.

The WPA is a subset of draft 802.11i. It overcomes all known weaknesses in WEP by using the 802.11i draft's Temporal Key Integrity Protocol (TKIP) for encryption, 802.1X for authentication, and key hierarchy and management. The WPA replaced WEP as the standard 802.11 WLAN security in March 2003. WPA compliant products started shipping in May 2003.

The TKIP is designed as a wrapper around WEP. It uses the RC4 encryption algorithm, but adds dynamic per-session and per-packet keys, which greatly increases the difficulty of decoding the keys. In TKIP, intruders are not allowed enough time to collect sufficient data to decipher the key thus overcoming a major weakness of WEP. TKIP also adds a message-integrity-check function (called Michael) to prevent packet forgeries, and increases the initialisation vector size to 48-bits with sequencing to prevent replay attacks.

To overcome the weak WEP authentication mechanism, WPA uses the IEEE 802.1X port-based authentication standard along with a RADIUS authentication server to provide centralized access control and encryption key distribution. Where the authentication server is unavailable, WPA uses a pre-shared key resident in the client to be matched with the access point to permit access.

Robust Security Network
While WPA improves WEP security to an acceptable level, RSN takes WLAN security to a higher level. RSN is the future of over-the-air security for 802.11. RSN is the full implementation of 802.11i (also called WPA2).

RSN defines the TKIP encryption for maintaining compatibility with legacy hardware. For future equipment, it defines two new encryption protocols based on the Advanced Encryption Standard (AES) — the 'Counter Mode with Cipher Block Chaining Message Authentication Code Protocol' (CCMP), and the 'Wireless Robust Authenticated protocol' (WRAP).

WRAP was the original encryption protocol for 802.11i based on the Offset Codebook (OCB) mode of AES, but had to be replaced by CCMP when IPR issues cropped up (three different parties have filed for patents on WRAP). WRAP is optional in RSN.

In CCMP, the Counter Mode is the algorithm providing data privacy, while Cipher Block Chaining Message Authentication Code provides data integrity and authentication. CCMP is mandatory for anyone implementing RSN.

RSN uses the IEEE 802.1x port-authentication standard to authenticate wireless devices to the network and to provide the dynamic keys it requires. RSN introduces pre-authentication and roaming, secure pre-shared key mode for ad hoc and home networks, and key hierarchy and key management.

Dawn of a new era
Today, wireless LANs offer flexibility, mobility, scalability, and ease of installation, on a scale that is inconceivable with wired alternatives. Industry pundits are proclaiming wireless connectivity as the biggest thing in computing since the Internet. With ongoing WLAN security initiatives this may well become true, painlessly, and sooner than predicted.