Corporate wireless LAN security 3.5 Loss of network ability Loss of network ability goes along the same line as dos attacks, since loss of network is usually a result of a Dos attack like jamming, Jamming occurs when an attacker creates a signal that blocks the wireless signals, causing the entire network to be jammed -no information can go in or come out and users are unable to communicate on the network A user can inadvertently cause a jam by downloading a large file, thus causing everyone else on the network to be without access. Table I shows a summary of the types of attacks and risks in corporate WLANS. Table 1 Summary of types of attacks and risks in corporate wireless LAN Passive attacks Access to wlan. but no modification to content Eavesdropping - attacker monitors transmissions for message content Traffic analysis or monitoring -intruder monitors the transmissions for The risk of passive attacks Loss of confidentiality -attacker listens to transmissions and ompromises private information Active attacks Makes ch lasquerading-attacker impersonates an authorised user and gains Message modification- attacker modifies a message by deleting, adding changing or reordering the message A Denial-of-Service(DoS)-attacker prevents or prohibits use of ng -attacker creates a signal that blocks the wireless signals and auses the entire network to be jammed with no information going in or coming out Loss of integrity -attacker modifies data to the point where data Loss of network ability -network is no longer available to users 4 Wireless LAN security standards and methods Security remains one of the biggest challenges in wireless enterprise. Many ncidents(such as 250,000 devices in airports, most of which carried sensitive rporate data without even password protection), perceived and real wireless infrastructure attacks, and the lack of strong security in wireless technologies could adversely affect the wireless enterprise. (Varshney et al., 2004)
Corporate wireless LAN security 271 3.5 Loss of network ability Loss of network ability goes along the same line as DoS attacks, since loss of network is usually a result of a DoS attack like ‘jamming’. Jamming occurs when an attacker creates a signal that blocks the wireless signals, causing the entire network to be jammed – no information can go in or come out and users are unable to communicate on the network. A user can inadvertently cause a jam by downloading a large file, thus causing everyone else on the network to be without access. Table 1 shows a summary of the types of attacks and risks in corporate WLANs. Table 1 Summary of types of attacks and risks in corporate wireless LAN Attack type Description Passive attacks Access to WLAN, but no modification to content Eavesdropping – attacker monitors transmissions for message content Traffic analysis or monitoring – intruder monitors the transmissions for patterns of communication The risk of passive attacks Loss of confidentiality – attacker listens to transmissions and compromises private information Active attacks Makes changes and alters information to a message or file Masquerading – attacker impersonates an authorised user and gains access to the network Message modification – attacker modifies a message by deleting, adding, changing or reordering the message A Denial-of-Service (DoS) – attacker prevents or prohibits use of the network Jamming – attacker creates a signal that blocks the wireless signals and causes the entire network to be jammed with no information going in or coming out The risks of active attacks Loss of integrity – attacker modifies data to the point where data integrity is lost Loss of network ability – network is no longer available to users because of attacks 4 Wireless LAN security standards and methods “Security remains one of the biggest challenges in wireless enterprise. Many incidents (such as 250,000 devices in airports, most of which carried sensitive corporate data without even password protection), perceived and real wireless infrastructure attacks, and the lack of strong security in wireless technologies could adversely affect the wireless enterprise.” (Varshney et al., 2004)
72 Y.B. Choi, J. Muller, C.V. Kopek and J.M. Makarsky Currently, there are several security standards that are being used in wireless networks to help combat this security problem. These standards include: 802.11b, 802.1li, Wi-Fi Protected Access(WPA)and Virtual Private Network(VPN). Each of these standard has different levels and methods of protection, and this section describes the features of each 4.1802.llb Security threats and attacks have compromised WLANs for the past several years However, new emerging technologies allow WLANs to be secure and protected from most attacks. One recent step toward reducing WLAN attacks and threats is the security added to the 802. 1lb standard. The 802 1 lb uses the Wired Equivalent Privacy (WEP) protocol. WEP was designed to ensure both encryption and ease of use among wireless users.WEP encrypts the network packet with an encryption key. The encrypted packet is then sent to its destination and the destination must decrypt the packet to retrieve its contents. In theory, this sounds like a perfect way to encrypt packets and keep hackers from seeing the data, because no person or device knows the encryption key except the source and the destination. However, there is one inherent flaw in WEP that compromises its real security to any true hacker. With each packet, the WEp protocol sends a portion of the key in plain text, which hackers can use with a software to steal the encryption key and see the contents of the packets. The best and only way to ensure protection using the WEP protocol is to frequently change the key so that hackers cannot collect data on packets long enough to crack the key. Since WEP has widely known weaknesses, most major companies and firms have not implemented or have even abandoned the 802.11b wireless LAN. Another major problem with the 802.11b standard is that the WEF protection can be turned off. Most firms and companies know about WEP and they make sure they have it turned on. However, many home users are not educated enough to realise its benefits, leaving the WEP turned off. Since WEP is not even used by most home users, and firms have abandoned it for its lack of security features, the 802. 11b wireless security is a failure. Nonetheless, even though security in the 802 1 1b protocol is basically a failed method, it has started a wireless security revolution and has helped advance more current and future security methods. Table 2 describes a time line of the 802.1lb WEP security standard. Table 2 802. 11b WEP security timeline Event Ist half. 2000 802.11b and WEP introduced 2nd half. 2000 No one turns on WEP protection for their wireless network Ist quarter, 2001 WEP flaws are discovered More wep flaws are discovered 3rd quarter, 2001 Terrorist attacks cause fear Ist quarter, 2002 Mainstream press decides to brand WLAN security as a hot story
272 Y.B. Choi, J. Muller, C.V. Kopek and J.M. Makarsky Currently, there are several security standards that are being used in wireless networks to help combat this security problem. These standards include: 802.11b, 802.11i, Wi-Fi Protected Access (WPA) and Virtual Private Network (VPN). Each of these standards has different levels and methods of protection, and this section describes the features of each. 4.1 802.11b Security threats and attacks have compromised WLANs for the past several years. However, new emerging technologies allow WLANs to be secure and protected from most attacks. One recent step toward reducing WLAN attacks and threats is the security added to the 802.11b standard. The 802.11b uses the Wired Equivalent Privacy (WEP) protocol. WEP was designed to ensure both encryption and ease of use among wireless users. WEP encrypts the network packet with an encryption key. The encrypted packet is then sent to its destination and the destination must decrypt the packet to retrieve its contents. In theory, this sounds like a perfect way to encrypt packets and keep hackers from seeing the data, because no person or device knows the encryption key except the source and the destination. However, there is one inherent flaw in WEP that compromises its real security to any true hacker. With each packet, the WEP protocol sends a portion of the key in plain text, which hackers can use with a software to steal the encryption key and see the contents of the packets. The best and only way to ensure protection using the WEP protocol is to frequently change the key so that hackers cannot collect data on packets long enough to crack the key. Since WEP has widely known weaknesses, most major companies and firms have not implemented or have even abandoned the 802.11b wireless LAN. Another major problem with the 802.11b standard is that the WEP protection can be turned off. Most firms and companies know about WEP and they make sure they have it turned on. However, many home users are not educated enough to realise its benefits, leaving the WEP turned off. Since WEP is not even used by most home users, and firms have abandoned it for its lack of security features, the 802.11b wireless security is a failure. Nonetheless, even though security in the 802.11b protocol is basically a failed method, it has started a wireless security revolution and has helped advance more current and future security methods. Table 2 describes a time line of the 802.11b WEP security standard. Table 2 802.11b WEP security timeline Date Event 1st half, 2000 802.11b and WEP introduced. 2nd half, 2000 No one turns on WEP protection for their wireless network. 1st quarter, 2001 WEP flaws are discovered. 2nd quarter, 2001 More WEP flaws are discovered. 3rd quarter, 2001 Terrorist attacks cause fear. 1st quarter, 2002 Mainstream press decides to brand WLAN security as a hot story
Corporate wireless LAN security 4.2802.Ili With the failure of 802.1Ib WEP security, one of the newest technologies was developed the 802.1li, which adds protection using more secure keys and encryption. On June 24, 2004, the IEEE approved 802. 1li security standard for use in WLANS (Dulaney et aL., 2004). However, even though 802 1 li has been approved for use, it has not been released to the public yet. Hardware and software are currently being made and eleased to the public in anticipation of its release The 802. 1li standard uses one of two different security protocols: the"Counter Mode ith Cipher Block Chaining Message Authentication Code Protocol(CCMP)" and the "Temporary Key Integrity Protocol (TKIP). CCMP is the main method used for protecting wI ckets in the 802.1 li standard. One is that ccmp al ways has to be active, and this means protection will always be enabled even if the user does not know how to operate it or how it works. The CCMP uses a variation of the Advanced Encryption Standard (AES)encryption algorithm, which is a very secure and nearly impenetrable method. Protection begins by using a 128-bit key, and the packet is encrypted with this key. Not only is the message data encrypted, but the source destination and other data are encrypted as well. Since all this data is encrypted, a hacker cannot spoof a packet because he/she does not even know where to send the packet. Another important feature of CCMP is that a key does not need to be included in the packet. One fallback of WEP is that a portion of the key is included in the packet. This resulted in more packets being sent than were needed; and with each extra packet,a hacker has a higher chance of cracking the key. With CCMP, 802. 1li is secure against all known hacking attacks and will insure near flawless security protection. The only problem with CCMP is that it uses all new technology, which means that new hardware and software will have to be created and purchased for this method to work. Nonetheless it is a necessary step to ensure security protection in wireless networks. bela t he other encryption method used with the 802. 1li protocol is TKIP, and it is eficial because it was designed as a wrapper around the old WEP protocol. Compared with CCMP protocol where it is necessary to buy new hardware, old hardware and software that use WEP can be reused to comply with TKIP. The TKIP works similar to CCMP, except that it uses two more keys to encrypt the data and headers of the packet, and it includes the keys in the packet. Each packet is initially encrypted with a changing 64-bit encryption key, and then the packet is sent through a process and is encrypted by another 64-bit intermediate key. These keys encrypt the header and data of each packet and since these keys change with every packet, it is necessary to add these keys to the packet. Finally, the final 128-bit encryption key is used to encrypt the entire packet including the 64-bit keys. The entire TKIP encryption method works just as well as the CCMP, and both of these methods are part of the 802. 1li standard 4.3 Wi-Fi Protected Access ( WPA) Since 802. 1li requires new hardware and software, there is going to be a long crossover period where firms need to buy equipment to support the new technology. WPA was developed by the Wi-Fi Alliance as an interim technology to support wireless security until 802. 1li is released. WPA is not a protocol like 802.1l1, TKIP or CCMP. "lIt] is a specification of standards-based, interoperable security enhancements, which strongly increase the level of data protection(encryption) and access control (authentication)
Corporate wireless LAN security 273 4.2 802.11i With the failure of 802.11b WEP security, one of the newest technologies was developed – the 802.11i, which adds protection using more secure keys and encryption. On June 24, 2004, the IEEE approved 802.11i security standard for use in WLANs (Dulaney et al., 2004). However, even though 802.11i has been approved for use, it has not been released to the public yet. Hardware and software are currently being made and released to the public in anticipation of its release. The 802.11i standard uses one of two different security protocols: the ‘Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)’ and the ‘Temporary Key Integrity Protocol (TKIP)’. CCMP is the main method used for protecting wireless packets in the 802.11i standard. One great feature is that CCMP always has to be active, and this means protection will always be enabled even if the user does not know how to operate it or how it works. The CCMP uses a variation of the Advanced Encryption Standard (AES) encryption algorithm, which is a very secure and nearly impenetrable method. Protection begins by using a 128-bit key, and the packet is encrypted with this key. Not only is the message data encrypted, but the source, destination and other data are encrypted as well. Since all this data is encrypted, a hacker cannot spoof a packet because he/she does not even know where to send the packet. Another important feature of CCMP is that a key does not need to be included in the packet. One fallback of WEP is that a portion of the key is included in the packet. This resulted in more packets being sent than were needed; and with each extra packet, a hacker has a higher chance of cracking the key. With CCMP, 802.11i is secure against all known hacking attacks and will insure near flawless security protection. The only problem with CCMP is that it uses all new technology, which means that new hardware and software will have to be created and purchased for this method to work. Nonetheless, it is a necessary step to ensure security protection in wireless networks. The other encryption method used with the 802.11i protocol is TKIP, and it is beneficial because it was designed as a wrapper around the old WEP protocol. Compared with CCMP protocol where it is necessary to buy new hardware, old hardware and software that use WEP can be reused to comply with TKIP. The TKIP works similar to CCMP, except that it uses two more keys to encrypt the data and headers of the packet, and it includes the keys in the packet. Each packet is initially encrypted with a changing 64-bit encryption key, and then the packet is sent through a process and is encrypted by another 64-bit intermediate key. These keys encrypt the header and data of each packet, and since these keys change with every packet, it is necessary to add these keys to the packet. Finally, the final 128-bit encryption key is used to encrypt the entire packet including the 64-bit keys. The entire TKIP encryption method works just as well as the CCMP, and both of these methods are part of the 802.11i standard. 4.3 Wi-Fi Protected Access (WPA) Since 802.11i requires new hardware and software, there is going to be a long crossover period where firms need to buy equipment to support the new technology. WPA was developed by the Wi-Fi Alliance as an interim technology to support wireless security until 802.11i is released. WPA is not a protocol like 802.11i, TKIP or CCMP. “[It] is a specification of standards-based, interoperable security enhancements, which strongly increase the level of data protection (encryption) and access control (authentication)
274 Y.B. Choi, J. Muller, C.V. Kopek and J.M. Makarsky for existing and future Wi-Fi wireless LAN systems"( Grimm, 2003). This specification as released in 2003 and is in use today. The WPA specification uses TKIP (like the 02. 111)to ensure data encryption, and it uses Extensible Authentication Protocol(EAP) to ensure user authentication. EAP consists of three parts: the user, the access point and the authentication server. In order for the user to access the network. he/she must first authenticate himself/herself. once the user has entered his/her authentication data that data will be transmitted to the access point. The access point in return transmits the data to the authentication server: if that data is valid or invalid. the authentication server will accept or deny the user trying to access the system. Table 3 shows the steps of EAP connection Table 3 EAP authentication in Wi-Fi Protocol Access(WPA) Step Process Client associates their computer with the local access point. Access point blocks all user requests to access LAN User then authenticates an eap server via a digital certificate. EAP server authenticates user via a digital certificate Once both user and server are authenticated, they derive a unicast WEP key. Access p livers broadcast WEP key, encrypted with the unicast WEP key,to 8 Client and access point activate WEP key and use unicast and broadcast WEP keys for transmissio There are also various eap authentication protocols which include: Lightweight Extensible Authentication Protocol (LEAP) EAP-Transport Layer Security (EAP-TLS) Protected EAP(PEAP) EAP-Tunneled TLS (EAP-TTLS) EAP-Subscriber Identity Module(EAP-SIM) Due to the security weaknesses that exist in EAP, several companies formed to create a stronger and more secure variation. Cisco Systems, RSA Security and Microsoft developed the standard known as PEAP(Protected Extensible Authentication Protocol) PEAP uses Transaction Layer Security, which is a proven security method, to wrap EAP. PEAP has been a successful protocol; but since the IEEE takes long periods of time to approve a new protocol, some companies decided to create their own so they could immediately implement it. Cisco decided to create the Lightweight Extensible Authentication Protocol (LEAP)and Microsoft proceeded to create EAP-TLS. The two protocols are basically the same except for one major difference: LEAP uses passwords to ensure device authentication, while eap-tls uses digital certificates(pescatore et al. 2002). The next version of eaP, called Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS), was created to ensure better flexibility and integration with servers. EAP-TTLS adds an extra layer of security by ensuring protection before the exchange of keys begins( Girard et aL., 2003). The final type of EAP
274 Y.B. Choi, J. Muller, C.V. Kopek and J.M. Makarsky for existing and future Wi-Fi wireless LAN systems” (Grimm, 2003). This specification was released in 2003 and is in use today. The WPA specification uses TKIP (like the 802.11i) to ensure data encryption, and it uses Extensible Authentication Protocol (EAP) to ensure user authentication. EAP consists of three parts: the user, the access point and the authentication server. In order for the user to access the network, he/she must first authenticate himself/herself. Once the user has entered his/her authentication data, that data will be transmitted to the access point. The access point in return transmits the data to the authentication server; if that data is valid or invalid, the authentication server will accept or deny the user trying to access the system. Table 3 shows the steps of EAP connection. Table 3 EAP authentication in Wi-Fi Protocol Access (WPA) Step Process 1 Client associates their computer with the local access point. 2 Access point blocks all user requests to access LAN. 3 User then authenticates an EAP server via a digital certificate. 4 EAP server authenticates user via a digital certificate. 5 Once both user and server are authenticated, they derive a unicast WEP key. 6 EAP server delivers unicast WEP key to the access point. 7 Access point delivers broadcast WEP key, encrypted with the unicast WEP key, to the client. 8 Client and access point activate WEP key and use unicast and broadcast WEP keys for transmission. There are also various EAP Authentication Protocols, which include: • Lightweight Extensible Authentication Protocol (LEAP) • EAP-Transport Layer Security (EAP-TLS) • Protected EAP (PEAP) • EAP-Tunneled TLS (EAP-TTLS) • EAP-Subscriber Identity Module (EAP-SIM) Due to the security weaknesses that exist in EAP, several companies formed to create a stronger and more secure variation. Cisco Systems, RSA Security and Microsoft developed the standard known as PEAP (Protected Extensible Authentication Protocol). PEAP uses Transaction Layer Security, which is a proven security method, to wrap EAP. PEAP has been a successful protocol; but since the IEEE takes long periods of time to approve a new protocol, some companies decided to create their own so they could immediately implement it. Cisco decided to create the Lightweight Extensible Authentication Protocol (LEAP) and Microsoft proceeded to create EAP-TLS. The two protocols are basically the same except for one major difference: LEAP uses passwords to ensure device authentication, while EAP-TLS uses digital certificates (Pescatore et al., 2002). The next version of EAP, called Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS), was created to ensure better flexibility and integration with servers. EAP-TTLS adds an extra layer of security by ensuring protection before the exchange of keys begins (Girard et al., 2003). The final type of EAP