Wireless LANs (WLAN) are defined by the IEEE 802.11 standard s: 802.11a , 802.11b, 802.11g and 802.11n. The following table lists the key characters of WLAN:
| Characteristic | Description |
| Physical | Direct Sequence Spread Spectum (DSSS), Frequency Hopping Spread Spectrum (FSSS), Orthogonal Frequency Division Multiplexing (OFDM), infrared (IR). |
| Frequency Band | 2.4 GHz (ISM Band) and 5 GHz. |
| Data Rates | 1 Mbps, 2 Mbps, 5.5 Mbps (11b), 11 Mbps (11b), 54 Mbps (11a). |
| Data and Network Security | RC4-based stream encryption algontithm for confidentiality, authentication and integrity. Limited key management. (AES is being considered for 802.11i) |
| Operating Range | Up to 155 feet indoors and 1500 feet outdoors. |
| Positive Aspects | Ethernet speeds without wires: many different products from many diffrernt companies. Wireless client cards and access point costs are decreasing. |
| Negative Aspects | Poor security in native mode: throughput decrease with distance and load. |
The IEEE 802.11 specification s identified several services to provide a secure operating environment. The security services are provided originally by the Wired Equivalent Privacy (WEP) protocol to protect link-level data during wireless transmission between clients and access points. The three basic security services defined by IEEE for the WLAN in WEP are Authentication for access control , confidentiality or privacy of information and data Integrity . However, the standard did not address other security services such as audit, authorization, and nonrepudiation. Also WEP does not provide end-to-end security, but only for the wireless portion of the connection . Even in the areas of functions covered by WEP, WEP has some known problems:
- The use of static WEP keysmany users in a wireless network potentially sharing the identical key for long periods of time due to lack of any key management provisions in the WEP protocol.
- WEP uses RC4 algorithm with a 24 bit string to generate keys , which is a relatively small field when used for cryptographic purposes and it is easy to be decrypted . Moreover, in the 802.11 standard allows individual wireless NICs from the same vendor to generate the same key sequences. As a result, hackers can record network traffic, determine the key stream, and use it to decrypt the cipher-text.
- WEP provides no cryptographic integrity protection. However, the 802.11 MAC protocol uses a noncryptographic Cyclic Redundancy Check (CRC) to check the integrity of packets, and acknowledge packets with the correct checksum. The combination of noncryptographic checksums with stream ciphers is dangerous and often introduces vulnerabilities, as is the case for WEP.
In the following table, the security vulnerabilities in WLAN using WEP are listed:
| Security lssue or Vulnerability | Remarks |
| Security features in vendor products are frequently not enabled | Security features, albeit poor in some cases, are not enabled when shipped, are user don't enable when installed. Bad security is generally better than no security. |
| IVs are short (or static). | 24-bit IVs cause the generated key stream to repeat. Repetition allows easy decryption of data for a moderately sophisticated adversary. |
| Cryptographic keys are short. | 40-bit keys are inadequate for any system. It is generally accepeted that key sizes should be greater than 80 bits in length. The longer the key, the less likely a comprise from a brute-force attack. |
| Cryptographic keys are shared. | Keys that are shared can compromise a system. As the number of people sharing the keys grows, the security risks also grow. A fundamental tenant of cryptography is that the security of a system is largely dependent on the secrecy of the keys. |
| Cryptographic keys cannot be updated automatically and frequently. | Cryptographic keys should be changed often to prevent brute-force attacks. |
| RC4 has a weak key schedute and is inappropriately used in WEP | The combination of revealing 24 key bits in the IV and a weakness in the initial few bytes of the RC4 key stream leads to an efficient attack that recovers the key. Most other applications of RC4 do not expose the weakness of RC4 because they do not reveal key bits and do not restart the key schedule for every packet. This attack is avaitable to moderately sophisticated adversaries. |
| Packet integrity is poor. | CRC32 and other linear block codes are inadequate for providing cryptographic integrity. Message modification is possible. Linear codes are inadequate for the protection is requird to prevent deliberate attacks. Use of nonoryptographic protocols often facilitates attacks against the cryptography. |
| No user authentication occurs. | Only the device is authenticated. A device that is stolen can access the network. |
| Authentication is not enabled; only simple SSID indentification occurs | Identity-based systems are highly vulnerable particularly in a wireless system because signals can be more easily intercepted. |
| Device authentication is simple shared-key challenge-response. | One-way challenge-response authentication is subject to "man-in-the-middel" attacks. Mutual authentication is required to provide verfication that users and the network are legitimate. |
| The client does not authenticate the AP. | The client needs to authenticate the AP to ensure that it is legitimate and prevent the introduction of rogue APs. |
To address the security vulnerabilities of WLAN using WEP, t wo other important standards for WLANs security are introduced: 802.1X and 802.11i.
The 802.1X It is a port-level access control protocol providing an effective framework for authenticating and controlling user traffic to a protected network, as well as dynamically varying encryption keys. 802.1X ties a protocol called EAP (Extensible Authentication Protocol) to both the wired and wireless LAN media and supports multiple authentication methods.
The 802.11i It enhances the WEP in the areas of encryption, authentication and key management. IEEE 802.11i is based on the Wi-Fi Protected Access(WPA), which is a quick fix of the WEB weaknesses. 802.11i has three key components: Temporal Key Integrity Protocol (TKIP) for data-confidentiality, Counter-Mode/CBC-MAC Protocol (CCMP) for packet authentication as well as encryption, 802.1x is also included in the 802.11i architecture to provide port-level access control and key management.
For end-to-end information security, VPN technologies such as IPsec are also adopted in a WLAN. IPsec is a framework of open standards for ensuring private communications
over IP networks.
WLAN Security Using WEP: WEP does not provide end-to-end security, but only for the wireless portion of the connection.
Wireless LAN (WLAN) Security Problems and Technologies
VPN using IPsec in addition to WEP in WLAN:
VPN using IPsec in addition to WEP in WLAN:
Related Terms: WLAN, WEP, IEEE 802.11i, IEEE 802.1x, IPsec, VPN
Reference Links: http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf: Wireless Network Security