The holes in WEP have finally been plugged and wireless is finally a secure technology. Tim Dean looks at how this was achieved.
Talk about Wi-Fi (802.11b/a/g) to an IT manager, and they'll usually smirk at you and ask if it comes with an 11 foot pole, because they wouldn't touch it with a 10 foot one. The reason for this is an IT manager's natural inclination to avoid any technology that broadcasts their private network traffic to anyone within a 100m radius for their leisurely perusal. While Wi-Fi is not quite as bad as all this on the surface, it's not 100 percent secure, and as such, it needs to be treated as if it were 100 percent insecure when talking about private data.
It all comes down to WEP, the encryption standard used in 802.11b/a/g. WEP was proven flawed only shortly after it hit the streets, and has been summarily rejected by the business world. This has seriously hampered the uptake of wireless in general. If Wi-Fi was implemented, it had to be accompanied by a number of other security measures, such as a VPN (virtual private network). While this plugged the gap temporarily, it added another layer of complexity and cost that IT managers also didn't enjoy.
However, we're on the cusp - we now have a couple of new technologies that improve the security situation, and make wireless a viable technology for businesses again. The new encryption systems are called WPA (Wi-Fi Protected Access) and WPA2, with the latter being ratified by the IEEE as an official standard, 802.11i. So, what's new with these encryption standards, and how do they get over the problems of WEP?
WEP schmep
Before we tackle the tech of WPA, it's worth having a look at WEP and seeing why it was flawed. The problem with WEP was not the encryption algorithm itself, which is called RC4, it was with the way it's used. With WEP you have a fixed password of either five or 13 characters. To this is added a three character string derived from a pseudorandom number generator, and these characters rotate for each packet. This total string is called the initialisation vector (IV), which is then used to kick off the encryption algorithm to scramble the data in the packet.
The problem is WEP only uses a 24-bit IV, which is not terribly long. This means that after a certain amount of time, the same IV will be used on two packets of data. If a hacker is sniffing packets for long enough they'll come across multiple packets with the same IV, and will then be able to compare these packets with other packets using a different rotated IV. Eventually they'll be able to figure out which characters are rotating, and which ones are fixed - and the fixed ones are the original password. Once they have that, they can then gain unrestricted access to the wireless network.
It takes a lot of data to be able to hack WEP - somewhere in the order of several gigabytes, which could take weeks on a home network, but could be managed within only several hours on a busy business network. This problem is also compounded by the fact that the passwords all have to be set manually on every PC and access point on the network. This means if the IT manager does want to make WEP more secure by changing the passwords daily, it would require manually changing each device individually, which is not a very practical option.
Much existing wireless hardware will be firmware upgradeable to WPA standards, although you'll need new hardware for 802.11i. |
WPA: bridging the gap
Even when WEP was first released, it was known it wasn't rock solid, but once the industry realised how shaky it was, they got to work on a replacement. The problem - which is Wi-Fi's mixed blessing - is that all the versions of 802.11x need to be ratified by the IEEE (Institute of Electrical and Electronics Engineers) in order for them to be proper industry-wide standards. Unfortunately this is no fast process, and all the while the market is crying out for a better security technology.
To bridge the gap between WEP and the future standard, 802.11i, which would feature the improved security, the Wi-Fi Alliance, a bunch of network vendors who all have a stake in wireless, gathered together to quickly develop an encryption standard that improved on WEP. The result is WPA (Wi-Fi Protected Access). WPA is a clever little add-on to WEP, especially as it's based on (and kind of forward compatible with) the improved 802.11i standard, yet it is backward compatible with 802.11b/a/g hardware.
|
'These changes in WPA make it substantially more secure than WEP, and mean it would take an unpractical amount of time to hack a wireless network.' |
This is because WEP uses the same RC4 encryption algorithm as WEP, which means it can use the existing encryption chips on current hardware. However, WPA adds a couple of nifty features to fix up the problem with WEP's weak IV. First off, the IV in WPA is increased from 24-bits to 48-bits, which makes it orders of magnitude harder to crack the IV. Secondly WPA sports TKIP (Temporal Key Integrity Protocol), which rotates keys and the IV for each packet, not just the three pseudorandom characters. This makes the IV even more difficult to sniff out. Also, because TKIP uses the user's password to generate a number of keys, you don't have to go back and change your password as often as you did with WEP in order to keep it secure - TKIP will do that for you.
WPA also adds optional 802.1x authentication for corporate networks. 802.1x will check the credentials of each system connecting to the network, and have it authorised by an authentication server, such as a RADIUS (Remote Authentication Dial In User Service) server, which is used by an ISP to authenticate dial-up
users. If you're running on a network without an authentication server, you can still use it in pre-shared key mode, where secret keys are manually set on each device, then TKIP will take over from there.
The final significant change with WPA is with message integrity checking, which makes sure the packet hasn't been intercepted and altered in any way. WEP has a 32-bit message integrity checksum, although this was also found to be unreliable. WPA uses a new integrity check called Michael, which is more robust, and adds another layer of protection to the wireless network.
All these changes in WPA make it substantially more secure than WEP, and mean it would take an impractical amount of time to hack a wireless network. However, it doesn't stop at WPA, there's even more improvements with WPA2 in 802.11i.
|
The Alliance
Back in 1999, when the first wireless standard was ratified by the IEEE, several major wireless vendors banded together to form the non-profit Wireless Ethernet Compatibility Alliance (WECA), which changed its name to the Wi-Fi Alliance since then. The member companies knew that having a fixed standard across all manufacturers was the only way consumers would gain confidence in the new technology. While the IEEE manages the technical standard, Wi-Fi Alliance members actually develop the technology. The Alliance also coined the term Wi-Fi, and has its own Wi-Fi Certified logo for hardware tested and approved by the Alliance.
www.wi-fi.org |