Wireless Security: WLANs Gain Parity with LANs

Consider just how vulnerable many wireless local-area networks are. WLAN data travels through the air and can be intercepted several hundred feet from its source, yet 70 to 80% of the wireless networks used in homes operate with all security features disabled. Small-business WLANs, carrying data that can be sensitive and valuable, often have easy-to-guess IDs and passwords, and many actually broadcast their IDs for anyone to view. Even in WLANs that are set up to encrypt sensitive data, the encryption is often so weak that it can easily be cracked with freeware that anyone can download from the Internet. Small wonder that concerns about wireless security have limited WLAN market growth.

The recent ratification of IEEE standard 802.11i promises to improve this situation, however. Not only does the new standard take wireless security beyond that of most existing WLANs, it's also part of a program called WPA2, directed by the Wi-Fi Alliance, that will guarantee interoperability among WLAN products from different vendors. Thus, 802.11i not only overcomes security shortcomings of many existing WLANs, but also makes WLAN security features easier to administer and therefore more likely to be used. That combination of high security and ease of use, experts say, will finally make wireless LAN security as good as wired LAN security.

What 802.11i is, in essence, is a collection of security mechanisms that apply to all 802.11 wireless LAN technologies, including 802.11b, 802.11a, and 802.11g. The Wi-Fi Alliance's WPA (Wi-Fi Protected Access) technology, which has been incorporated into WLANs since last year, is actually a subset of 802.11i. The alliance's new WPA2 interoperability program incorporates the complete standard. What 802.11i and WPA2 add to WPA is AES (Advanced Encryption Standard) encryption. AES provides better encryption than that of WPA and goes far beyond that of the vulnerable WEP (Wired Equivalent Privacy) that is part of many older WLANs (Figure 1).

Figure 1:  Security standard 802.11i adds AES encryption to wireless networks. (Source: Wi-Fi Alliance)

Unfortunately, extra hardware is necessary to run AES efficiently, so making an existing WLAN compatible with 802.11i isn't necessarily as easy as performing a simple software upgrade. Most 802.11 chips produced since 2002 (Figure 2) have the necessary hardware built in, but WLAN devices built with other chips will have to be replaced in order to be 802.11i-compliant. Not all WLAN users need the advanced security of 802.11i, but upgrades will be necessary to accommodate any users who do.

Figure 2:  Many WLAN chips produced since 2002 include special hardware for handling advanced encryption. (Photo courtesy of Broadcom)

And everyone should use 802.11i's advanced security, according to WLAN security experts, because it adds no difficulty to setting up a WLAN, and it simply runs in the background. Plus, with dedicated encryption hardware in use, encryption won't bog down network operation the way some current encryption implementations do. Many current WLAN users apply weak encryption or none at all simply to keep performance at a reasonable level. Hardware-backed AES won't exact such a performance penalty.

The AES encryption of 802.11i is also powerful encryption, unlike, for example, the WEP-based encryption that is still widely used. WEP provides two encryption options, 64-bit and 128-bit, but widely available freeware tools, such as AirSnort or WEPcrack, enable attackers to "sniff" network transmissions and recover WEP encryption keys. Cracking 64-bit encryption requires analyzing only a few hours of transmissions. Cracking 128-bit encryption takes longer, but is still within easy reach of a determined attacker. AES, on the other hand, is considered to be uncrackable with current knowledge and computing capabilities.

WEP is also vulnerable because changing its encryption keys is inconvenient and time-consuming. All WEP-based wireless clients and access points have to be manually configured with the same key, and on larger networks changing keys can be a huge task. Consequently, keys often go for long periods of time—months or even years—without being changed, giving attackers plenty of time to crack them. Some WLAN vendors provide keys longer than 128 bits and include mechanisms for changing keys automatically, but their implementations are proprietary and their customers get locked into a single vendor. Proprietary WLAN technologies will likely phase out as 802.11i and WPA2 become broadly implemented.

Because of WEP's extreme vulnerability, the Wi-Fi Alliance last year implemented WPA as an interim solution before the finalization of 802.11i and the implementation of WPA2. Although WPA is a subset of 802.11i, it provides most of 11i's security features and a very high level of security (Table 1). WPA uses 128-bit encryption and dynamic "per session" encryption keys via the Temporal Key Integrity Protocol (TKIP). These constantly changing keys, along with strong encryption, make cracking WPA encryption extremely difficult.

WPA does not provide the ultra-strong AES encryption, however, which some government agencies and businesses require. The new 802.11i standard and WPA2 do include AES, although neither dictates how AES encryption must be performed. It's possible, therefore, to run AES in software, firmware, or with special hardware and be 802.11i-compliant. For decent performance, though, special hardware is necessary.

Fortunately, most of the chipsets used in WLAN products for the last year or two have AES hardware built into them. This hardware implements special instructions that handle the repetitive, computationally intensive operations that AES encryption requires. Chips from Atheros Communications, Broadcom, and Philips Semiconductors, have long included it, as does a recently introduced WLAN chip from Intel.

WLANs that run AES will definitely need this built-in hardware. According to David Cohen, WLAN senior product marketing manager at Broadcom, running AES in software without hardware assistance can render a WLAN device essentially inoperable. "We're not talking about going down from 25 Mbps to 24.5," Cohen says. "We're talking about shutting down performance almost to the point of being unusable."

Wireless access points, as opposed to wireless client devices, are especially prone to poor performance without AES hardware. In a typical PC client, Cohen says, "You at least have the PC's processor, and you can take advantage of some of its power to run AES without completely shutting down, although you're still likely to experience a performance impact." But access points don't have very powerful processors, Cohen notes. "They have processors that are just powerful enough to run their functions," he says, "and without AES hardware, they're very likely to completely shut down when they try to run AES."

What's more, if an access point were to run AES without hardware support, the diminished performance would affect all wireless users, not just those running AES. Consequently, there will be a strong incentive to upgrade existing WLANs to be 802.11i-compliant and include AES hardware. With existing WLAN equipment that was designed around chips containing AES hardware, achieving 802.11i compliance usually requires only a software upgrade. Equipment built with other chips, however, will have to be replaced.

The replacement of existing WLAN equipment in order to accommodate AES can be either a small issue or a huge issue, depending on circumstances. As noted by Cohen, "If you're replacing five devices, it's a lot different than if you're replacing 5000." But the cost of replacement, according to Sheung Li, WLAN product line manager for Atheros Communications, is not as big a deal as you might think. "Relative to what it costs to operate a network," Li says, "equipment is not a lot." Plus, Li says, "If you look at what it costs to wire a facility for Ethernet, it's a dollar a square foot. The nice thing about upgrading a wireless network is that you don't have to mess with the hard stuff, the conduits and such. You unplug one device and plug in another."

And, fortunately, upgrading a WLAN to 802.11i or WPA2 will not make it incompatible with existing WEP- and WPA-based client devices. Likewise, an upgraded client will be able to run on older WEP- and WPA-based networks. "You can have mixed modes of operation," says Li, "where a WLAN can essentially negotiate the security of a link on a client-by-client basis." Obviously, though, says Li, WEP- and WPA-based clients will not benefit from WPA2's enhanced security.

Network administrators will likely push to have wireless clients, as well as access points, upgraded to WPA2. That's because older WEP clients, even when used by people whose applications don't need high security, can—conceivably, at least—reduce network security for other users. Although a "weak" (vulnerable) WEP link can't give an attacker access to a "strong" WPA or WPA2 link, it can allow access to any information stored on the network that might not be well protected by authorization techniques and procedures. In essence, says Li, it can enable an attacker to get "inside the building," leaving the responsibility for protecting network-stored data to "inside doors" that should, but not might not be, locked.

There is also a good reason other than security for upgrading to WPA2—better and more convenient mobile roaming among wireless access points. With 802.11i and WPA2, says Li, "You have the ability to do some operations that essentially allow you to distribute security over a network." For example, says Li, "If you're walking from one access point to another, it's very much like a cellular base station, where the next station knows you're coming and performs all the necessary security options before you get there. That contrasts with traditional wireless designs, where you fall off one station and only when you fall off do you perform the transactions necessary to get onto the next one."

To provide easier roaming, 802.11i includes features called reauthentication and preauthentication. Reauthentication makes it easier to reconnect to an access point after you leave it. Basically, it caches your encryption key for later use and deletes it only when you haven't accessed the network for a while—usually less than a day. Preauthentication, on the other hand, makes it easier to move from one access point to another. When you authenticate to one access point, that access point tells other access points that you're authenticated.

The roaming features of 802.11i provide more than just convenience, though. Preauthentication, for example, by eliminating long delays when moving from one access point to another, helps make possible wireless network-based phone conversations via VoIP (voice over Internet protocol). With 802.11i's real-time, hardware-based encryption, it also enables privacy in wireless VoIP conversations.

Without 802.11i's fast roaming capabilities, reauthentication when moving from one access point to another can take as long as 800 msec, which significantly disrupts voice communication. With preauthentication, the disconnect time can conceivably be as short as 25 msec, which is much less obtrusive. Still more work is being done on 802.11 roaming, however. The architects of 802.11i, concerned primarily with security, took roaming only so far and then passed it off to another 802.11 task group. That group, TGr, will produce 802.11r, which concentrates on minimizing perceptible disconnections as wireless clients move from one access point to another.

For now, though, 802.11i's security enhancements alone are a very big deal. The addition of AES satisfies government agencies and companies that need the highest level of encryption. Dynamic key management (also incorporated in the earlier WPA) simplifies changing and administering keys, thus eliminating WEP's static and vulnerable encryption keys. With 802.11i, a wireless LAN, properly administered, can be as secure as a wired LAN.

Eventually, the extra security of 802.11i will allow the elimination of VPNs (virtual private networks) that many corporations now depend on. VPNs (Figure 3) use strong encryption and sophisticated traffic monitoring to create secure "tunnels" on basically insecure public networks, such as the Internet. VPNs cost much less than dedicated, leased communications lines, and corporations use them to connect remote sites and users.

Figure 3:  802.11i will eventually eliminate the need for VPNs (virtual private networks). (Illustration courtesy of Atheros Communications)

The problem with VPNs is that they're complicated. They're difficult to scale upward to more than a few hundred connections, and they can be slow. They're also nonstandard. Proprietary implementations abound.

The emergence of 802.11i, says Atheros' Li, takes away the need for proprietary VPNs and their cost premiums. With 802.11i, he says, "You've got strong link-level security, so you can just use wireless to replace Ethernet ports. Enterprises should feel secure that they don't need to run a VPN."