The Secret Key
As I mentioned earlier, most wireless-communication installations use one key for the entire network. This key resides inside each computer and device. If an attacker obtains the secret key from one device, he or she has discovered the key for every device on the network. However, if each device held a unique private key and didn't share that key with the rest of the network, an attacker's attempts to calculate the keystream would be much more difficult.
For LAN administrators, rotating secret keys on every device in the network can be a nightmare. Therefore, many administrators use only one key for the whole network and rarely—if ever—change the key. The 802.11 standard provides no method for exchanging keys or requiring that each device have a unique key. The previously stated equation
IV + Secret Key = Keystream
shows that the IV value is just one of the components necessary to calculate the keystream value. To produce the keystream, the RC4 algorithm puts the IV value through a mathematical function with a secret key. Because the IV value is easily attainable, and because each device uses the same secret key, an attacker can easily compromise this method of calculating a keystream.
If the 802.11 standard employed an algorithm that used public key cryptography, this problem wouldn't exist: Each device could have a unique private key. For each information exchange, the two communicating wireless devices would calculate a secret key, and only those two devices would share this key. The secret key would be valid for only one transmission. If the two computers needed to initiate another transmission, the two devices would calculate a different secret key. This process would provide better assurance that each keystream was unique, and any attacker attempting to discover the keystream would need to invest much more energy and time.
What Can You Do?
If your company is just beginning to consider implementing wireless capability, carefully scrutinize available products and designs before purchasing a solution. Some vendors have already begun to address the security loopholes that I've mentioned. If your company is in the midst of implementing a wireless installation, stop, review the features of your chosen product and your network design, and make any necessary changes to increase security. If your company has a functioning wireless network, evaluate your current security mechanisms and determine whether further security measures are necessary.
The correct solution also depends on how interconnected your wired and wireless networks need to be and what kind of information you need to transmit over the wireless network. If your organization transfers funds or important information over wireless radio waves, you need tougher security than what many wireless solutions provide.
Look for solutions that provide dynamic keys that change on a per-user, per-session basis. Some solutions generate dynamic keys through an automated method such as public key cryptography, and others require an administrator to manually generate keys. Whatever method you choose, you need to change these keys frequently.
Using key lengths longer than 40 bits might also help you build more complexity into your keystreams. Wireless solutions should also generate a different IV for each packet, and the sequence of IVs shouldn't be predictable. Techniques such as these drastically reduce the predictability of the keystream and make successful attacks more difficult.
If your company already has a wireless network, consider the following suggestions to increase the current security level of the infrastructure:
- Use a firewall to separate the wireless network from the wired network.
- Implement a dynamic key structure.
- Invoke a mutual authentication mechanism between the wireless device and the authentication server.
- Have the wireless devices access the network through a VPN channel to provide the necessary link-level security.
- Use security zones in your intranet—along with firewall policies, access control servers, and packet filtering—to separate wired and wireless traffic. Figure 1 shows a sample zoned scenario.
Part of the Process
Although you might view 802.11's security failings as a setback in the advancement of wireless communication, they're really just part of the fast and complex evolution of computers. Other architectures, protocols, software, and security mechanisms have had similar problems. Flaws come to light, articles appear, developers return to the drawing board, further testing is necessary, and a new version typically compensates for the previously discovered imperfections. These phases are typical of most new technologies.
Unfortunately, many companies that have already implemented a wireless technology are in for a lot of work. They'll need to apply patches, install VPNs, and change firewall policies—and any previously enjoyed sense of security will probably evaporate. They might also need to revisit liability concerns pertaining to private and confidential information, and they might need to erect alternative security mechanisms. The next version of the wireless standard will no doubt attempt to address and amend these security compromises. Perhaps 802.1x will be available for public scrutiny so that the IEEE can rectify further problems before ratification. For information about how the new 802.1x standard promises to address the weaknesses of 802.11, see Tim Huckaby's sidebar "Is 802.1x the Answer?"
End of Article
Register
Sidney Moore May 21, 2002