Encryption and authentication in wireless LANs

Encryption: In wireless LAN systems, access points and radio network interface cards (NIC) support the WEP (Wired Equivalent Privacy) protocol as the optional encryption standard implemented in the MAC Layer. (Media Access Control: The lower sublayer of the IEEE's link layer in the OSI model which complements the Logical Link Control.) Once WEP is activated in a system--in accordance with IEEE standards, 802.11b LANs ship with WEP disabled--the NIC encrypts the payload (or transported data) using the RC4 algorithm (from RSA Security). The data is subsequently decrypted by the receiving access point or NIC. The idea behind WEP was to provide similar security to wireline data.

WEP specifies a shared secret 40 or 64-bit key to encrypt and decrypt the data. The sending and receiving stations must use the same key and must be manually configured with this key therefore allowing users connection to only one access point. Some vendors also include an optional 128 bit keys (once known as WEP2 and subsequently changed to TKIP) in their products.

Before transmission, WEP combines the secret key with a randomly-generated 24-bit initialization vector (IV), a 32-bit integrity check value (ICV) and the payload to produce the encrypted data. WEP however places the IV outside of the payload in the first few bytes of the frame body. The receiving station uses this IV along with the shared secret key to decrypt the payload.

Authentication: The 802.1x standard's encryption mechanism has addressed one of WEP's vulnerabilities in that it includes mechanisms for dynamically changing and allocating encryption keys so that manual configuration is no longer necessary and users can connect to more than one access point. With 802.1x, all users on the network (the NICs) receive an individual key and can connect to any access point. This not only eliminates the possibility of hacking attempts since the data is spread out over many different keys and will take longer to collect, but also reduces the traffic per key. Although not officially ratified, the 802.11i committee has adopted 802.1x as part of its security solution, expected to be confirmed by the end of 2004.

Microsoft launched Windows XP with native support for 802.1x in early 2001, allowing users to connect using their existing Windows password. WLAN vendors such as 3Com, Cisco, Enterasys Networks, Proxim, Intermec and Symbol Technologies and PC makers like HP, IBM and Dell--as well as chipmakers Intel and Intersil--are also supporting 802.1x in their equipment.  (Cisco has gone a step further with LEAP. Although Microsoft uses Cisco equipment in its WLAN network, it has not deployed LEAP and is satisfied with 802.1x.) Intersil has actually released a client software extending 802.1x to pre-XP Windows operating systems. 802.1x can also be used on any Ethernet-based network.

802.1x uses the EAP (Extensible Authentication Protocol) for both wired and wireless LAN media. There are several EAP authentication algorithms in 802.1x. WEP supports only one-way authentication in that an access point will authenticate a user, but not the other way around, thus creating the possibility of rogue and unauthorized APs. Those 802.1x algorithms that support mutual authentication (and are IETF RFCs) are EAP-Transport Layer Security (TLS) and EAP-Tunneled TLS (TTLS) developed by Funk Software and Certicom. With mutual authentication, the user also authenticates an access point which can subsequently be disabled if deemed unauthorized. EAP-TLS requires each user to have a certificate, whereas EAP-TTLS requires a certificate only for RADIUS servers. User certificates can become complex to manage since a certificate authority would be necessary to manage the certificates.

There are also vendor-proprietary versions of EAP including Cisco's Lightweight EAP (LEAP). (According to one industry expert, there are 13 Extensible Authentication Protocol derivatives in the IETF RFC process.)  A new algorithm, currently an Internet Draft protocol, is Protected EAP (PEAP), developed by Microsoft, Cisco and RSA Security, which automatically (rather than manually) encrypts the payload between the EAP peer and the backend server within a TLS channel. Since the software supporting each type of EAP resides on the authentication server and on client devices, users can update EAP authentication methods with the advent of new ones and as their security requirements change.

The process of 802.1x authentication starts with a client device attempting to authenticate and connect with an 802.11 access point. The access point sends an EAP identity request, and the client device responds with an identity packet. The access point transmits the information to an authentication server (such as RADIUS) located on the wired side of the network. If a vendor supports 802.1x in its access point and since the framework supports a multitude of authentication methods including secure token cards, Kerberos, one-time passwords, certificates, and public keys, the authentication server can use any one of these to verify the client's identity, even if the NIC card belongs to another vendor. The authentication server will either send an 'accept' or 'reject' message to the access point, along with session keys if configured to implement dynamic key exchange.

The access point sends an EAP-success or reject packet to the client, and immediately after builds, encrypts and sends an EAP key message using the session keys from the authentication server. With 802.1x, the client can then use contents of the key message to define its encryption keys as well as dynamically change those keys as often as necessary to reduce the possibility of hacking.

For more information on other areas of the WLAN market, please refer to eTinium's study on Seamless Mobility: The Marriage of 3G and Wi-Fi.

Goli Ameri is the President of eTinium, Inc., a telecom consulting and market research company specializing in wireless and switching technologies.  She can be reached at gameri@etinium.net or (503) 968-8437.