For several years now, the primary security mechanism used between wireless access points and wireless clients has been WEP encryption. The problem is that although WEP encryption strength has increased a few times since Wi-Fi was introduced, the WEP protocol is still fundamentally weak because it uses a static encryption key. As a result, motivated attackers can easily crack WEP encryption by using freely available hacking tools.
Fortunately, some standard alternatives to WEP are emerging. The Institute of Electrical and Electronics Engineers (IEEE) has defined an expansion to the 802.11 protocol that will allow for increased security. Unfortunately, the standard is presently in draft form and isn't expected to be ratified until the end of 2003. In the meantime, though, most of the Wi-Fi manufacturers have agreed to use a temporary standard for enhanced security called Wi-Fi Protected Access (WPA). Although WPA is a temporary protocol and isn't recognized by IEEE, it is very similar to the revised IEEE standard expected by the end of the year. Therefore, administrators that manage wireless LANs should become familiar with WPA.
If you have been using Wi-Fi for a while, you are probably familiar with the 802.1X authentication protocol. This protocol allows users to authenticate into a wireless network by means of a RADIUS Server. In standard Wi-Fi, 802.1X authentication is optional. However, 802.1X authentication is a requirement for WPA.
If your environment does not have a RADIUS server in place, you can still use WPA in spite of the 802.1X requirement. As an alternative to RADIUS, WPA supports the use of a preshared key.
WPA key management
One of the biggest drawbacks to traditional WEP security is that changing the encryption key is optional. Even if you do switch encryption keys from time to time, there is no option for globally rekeying all access points and all wireless NICs. Instead, rekeying is a tedious manual process and is completely impractical for large organizations. After all, the instant you rekey an access point, none of the clients will be able to access it until they are also rekeyed.
But with WPA, the rekeying of global encryption keys is required. In the case of unicast traffic, the encryption key is changed after every frame using Temporary Key Integrity Protocol (TKIP). This protocol allows key changes to occur on a frame by frame basis and to be automatically synchronized between the access point and the wireless client. Global rekeying works by advertising the new keys to wireless clients.
The TKIP is really the heart and soul of WPA security. TKIP replaces WEP encryption. And although WEP is optional in standard Wi-Fi, TKIP is required in WPA. The TKIP encryption algorithm is stronger than the one used by WEP but works by using the same hardware-based calculation mechanisms WEP uses.
The TKIP protocol actually has several functions. First, it determines which encryption keys will be used and then verifies the client's security configuration. Second, it is responsible for changing the unicast encryption key for each frame. Finally, TKIP sets a unique starting key for each authenticated client that is using a preshared key.
Checksums and replay protection
When WEP was initially designed, IEEE took steps to ensure that an encrypted packet could not be tampered with. WEP-encrypted packets include a checksum value at the end of the packet. This value is a 32-bit code that is derived from the rest of the packet. The idea is that if something in the packet's payload changes, the checksum will not match the packet any longer and the packet can be assumed to be corrupt. This 32-bit code is called the Integrity Check Value (ICV).
Although ICV is a good idea, it just isn't secure. There are hacker tools that allow someone to modify a WEP-encrypted packet and to modify the ICV as well. By modifying the ICV to match the modified payload, the receiver will be unable to tell that the packet has been tampered with.
To counteract this type of hacking, WPA supports a security measure called Michael. Michael works similarly to ICV but calculates a Message Integrity Code (MIC) in addition to the ICV. The wireless devices calculate the MIC using the same mechanisms they would normally use to calculate the ICV.
The first major difference is that the MIC is only eight bits, as opposed to the ICV's 32 bits. WPA still uses an ICV in the same way that WEP does, but the MIC is inserted between the data portion of the frame and the ICV.
The MIC has two main purposes. First, it is encrypted along with the rest of the frame and makes it much more difficult to tamper with a frame's data. Second, the MIC contains a frame counter. This prevents someone from launching a wireless replay attack.
To take advantage of WPA, you must have adequate hardware and software. From a hardware standpoint, this means only that your wireless access points and your wireless NICs must recognize the WPA standard. Unfortunately, most hardware manufacturers won't support WPA through a firmware upgrade, so you may find yourself forced to buy new wireless hardware if you want to use WPA.
From a software standpoint, none of the Windows operating systems will support WPA by themselves. Windows machines with WPA-compliant hardware can use WPA, but only after you have installed the WPA client. The WPA client will work only for machines running Windows Server 2003 and Windows XP. You can download the necessary client from Microsoft.
Mix and match
Obviously, switching wireless hardware and implementing WPA can be a big undertaking. Fortunately, it isn't something you have to do all at once. Wireless access points can support WPA and WEP at the same time. This allows for a gradual transition into WPA.
The only thing you need to know about mixing WEP and WPA is that doing so prevents the global encryption key from being automatically rekeyed. Remember that WEP clients do not support automatic rekeying. To prevent key recognition problems, automatic rekeying is initiated by the access point only when no clients are running WEP. However, all of the other WPA security measures will work during the transition period.
As you look ahead to future WLAN deployments, keep in mind that you will probably want to change your security methods to encompass WPA and/or the similar set of security standards that is forthcoming from the IEEE.