首 页 本刊概况 出 版 人 发行统计 在线订阅 欢迎投稿 市场分析 1 组织交流 1 关于我们
 
1
   通信短波
1
   新品之窗
1
   优秀论文
1
   通信趋势
1
   特别企划
1
   运营商动态
1
   技术前沿
1
   市场聚焦
1
   通信视点
1
   信息化论坛
1
当前位置:首页 > 优秀论文
Security procedures in wireless networks
作者:College of Information & Manag
来源:不详
更新时间:2009/9/19 19:21:00
正文:

I. INTRODUCTION
Security has become a very important aspect in current wireless networks. In the paper, we will focus on the Wired Equivalent Privacy (WEP) security mechanisms and 802.11i security procedures. Moreover, the weaknesses of WEP security procedures and 802.11i security procedures also will be mentioned in the article. Finally, we will introduce Wi-Fi Protected Access (WPA), a standards-based security mechanism that can eliminate most of 802.11 security problems and based on the current state of the 802.11i standard.

II. Security in IEEE802.11
Nowadays, wireless network has been widely used in our daily communication. Data frames can be transmitted by radio waves to the wireless base stations and hosts beyond the geographic limitation. However, a lot of wireless networks do not utilize the security mechanisms in the original 802.11 standard. The question of security in 802.11 has attracted large attention in both technical circles and in the media. [1] Following, we will discuss the security mechanisms Wired Equivalent Privacy (WEP) standardized in the 802.11 specifications. WEP provide a similar security level with wired networks. It is an encryption standard used in the MAC Layer. We’ll then discuss a few of the security weaknesses in WEP. After that, we will focus on the 802.11i standard, a more secure version of 802.11 security procedures which be adopted in 2004. Similarly, the weaknesses of 802.11i standard also need be mentioned in the following discussion.

III. Wired Equivalent Privacy (WEP)
The security of a wireless LAN is very important. For example, networks transmitting credit card numbers for verification or storing sensitive information both need high security mechanism. The IEEE 802.11 WEP protocol provides authentication and data encryption between a host and a wireless access point using a symmetric shared key approach. [1]
Authentication is a process of proving one’s identity to someone else. [1] The authentication protocol used in WEP is Authentication Protocol ap4.0. It use different encrypted password in each time connection to avoiding other client use playback attack. We can assume that two hosts named Alice and Bob communication each other. They will agree on a sequence of passwords or on an algorithm for generating passwords and use each password once in one time communication. In the step, we will use the word of “nonce”. The definition of nonce is: A nonce is a number that a protocol will use only once in a lifetime. That is, if once a protocol uses a nonce, it will never use that number again. In this way, every time communication can use different password to authenticate the connected host’s identity. The ap4.0 protocol uses a nonce as follows. We still use Alice as the sender and Bob as receiver in a communication.
1. Alice send a message “I am Alice” to Bob.
2. Bob choose a nonce “R” and send the nonce to Alice.
3. Alice will encrypt the nonce “R” using the symmetric secret key, , which known by both Alice and Bob. And then, Alice will send the encrypted nonce to Bob. means the nonce “R” is encrypted by using the symmetric secret key . Because the is known by both Alice and Bob, Alice can use to encrypt a value to let Bob known the message he receives was generated by Alice. This can ensure Bob know Alice transmit the message to him and Alice is live. This is the key method to prevent the playback attack.
4. Bob decrypt the received message because he known the secret key, . He can decrypt the nonce “R” from . If the decrypted nonce equals the nonce he sent to Alice before, Alice can be authenticated. The process “R” be encrypted and decrypted and transmit each other just for identify the Alice.
WEP just use such similar mechanism to identify the clients’ authentication. There are four main steps in WEP:
1. A wireless host (just like Alice) requests authentication by an access point.
2. The access point (just like Bob) responds to the authentication request with a 128-byte nonce value.
3. The wireless host encrypts the nonce using the symmetric key that it shares with the access point.
4. The access point decrypts the host-encrypted nonce.
If the decrypted nonce matches the nonce value firstly sent by access point, then the host will be authenticated by the access point.
However, the WEP has a much more complex secret key than the ap4.0 protocol. In WEP, a 40-bit symmetric secret key, we name it , will be known by both a host and the access point in a wireless network. Moreover, the 40-bit secret key will append a 24-bit Initialization Vector (IV) to build a 64-bit key. [1] The key will be a single frame. The Initialization Vector (IV) will change frame to another frame, so each frame will be encrypted by a different secret key.
The process of encryption will be operated as follows. The frame consist four bytes CRC which is computed for the data payload. Then, the payload and the four byte CRC value will be encrypted using RC4 stream cipher. [1] Using RC4 stream cipher, we can produce a group of 64-bit key value. Then, these keys will be used to encrypt the frame which built by payload and CRC value. The encryption is operated by XOR-ing the ith byte of data with the ith key. That means the number i data frame will be encrypted by the ith key , which composed by 40-bit secret key plus 20-bit frequently changed IV. Using the stream of 64-bit key value, we can calculate the ith encrypted data frame, we can name it the ith ciphertext .

The IV values will change from one frame to next one. The IV value will be included in the header of each WEP-encrypted 802.11 frame as shown in Figure1.


Figure1 the structure of WEP-encrypted 802.11 frame
The receiver also can get the 40-bit symmetric key. Plus the 40-bit symmetric key and 20-bit IV, the 64-bit key can be obtained to decrypt the received encrypted data frame. The resulting 64-bit key is same with the key used to encrypt the data frame by sender. The decrypt process is same with encrypt process. We just need do the XOR operation to the ith byte of data with the ith key.

Using RC4 algorithm need the different 64-bit key values be used in. we can not use the same key value twice because the WEP key will changes frame by frame. However, the 40-bit symmetric key rarely changes. So, we just can change 24-bit IV value. That means we just own different key value. So, after a lot of frame transmitted, we will have high possibility using same key value. The phenomenon named IV Collisions. Moreover, the IV values are transmitted in the frame header, sometimes; an eavesdropper will know the IV value after the frame be transmitted. Maybe after not too long time, all of IV values will be transmitted throw network. The eavesdropper will know all the IV value after enough frames are transmitted. That means the WEP still has many weaknesses.

IV. The weaknesses of WEP
As we known, WEP still has its weaknesses except IV Collisions. Intruders still can attack the communication through several methods.
Firstly, when a duplicated key is used, these key values maybe can be calculated by another client. In the step, we also use the example that Alice transmits the data to Bob. Moreover, we can assume another client Trudy is an intruder. Trudy wants to attack the communication between Alice and Bob. He can send a HTTP or FTP request to Alice to transmit a file packet. The content of the file packet is known by Trudy as because these data comes from Trudy. Also, the plain text payload of the packet would be known by Trudy. He could identify the packet by forcing an unusual packet size. Alice will encrypt the each data frame to using the symmetric secret key, after received and transmit these data back to Trudy. The encrypt algorithm is known as . Although Alice can use different secret key to encrypt different data frame , the Trudy still can use algorithm to calculate the secret key for each data frame which he sent to Alice. That means a hacker with the proper equipment and tools can collect and analyze enough data to recover the shared encryption key.
Secondly, Message Injection is still a hole of WEP. Once a key stream is known, a new message can be constructed by taking the new contents and encrypt it with the known key stream to create a forged cipher text. Moreover, the 802.11 standard does not require the IV must be changed for each data packet, each host in wireless network will accept repeat IVs. [3] These IV values may be reconstructed by illegal clients. Such as in last example, Trudy can use the key stream which he calculates out to send some spurious messages to Bob.
Thirdly, WEP use RC4 stream cipher for encrypting data. The weakness of RC4 can be used to attack the WEP wireless network.
Finally, as discussed before, WEP contain CRC bits and transmit them in the 802.11 frame to detect wrong bit in the payload. However, some attacker can change the encrypted content in the data frame such as substituting gibberish for the original encrypted data [4] to compute a CRC value over the changed data. Then, they can put the CRC in a WEP frame to make an 802.11 data frame. The frame will also be accepted by the receiver.
Except these several methods, there are still many other methods to used to attack WEP by attackers, such as Authentication Spoofing [3], Cracking WEP Keys [3] and Brute Force Attacks [3] etc.. All of these methods can be used because the WEP using ap4.0 as authentication protocol and RC4 stream cipher. Obviously, all 802.11a, b, and g devices support WEP encryption which has had flaws. [6] They can provide satisfied data security guarantee and some new protocols need be used. In recently years, a new and improved version of 802.11 with stronger security mechanisms was developed by IEEE802.11. This is known as 802.11i security protocol.
V. 802.11i security protocol
802.11i security protocol is a very new protocol which be approved in early 2004. [1] As shown in last part, WEP has a lot of weaknesses and easy be attacked successful. WEP just can provide poor encryption, one method to do authentication and no key-distribution mechanisms. [1] These weaknesses largely limit the using of WEP. In common, a good attacker can enter a WEP security protocol network in no more than 15 minutes. To satisfied the continues creasing security request for wireless network clients, the IEEE802.11i work group take up with a new security standard named IEEE 802.11i.
The 802.11i security protocol can remedy these shortages of WEP and provide much stronger encrypted method, an extensible authentication mechanisms and a nuclear distribution mechanism. [1] 802.11i use 802.1x to provide user authentication and secret key’s management. In aspect of data encryption, 802.11i defines TKIP(Temporal Key Integrity Protocol), CCMP(Counter-Mode/CBC-MAC Protocol)and WRAP(Wireless Robust Authenticated Protocol)three types encryption mechanism. Thereinto, TLIP still use RC4 as nuclear encryption arithmetic, so we just update the software in existing equipments to make WLAN security stronger. CCMP base on the AES(Advanced Encryption Standard)and CCM(Counter-Mode/CBC-MAC), it largely boost up wireless network’s security. However, CCMP can not update from existing equipments directly. WRAP mechanism base on AES encryption arithmetic and OCB(Offset Codebook), it is a type of optional encryption mechanism.
Firstly, we can use figure2 introduce the 802.11i framework.






Figure2 802.11i framework
From figure2, we can see, compare with WEP, except for the client station and access point, one separated authentication server which connected with access point through wired network is set in 802.11i. The authentication server can be connected by more than one access points because it is a separated server. To keep access point has low costs and complexity, 802.11i use one single authentication server to manage all the tasks about clients’ authentication and distributing access to client in the central of network.
Secondly, we can focus on how 802.11i work. There are four main steps in 802.11i operation:
1. Discovery each other.
The discovery process happens between access point and wireless client node. In discovery step, the access point will tell wireless client node its presence and what kind of authentication and encryption that can provide to client. Then, the client gives a response to access point to express what kind of authentication and encryption it want. In the step, the access point and wireless client node just discover each other. The client neither be authenticated nor get an encryption key. So, in the step, client still can not communicate with any other remote host through wireless channel.
2. Mutual Authentication and Master Key Generation
In the step, wireless client can be authenticated by authentication server. The process of authentication takes place between client and authentication server directly and the responsibility of access point just is forwarding message between client and authentication server in the step. The Extensible Authentication Protocol (EAP) will be used in the step. “The EAP defines the end to end message formats used in a simple request/response mode of interaction between client and authentication server.” [1] With EAP, authentication server can use several methods to perform authentication. The EAP-TLS authentication scheme is often used because 802.11i does not dictate any particular authentication method. EAP-TLS uses public key technology just like the technology used in WEP. The method allows the client and authentication server to authenticate each other by encrypt the message and decrypt the message using public key they both known. If the data value which encrypted by client match the data value which decrypted by authentication server, the client and authentication server can authenticate each other. The public key known by each part can be named Master Key. Note that, in the step, access point still does not authenticate with client.
3. Pairwise Master Key (PMK)
Except MK which is known just by the client and authentication server, Pairwise Master Key (PMK) also be used by client and access point to authenticated each other. Pairwise Master Key (PMK) is generated by MK. The authentication server firstly sends PMK to the access point. The assess point and client then will share the key and they can used the key authenticated each other. That process can be described like the access point will use PMK authenticated with client each other after client and authentication server authenticated each other use MK. The process between assess point and client same with WEP. They will share secret key PMK using EAP exchange. Therefore, the PMK generated for access point authenticate with client. However, 802.11i provide more authentication mechanism except using PMK. In 802.11i, just using PMK, client and access point still can not authenticate each other. We can think PMK just for generate new secret key for authentication.
4. Temporal Key (TK) Generation
Using PMK, the wireless client and access point can generate more keys used in communication include Temporal Key (TK). TK will be used to operate the link-level data encryption over the wireless channel to a remote host. [1] There are two types of TK be generated. One is Pairwise Transient Key (PTK), another one is Group Temporal Key (GTK). We can connect PMK, access point nonce, client nonce, access point MAC address and client MAC address together and then editing then through a cryptographic hash function to get PTK. [6] Using PTK, we can produce the Group Temporal Key (GTK). The GTK used to decrypt multicast and broadcast traffic. In the step, access point will sent the GTK and a sequence number together to client. The sequence number is sent for the next multicast or broadcast frame. That means the access point informs next time GTK to client, the client will know the GTK for next time. After client receives GTK, because the client had been informed this time GTK, so it can send a confirmation to the access point. The entire authentication process finishes at the time. [7]
Because GTK is a temporal key, it can change frequently. It is difficult for attacker to interpret it. Moreover, the GTK just send to a group of clients judge by authentication server and four level secret key is produced for authentication in 802.11i, so, it is no doubt that 802.11i can provide much stronger security ability than WEP.
However, 802.11i still in developing and can not deployed immediately. It can not satisfy the strong request for WLAN security of market. As a transitional security protocol between WEP and 802.11i, Wi-Fi Protected Access (WPA) security protocol was established by Wi-Fi Alliance and IEEE recently.

VI. Wi-Fi Protected Access (WPA) security suite
Wi-Fi Protected Access is a very new protocol based on the 802.11i standard which still on developing. So, it ensures WPA is compatible with 802.11i which will be deployed in the future. Compare with WEP, WPA can provide much stronger data encryption, which was weak in WEP. It also can provide user authentication, which was largely missing in WEP. [5] As an advanced protocol, WPA can perform open wireless LAN security in public areas and universities. [4] After properly installed, WPA can provide wireless LAN users with a high level of assurance that their data will protected and that only authorized clients can access the network. [5]. There are two main security enhancements used in WPA. First one is enhanced data encryption through TKIP and second one is enterprise-level user authentication via 802.1x and EAP.
1. Enhanced Data Encryption through TKIP
To improve data encryption, Temporal Key Integrity Protocol (TKIP) is used in Wi-Fi Protected Access. TKIP provides several important new progress in data encryption including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. [5] Through these methods, TKIP can nearly recovery all known vulnerabilities in WEP.
2. Enterprise-level User Authentication via 802.1x and EAP
WEP has almost no user authentication mechanism. Oppositely, WPA uses both 802.1x and the Extensible Authentication Protocol (EAP) to provide stronger user authentication. Just like 802.11i, WPA uses a central authentication server to authenticate each user on the network before they join it. Moreover, WPA also use mutual authentication provide to wireless client a safer network environment [6].
Now, we know the WPA use TKIP, 802.1x and EAP to implement the access control, secret key management and data encryption. 802.1x is an access control standard based on the port. Any client want to access wireless network through port need be authenticated to get authorization if the network uses 802.1x. The TKIP not only uses CR4 arithmetic same with WEP, but also import four new arithmetic except CR4. These are: Extended 48-bit Initialization Vector (IV) and new IV Sequencing Rules, per-packet key construction, Message Integrity Code and re-keying mechanism. One more thing is IEEE does not view TKIP as a long-term solution for wireless network security. Similarly, although the WPA can provide stronger data protection, Wi-Fi Alliance still acknowledges it just an occasional and transitional scheme.

VII. The weaknesses of 802.11i
802.11i is a advanced security mechanisms for wireless network to replace Wired Equivalent Privacy (WEP). However, 802.11i still in developing and does not be deployed indeed until today. And that, WEP have been discovered strict security weaknesses for today’s attacker. Because this, IEEE and Wi-Fi Alliance had to make an intermediate solution WPA to meet the weaknesses of WEP. Moreover, 802.11i uses the Advanced Encryption Standard (AES) block cipher and WEP uses the RC4 stream cipher. Moreover, 802.11i need use more hardware equipments in wireless network compare with WEP (add an authentication server). Because today’s most of wireless network use WEP, it different to replace the WEP using 802.11i because you not only need update software, but also need update your hardware equipments.

VIII. Conclusion
In the paper we firstly discuss the Wired Equivalent Privacy security protocol used in wireless network widely. However, WEP is vulnerable because of short IVs and static keys. Following, we focus on 802.11i security specification which is developed by the IEEE. 802.11i can provide much stronger data protection and has perfect encryption mechanism. However, the security mechanism still in developing and it can not be deployed at once. It is opposite with today’s strong request to WLAN security. As a transitional security protocol between WEP and 802.11i, Wi-Fi Protected Access (WPA) security protocol was established. WPA not only can provide much stronger security character than WEP, but also has high compatibility with 802.11i because it comes from 802.11i protocol. From it, clients can change to 802.11i quickly.

Reference
[1] J. F. Kurose and K.W.Ross, (2005) Computer Network. 3rd ed. PEARSON Addison Wesley
[2] Jim Geier, (06/20/2002) 802.11 WEP: Concepts and Vulnerability
[3] Lee Barken, (12/23/2003) WEP Vulnerabilities—Wired Equivalent Privacy
[4] Jim Geier, (03/31/2003) WPA plugs holes in WEP. Network World
[5] Lisa Grantham and Edelman, (03/23/2005) Wi-Fi Protected Access
[6] Eric Griffith, (06/25/2004) 802.11i Security Specification Finalized
[7] Wikipedia, (2005) IEEE 802.11i
[8] Larry L. Peterson and Bruces S. Davie, (2003) Computer Network. 3rd ed


Address of the Author: No 95, Wenhua Road, College of Information & Management Science, Henan Agricultural University,
Zhengzhou City, Henan Province, P.R.China

郑光,于1980年2月出生于河南省郑州市,于2003年毕业于西安理工大学电子信息专业。同年9月进入河南农业大学信息与管理科学学院任教。于2005年9月进入澳大利亚Wollongong大学深造并取因特网技术专业硕士。现为河南农业大学信息与管理科学学院计算机科学专业教师。

 
 
   
《通信市场》 中国·北京·复兴路49号通信市场(100036) 点击查看具体位置
电话:86-10-6820 7724, 6820 7726
京ICP备05037146号-8
建议使用 Microsoft IE4.0 以上版本 800*600浏览 如果您有什么建议和意见请与管理员联系