The myth of wireless insecurity

By | December 7, 2005

With WPA, these steps are unnecessary. Here´s why. Firstly, WPA, in enterprise mode specifies the use of IEEE 802.1x for authentication. When 802.1x is enabled, unauthorised users simply cannot gain access to the network. 802.1x offers a wide variety of authentication mechanisms, including not only simple passwords but also very strong authentication mechanisms such as digital certificates and one-time passwords. If a user does not belong on a wireless network, they will be denied access.

More significantly, the high-profile weaknesses exposed in WEP have since been rectified. This time, the WPA working group enjoyed the benefit of qualified cryptographers on its team. Many improvements were incorporated, including the secure distribution of a “master key” using 802.1x and the introduction of key derivation. The key used for encryption is never used directly, but rather derived in a secure way from the master key.

The WPA working group was determined to make its point. It introduced 128-bit encryption key length as standard, and established rules for the use of an Initialisation Vector (or IV) in order to prevent weak IVs from being used.

The concept of per-packet keys was born. No two packets use the same key – instead a unique key is computed for each packet. The new system would also make use of mutual authentication. The access point must authenticate the client, but the client must also authenticate the access point, providing a further line of defence against “man in the middle” attacks with rogue wireless access points.

As a result, attacks that work on WEP have no effect on WPA.

Better than SSL?

It would be helpful to compare and contrast this with SSL. SSL uses public key encryption to carry a shared symmetric key. Server to client authentication is achieved with a digital certificate presented from the server to the client. Client to server authentication is typically performed with username and password once a secure channel has been established.

The bulk session data itself is protected with a shared symmetric key, generated by the client and transmitted to the server using asymmetric encryption. The encryption algorithm used may be the same as that used with WPA – RC4. Moreover, the lifetime of the key matches the duration of the SSL session.

With WPA, the mechanism for initial key exchange is much the same as with SSL, using a secure channel implemented as part of the 802.1x protocol. This keying information is not used directly for data encryption. Instead, per packet keys are employed. This ensures that WPA is almost impossible to crack and to date WPA is yet to exhibit any weaknesses.

WPA is as secure as SSL. Wireless 802.11 networks received a bad reputation due to WEP, but perception lags reality and wireless networks are proving this again. At a corporate level, WPA should be recognised as secure. It is time for perception to catch up with reality.

Leave a Reply