The face of computing is being changed by innovations in wireless technology. For example, users are no longer bound to the traditional "wires" that made up their computing environment. Thanks to technologies like Wireless Local Area Networks (WLANs), handheld computing devices and mobile phones can be connected. Users can now achieve anytime, anywhere access to critical business resources and applications. The result is increased productivity and a corresponding rise in opportunities for both businesses and consumers.

While providing all of their advantages, however, wireless networks also invite risk. The wireless world is an anonymous environment. It exists without boundaries and proper security measures. As a result, almost anyone can access virtually anything (FIG. 1). This article looks at the security issues that impact wireless technology. Specifically, it focuses on the unique challenges of securing 802.11 wireless LANs and communication at the transport level. That level resides between wireless devices and Internet services.

SECURE THE NETWORK LAYER
In today's fast-paced electronic age, 802.11b-based WLAN technology has become widespread. According to a research report commissioned by RSA Security, the city of London alone has seen the number of business-deployed wireless networks grow 300% in the past year. In the United States, well-known companies like UPS, FedEx, and General Motors use WLANs to give customers and employees more mobility and access to real-time information. This growth will continue because WLAN technology offers what the market wants: cheap and easy wireless bandwidth (FIG. 2).

Yet many business and private WLANs are deployed using default settings with no security in place. Anyone with an 802.11b wireless card can easily access such networks. Even when security settings are turned on, WLANs may remain vulnerable. The lack of privacy in the network traces back to a broken encryption protocol called the Wired Equivalency Protocol (WEP). This protocol has an important function: It outlines a way to encrypt the data packets that travel over IEEE 802.11 networks. Unfortunately, WEP has some flaws. Those flaws severely weakened the security that it was supposed to offer.

WEP encryption is based on a symmetric stream cipher (RC4). As is true for all stream ciphers, it's important that each packet have a different WEP secret key. The WEP standard specified the use of different keys for different data packets, which is a very good idea. This approach relied on the use of so-called initialization vectors (IVs). Originally, these IVs were intended to be unique for each packet. But the space of possible vectors was too small to avoid duplications. As a result, the IVs had to be reused. When an IV is reused, an attacker will yield the plain text.

WEP faced another problem in the manner by which the IV was combined with the base key. When combined with the characteristics of RC4, that approach lends itself to an attack. As described by Fluhrer, Mantini, and Shamir (FMS), the base secret key may be discovered under certain circumstances. Once the shared secret is discovered, a malicious attacker could go back and decrypt the data packets that were being passed along the exposed network.

Clearly, the vulnerabilities in WEP can be traced back to numerous problems. Among them are the limitations of the 24-b initialization vector and the absence of a cryptographic checksum. Another issue is the FMS weakness. This defect is created by the way that the packet encryption keys are derived from the initialization vector.

Back when this protocol's flaws were discovered, it was like a dam bursting. Free tools like AirSnort and WEPCrack appeared as scripts on the Internet. Anyone could use them to attack WEP. Using the FMS attack, the AirSnort authors claimed that their code could decipher WEP keys after gathering information from just 2000 packets with "weak" keys. They estimated that out of 16 million keys that were generated using 128-b WEP encryption, 3000 were typically weak. Network sniffers, such as AirSnort, analyzed the "weak" keys to discover the shared secret between wireless clients and access points. Once that shared secret was discovered, a malicious attacker could access the WLAN network. The attacker could then go back and decrypt the data packets that he or she "sniffed" off the exposed network.

In 2001, RSA Security and Hifn announced a new technology: fast packet keying. It was designed to fix the key derivation problem in the broken WEP standard. This technology took the first step toward enabling 802.11 vendors to create a software patch. This patch could be applied to update the WLAN products that were already being used by their end users. Going forward, the currently known WEP security vulnerabilities may be addressed by Wi-Fi Protected Access (WPA). This emerging security protocol is intended to be available as a firmware upgrade to existing devices.

Unfortunately, the list of WLAN security issues doesn't end with the problems of WAP. Although it was largely ignored early on, the secure authentication of users who are connecting to WLAN access points will prove just as important (FIG. 3). For enterprise users, this issue can prove quite aggravating. After all, they need to re-authenticate if they move from one end of the building to another. For the operators who want to bill their customers for WLAN service, however, it's a little more serious. The WLAN "hot spots" that are beginning to sprout up for public Internet access can be a good source of operator revenue. Before the operators can bill customers for the service, however, they need to know who those customers are and when they're using the services. To obtain this knowledge, certain authentication factors must be considered:

• A universal standard is needed that allows any authentication system (PINs, passcodes, digital certificates, tokens, or smart cards) to interoperate with any WLAN access points.
• To negotiate an authentication based on this standard, devices (PDAs, mobile phones, and laptops) must be able to understand the authentication mechanisms.
• The WLAN network must authenticate users "behind the scenes" as they roam from access point to access point. This authentication must be done without the users knowing that their digital credentials are being challenged and approved somewhere in cyberspace.