Table of Contents
Advertisement
Chapter 3
Security
3
Security
Introduction
One of the major drawbacks of implementing a WLAN is the security issue. Finding wireless networks is easy.
It is a requirement for wireless access points to announce themselves to the world. 802.11 beacon frames,
used to broadcast network parameters, are sent unencrypted. Any station within the range of the radio
frequencies transmitted by the access point can access the wireless network and can process data
transmitted on the network.
Security must be fulfilled at two levels:
>
Deciding who (or what) can access the network. This requirement is met by authentication mechanisms.
>
Providing privacy for the data. This requirement is met by encryption algorithms.
Authentication mechanisms
The following early authentication mechanisms are not specified in the 802.11 standard, but are supported by
most vendors:
>
Disabling SSID broadcasting
>
MAC address filtering
The 802.11 standard specifies two mechanisms for the authentication of wireless stations:
>
Open
authentication: any wireless station can request authentication. The station that needs to
authenticate with another wireless station sends an authentication management frame that contains the
identity of the sending station. The access point grants all requests for authentication. Open
authentication allows network access to all stations. If no encryption is enabled on the network, all
stations that know the SSID of the access point can gain access to the network.
>
Shared key
secure channel that is independent from the 802.11 wireless network communications channel. This
authentication scheme is only available if the Wired Equivalent Privacy (WEP) option is implemented.
In response to the weaknesses of the mechanisms specified in the 802.11 standard, other authentication
mechanisms were developed:
>
Authentication mechanisms using
>
Wi-Fi Protected Access Pre-Shared Key (WPA-PSK)
Encryption algorithms
The 802.11 standard provides data privacy with the Wired Equivalent Privacy (WEP) encryption algorithm.
Different WEP implementations exist:
>
Static WEP
>
Dynamic WEP
The encryption algorithm used by WPA is:
>
Temporal Key Integrity Protocol (TKIP)
WPA is a subset of the new security standard 802.11i or WPA2. This standard introduces new encryption
algorithms:
>
Advanced Encryption Standard (AES)- Counter mode with Cipher block chaining Message
authentication code Protocol (CCMP)
E-DOC-CTC-20060609-0001 v2.0
authentication: each wireless station is assumed to have received a secret shared key over a
802.1x: a.o. RADIUS and EAP.
25
Hide quick links:
Advertisement
Table of Contents
