WLAN (Wireless LAN) Whitepaper 
(c) by Josh Glenn 
M: bleep@union.org.za




------------------------------
Executive Summary

Organizations are eager to migrate to wireless LANs (WLANs). Users want the any-time/anywhere network access WLANs provide; administrators can't resist the
easy, flexible installation and demonstrate long-term savings. New technologies
enabling WLANs to operate at Ethernet speed have only intensified demand.

However, security has been a challenge for wireless equipment manufacturers, and
consequently a barrier to widespread WLAN adoption. It hasn't helped that an
early implementation of the most recent de facto WLAN security standard, WEP,
was a spectacular public failure; one team of academics provided how a WEP WLAN
might be infiltrated - and the network server compromised - in just 15 minutes.

The latest WLAN specification, 802.1x, provides a roadmap for implementing improved WLAN security. Not surprisingly, an authentication server - long a cornerstone of remote access security - plays a pivotal role in securing an 802.1x WLAN.
And, new 802.1 x security mehtods provide strong authentication and data privacy
techniques to fully secure WLAN access. This paper:

  * Outlines the specific issues which characterize WLAN security, and describes    how 802.1x addresses them

  * Describes the role of an authentication server and 802.1x security methods      in securing WLANs 

  * Demonstrates some tools out in the wild that are available for use on WLANs 




-----------------------------
The Benefits and Drawbacks of
Wireless LANs

The demand for WLAN access has surged dramatically over the past year. Users are
clamoring for WLAN access because it allows them to access their network and the
Internet from anywhere in the workplace, without having to "plug in. " Administrators are attracted to WLANs because they're easier to install (no cable to pull
through walls and ceilings), they're flexible (they can be installed in places
that wired LANs can't, and don't require rewiring when seating or office plans
change), and, in part owing to this flexibility, they're less expensive to
maintain over the long-term.

For these reasons, experts expect the WLAN market to grow steadily, even in the
face of an economic downturn. Cahners projects that WLAN revenues will grow to
$4.6 billion by 2005; WLANs have already made significant penetration into
the education, hospitality, healthcare and financial industries, and continuallydecreasing equpment prices should help drive adoption in other industries. Even
owners of public meeting places - now known in the industry as hotspots are trying to get into the act. Coffee shops, airline lounges and libraries are just a 
few of the venues offering WLAN access to their patrons, enabling their customers to make better use of what used to be mandatory unconnected time. 




------------------------------
WLAN Architecture and Security
Challenges

As with any technology shift, migrating users to WLANs has its drawbacks. The
initial investment in hardware may be significant and somewhat irksome:
Organizations will have to deploy multiple wireless access points, and outfit
every user with wireless network cards when most will already have perfectly
good NIC cards for the wired LAN.

But the cheif concern in migrating to WLAN access is security. Physical wires
turn out to be one of the primary obstacles to attackers looking to hack their
way onto a LAN. it's unlikely that a stranger plugging into a corporate network
would go un-challenged, either by network security that's already in place, or by surrounding workers.

On a WLAN, of course this obstacle disappears. Instead user credentials and dataare broadcast from both the client and the wireless access point (AP) in a radius which may reach 300 feet or more.

Of course, the fact that data is being broadcast via radio waves rather than 
transmitted over a wire introduces security challenges namely:

  * How can you prevent user credentials from being hijacked during authenti-
    cation negotiation?

  * Once authentication is complete, how can you protect the privacy of the
    data being transmitted between client and access point?

  * How can you make sure the authorized user connects to the right network?

We'll discuss each of these challenges in turn.


Authentication

Most password-based protocols in use today rely on a hash of the password with
a random challenge. Thus, the server issues a challenge, the client hashes
that challenge with the password and forwards a response to the server, and the
server validates that response against the user's password retrieved from its
database. This general approach describes CHAP, MS-CHAP, MS-CHAP-V2, EAP/MD5-Challenge, and EAP/One-Time Password.

The problem with such an approach is that an eavesdropper that observes both
challenge and response can mount a dictionary attack, in which random passwords
are tested against the known challenge to attemt to find one which results in
the known response. Because passwords typically have low entropy, such attacks
can in practice easily discover many passwords.

While this vulernability has long been understood, it has not been of great
concern in environments where eavesdropping attacks are unlikely in practice.
For example, users with wired or dial-up connections to their service providers
have not been concerned that such connections may be monitored. Users have also
been willing to entrust their passwords to their service providers, or at least
to allow their service providers to view challenges and hashed responses which
are then forwarded to their home authentication servers, using for example, proxy RADIUS, without fear that the service provider will mount dictionary attacks
on the observed credentials. Because a user typically has a relationship with
a single service provider, such trust is entirely manageable.

With the advent of wirless connectivity, however, the sitatuon changes dramatically. Legacy password protocols are easily subjected to eavesdropping and man-in-the-middle attacks. An eavesdropping attacker can easily mount a dictionary attack against such password protocols. A man-in-the-middle attacker can pass through the entire authentication, then hijack the connection and act as the user.

Data Privacy   

Another concern is the security of the wireless data connection between the
client and access point subsequent to authentication. While client and
access point could easily negotiate keys subsequent to authentication, if the
keys are not cryptographically related to the prior authentication the data session would be subject to a man-in-the-middle attack. For example, Diffie-Hellman
key exchange is not secure against such an attack unless the public keys that
are exchanged are themselves authenticated. Therefore it is incumbent upon the
authentication negoatiation to result in keys that may be distributed to both
client and access point to the allow the subsequent data connection to be 
encrypted.

Rogue Access Points

A final security challenge results from the possibility that someone could
install a WLAN access point and network and fool your user into doing work on that network. Such a scenario is not entirely far fetched, and mutual authentication techniques - wherein the WLAN client authenticates the network he's connecting to - must be in place to guard against such practices. 




------------------------------
Early WLAN Implementations

The first WLAN implementations - designed primarily for home use - did little toaddress these security issues. 802.11b, published in 1999, was the first IEEE
draft outlining specifications and protocols for WLAN connections with LAN-equivalent speed and security. More popularly known as Wi-Fi (wireless fidelity), 802.11b provides for wireless transmission rates of 11Mbps.

In 802.11b WLAN solutions, user authentication happened in the clear, via the
WLAN device's unique Media Access Control (MAC) address. Each AP contained
a database of each authorized client's MAC address; if the client's MAC address
was present in the AP's database, the user was granted access to the network.
Of course, this left a user's MAC address exposed; anyone sniffing the network could see a valid MAC address being broadcast (and re-set his own device to that
address). Plus, if the user's client device was stolen, the theif would have all
the credentials he or she needed to access the network (without having to know
or guess a username and password).

In addition to the security problems this method introduced, it also didn't
scale well. The MAC address for each user must be stored on each AP on the
wireless LAN, creating a cumbersome management scenario and increasing
the possibility of security breaches due to administrative oversight.

Data privacy was provided for a via a sub-protocol called wired equivalent privacy, or WEP, intended to provide the same level of security found in a wired LAN.
As it turned out, first generation implementations of WEP did not provide this
level of security. In fact numberous published reports, the latest prepared by
AT&T, demonstrated convinvingly that WEP eas easily cracked, seriously breachingthe privacy of any wireless data transmission.



 
------------------------------
The problem with WEP

In WEP, both the client and the AP have the same 40-bit encryption key - a 
"shared secret" between them. When the client attempts to authenticate, the AP
issues a random challenge, which the client returns, encrypted with the key
and a 24-bit initialization vector (IV) intended to randomize part of the key, 
using the RC4 PRNG encryption algorithm. The AP decrypts this encrypted
challenge and, if it matches the original challenge, the client is authenticated

The chief vulnerability of WEP results from the constant encryption key, the small IV, and the high speed of the connection. Theoretically, at the maximum
transmission speed of 11Mbps, the system will be forced to refuse an IV within
five hours; in practice, regardless of slower speeds resulting from heavy
traffic and overhead, the system is still guaranteed to reuse any encryption
key within 24 hours. Because the encryption key never varies, this means that
in a maximum of one day an attacker can collect two packets encrypted with the
same key, which the attacker can subsequently reverse-engineer to derive the
encryption key.

Early attacks developed by the University of California at Berkeley and the
University of Maryland took between eight hours and several days. A more recent
study by the AT&T Labs outlines a modification of this technique that enables
retrieval of the network key - hence, unrestricted access to the networks
resources - in fifteen minutes or less.




-----------------------------
The 802.1x Solution

802.1x is a next-generation draft of IEEE WLAN specifications and protocols written to address the security and management pitfalls of 802.11b. The 802.1x protocol provides subprotocols and methods for better protecting authentication and
data transmission, including:

  * An authentication process - such as a RADIUS server or access point-based
    authentication - to manage WLAN user authentication, connection attributes,
    and other matters related to setting up and securing the WLAN connection.
    While the 802.1x protocol does not recommend one authentication process
    over another, the market has overwhelmingly adopted RADIUS as the 
    preferred authentication process on WLANs for serveral compelling reasons:
    
    * With RADIUS authentication is user-based rather than device based, so for
      example, a stolen laptop does not necessarily imply a serious security
      breach.
    * RADIUS eliminates the need to store and manage authentication data on 
      every AP on the WLAN, making security considerably easier to manage and
      scale.
    * RADIUS has already been widely deployed for other types of authentication
      on the network.
  
  * Extensible Authentication Protocol (EAP), and EAPoL (EAP over LAN) -
    EAPoL is the transport protocol used to negotiate the WLAN user's secure
    connection to the network. Security is handled by the vendor-developed
    "EAP authentication types", which may protect credentials, data privacy,
    or both.

 

------------------------------
Tools Available for use
on WLANs

Radiate 802.11b frame handling (capturing, creation, injection) 
for use on Linux/BSD operating systems.    
http://www.packetfactory.net/projects/radiate/

ApSniff is a wireless (802.11) access point sniffer for Windows 2000. It enablesyou to list all access points broadcasting beacon signals at your location.
Useful for helping you set new access points making sure you do not have
interfering APs, and helping you set-up wireless clients by providing you with
the client configuration information. Requires WLAN cards of Prism 2 chipset. Itworks with a DLINK DWL-650 and linksys WPC11.
OS: Microsoft Windows 2000 
http://www.bretmounet.com/ApSniff

Kismet is a 802.11b wireless network sniffer. It is capable of sniffing using
almost any wireless card supported in Linux, which currently divide into cards
handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), ancards supported by the Wlan-NG project which use the Prism/2 chipset (such as
Linksys, Dlink, and Zoom). Features Multiple packet capture sources, Runtime
network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP
packet dissection, Cisco product detection via CDP, Ethereal and tcpdump
compatible file logging, Airsnort-compatible "interesting" (cryptographically
weak) logging, and Secure SUID behavior.  
http://www.kismetwireless.net
http://www.nerv-un.net/~dragorn/kismet/