Key to Wi-Fi security

CONVENTIONAL WISDOM says wireless LAN access to an enterprise adds enormous risk because the broken security model at the heart of Wi-Fi networking allows crackers to break encryption, snoop traffic, insert packets, and associate at will. WLAN access points must be outside the firewall, with VPN connections tunneling through. No exceptions.

Enter the Wi-Fi Alliance, with members that include Microsoft, Intel, Cisco, and Apple. Seeking to quell consumer and enterprise concerns about Wi-Fi security holes, the group has essentially lifted the construction engineer's drawings for the work-in-progress IEEE 802.11i security draft and started to pour and smooth the macadam that leads to the golden city on the hill: full 802.11i completion and ratification. This ad hoc engineering project comes with member approval; the move isn't as radical as it seems.

The alliance's new WPA (Wi-Fi Protected Access) standard uses most of the current 802.11i draft to repair problems in WEP (Wired Equivalent Privacy), the first line of defense for Wi-Fi networks. WEP's goal was to encrypt packets in transit at the data link layer to deter unauthorized network access.

WEP failed in its attempt, however, through several cryptographic flaws that resulted in rapid key reuse. These flaws leave the link layer unprotected by Wi-Fi, and thus banished it outside the firewall where protection is provided at higher network layers by VPN, SSH, or other tunneled encryption methods.

WPA solves the problem by abandoning WEP in favor of 802.11i's vastly improved TKIP (Temporal Key Integrity Protocol). WPA ensures that TKIP keys vary for each packet through key mixing. WPA also increases part of the keyspace and adds encrypted packet integrity to reject inserted packets. Current Wi-Fi puts weak integrity outside the encrypted payload.

WPA includes full support for server-based authentication using the 802.1x protocol and EAP (Extensible Authentication Protocol), both part of the interim 802.11i draft.

802.1x defines the roles of a client (called the supplicant), the authentication pass-through component of an access point (the authenticator), and a back-end authentication server. EAP is a generic architecture for passing messages among parties that don't necessarily need to understand the contents; in this case, the authenticator passes through some messages and interprets others.

A wireless supplicant first associates with an access point that has an integral authenticator or a connection via a LAN to a Radius-like system. The authenticator only allows access to itself via a single port; the supplicant has no access to the rest of the network. The authenticator challenges the supplicant for credentials, which could be a digital certificate or a username and password, and passes this information to an authentication server.

If access is approved, the authenticator hands over a unique per-supplicant master key from which the supplicant's network adapter derives the TKIP key, the packet integrity key, and other cryptographic necessities. After a user has been authenticated, EAP is used to frequently refresh the master key, reducing the window of opportunity for intercepting packets for cracking. This rekeying process cleverly has perhaps more to do with the cryptographic future than the present.