A Guide to Wireless Security Basics

There often comes a time when you will want to set up a wireless media player or put in place a wireless internet-enabled entertainment system because of the various advantageous associated with wireless connectivity. In particular, there is the added convenience and flexibility of doing away with long interconnecting cables. At the same time, you do not want hackers from tapping into your home network to steal personal information or damage your system.

Unfortunately, the level of security associated with wireless networks is inherently less than that of wired systems. Wired-LANs are somewhat protected by the natural access constraint of their structure - in particular if all parts of a wired network resides inside a building protected from unauthorized access.

Wireless LANs, being over radio, do not have the same physical access constraints. This renders wireless LANs more vulnerable to tampering than wired networks. For this purpose, a number of security protocols were devised to provide an acceptable level of wireless security when transmitting data over radio, by encrypting the data contents over the wireless link.

All wireless network gear - whether this being a home router, a wireless media player, etc., supports various wireless security protocols intended to make it more difficult for network hackers to tap into your home network. We are saying 'difficult' rather than 'impossible' simply because for the experienced hacker, tapping into someone else network is not impossible; it is true that it can be time-consuming but...

Wireless Security Basics: WEP and WPA/WPA2 Encryptions

WEP

Virtually, all wireless equipment supports a wireless security feature referred to as WEP bit encryption. WEP - short for 'Wired Equivalent Privacy', is a data encryption technique for wireless local area networks (WLAN), defined in the 802.11 standard.

WEP is the original standard for wireless security. It was designed to supposedly provide the 'same' level of security as that of wired local area networks (LANs) by scrambling the information passed between wireless devices. A hacker attempting to tap into your WEP-enabled wireless network would find only meaningless bits. However, the wireless access point and the client device would share an encryption key that is used to scramble and descramble the encrypted information.

There are various levels of WEP encryption - depending on the number of bits within the encryption key; the latter can be 64-bit, 128-bit or even 256-bit. The higher the number of bits, the more difficult it will be to decipher, but actual data throughput will suffer as there is more payload for the same amount of data.

One should be aware that although WEP do provide a significant level of wireless security - especially at 128-bit and 256-bit encryption, nevertheless it is not 100% secure. There are a number of open source utilities that hackers can use to break a WEP encrypted network in minutes. In other words, if a hacker can receive packets on a WEP protected network, it is only a matter of time till the WEP encryption is cracked.

At the same time, it is a fact that while WEP is not perfect, yet with so many unprotected networks, simply having it enabled is often enough to send a hacker away to search for an easier target.

WPA, RSN, and WPA2

Introduction

Wi-Fi Protected Access - or WPA, is an enhanced encryption technique created by the Wi-Fi Alliance to provide improved wireless security over WEP. It is an early version of the 802.11i standard rectified by the IEEE in June 2004; the latter defines the security mechanism for wireless networks after it was shown that WEP has severe wireless security weaknesses. WPA was mainly designed as an intermediate attempt to provide improvement to WEP by implementing in-the-field firmware upgrades to existing 802.11 gear.

WPA covers a subset of the defined security mechanism in the final 802.11i standard. WPA was followed by a full implementation of the IEEE 802.11i with the introduction of the WPA2; this is based on the concept of a Robust Security Network or RSN.

In RSN based systems, wireless devices need to support additional security capabilities. A fully compliant RSN network is incompatible with existing WEP equipment, though in the transitional period, WEP equipment will still be supported.

WPA

WPA employs authentication via user ID and password and uses more sophisticated techniques to protect data passing over a wireless link. It distributes different keys to each user; however, it can also be used in a less secure 'pre-shared key' (PSK) mode, where every user is given the same pass-phrase.

The PSK can be anything using an 8 to 63 character passphrase. It may also be entered as a 64 character hexadecimal string. Weak PSK passphrases can be broken fairly easy by experienced hackers using easily available programs. It is therefore essential to select a 'good' difficult-to-break passphrase, or preferably enter a full 64-character hexadecimal key for improved wireless security.

WPA makes use of a Temporal Key Integrity Protocol or TKIP, to constantly change the encryption key. This dynamically changing of keys makes the WPA/TKIP solution more difficult for a hacker to break the key.

---

The 802.11i standard allows for various network implementations and while it can use TKIP as a wireless security protocol, yet by default, RSN based systems use the Advanced Encryption Standard (AES); this is the preferred algorithm in 802.11i and in WPA2.

---

WPA2

WPA2 is the Wi-Fi Alliance branded version of the final 802.11i standard. The primary enhancement over WPA is the inclusion of the AES block cipher and the  Counter-Mode/CBC MAC Protocol (or CCMP encryption protocol) as mandatory. It is this that provides for a stronger, scalable wireless security solution. Instead, WEP and WPA use the RC4 stream cipher, and while WPA can be implemented through a firmware upgrade to a WEP device, WPA2 would require a hardware upgrade as well.

RC4 stream cipher makes use of a 128-bit key and a 48-bit initialization vector (IV). However, one major improvement in WPA over WEP is in the handling of the encryption key. Whereas WEP uses the same key, WPA makes use of a temporary key - thanks to the use of TKIP, thus making it more difficult for a hacker to break the system.

AES-CCMP introduces a higher level of security than RC4-based systems by providing protection for the MAC protocol data unit (MPDU) and parts of the 802.11 MAC headers. This protects even more of the data packet from eavesdropping and tampering.

The CCMP encryption protocol used in AES is equivalent to TKIP in WPA. RSN based solutions - like WPA2, defines a hierarchy of limited life keys, similar to TKIP. And like TKIP, master keys are not used directly in CCMP, but are instead used to derive other keys.

The end result: WPA2 encryption is much harder to break than WPA even though the latter already provides significant wireless security improvements over WEP-based devices.

WPS - Wireless Security Configuration Made Simple!

Many home users who know little of wireless security often feel intimidated at the thought of configuring security on their home network and associated connected wireless devices. This is due to the different security options often supported by Wi-Fi certified gear.

For this purpose, in January 2007, the Wi-Fi Alliance officially launched the Wi-Fi Protected Setup, or WPS protocol, to provide a standard that simplifies the establishment of a secure wireless home network. It is also for this reason that the WPS protocol was originally referred to as 'Wi-Fi Simple Configuration'.

WPS emphasis is placed on a user-friendly setup while ensuring security. In order to achieve its objective, the WPS protocol defines three types of devices in the network:

Registrar: A device with the authority to issue and revoke credentials to a network. In a typical home application, this is often integrated into the Wireless Access Point or AP, and takes the form of a wireless router with integrated AP and Ethernet switch.

Enrollee: The device that is seeking to join the wireless network.

Authenticator: This is the AP functioning as a proxy between a Registrar and an Enrollee.

It is not the scope of this article to explain how these devices inter-operate in a WPS scenario. However knowing of their existence will help you better understand how WPS manages to achieve its goal of user usability while ensuring network security.

Usability is ensured thanks to four simple setup modes - or possible setup choices as defined by WPS - that provide the user with a simple way of adding a new device to a secure home network. These setup options are:

Wireless Security is preserved as in each of these four possible setup modes, the WPS protocol requires that exchange of security information between the wireless device seeking to join the network and the network registrar or AP, is triggered only by a specific user action. In other words, once device identification takes place at both ends of the wireless link, exchange of security information between the two requires a human trigger to initiate the actual setup session.

Basic Steps in Securing a Wireless Network

What follows are just a few simple basic steps in wireless security - listed in order of importance - you can take to help enhance the security of your wireless networking activity.

At the same time, it is important to keep in mind that hiding the SSID, or enabling MAC filtering alone does not provide sufficient wireless security in that it will not prevent anyone from reading the data transmitted over your wireless network, only encryption will do that.