Table Of Contents White Paper
2. 802.11 Authentication and Its Weaknesses 2.1. Service Set Identifier
2.2. 802.11 Station Authentication
2.3. Authentication Vulnerabilities
3. WEP Encryption and Its Weaknesses
3.1. Stream Ciphers and Block Ciphers
3.2. Statistical Key Derivation—Passive Network Attacks 3.3. Inductive Key Derivation—Active Network Attacks 3.4. Static WEP Key Management Issues
4. Secure 802.11 Wireless LANs with Cisco Wireless Security Suite 4.1. Cisco Wireless Security Suite Components 5. Cisco LEAP Architecture
5.1. Cisco LEAP Authentication Process
5.2. Cisco LEAP Deployment
6. What Lies Ahead
6.1. AES Overview
8. Appendix A—EAP Authentication Types
8.1. EAP Transport Layer Security
8.2. EAP SIM Architecture
8.3. Protected EAP
9. Appendix B—Cisco Wireless Security Suite in Bridging Deployments
10. Appendix C—Useful Links
A Comprehensive Review of 802.11 Wireless LAN Security
and the Cisco Wireless Security Suite
Since the ratification of the IEEE 802.11b standard in 1999, wireless LANs have become more prevalent. Today, wireless LANs are widely deployed in places such as corporate office conference rooms, industrial warehouses, Internet-ready classrooms, and even coffeehouses. These IEEE 802.11-based wireless LANs present new challenges for network administrators and information security administrators alike. Unlike the relative simplicity of wired Ethernet deployments, 802.11-based wireless LANs broadcast radio-frequency (RF) data for the client stations to hear. This presents new and complex security issues that involve augmenting the 802.11 standard.
Security in the IEEE 802.11 specification—which applies to 802.11b, 802.11a, and 802.11g—
has come under intense scrutiny. Researchers have exposed several vulnerabilities in the
authentication, data-privacy, and message-integrity mechanisms defined in the specification. This white paper:
•Reviews the authentication and data-privacy functions described in Clause 8 of the IEEE 802.11 specification
•Describes the inherent security vulnerabilities and management issues of these functions •Explains how security issues can be addressed effectively only by augmenting the 802.11 security standard
•Examines Cisco Systems architecture for enhanced security on wireless LANs—including
the Cisco Wireless Security Suite
•Looks ahead to long-term security enhancements
2. 802.11 Authentication and Its Weaknesses
Wireless LANs, because of their broadcast nature, require the addition of: •User authentication to prevent unauthorized access to network resources •Data privacy to protect the integrity and privacy of transmitted data
The 802.11 specification stipulates two mechanisms for authenticating wireless LAN clients: open authentication and shared key authentication. Two other mechanisms—the Service Set
Identifier (SSID) and authentication by client Media Access Control (MAC) address—are also
commonly used. This section explains each approach and its weaknesses.
The use of Wired Equivalent Privacy (WEP) keys can function as a type of access control because a client that lacks the correct WEP key cannot send data to or receive data from an access point. WEP, the encryption scheme adopted by the IEEE 802.11 committee, provides encryption with 40 bits or 104 bits of key strength. A subsequent section of this paper discusses WEP and its weaknesses in greater detail.
2.1. Service Set Identifier
The SSID is a construct that allows logical separation of wireless LANs. In general, a client must be configured with the appropriate SSID to gain access to the wireless LAN. The SSID does not provide any data-privacy functions, nor does it truly authenticate the client to the access point. 2.2. 802.11 Station Authentication
Authentication in the 802.11 specification is based on authenticating a wireless station or device instead of authenticating a user. The specification provides for two modes of authentication: open authentication and shared key authentication.
The 802.11 client authentication process consists of the following transactions (Figure 1): 1. Client broadcasts a probe request frame on every channel
2. Access points within range respond with a probe response frame
3. The client decides which access point (AP) is the best for access and sends an authentication request
4. The access point will send an authentication reply
5. Upon successful authentication, the client will send an association request frame to the access point
6. The access point will reply with an association response
7. The client is now able to pass traffic to the access point
Figure 1 802.11 Client Authentication Process
The next four subsections will detail each of the individual processes for client authentication.
2.2.1. Probe Requests and Responses
Once the client becomes active on the medium, it searches for access points in radio range using the 802.11 management frames known as probe request frames. The probe request frame is sent on every channel the client supports in an attempt to find all access points in range that match the SSID and client-requested data rates (Figure 2).
All access points that are in range and match the probe request criteria will respond with a probe response frame containing synchronization information and access point load. The client can determine which access point to associate to by weighing the supported data rates and access point load. Once the client determines the optimal access point to connect to, it moves to the authentication phase of 802.11 network access.
Figure 2 Probe Request Frame
2.2.2. Open Authentication
Open authentication is a null authentication algorithm. The access point will grant any request for authentication. It might sound pointless to use such an algorithm, but open authentication has its place in 802.11 network authentication. Authentication in the 1997 802.11 specification is connectivity-oriented. The requirements for authentication are designed to allow devices to gain quick access to the network. In addition, many 802.11-compliant devices are hand-held data-acquisition units like bar code readers. They do not have the CPU capabilities required for complex authentication algorithms.
Open authentication consists of two messages:
•The authentication request (Figure 3)
•The authentication response (Figure 4)
Figure 3 Open Authentication Request
Figure 4 Open Authentication Response
Open authentication allows any device network access. If no encryption is enabled on the network, any device that knows the SSID of the access point can gain access to the network. With WEP encryption enabled on an access point, the WEP key itself becomes a means of access control. If a device does not have the correct WEP key, even though authentication is successful, the device will be unable to transmit data through the access point. Neither can it decrypt data sent from the access point (Figure 5).
Figure 5 Open Authentication with Differing WEP Keys
2.2.3. Shared Key Authentication
Shared key authentication is the second mode of authentication specified in the 802.11 standard. Shared key authentication requires that the client configure a static WEP key. Figure 6 describes the shared key authentication process.
1. The client sends an authentication request to the access point requesting shared key authentication
2. The access point responds with an authentication response containing challenge text 3. The client uses its locally configured WEP key to encrypt the challenge text and reply with a subsequent authentication request
4. If the access point can decrypt the authentication request and retrieve the original challenge text, then it responds with an authentication response that grants the client access Figure 6 Shared Key Authentication Process
2.2.4. MAC Address Authentication