Challenges of Wireless Cryptography

Follow

As companies and individuals increasingly use wireless technologies for their significant communications, they also must be assured of security using proper cryptographic algorithms. The major fields of applications are mobile e-commerce transactions, e-mails and corporate data transaction. On the other hand, as wireless systems grow in popularity and carry valuable information, hackers are directing their attacks on these novel targets. The need for secure wireless transport of audio, video and data across wide area networks has become crucially important for almost everyone. This is a great issue because wireless devices were not originally designed with security as a top priority. Nowadays, wireless security is becoming a very important and challenging area of research and development. In this article we discuss the potentials of wireless security protocols (WEP, WPA and WPA2/802.11i) used today and security aspects of wireless communication systems as well.

Introduction

Mobility and broadband media services are two crucial demands of modern telecommunication networks. The fast progress in wireless communication systems, smart card technologies and personal communication systems provides new opportunities and challenges for scientist and engineers working on the security problems of new communication systems and technologies. In general, public-key cryptography offers a lot of solutions to many of concerning security problems in communication systems. However, big computational requirements have limited the use of public-key cryptography on wireless communication systems.

Encryption mechanisms can be classified as: symmetric or asymmetric. The both are of static state. A new approach follows the stream key generation mechanism, which involves time dimension into the key generation and brings up dynamic keys, one per each data record. The symmetric key is taken into consideration, but in a dynamic streaming environment. A static key is generated once and stored at location for performing encryption later. On the other hand, a dynamic key is initialized by a central authority.

In WLANs, privacy is obtained by data protected with encryption. Without encryption, any other standard wireless device can read all traffic in network. There are three major generations of security approaches:

(1)   WEP (Wired Equivalent Privacy),
(2)   WPA (Wi-Fi Protected Access),
(3)   WPA2/802.11i (Wi-Fi Protection Access, Version 2).

Each of these protocols can have name that is personal and enterprise template. In this article, it will be listed and explained the main sorts of wireless protocols.

Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP is recognized thanks to the key of 10 or 26 hexadecimal digits. It is widely in use and is frequently the first security option given to users by router configuration tools.

In the sender side, WEP uses four operations to encrypt the data (plaintext). Firstly, the secret key used in WEP algorithm is 40-bit long and has a 24-bit Initialization Vector (IV). This vector is focused to acting as the encryption/decryption key. At second, the resulting key behaves as the seed for a Pseudo-Random Number Generator (PRNG). Thirdly, the plaintext is put into a integrity algorithm and focuses using the plaintext again. Fourthly, the result of key sequence and IV will go to RC4 algorithm. In other words, a final encryption message is made by attaching the IV in front of the Cipher text.

In the recipient side, WEP uses five operations to decrypt the received side (IV + Cipher text). Firstly, the Pre-Shared Key and IV are used to form a secret key. At second, the Cipher text and Secret Key go to CR4 algorithm and as a result there is a plaintext. At third, the IV and plaintext will separate. Fourthly, the plaintext goes to Integrity Algorithm to make a new IV and finally the new IV compared to original IV.

Two methods of authentication may be applied to WEP: Open System authentication and Shared Key authentication. Here will be discussed WEP authentication in the Infrastructure mode which is between a WLAN client and an Access Point. All this can be applied to the Ad-Hoc mode as well. In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Any client can authenticate with the Access Point and then attempt to associate. In fact, no authentication happens. WEP keys can be used for encrypting data frames. The client must have the correct keys.

In Shared Key authentication, the WEP key is used for authentication in a four step challenge-response handshake:

1.   The client sends an authentication request to the Access Point.

2.   The Access Point replies with a clear-text challenge.

3.   The client encrypts the challenge-text using the configured WEP key, and sends it back in another authentication request.

4.   The Access Point decrypts the response. If this matches the challenge-text the Access Point sends back a positive reply.

After all this, the pre-shared WEP key is also used for data frames encryption using RC4. At first glance, it might seem that Shared Key authentication is more secure than Open System authentication, although the latter offers no real authentication. But, it is quite the opposite. It is possible to derive the key-stream used for the handshake by capturing the challenge frames in Shared Key authentication. It has been advised to use Open System authentication for WEP authentication, rather than Shared Key authentication.

The major weaknesses and enhancements of WEP protocol are given in reference [1] and are as follows:

1.   WEP does not prevent forgery of packets.
2.   WEP does not prevent replay attacks. An attacker can simply record and reply packets as desired and they will be accepted as legitimate.
3.   WEP uses RC4 improperly. The used keys are very weak and can be brute-forced on standard computers quickly using freely available software.
4.   WEP re-uses IVs. Many cryptanalytic methods can decrypt data without knowing the encryption key.
5.   WEP allows an attacker to undetectably modify a message without knowing the encryption key.
6.   Key management is lack and updating is poor.
7.   Problem in the RC4 algorithm.
8.   Easy forging of authentication messages.

Implemented non-standard fixes of WEP protocol are as follows:

I. WEP2

This stopgap enhancement to WEP was present in some of the early 802.11i drafts. It was implementable on some (not all) hardware not able to handle WPA or WPA2, and extended both the IV and the key values to 128 bits. It was hoped to eliminate the duplicate IV deficiency as well as stop brute force key attacks. After it became clear that the overall WEP algorithm was deficient (and not just the IV and key sizes) and would require even more fixes, both the WEP2 name and original algorithm were dropped. The two extended key lengths remained in what eventually became WPA’s TKIP.

II. WEP plus

WEP plus, also known as WEP+, is a proprietary enhancement to WEP by Agere Systems (formerly a subsidiary of Lucent Technologies) that enhances WEP security by avoiding “weak IVs”. It is only completely effective when WEP plus is used at both ends of the wireless connection. As this cannot easily be enforced, it remains a serious limitation. It also does not necessarily prevent replay attacks, and is ineffective against later statistical attacks that do not rely on weak IVs.

III. Dynamic WEP

Dynamic WEP refers to the combination of 802.1x technology and the Extensible Authentication Protocol. Dynamic WEP changes WEP keys dynamically. It is a vendor-specific feature provided by several vendors such as 3Com. The dynamic change idea made it into 802.11i as part of TKIP, but not for the actual WEP algorithm.

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks.

WPA became available in 2003. The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the availability of the full IEEE 802.11i standard. WPA could be implemented through firmware upgrades on wireless network interface cards designed for WEP. Since the changes required in the wireless access points (APs) were more extensive than those needed on the network cards.

The WPA protocol implements much of the IEEE 802.11i standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA. WPA also includes a message integrity check. This is designed to prevent an attacker from capturing, altering and/or resending data packets. This replaces the cyclic redundancy check (CRC) that was used by the WEP standard. WPA uses a message integrity check algorithm called Michael to verify the integrity of the packets.

Wi-Fi Protection Access, Version 2 (WPA2)

WPA2 has changed WPA. WPA2 demands testing and certification by the Wi-Fi Alliance and uses the mandatory elements of IEEE 802.11i. In particular, it introduces CCMP, which is a new AES-based encryption mode with strong security. After only several years, WPA2 certification is mandatory for all new devices to bear the Wi-Fi trademark. The Wi-Fi Alliance intended it as an intermediate measure in anticipation of the availability of the more secure and complex WPA2. WPA2 became available in 2004 and is common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.

Conclusion

Wireless and mobile networks are rapidly extending their capabilities. In addition to their increasing bandwidth and because of their flexibility and freedom they are becoming the communication infrastructure of choice. Wireless communication provides a user the capability of conducting commerce at anytime, with nearly anyone, from anywhere, using a mobile communication channel. This mobile communication channel can also be used as an access method to the Internet.

References:

1.   Cryptography and Network Security: Principles and Practice, William Stallings, Prentice-Hall, Inc., New Jersey, 1999.
2.   Designing and Developing 802.11n Wireless Networks, Jim Geler, Cisco Systems, Inc., 2010.
3.   Wireless Mesh Networking: Architectures, Protocols and Standards, Yan Zhang, Jijun Luo, Honglin Hu, Auerbach Publications, Taylor & Francis Group, New York, 2007.