WLAN - Security                                                   Home : www.sharetechnote.com

 

 

 

 

WLAN Security is a special mechanism which allows only a specific person (machine) to get access to a specific WLAN Network. In more formal term, it is a mechanism to assure confidentiality and integrity of data flowing over WLAN network.

Since this can easily be very dry topic and I don't have expert level knowledge of these algorithm, I want to try to describe this in more practical and intuitive level.

 

Before you jump into a bunch of boring documents about Security, I would recommend to get familiar with some terminologies you would come across in technical documents. One good way to get familiar with would be to have some time to take a little bit closer look at some tools that almost everybody have used at some point but never paid closer attention.

 

First example is from WLAN setting on my own PC on the network that I am allowed to use. My WLAN interface has following types of Security options. You may see different options on your PC and your WLAN network. Don't try to understand everything in details here. Just get familiar with some terms of WPA, WPA2 or AES etc.

 

 

Here goes another example. Following is from one of WiFi options shown on my mobile phone. You would also see a lot of new terminologies here. Again, just try to get familiar with the terms ..

 

 

EAP Method

PEAP, TLS, TTLS, PWD, SIM, AKA, FAST

Phase 2 Authentication

PAP, MSCHAP, MSCHAPV2, GTC

CA Certification

 

User Certificate

 

Identity

 

Password

 

 

Now you would be wondering exactly where and how these algorithms play roles during WiFi attach or Data communication process. For this, I would recommend you to go through WiFi Protocol page and overall understanding of WiFi Protocol. And then take closer look at step 4, 5, 8, 9, 10, 11 of Sample log of WiFi Aattach process. (The detailed procedure and parameters in each step would vary depending on each algorithm but you would get a big picture from the page).

 

Now with a little bit of familiarity with basic keywords and overall understanding on protocol, let's take a small step into some of commonly used security algorithm.

 

You can get a pretty good tutorial of overall concept of WLAN Security from the list of Video Tutorial at the bottom of the page.

 

 

WLAN Security Types

 

< WEP >

 

WEP stands for Wired Equivalent Privacy and it has following properties/functionalities.

  • Performs Authentication using "shared key"
  • Performs Confidentiality using RC4 stream cipher encryption
  • Performs Integrity  checking using CRC-32 integrity mechanism
  • Does not do key management
  • Does not do protection against replay attacks

Drawback of WEP : Since there is no key management and uses shared key, every wireless station and AP has the same "preshared" key that is used during authentication and encryption. It means you have to manually distribute the key to every device and every AP and it would be very cumbersome to change key because once you change it and you have to redistribute them all manually. So usually every device will use the same/static key for a long time giving more chance for hackers to break the system.

 

< WPA >

 

WPA stands for WiFi Protected Access. It is proposed as Interim solution that offers key management using the 802.1X authentication framework and performs improved encryption and integrity checking. It has following properties/functionalities.

  • Performs Authentication using the 802.1X framework
  • Performs Confidentiality using TKIP encryption
  • Performs Integrity checking using "Michael" protocol
  • Performs Key management using the 802.1X framework(it is also possible to use preshared keys)
  • Performs Protection against replay attacks.

 

 

< WPA2 >

 

This is a kind of  WPA evolution and is specified in IEEE 802.16i. In most part, it is same as WPA but it uses improved encryption mechanism called AES.

 

 

WLAN Authentication Types

 

There are many different types of WLAN Authentication methods and the list gets longer and longer. Followings are some of the common methods and I will keep update as I learn more.

  • Open system authentication
  • Shared key authentication
  • Authentication using SSID of AP
  • MAC address filtering
  • IEEE 802.1X authentication
  • SIM/AuC authentication

 

< Open system authentication >

 

In reality 'Open System Authentication' means 'No Authentication'. You would ask 'Is there anybody who really use this ?'.

The answer is Yes, largely for two reason. One is just using an Access Point for special testing purpose and in other more common situation is where you don't do any Authentication on AP (Access Point) level so you would set 'Open' in AP Security, but you let the packet goes through additional security system sitting behind AP. You would see this kind of methods being used in many company.

 

Step

Direction

Message

1

Device -> AP

MAC Address

2

Device <- AP

Status Code

 

Status Code carries various information defined in 802.11 and it includes the status of whether attach is successful or not. Refer to 802.11 Association Status, 802.11 Deauth Reason codes for the details of the code.

 

 

< Shared Key Authentication >

 

Step

Direction

Message

1

Device -> AP

MAC Address

2

Device <- AP

Challenge text (128 octets, clear)

3

Device -> AP

Response text (WEP encrypted)

4

Device <- AP

Status Code

 

 

< Authentication using SSID of AP >

 

Step

Direction

Message

1

Device -> AP

Probe request that includes SSID of AP

2

Device <- AP

Access OK

 

 

< MAC address filtering >

 

Step

Direction

Message

1

Device -> AP

MAC Address

2

AP

AP searches the MAC Address in predefined list

3

Device <- AP

Access OK

 

 

Video Tutorial