Home: www.packetnexus.com
Security in Wireless Local Area Networks Sami Uskela Department of Electrical and Communications Engineering Helsinki University of Technology stu@iki.fi Abstract When the wireless communications is coming to the offices and the homes, there are some new security issues to be taken care of. Today we have continuously growing markets for the wireless LANs, but there is big black hole in the security of this kind of networks. This paper gives an overview of the security functions specified in two wireless LAN standard, namely in the IEEE 802.11 and the HIPERLAN. There is also some discussion about the threats and vulnerabilities in wireless networks compared to wired networks. And last but not least the protocols and mechanisms needed in the secure wireless LAN are described. ---------------------------------------------------------------------------- ---- Table of Contents 1 Introduction 2 Abbreviations and Definitions 3 Standards 3.1 HIPERLAN 3.2 IEEE 802.11 4 Threats and Vulnerabilities Compared to Wired LANs 4.1 Eavesdropping 4.2 Transitive Trust 4.3 Infrastructure 4.4 Denial of Service 5 Secure Solution 5.1 Design Goals 5.2 Design Overview 5.3 Authorization 5.4 Integrity and Confidentiality 5.5 Key Change Protocol 5.6 Key Management 5.7 Solution Analysis 6 Conclusions 7 References ---------------------------------------------------------------------------- ---- 1 Introduction Around 1980 was the concept of the wireless LAN introduced and since 1985 have many companies tried to implement variety of wireless LAN applications using spread spectrum, infrared and traditional wide band radio [1] technologies. Now is the real breakthrough of the wideband wireless applications happening; the IEEE 802.11 standard, approved June 1997, gives a solid platform for new applications and the chips supporting IEEE 802.11 are already in the market. The wireless office market revenue was year 1996 $390 million from which $218 million belonged to wireless LANs and it is expected to break a billion dollar in early next millennium [1]. The commercial wireless LAN applications can be divided in five category [2]: LAN extension - indoor wire replacement Inter-LAN bridges - outdoor wire replacement Campus Area Networks (CAN) - wireless LANs with infrastructure Ad-hoc networking - wireless LANs without infrastructure Nomadic access - a wireless LAN service Today's existing applications aims at four category of applications [2]: Healthcare industry Factory floors Banking industry Educational institutions The security issues in the wireless environment are much more stressed than in the wired networks, but there are still products without any security functions and even the IEEE 802.11 specifies the security functions as an optional feature. Anyhow the security in the Internet is coming more and more vital and the IPSEC concept and IPv6 are going to demand the ciphering and authentication as mandatory functions in the network equipment. So there is a real need for developing the security in the wireless networks. 2 Abbreviations and Definitions In this document are following abbreviations (table 1) and definitions (table 2) used. AP Access Point ATM Asynchronous Transfer Mode BER Bit Error Rate BSS Basic Service Set; A set of stations communication wirelessly on the same channel in the same area. (in IEEE 802.11) CA Certificate Authority CAC Channel Access Control (in HIPERLAN) CAM Channel Access Mechanism (in HIPERLAN) CCITT Comité Consultatif Int