802.11 SECURITY CONCERNS

Using the 802.11 security features certainly increases the security of the WLAN.
However, these features alone do not provide a complete wireless security solution.
A number of security concerns have been raised. These concerns were motivating
factors in the development of Cisco’s EAP-LEAP and Interlink Networks’ RADSeries
EAP-LEAP support.

MAC Address Authentication
Open and Shared Key Authentication involves the station authenticating to an
access point using the station’s MAC address. This type of authentication does not
consider the identity of the user. Thus anyone stealing a laptop or NIC configured
with the WEP keys can obtain network access.

One Way Authentication
WEP authentication is one-way only. The access point does not need to authenticate
to the mobile station. This may allow a rogue access point to falsely indicate a
successful authentication to a station and hijack that station’s data.

Static WEP Keys
No mechanism is defined for key distribution or key negotiation. This requires
wireless networks to be hand-configured with WEP keys. The administrative costs
of this hand configuration virtually guarantee that these keys will seldom be
changed.

WEP Key Vulnerability
Recent papers have described successful attacks on the WEP algorithm. One of
these, whose source code is readily available on the Internet, is a passive attack that
claims to be able to retrieve a 40-bit WEP key in 15 minutes with an ordinary
laptop. Because this attack scales linearly based on key size, a 128-bit key should be
able to be cracked in about 45 minutes.

802.1X

The IEEE 802.1x Standard for Port Based Network Access Control was adopted to
address some of the current 802.11 security concerns. 802.1x provides two
important mechanisms.

User Authentication using EAP
Extensible Authentication Protocol (EAP) is a method of conducting an
authentication conversation between a user and an authentication server (e.g.
Interlink Network’s RAD-Series AAA server). Intermediate devices such as access
points and proxy servers do not take part in the conversation. Their role is to relay
EAP packets between the parties performing the authentication. 802.1x describes
how EAP packets are encapsulated and carried over Ethernet (and Token
Ring/FDDI) frames so that EAP authentication conversations may be conducted
through Ethernet. EAP supports multiple authentication mechanisms such as token
cards, certificates, biometrics, etc. User authentication using EAP solves the MAC
address-only authentication security concern described above.

WEP Key Distribution using the EAPOL-Key Frame
This message allows the wireless access point to send one or more WEP keys to the
station. Access points can send an EAPOL-Key message at any time after
authentication to update the WEP keys at the station. This allows (but does not
require) the distribution of per-session keys to access points and stations. It is
important to note that this provides a mechanism for rotating WEP keys but does not
describe how this is handled. Using the EAPOL-Key frame to rotate WEP keys can
help mitigate the static WEP key security risks described above.
The adoption of 802.1x for use in WLANs is an improvement in security over
SSIDs and static WEP keys. In order to further improve the security in the WLAN,
Cisco has developed EAP-LEAP. Interlink Networks supports Cisco’s EAP-LEAP
authentication scheme in the RAD-Series AAA servers.