IntroductionThe IEEE 802.11 WLAN Familyof StandardsToday–The Goals of WiredEquivalent Privacy (WEP)The Failures of WEP3.1.1 The Failures of WEP protocol ImplementationFailures of IT policiesSecurity Attacks on WEPAlternatives to WEP802.11i—Temporal Key Integrity Protocol (TKIP): Temporary So802.11i—Counter-mode-CBC-MAC Protocol (CCMP): Long-Term SoluTomorrows of WLAN SecurityConclusionsReferencesToday & Tomorrow: IEEE 802.11 WLAN Security L. Ertaul1, O. Catambay21Department of Mathematics and Computer Science, California State University, East Bay, Hayward, CA, USA, Levent. [email protected] 2Department of Mathematics and Computer Science, California State University, East Bay, Hayward, CA, USA, [email protected] Abstract - After all those enhancements in Internet technology, the Internet has become part of people’s lives, so they want to have it ready to use not only on their PCs but also in their mobile devices. WLANs have become very popular thanks to the development of IEEE 802.11 standard family. As wireless applications and systems are widely adopted wireless security is becoming increasingly important. Wireless security is different then wired security primarily it gives potential attackers easy medium access. And the future of WLANs depends on successful deployment of security techniques in these systems. In this paper we are discussing the current and future security concerns of 802.11 protocols family and based on this discussion we are addressing achievability of complete security in future WLANs. Keywords: Wireless Security, IEEE 802.11, WEP, WPA, TKIP, CCMP 1 Introduction Let the battle for supremacy begins: Wired Local Area Networks versus Wireless Local Area Networks (WLANs). No doubt arguments can be made to support either one, however, if one was to ask which technology will win out in the 21st century, which technology will revolutionize networking infrastructures, and which technology captures the imaginations of networking professionals and the mundane American, no doubt wired is the past, and wireless is the present and the future. But in order for wireless to dominate the networking world skeptics of wireless technology argue that two things must happen: (1) Throughput must match and surpass that of wired networks, and (2) Security must be guaranteed, if not it must be made extremely difficult to breach. Although the significance of throughput should not be ignored, we will do so here in favor of discussing the security aspects of WLANs. In addition, numerous questions arise regarding WMDs. No, not President Bush’s fictitious WMDs, but Wireless LAN—Mass Deployments. Thus, we will attempt to answer the following questions regarding the mass deployments of WLANs: • Can WLANs become completely secure? • Can organizations that handle private customer information such as banks, hospitals, and government agencies, integrate WLANs within their wired network infrastructures without compromising private/sensitive information? • What does the future hold for WLANs? • Will WLANs make wired-networks obsolete? • Can WLANs become commercially successful? Moreover, we will also address the security issues associated with the IEEE 802.11 WLAN Family of standards. In particular, we will investigate the failures of the Wired Equivalent Privacy (WEP) protocol, discuss proposed countermeasures by industry leaders, and introduce the enhancements being worked on by Task Group I of the IEEE 802.11 standard which is in the end-process of ratification. Finally, we will discuss tomorrows of WLAN security. 2 The IEEE 802.11 WLAN Family of Standards The birth of WLANs took place on October 1997 with the ratification of the IEEE 802.11—legacy standard, which defined the medium access control (MAC) and physical layers of WLANs. In particular, two physical access methods using radio frequency transmission were designated: Frequency Hopping Spread Spectrum (FHSS), and Direct Sequence Spread Spectrum (DSSS) which operated within the Industrial, Scientific, Medical (ISM) band spectrum (2.4 GHz) [1], [2]. In 1999, IEEE released two sub-standards aimed at improving the medium access control and physical layers, 802.11a and 802.11b. 802.11a uses an alternate unlicensed band—the 5.0 GHz unlicensed national infrastructure (UNII) band, which in turn uses a coded multi-carrier mechanism called orthogonal frequency division multiplexing (OFDM). 802.11b uses the same ISM band as 802.11-legacy withDSSS and is therefore backwards compatible with 802.11-legacy products. In 2003, IEEE introduced a new standard 802.11g which is notably referred to as “802.11b-extended” in that it is compatible with 802.11b. 802.11g differs from 802.11b in that it uses OFDM and offers a greater maximum physical layer rate of up to 54 Mbps compared to 11 Mbps of 802.11b [1], [2], [3], [4], [5]. More enhancements/amendments were made on 802.11-legacy which we will list here [4]: • 802.11c and 802.11d: Covers additions concerning bridging support and includes updates for physical layer requirements (if deployed outside U.S) • 802.11e (MAC Enhancements):This substandard works to provide QoS for WLANs and applies to all 802.11 standards. It will also work to link wired Ethernet QoS (802.1p) and WLANs. • 802.11f (Inter-Access Point Protocol):Aimed to resolve problems arising when roaming between Wirelesses Access Points (APs) deployed by different vendors and standardizes necessary exchange of information amongst APs to support functionalities of a distribution system (i.e. sharing of resources). • 802.11h (Spectrum managed 802.11a): Considers European requirements for power control and dynamic selection of transmit frequency and allows 802.11a products to be deployed in Europe. This leads us to 802.11i, which targets at improving the current security scheme of 802.11 products called Wired Equivalent Privacy Protocol (WEP) [6], [7]. But before we discuss the security enhancement standard, let us investigate what the current WLAN security protocol WEP is, and why it failed at meeting its goals. 3 Today–The Goals of Wired Equivalent Privacy (WEP) As stated earlier, WEP is the current security protocol used by current 802.11 products. It has two goals in mind: (1) to provide security equating the security schemes of wired LANs, and (2) to protect MAC protocol data units (MPDU) [8], [9]. WEP uses a default key and