Wireless LAN Authentication and Encryption Standards

(May 15, 2002)

Executive Summary

Wireless networking is by its nature an insecure method of transmitting data. Vanderbilt's current infrastructure is designed to encourage and facilitate ease of use and maintenance with a minimal emphasis on security. This "early adopter" phase must now be transitioned to a more secure environment with the following criteria in mind:

Information must be communicated as securely as possible.

Wireless LAN users from any part of campus should be able to use wireless services in any other part of campus.

Wireless LAN services must also be available for use by visitors to campus, such as those attending seminars or meetings.

Given that wireless LAN technology in general and wireless security in particular is changing rapidly and has not yet reached a mature state, the following wireless LAN architecture is proposed, with the assumption that Vanderbilt will use current Cisco 802.11b hardware and software for Wireless LAN deployment and that the central IT organizations will continue to deploy and administer these resources.

Vanderbilt will recommend and encourage the use of Extensible Authentication Protocol (EAP)-based authentication and encryption based on the 802.1x standard when it is ratified sometime later this year. In the interim, pre-standard implementations from Cisco Systems and Microsoft (LEAP and EAP-TLS (Transport Level Security) respectively) should be used whenever possible. Open, unauthenticated access will be permitted, however, making application-level security of paramount importance for sensitive data. To discourage unauthorized access, the Service Set Identifier (SSID) that clients need to access the wireless infrastructure will be changed on a periodic basis. Finally, wireless infrastructure will be aggregated separately from wired resources to facilitate network management and control through assignment into separate VLANs and IP subnets.

These measures provide security while preserving the convenience and flexibility of wireless access as well as possible given the current state of this rapidly changing area, but should be re-evaluated on at least an annual basis to review advancing technological changes as they emerge.


Introduction

The widespread deployment of IEEE standard 802.11 wireless networks in university environments (including the 11 Mbps 802.11b version in use at Vanderbilt today) has largely left important security questions unanswered, or at a minimum, inadequately addressed. Currently, enterprise Information Technology (IT) organizations are working to implement security mechanisms with the goal of bringing security levels to those existing today for wired networks. Most of these networks are now switched so that individual traffic is not shared across ports. This kind of network architecture is more difficult to tap and is in general more secure than older shared technologies. In contrast, a wireless Access Point (AP) may be accessed from anywhere in its broadcast range and the very nature of its Radio Frequency (RF) medium means that traffic cannot be isolated on a per-user basis. Thus, wireless networks should provide the capability for secure access to the AP and the ability to isolate the AP and its clients from the wired network in order to preserve the overall integrity of network security.

In addition, three key elements have been identified as being important goals in the development of standards in this area:

1. The standard must provide a means for information to be communicated as securely as possible.

2. The standard must allow a wireless LAN user from any part of campus to seamlessly use wireless services in any other part of campus.

3. The standard must provide for use of wireless LAN services by visitors to campus, such as those attending seminars or meetings.


EAP-based Authentication and Encryption

The encryption performed under the EAP approach relies on the exchange of Wired Equivalent Privacy (WEP) keys. Authentication is password-based and capitalizes on the existing Active Directory Structure (ADS) information to validate users by VUNetID.

WEP relies on a private key that is shared between a wireless client (e.g., a laptop with a wireless NIC (Network Interface Card)) and an AP which is essentially the bridge between the wired and wireless networks with an RF transceiver and a wired Ethernet port. The shared key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit. Most vendors support both 40-bit and 128-bit WEP, with those numbers representing the length of the initialization vector used to create the secret keys. The 40-bit implementation is standardized enough so that different vendors' NIC cards will interoperate with each other's APs, but there have been a number of well-publicized flaws in the design and implementation of this approach. The 128-bit version is more secure, but proprietary to each vendor.

Additionally, the sharing of keys directly between the AP and client means that both sides must be using the same key value. This can be is accomplished in one of two ways. The first is by manually entering the value into both systems, a process known as "static WEP." (The Cisco APs currently in use support up to 4 static WEP keys per device.) The second requires the use of a third element, a back-end server which supplies WEP keys on a continuously rotating basis to both the client and AP. This process is known as "dynamic WEP" and obviates the need to publish or otherwise disseminate static keys with the inherent associated security risks. Current implementations of this approach are proprietary and closely coupled with the 802.1x-based authentication method described below.

A back-end server is also used for 802.1x implementations, employing the EAP extensions to RADIUS to allow clients to be verified from a central source. Microsoft's pre-standard version of EAP is supported directly in its XP operating system but requires extensive public key infrastructure (PKI) support which is not currently in place. Cisco Systems' method is password-based and is known as Lightweight EAP (LEAP) or more recently, Cisco-EAP. Use of LEAP requires either a Cisco NIC, in which case the encryption process is handled in hardware, or an Apple Macintosh OS version 9 or OS X with Airport 2.0 or later software. Both EAP-TLS and LEAP are supported by current versions of Cisco AP operating system. In addition to the features described above, the EAP methods provide the following benefits:

Mutual authentication between the wireless client and RADIUS server which helps prevent "Man in the Middle" attacks (in which a third party intercepts communications from both ends, masquerading as the other end to each party.) The encryption process uses secure key derivation - hash values sent over the wire are useful for one-time use only at the start of the authentication process and additionally, the initialization vector is changed on a per-packet basis to prevent attackers from exploiting messages. This method also provides for dynamic WEP key allocation, mitigating the vulnerabilities due to lost or stolen client cards and providing more secure encryption as described above. Finally, the RADIUS server can have new policies set for re-authentication as needed.

Since authenticated access will not be required on the Vanderbilt wireless infrastructure, sensitive data must be protected by the application to ensure its confidentiality. One widely-used and well known example of this is Secure Sockets Layer (SSL), a protocol developed by Netscape for transmitting private documents via the Internet. Both Netscape Navigator and Internet Explorer support SSL. By convention, URLs that require an SSL connection start with https: instead of http: - browsers have a padlock icon that is displayed in a closed state when secure communication is enabled. Other non-web-based applications operate only in an encrypted mode (e.g., the SSH Secure Shell alternative to telnet), and can also be considered safe to use over an open wireless connection. Others have the capability but do not require it (e.g., email clients), and some have no secure mode at all (instant message clients, telnet, FTP, etc.) so these applications should take advantage of the encryption provided by EAP whenever possible.

Service Set Identifier (SSID)

The SSID is essentially a password, and as such must be known by the client software. Each AP is configured with one or more SSIDs corresponding to a specific wireless network. The AP can be set to allow access with the "broadcast" SSID so that the client doesn't require any prior knowledge of the SSIDs required for network access. Most APs are initially configured with a default SSID determined by each vendor so that wireless access works for all clients from that vendor "out of the box." Changing this SSID and disabling the broadcast feature at the Access Point requires a client to enter the correct value, which must be obtained from some well-known source. This has already been done for VUMC APs and campus assets should be similarly configured. While not a strong security measure, a non-default SSID which is not broadcast does at least discourage "drive-by" unauthorized access and requires the user to explicitly enter an identifier.


Wireless segregation

The
current wireless LAN environment has been designed with ease of use in mind to encourage usage and to minimize configuration complexity. Many of the features now available such as centralized authentication and LEAP support were not available when the initial infrastructure designs were developed and there has been no compelling reason to date to change the existing setup. Wireless clients are treated essentially the same as those on the wired network – no additional authentication is necessary to gain access to Vanderbilt resources, including Internet connectivity.

Given this open environment, restructuring the wireless network in terms of VLAN/IP subnet assignment is desirable to aid in troubleshooting and especially for rapid isolation of misbehaving clients that are physically difficult to locate. The current model is to treat wired and wireless endstations equally for IP services for the most part - only two buildings currently have separate wireless subnets. Making this segregation for all wireless deployment mandatory would allow future isolation of wireless clients if necessary, to include potential aggregation into larger geographically-based wireless VLANs. This model is preferred to a single large VLAN, since a group of thousands of users will greatly increase the potential harm and disruption of broadcast storms, especially since bridging a single large VLAN across core routers exposes those device to problems which are isolated by the current design to the edges of the network.


Conclusion

The recommend changes have the following advantages and drawbacks:

Pros:

1) Authentication & encryption between client and AP when using EAP
2) Clients obtain a routable IP number in the VU or VUMC address space
3) Does not require client software to be loaded on the wireless machine for direct access to the VU/VUMC network as with a Virtual Private Network (VPN)
4) Allows time for the 802.1x standard to mature and gain acceptance
5) Facilitates visitor access

Cons:

1) Open authentication provides no network layer encryption or authentication
2) No way to distinguish a priori between bona fide visitors and unauthorized users
3) EAP is not universally available for all clients (non-PC devices such a PDAs and cellphones)

This wireless LAN standard should be accompanied by a vigorous effort to educate the Vanderbilt population about the tradeoffs in security that accompanies the convenience of wireless access. Widespread dissemination of the standard and education regarding wireless LAN usage should give our community the maximal benefits of the technology while preserving overall network security.

Appendix A: Resources

Wireless LANs Enter the Mainstream Alongside Ethernet
http://www4.gartner.com/DisplayDocument?id=353674&call=email

New 802.11b Security Problems No Cause for Panic
http://www4.gartner.com/DisplayDocument?call=email&id=338973

Cisco SAFE Wireless Blueprint
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.htm

Security White Paper: Evolution, Requirements, Options
http://www.80211-planet.com/tutorials/article/0,4000,10724_965471,00.html

Understanding Basic WLAN Security Issues
http://www.80211-planet.com/tutorials/article/0,4000,10724_953561,00.html

Wireless LAN security
http://www.nwfusion.com/reviews/2001/1217rev.html

WLAN Security on the Rise
http://www.networkcomputing.com/1303/1303ws2.html

Campus WLAN Design
http://www.nwc.com/1310/1310ws1.html

WLAN White Papers
http://techlibrary.networkcomputing.com/data/rlist?t=sys_10_34_4_2_np