The Ovum View: The wireless LAN security nightmare

There is no such thing as total security but some wireless networks come pretty close to total insecurity, says Graham Titterington, senior analyst at Ovum.

In security terms there is no comparison between cellular and wireless LAN networks. The public cellular networks apply high levels of security, using encryption and frequency hopping, to all their communications, whereas basic wireless LAN systems have none.

However, both types of network share the problem of using vulnerable devices. Mobile phones, PDAs, top-end phones combining phones and computing devices and laptops are all attractive to thieves and easily lost. Often devices contain enough information, for example on SIM cards, to enable someone to impersonate the legitimate user.

In many cases, they will contain valuable information even without connecting to the network. The best device security measures require something that is kept separate from the device to operate it, such as a smartcard. Or we may soon have practical biometrics technology authenticating a user to satisfy this need.

For cellular networks WAP promised great advances in message security. But experts have pointed out that using WAP phones for connection to the internet is made insecure by the discontinuity between internet protocols and WAP protocols, requiring conversion at a WAP gateway. This is true but the risk is more theoretical than real. In practice, WAP communications can be passed, free from fear of eavesdropping or alteration.

There is less assurance that messages will be delivered because of this protocol discontinuity. For this reason messages requiring very high levels of security are best passed directly from a user to a destination over the cellular network, thereby bypassing the gateway.

Although the content of wireless traffic is very secure, cellular devices do give away information that might be security sensitive - for example the location of the user or traffic profiles from the device.

Wireless LAN, whether based on the IEEE 802.11 or the Bluetooth standard, is a security nightmare. The consequence of the problem depends on how it is used. Standalone systems supporting a non-sensitive operation, such as directing men around a warehouse, are under little threat but systems that connect into main corporate IT networks are a serious risk.

Wireless LANs are now widely used by many organisations to allow employees to have access to other employees or IT systems. IEEE 802.11 systems have a range of at least 100 metres from a transmitter. Most Bluetooth implementations have a shorter range.

The range of possible concerns spans eavesdropping on confidential messages, impersonating a legitimate user to introduce spurious messages, misuse of IT applications, corruption of data or processes in IT corporate systems, and flooding a system with spurious input to create a denial of service attack.

The limited geographic range of a WLAN system does not prevent transmissions being intercepted outside a user site. It often includes the parking lot and public roads - leading to the phrase 'drive by hacking' to refer to WLAN interception.

Software to intercept messages and to introduce spoof traffic into the network is readily available on the internet and can be run on a laptop.

The authors of the 802.11 standard selected the WEP (Wireless Equivalent Privacy) algorithm to provide encryption within the available resources of low powered mobile devices. The WEP algorithm has some serious and fundamental flaws that were not realised at the time.

Encryption is weak. WEP uses the RC4 cryptographic process. Although RC4 is used successfully elsewhere, the implementation decisions made in WEP exposed its inherent vulnerabilities. The use of shared keys and the extreme difficulties of key management in 802.11 environments are the major concerns.

The WEP key has to be physically distributed to all client devices, including those used by visitors and those that have been stolen. In practice it is rarely changed because the process is so cumbersome. Thus, it is widely distributed and cannot be regarded as secret.

The response of user organisations varies from the majority, who ignore security concerns and not even using the available WEP encryption, to the Lawrence Livermore National Laboratory that has banned all wireless computer networks.

WLAN systems come with encryption disabled to ease their installation. Many organisations do not review these settings. Many more decide the key management and distribution problems are too difficult to perform. Both groups are discouraged by the reports that WEP encryption won't help them much even if they do use it.

There has been a rush of product announcements from vendors claiming to solve the problem. These would have been more convincing if the authors hadn't maintained for so long there was no problem. The reality is there is no easy answer. Organisations can only trade throughput for security. Most vendors offer security based on the IPSEC model, as used on the internet, over a WLAN but this reduces the capacity of a network.

The industry and its customers are waiting on the standards community and specifically on the 802.11 Task Group I of the IEEE to come up with a more satisfactory specification. These are mere mortals constrained by the laws of physics but they do now have one ace to play. Since the original 802.11 standard was written researchers have come up with a new and much more efficient encryption standard, called AES, based on a theory called 'elliptical encryption'.

The 802.11 Task Group I is looking for a medium term fix for legacy systems using the Temporal Key Integrity Protocol (TKIP), and for a long term fix using new advanced cryptography standards.

TKIP is expected to appear in late 2002. It was designed with the objective of addressing the known problems in WEP with minimal changes. It is not a long term solution. It offers only limited security and at the cost of having a big impact on performance.

A long-term solution requires new hardware and a new protocol. The new standard is likely to use AES encryption algorithms. It should appear in 2003.

For further information see Ovum's advisory service: Mobile@Ovum and the Ovum report, Wireless Devices: Market Opportunities and Threats. Or email: info@ovum.com and visit http://www.ovum.com