This paper addresses the growing prevalence of wireless networks and the insecurities therein. In particular, it summarizes research conducted of wireless networks in the city of Rolla Missouri . This research provides a case study for the comparative analysis of Wi-Fi progression over the past year in this community and provides a scope of forecasting the state of continued advancements therein for years to come.
The wireless security audits of the Rolla community were conducted mid-November of 2004 and 2005. The University of Missouri-Rolla (UMR) chapter of the Association of Computing Machinery (ACM) Special Interest Group on Security (SIG Security) organized and conducted the wireless security audits each year. Thereafter, the data collected was statistically analyzed and reported to the public in educational format – striving to educate the public about the best practices of securing wireless networks. With the results of the 2005 audit recently analyzed, a comparison can be made for the first time between two audits conducted by the same group, with the same method and approach, in the same manner. This comparative analysis truly sheds light on the progression of wireless networking and its insecurities in the Rolla community.
With respect to the insecurities inherent in and perpetuated with the continued growth of wireless networks, the second half of this paper is dedicated to summarizing the current state of security mechanisms in the Wi-Fi arena, related faults and issues yet to be resolved. Common encryption methods are researched and related faults addressed. Combined with the perspective that the Rolla audits provide, this paper punctuates the importance of wireless security in the continued technological growth of our society.
Methodology and/or Approach
Each experiment spanned the course of two weeks, with one meeting per week; one meeting was reserved for organization and preparation while the next for the actual audit. For added incentive to those conducting the audits, Rolla was divided into concentric point zones in similar fashion as a dartboard (with more points being allotted to access points found farther from the UMR campus). The team that earned the most points was given a prize each year.
The meeting prior to the audit, participants organized themselves into teams (approximately four people per team) and prepared for the audit. Each team was required to provide its own laptop and wireless networking card at the very least, but were also encouraged to use GPS units for geo-referencing the access points, and antennas to increase reception. To facilitate the commonality of each team having an antenna for the audit, “cantennas,” antennas for use with wireless network cards built with household tools and soup, coffee, and other assorted cans, were made during the organizational meeting.
In order to promote a standard format of data collection, each team was required to log their findings in a timestamp-based wireless network sniffer such as NetStumbler or MacStumbler. The common log format alleviated data collaboration and – in requiring accurate timestamps – ensured no team was allotted extra time to earn additional points.
One week after the organizational meeting, the teams set out to audit Rolla's wireless networking infrastructure. Each group piled into its respective vehicle and drove around Rolla scanning for wireless access points for one hour. Once that hour had passed, the teams rendezvoused at the University to exchange their log files and discuss their findings. The officers of SIG Security, upon receiving the log files each year, then set out to analyze the data, determine the winning team, and draft press releases that summarized their findings. The comparative analysis of each year's audit yielded interesting results.
The results of the 2004 wireless security audit surprised all who participated. It was the first year that the audit was conducted under its present administration, and so the first time data had been so extensively recorded. Fourteen thousand log entries provided a sufficient amount of data to analyze, which resulted in the following:
As can be seen in the above graph, the 2004 audit yielded a total of 589 unique MAC addresses. Of these, 330 (56%) were unprotected. One year later, the same experiment painted a much different picture of wireless networking in the same community:
As can be seen from the 2005 table, a considerably larger number of access points were found during the second security audit (988 were found in 2005 versus 589 in 2004). In addition to finding more access points in 2005, the data on encryption was conversely different than the year before. The trend in wireless security shifted between the two years; the majority of access point were unsecured in 2004, while the converse occurred in 2005 – with 58% of the node being protected. The following graph more accurately illustrates this comparison:
Data gathered in 2005 was larger than that of 2004, but it must be noted that there were commonalities each year. The following results were found in both 2004 and 2005:
There were 214 MAC addresses seen each year of the audit. Of these, thirteen improved the security of their networks in the time between the audits and eleven surprisingly lost any resemblance of security. These commonalities aside, each audit had interesting results that were unique to their respective year. This is best illustrated as follows:
On the whole, there were significant differences in the results of the 2005 audit versus those of 2004. Log entries and unique MAC addresses both increased greatly. Most importantly however, the number of protected access points grew while that of unprotected decreased:
Analysis & Summary
There was a significantly greater prevalence of wireless network coverage throughout the Rolla community in 2005 versus that of 2004. Most importantly, a greater percentage of this access was protected in the second audit. This leads us to conclude that (1) wireless adoption throughout Rolla significantly increased and that (2) security trends within that community are improving - marginally. There are two possible explanations for these security improvements.
First and foremost, it must be noted that the ability to secure wireless networks has become much easier in the last year. The growth of wireless access was likely facilitated by new access points (routers) that make WEP and WPA encryption much easier than their predecessors. Linksys' newest routers, for example, facilitate “OneTouchSetup” that, as the name implies, sets up a wireless network with the simple push of a button. After a users press the “SecureEasy-Setup” button on their Linksys router software establishes a private connection between the devices and automatically configures the network's SSID (Service Set Identifier) whilst enabling WPA security. If routers such as this facilitated the growth in wireless access within Rolla, understanding the shift in security is simple. Ideally however, there were other factors at play.
After the 2004 security audit, SIG Security formed a press release that was published in The Missouri Miner, electronically in UMR Research News, and mirrored as far away as Germany . This article detailed the findings that year and discussed ways to secure one's wireless network. Was it the article that led to the shift in Rolla's security practices that the 2005 audit uncovered? Unfortunately there's no way to confirm or disprove this. Instead, I like to conclude that it was a combination of the article and a growing concern for the security of devices that facilitate our society's technological progression on the whole.
Security has always been an afterthought to technological development. The trends of identity theft, Denial of Service (DoS) attacks, spoofing, etc. have risen; more people have become attentive to the security vulnerabilities of our existing infrastructure. With continued development, these concerns have merely grown further and security has become more important. The methods of securing wireless networks, however, are still under development.
Pervasive Security Mechanisms in Wireless Networks
At present, there are two primary ways to securing a wireless network: WEP or WPA. In the end however, the industry will find more security in implementations that fully conform to 802.11i. The amendment to the 802.11 standard specifying security mechanisms for wireless networks, 802.11i is the ideal standard that our industry is building towards. The 802.11i architecture contains the following components: 802.1X for authentication (entailing the use of EAP and an authentication server), RSN for keeping track of associations, and AES-based CCMP to provide confidentiality, integrity and origin authentication. With the crutch of legacy hardware and non-adopting users however, this is a very slowly approaching goal.
In the beginning, there was Wired Equivalent Privacy (WEP). The bastard child of technological progression with an errant disregard for security, WEP was a security medium put in place to facilitate some form of security over an already developed means of wireless communication. Never intended for use in a public environment nor approved by security analysts in development, WEP has since been abandoned as a reliable means of securing a wireless network. The technology is inherently insecure.
WEP uses an RC4 stream cipher with a CRC-32 checksum for integrity. Bitwise exclusive OR operations (XOR) are done on secured packets with respect to cryptography. In standard 64-bit WEP, there exists a 40-bit key and 24-bit initialization vector (IV). This was standard until US export restrictions were relaxed and 128-bit WEP came to fruition – maintaining the 24-bit IV but increasing the size of the key to 104 bits. With 256-bit WEP, that key is further expanded to 232 bits (the IV again remaining constant). Regardless these advancements, key size remained the Achilles heel of WEP - bound merely by a weak encryption algorithm.
In relying on the RC4 stream cipher, WEP must never use the same key twice for a given host. The initialization vector strives to prevent this from occurring, but with respect to WEP is simply too small to protect busy networks (where many packets and thereby keys are exchanged). As such, related key attacks are often executed against WEP-enabled networks. Through the years, the severity of such attacks (and others) has noticeably increased:
With respect to the ease in which WEP is now cracked, security-savvy administrators and users alike are abandoning it. At best, it now serves as a small hurdle to network eavesdropping and related exploits because it's at least a form of security and thereby more deterring than no security. It's a matter of time until stronger technologies fully take its place. Enter: WPA.
- In August 2001, Fluhrer et al. published a cryptanalysis of WEP that exploits the way the RC4 cipher and IV is used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network for a few hours. The attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely available software.
- Cam-Winget et al. (2003) surveyed a variety of shortcomings in WEP. They write, “Experiments in the field indicate that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target.” They also reported two generic weaknesses: (1) Use of WEP was optional, resulting in many installations never even activating it, and (2) WEP didn't include a key management protocol, relying instead on a single shared key amongst users.
- In 2005, a group from the U.S. Federal Bureau of Investigation gave a demonstration where they cracked a WEP-protected network in 3 minutes using publicly available tools.
Scott R. Fluhrer, Itsik Mantin, Adi Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4". Selected Areas in Cryptography 2001: pp1–24.
Nancy Cam-Winget, Russell Housley, David Wagner, Jesse Walker: Security flaws in 802.11 Data Link Protocols. Communications of the ACM 46(5): 35-39 (2003)
WPA & the road to 802.11i
Wi-Fi Protected Access (WPA) is the successor to WEP and a transitional pathway to full 802.11i compliance. It can be broken down into standard WPA, which implements much of the 802.11i standard and intermediately replaces WEP with no hardware upgrades required (it can be used with the same devices that used WEP), or WPA2, which implements the full standard and directly replaces WEP with hardware upgrades (stronger security requires new technology). Additionally, each rendition can be employed in Enterprise Mode (using a 802.1X authentication server and unique passphrases to each user) or Personal Mode (using a pre-shared key (PSK) amongst all users. Enterprise mode facilitates better security, but is accompanied by additional hardware requirements (and thereby costs). For the home user alone (with respect to the Rolla wireless audits), simple WPA offers vast improvements over WEP.
WPA uses a RC4 stream cipher with a 128-bit key and 48-bit initialization vector. While this may resemble WEP, it is in no way as susceptible to exploit. A Temporal Key Integrity Protocol (TKIP) dynamically changes keys more securely and, accompanied by a large initialization vector, replay attacks are much less likely than with WEP. Additionally, the payload integrity of WPA is improved over WEP (which allowed users to alter payloads and message CRCs without knowledge of keys). WPA uses a much more secure Message Authentication Code (MAC), or as it's known in Wi-Fi, Message Integrity Code (MIC) labeled the “Michael algorithm.” Included in the MIC of WPA is a frame counter to prevent packet manipulation that WEP is susceptible to.
Unfortunately, WPA is still subject to packet forgery – while the improvements over WEP are immense, transmission of WPA is still subject to analysis and thereby exploitation. The time required for such attacks is noticeably longer than the three minutes for WEP, but can't be relied upon for critical data. To further mediate these threats, WPA2 is being employed.
WPA2 is fully certified by 802.11i. It includes all of the aforementioned advancements in WPA over WEP in addition to employing what legacy hardware would not permit – stronger algorithms. A Counter Mode with Cipher Block Chaining Message Authentication Protocol (CCMP) in WPA2 replaces the aforementioned Michael algorithm of standard WPA. Moreover, RC4 is replaced by AES, the current encryption standard intended to be used by U.S. Government organizations to protect sensitive data. As a result, the security of WPA in WPA2 is noticeably improved.
The Achilles' heel of WPA is the strength of the passphrases employed. Improved encryption algorithms, longer key sizes and initialization vectors, stronger integrity checks and the like aren't effective if given a weak passphrase to process and use as a key. Although a Password- Based Key Derivation Function (PBDF2) strengthens security, weak passwords may undermine all of the aforementioned strengths of WPA. As a result, wireless security is merely as strong as its weakest link. If users aren't properly educated about proper security practices, they undermine the entire premise of the aforementioned security methodologies.
Conclusions & Future Directions
The growth of wireless networking is unquestionably on the rise. Here in Rolla Missouri for example, the increase in access points (unique MAC addresses) over the past year has been phenomenal (see section 1.2: Results). The trend in securing these networks is improving as more effective hardware solutions are released (Linksys and OneTouchSetup), interest groups notify the public of related threats (SIG Security), and stronger algorithms are employed for backing (AES). As a result, wireless networking is slowly being secured - as it should have been in development.
WEP offered a minimal degree of security for wireless networking, and that degree is no longer sufficient. WPA and WPA2, on the other hand, have paved the way to stronger security and more adequate integrity on the whole. How long will these methods suffice? That's a question left to our society and our reliance on Wi-Fi in general; if growth continues to increase, it stands to reason that even 802.11i will be overly exploited and in-turn fail in the way that WEP has.
With respect to the slow progression of security versus the wildfire of technological adoption, we must acknowledge that we're not there yet; wireless networks may in no way be considered secure at the moment, and must be treated as though they are not – regardless the security mechanisms employed. Transmitted data is still using air as its medium, and that data will always be subject to analysis. As a result, exploitation is only a matter of time.
Posted in: May 2006
- Nikita Borisov, Ian Goldberg, David Wagner, "Intercepting mobile communications: the insecurity of 802.11." MOBICOM 2001, pp180–189.
- Nancy Cam-Winget, Russell Housley, David Wagner, Jesse Walker: Security flaws in 802.11 data link protocols. Communications of the ACM 46(5): 35-39 (2003)