Wireless security basics
The subject of wireless security is a combination of intrigue, hard work, trial and error, and finally success. The perfection of wireless security has allowed the technology to evolve within two years from a novelty that was untrusted and used only as a last resort to a technology that is becoming an essential part of the fabric of data communication, and everyday life. It is predicted that soon most people will have a mobile smartphone as their primary computer. Wireless has become the communications medium of choice for many people. However, without effective data security, wireless technology could not grow and people would still be reliant on wired systems along with the cost and inconvenience associated with them.
Discussion of wireless security needs to include legacy security methods, wireless security as it currently exists, and the basic principles of cryptology to explain the process a little better. These explanations will occur in the next several articles to provide a working knowledge of the obscure science of data security over an inherently insecure and unbounded wireless medium. Supplementary reading suggestions will be provided, and mathematics generally avoided, though math is an essential and underlying component of these methods.
Digital security, wireless
What is security? We all have things we want to protect. In the physical realm, we have homes and cars; in the digital realm, we have personal data, like our social security numbers, online passwords, and confidential email exchanges. Industries and businesses want to prevent their intellectual property as well as their means of production from being compromised.
However, we see regular instances of ostensibly secure corporate networks hacked with impunity. How do we protect treasures from being stolen or compromised? This concern has been with us since time immemorial. The basis of security is to allow us to freely access our possessions while restricting or preventing access by others.
In the physical realm, we lock doors and use a key to open them. In the digital realm, we enter a combination of numbers or letters to access a computer or data. At the bottom of it all, there is a lock and key, a worthy analogy to keep in mind. The key is unique to the lock; no other key will open it. The lock can be picked, however, or it can be physically destroyed (the brute force approach); the key can be stolen or borrowed. All security suffers from the same weaknesses, and the analogy holds. The key will retain its essential meaning; however, the lock in this analogy will take many different forms.
Digital access control
Wireless security can consist of several components depending on the individual or company’s need for protection. Small systems, such as small office/home office (SOHO) routers or personal wireless LANs (WLANs), typically restrict access to the network by passwords. Larger enterprise WLANs also require passwords, but in addition use methods of authentication and encryption that rely on authentication servers to control access to a wireless network. Larger systems also segregate traffic into specific roles, further segmenting traffic using virtual LANs (VLANs) and other methods. These techniques give administrators control over the data and who can access it based on need to know, job roles, or department.
Wireless intrusion detection systems (WIDS) also are used to discover and mitigate unauthorized users and monitor the network continuously; these systems are very effective in most cases, but they are also very costly. Finally, and this is often overlooked, there needs to be a security policy regardless of the WLAN size. Most networks are compromised by what is called "social engineering." This term describes the process by which a person reveals his or her credentials to an unauthorized person as a result of fraud or subterfuge. A solid security policy is effective in teaching people how to avoid being coerced or duped into revealing credentials.
Authentication, authorization, accounting
For a user to successfully access a wireless network, several things need to happen. The access point (AP) is typically the gatekeeper for any wireless network. The user must know the name of the network she wants to access, and then know the username and/or password, or key, to authenticate herself to the AP. Once the AP accepts the key, the user is associated with the AP and is authorized to access network resources. Once authenticated and authorized, the user’s utilization of network resources may be monitored, a process known as accounting. This entire process is called AAA Security: authentication, authorization, and accounting.
Data privacy is a primary concern on a wireless network. An intruder can easily intercept data broadcast over the air. This requires that data be hidden or obscured in some fashion to make it unreadable to anyone without the proper decryption key. Encryption is needed to protect sensitive data and is a method of obscuring data so that an eavesdropper cannot read it.
There are several methods of encryption, but the common link is the use of a cipher to effect encryption; the cipher is the key used in the algorithm used by the encryption protocol. When discussing the various encryption methods, a few specialized terms are used. Plaintext is the message to be encrypted prior to transmission. The plaintext is operated on by the encryption algorithm using a key or cipher to produce ciphertext, or the encrypted message. To decrypt the message, the process is reversed: ciphertext is operated on by the protocol, producing plaintext. This is the essence of all data encryption mechanisms.
Recommended reading includes the CompTIA Security and study guide or the CWNP Certified Wireless Security Professional study guide. Both are good references and provide in-depth descriptions of all aspects of wireless security.
– Daniel E. Capano, owner and president, Diversified Technical Services Inc. of Stamford, Conn., is a certified wireless network administrator (CWNA). He can be reached at firstname.lastname@example.org. Edited by Chris Vavra, production editor, CFE Media, Control Engineering, email@example.com.
www.controleng.com/blogs has other wireless tutorials from Capano on the following topics:
- Quality of service in wireless communication
- Carrier sense multiple access with collision avoidance
- Carrier sense multiple access with collision detection
www.controleng.com/webcasts has wireless webcasts, some for PDH credit.
Control Engineering has a wireless page.