Wireless security legacy, background

Tutorial: Wireless security has come a long way from open system authentication (OSA) and some of the other building blocks like wired equivalent privacy (WEP) and temporal key integrity protocols (TKIPs). Understanding past network security, or the lack of it, can help with network security for today and in the future.
By Daniel E. Capano April 4, 2015

Industrial Wireless Tutorials – a new Control Engineering blogIn the beginning, wireless security was non-existent, but understanding the past can help make current and future wireless systems more secure. A wireless network segment used to be little more than an expensive novelty and wasn’t used for anything critical. Open system authentication (OSA) was the term used for the early methods of network access and was little more than a simple query by the access point (AP) to the client to ensure that the client device was IEEE 802.11 compatible. Wireless was used as an extension to a wired network because wiring was costly or impractical. As the utility of wireless LANs (WLANs) began to become apparent, a means for securing the network needed to be found and implemented.

Flaws in WEP

The first attempt at securing the network was called wired equivalent privacy (WEP). The intent of WEP was to provide an equivalent measure of data confidentiality to wireless networks as was available in wired networks. WEP was based on the Rivest Algorithm, otherwise known as rivest cipher 4 (RC4), for encryption. WEP used a 24-bit randomly generated "initialization vector" (IV) and a 40- or 104-bit static key (for 64-bit and 128-bit WEP, respectively) to encrypt plain text. The key must match on both the client device and access point. Please refer to Figure 1.

Figure 1: The key must match on both the client device and access point. When it is combined along with its integrity check value (ICV), with the keystream, it encrypts a plaintext message. Courtesy: Daniel E. Capano, Diversified Technical Services Inc.

Combining the key, along with its integrity check value (ICV), with the keystream, encrypts a plain text message. Concatenating the secret key with the 24-bit initialization vector (IV) and applying the encryption algorithm, RC4, produce the keystream. Concatenation is a logic function creating a symbol or sequence by placing one value after another, in this case the key with the IV and the message with the ICV. At each round of encryption, the IV would be incremented, producing a unique IV and keystream for each message.

WEP suffered from inherent flaws related to key construction and IV reuse. The IV was transmitted plain text, and it was possible to determine the secret key using various techniques exploiting IV reuse and collisions. The ICV was based on CRC-32, which was not designed to be secure; this provided another means of exploitation. Using commonly available tools, WEP can be cracked in less than 10 minutes; WEP is no longer used and should be avoided, even in small office/home office (SOHO) environments. Jesse Walker’s Unsafe at Any Key Size: An analysis of the WEP Encapsulation or Weaknesses in the Key Scheduling Algorithm of RC4 by Scott Fluhrer, Itsik Mantin, and Adi Shamir Shamir provides some additional insight into this now deprecated encryption method.

Temporal key integrity protocol (TKIP) was designed to remedy the IV reuse issue. TKIP provides data security while using existing equipment that could be upgraded through firmware upgrades. TKIP was developed jointly by the IEEE 802.11i task group and the Wi-Fi Alliance to replace WEP. It became the basis of wireless protected access (WPA). This was an interim measure that provided a solution until a more robust security mechanism could be developed and put into place. TKIP uses dynamically generated and unique 128-bit encryption keys, or "temporal keys," as opposed to the static keys used by WEP. A process called the "4-way handshake" that takes place between an AP and a client device generates these keys. This process will be discussed in detail in the next segment.

Each frame is also assigned a sequence number; a frame is rejected if it is received out of sequence. In addition, the weak key and key reuse problem was addressed by using a complex key mixing process to develop a stronger key stream. The TKIP was designed to operate on legacy equipment using WEP encryption; the RC4 cipher was also used in TKIP. Finally, an enhanced data integrity scheme was implemented, the message integrity code (MIC). While the use of TKIP was mandatory in WPA, it is optional in WPA2, which mandates the use of CCMP-AES encryption.

TKIP starts with the randomly generated temporal key (TK) being mixed with the transmit (MAC) address (TA) and the 4 most significant octets of the 6-octet TKIP sequence counter, creating the TKIP mixed transmit address and key (TTAK). After the TTAK is generated, it is mixed with the two least significant octets of the TSC and the TK, which produces the WEP seed. This is fed into the RC4 algorithm, which produces the keystream. TKIP uses two separate key mixing schemes:


The message integrity check (MIC) is computed using the destination address (DA), source address (SA), the MIC key, and the unencrypted plain text. This is appended to the plain text, which is fragmented to acceptable frame sizes if necessary, and then subjected to an integrity check. The ICV is appended to the plain text/MIC. A Boolean XOR is performed on the keystream and the plain text/ICV to produce the encrypted payload. A greatly simplified diagram of the TKIP encryption process is shown in Figure 2.

Figure 2: A simplified version of the TKIP encryption process. Courtesy: Daniel E. Capano, Diversified Technical Services Inc.

WEP and TKIP were essential for the adoption and growth of wireless technology. Without these initial attempts, modes of exploitation could not have been discovered and solutions implemented. These were good efforts, and nothing written here should imply otherwise. WEP and TKIP are not recommended for use in a modern wireless network, however, as they are not secure. However, if the user is working with older equipment that doesn’t support newer security protocols, then using the above methods is "better than nothing." It is advisable to somehow isolate the older network segment by VLAN or by physically isolating the network from the backbone. 

Minimal, if any, security 

There are two other methods of "security" that are still commonly used, but they provide minimal, if any, security on a wireless network. The first is MAC filtering; a technique whereby client devices are either denied or allowed access to the network based on their unique hardware (MAC) addresses. In small, isolated networks with few clients and low traffic volumes, this can be a "quick and dirty" security method if nothing else is available. It is effective in highly automated environments without mobile devices and in noncritical applications. However, spoofing easily defeats this method. Spoofing occurs when an authorized device’s MAC address is cloned to an unauthorized device that masquerades as a permitted client.

Daniel E. Capano, owner and president, Diversified Technical Services Inc. of Stamford, Conn., is a certified wireless network administrator (CWNA) and writes posts for the Control Engineering blog, Industrial Wireless Tutorials.The second quasi-security method is called SSID cloaking or hiding. This security method should not be used exclusively; it does not secure the network or any data. Like MAC filtering, it is most effective in small networks. It really doesn’t make sense in larger networks designed for mobile device access. In essence, the AP’s service set identifier, SSID, is turned off. The AP will not broadcast its SSID or any AP details. To access the network, the user must know the SSID and whatever security method and password is being used. This method should be used only in a SOHO environment, particularly in an area where there are many other wireless networks visible. The "cloaked" network will not be visible in the list of available networks. This method provides a small degree of privacy and security. It will misdirect an attacker to visible networks, unless the attacker is specifically targeting the user’s network. In that case, it will only slow a determined attacker because the hidden network can be easily found using common network sniffing tools.

– Daniel E. Capano, owner and president, Diversified Technical Services Inc. of Stamford, Conn., is a certified wireless network administrator (CWNA); dcapano@sbcglobal.net. Edited by Chris Vavra, production editor, CFE Media, Control Engineering, cvavra@cfemedia.com.

ONLINE extras

www.controleng.com/blogs has other wireless tutorials from Capano on the following topics:

Wireless security basics

Quality of service in wireless communication

Carrier sense multiple access with collision avoidance

www.controleng.com/webcasts has wireless webcasts, some for PDH credit.

Control Engineering has a wireless page.