|Read about Lisa|
WPA and WPA2 are strongest when used with 802.1X port access control for per-user authentication and dynamic session keys. This solution, branded WPA-Enterprise, is designed for business networks that have authentication, authorization, and accounting (AAA) infrastructure -- for example, RADIUS servers, active directories, or certificate authorities. Unfortunately for SMBs (and home users) that don't have enterprise AAA, adding it just for WLAN security can be impractical or downright impossible.
Realizing this, the IEEE specified an alternative: Pre-Shared Keys (PSKs). This solution, branded WPA-Personal, makes it possible to use stronger-than-WEP encryption WITHOUT an enterprise-grade AAA server to support 802.1X. A PSK is kind of like a group password, configured into the WLAN's Access Point (AP) and every station.
Benefits and limitations of WPA-PSKBecause all stations are configured with the same PSK, users can't be individually authenticated. All you really know is that someone with the PSK is using your WLAN. If one user loses his laptop with a stored PSK or tells someone else the PSK, every station must be reconfigured with a new PSK.
Unlike old WEP keys, WPA PSKs are not used directly as encryption keys. That means that PSKs are not vulnerable to the WEP flaws exploited by tools like WEPcrack and Airsnort. An attacker listening to a WLAN protected with WPA or WPA2 will see that traffic from every source is encrypted with different keys. Furthermore, those encryption keys change over time to prevent the reuse that lead to WEP cracking.
However, because WPA PSKs provide the starting point for generating encryption keys, it's possible that anyone else who knows the PSK can listen to your station's traffic and (with some effort) decrypt your data. This isn't hard, but it's not something the average end user will do. Think of this like the lock on your desk -- it's probably not difficult to pick, but it's enough to discourage most of your co-workers from looking inside.
For these reasons, WPA PSKs are best used in situations where risk is modest and everyone on the WLAN deserves the same access and trust -- such as in small business and home networks. Configuring a PSK can be no harder than configuring a group password, and you don't need any AAA infrastructure. You also won't need any 802.1X software on your laptops and desktops. And you won't have to worry about 802.1X compatibility between operating systems, supplicants, APs, and AAA servers. If you've put off using WPA because 802.1X scared you away, consider using WPA-PSK instead.
What's the catch?You may have seen recent "bad press" about WPA with PSK. That's not because PSKs are always insecure. It's because PSKs that are selected without following safe-use guidelines can be guessed too easily.
The computing industry has a long, troubled past with weak text passwords in general. Many companies have rules that require long, complex passwords, updated at regular intervals. For example, a program that tries 100,000 combinations per second can guess all possible combinations in a seven letter lowercase password within 22 hours; the same length password with letters and numbers requires nine days. A dictionary attack -- trying common phrases and words -- can reduce the time needed to guess the actual password. Partial-knowledge attacks can break passwords very quickly by guessing combinations that include spouse, child, pet, and sports team names, and other phrases used in passwords to make them easy to remember (and guess).
It really should be no surprise that, since a PSK is like a group password, it is vulnerable to password-guessing attacks. In fact, short PSKs that include easily-guessed words are arguably easier to "crack" than those old WEP keys. Readers interested in technical detail about why this is so should read this November 2003 Wi-Fi Networking News article by Bob Moskowitz.
If math and cryptography aren't your thing, here are the essential details you should understand:
- A WPA PSK is really a 256 bit number. Depending upon the Wi-Fi product, the PSK may be configured directly as a hex string, or it may be generated from a configured passphrase: a string of up to 63 ASCII characters.
- PSKs are particularly easy to guess if you configure them by entering a passphrase that's too short, composed of words easily found in a dictionary, or based on information that everyone knows (I.E., your company name).
- The strongest PSKs are those using randomly-generated hex strings. But long hex strings are hard to remember and re-enter correctly, so many products only allow PSK configuration with passphrases. If you do have the option to configure hex strings, Moskowitz recommends using at least 96 bits (24 hex digits).
- When configuring PSKs using a passphrase, the IEEE 802.11i standard very strongly recommends using at least 20 characters. Combine numbers and letters and upper and lower case. Resist the temptation to use a shorter PSK, or to create a weak PSK. For best results, generate a random passphrase.
Is it worth the trouble?At this point, you may be grumbling about the difficulty of remembering and entering the same 20+ character random string on all your systems. And even if you don't mind too much the first time, you'll be annoyed when someone loses his or her laptop and you have to do it all over again.
Every SMB must evaluate the complexity of deploying 802.1X and AAA infrastructure vs. security needs and PSK administration. PSK guessing isn't an academic threat -- free hacker tools are available to run offline dictionary attacks against captured WPA-PSK traffic, including KisMAC and WPA crack. An attacker with time and motivation and proximity to your WLAN can compromise a weak PSK.
On the other hand, there are many tools out there to help you use WPA more safely.
- There are many free random password generators on the Internet -- to try a few examples, visit WinGuides, CertTest, Top Design, and Porcelan. Tools like these can be used to generate random passphrases for WPA-PSK configuration. (Random hex string generators are also available.)
- Some Wi-Fi products include security configuration distribution or synchronization aids. For example, see Buffalo's AirStation OneTouch Secure System (AOSS). Entering a long random string just once isn't hard at all if you can avoid having to enter the same long random string several times, on many systems.
- If you don't have an AAA infrastructure, you may want to consider using WPA with 802.1X and pay someone else to do the heavy lifting for you. For example, a managed authentication service is available from Wireless Security Corporation, who recently struck a partnership with Linksys. If you prefer a one-time software purchase to recurring service fees, consider Interlink's LucidLink. LucidLink runs on near-zero-config AAA server on one of your office PCs and configures your APs for you. It pairs with config-less client software on wireless stations. As WPA2 matures, I expect to see more products like these, targeted at bringing 802.1X to the SMB market.
ConclusionIt would be a shame for smaller companies to stick with WEP instead of deploying WPA / WPA2 because they're not up to running their own AAA infrastructure -- or to be scared off by PSK crackers. We all know that some passwords are better than others, and its important for WLAN administrators to realize the same kind of "best practices" are required to choose good strong PSKs.
About the author: Lisa Phifer is vice president of Core Competence, Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.
This was first published in November 2004