Last summer, the IEEE ratified 802.11i, the enhanced security standard for 802.11a/b/g networks. Last fall, the Wi-Fi Alliance announced the first products to pass 802.11i testing, a certification program known as WPA2 (Wi-Fi Protected Access, version 2). To date, over 30 companies have WPA2-certified products, with more on the way. Last month, Microsoft released a WPA2 patch for Windows XP SP2, putting another supporting piece into place.
As WPA2 becomes widely available, why should you upgrade your WLAN to use it, and what will you need to do so?
WPA2 security features
Most consumers have heard about Wired Equivalent Privacy (WEP) vulnerabilities. WEP does make it a little harder for intruders to eavesdrop on data sent over the air, but WEP cracking tools can easily discover encryption keys by analyzing captured traffic. The more data encrypted with a given WEP key, the greater the risk of cracking.
Today, all new Wi-Fi products are required to implement an interim WEP fix known as the Temporal Key Integrity Protocol. TKIP uses short-lived keys to mitigate the threat posed by WEP crackers, but does so in manner that preserves backwards compatibility with WEP. TKIP was designed to be easy to implement with existing hardware, so that product upgrades would become available quickly. Hundreds of products that implement TKIP have passed the Wi-Fi Alliance's WPA version 1 tests in the past two years.
But TKIP does not address all of the security issues facing 802.11 wireless LANs, and is not as robust or efficient as many would like. So, in addition to TKIP, the 802.11i standard defines an entirely new "green field" method of wireless data protection using the Advanced Encryption Standard. AES is a fast, strong algorithm that can provide both data confidentiality and integrity. It is recommended for use by many security standards, including the US Federal Information Processing Standards (FIPS) 140-2.
To pass Wi-Fi Alliance WPA version 2 tests, products must implement AES using the new packet encapsulation defined by 802.11i, AES-CCMP (the Counter Mode Cipher Block Chaining Message Authentication Code Protocol) In addition, WPA2 products must implement at least one authentication option defined by 802.11i:
WPA2-Enterprise uses 802.1X Port Access Control to authenticate individual users by consulting an Authentication Server over RADIUS. Many authentication methods can be used with 802.1X, ranging from passwords to digital certificates, as supported by the Extensible Authentication Protocol (EAP) type.
- WPA2-Personal provides group-level authentication using a Preshared Secret Key. PSK is designed for homes and small businesses that lack RADIUS infrastructure and do not require individual user authentication. In this case, all AP users knows the same PSK and are granted the same level of access.
WPA versions 1 and 2 have exactly the same choice of authentication methods – for example, WPA2-Enterprise combines 802.1X with AES-CCMP, while WPA-Enterprise combines 802.1X with TKIP. Both WPA versions let the station and AP derive fresh encryption keys, after stations are authenticated, but before they send any data.
WPA2 fast roaming options
Some WPA2 products go beyond these fundamental features by implementing 802.11i options that can speed up AP roaming. As signal degrades, wireless stations re-assess their surroundings, discovering nearby APs, evaluating which offers strongest signal. Stations may transparently roam within the same Extended Service Set – that is, between APs that share a given network, called an ESSID (Extended Service Set Identifier.)
Roaming occurs all the time in multi-AP WLANs, even if the user is not physically moving, due to changing environmental conditions. But 802.1X authentication involves the exchange of many packets, and perhaps even user interaction to respond to login prompts. Repeating full 802.1X authentication when roaming introduces significant delay that disrupts latency-sensitive applications like voice or streaming video. 802.11i "fast roaming" options are designed to reduce this delay to acceptable levels:
Key Caching lets a station reuse previously-established encryption keys when roaming between APs that support this option. A unique identifier is assigned to each station's Pairwise Master Key (PMK), and supplied to the new AP. If the AP can find the identified PMK in its cache, most of 802.1X authentication can be skipped, and the PMK is immediately used to continue encrypting data traffic. However, 802.11i does not dictate how APs actually share PMKs with each other, so products implement key caching is various ways – for example, Cisco's Central Key Management (CCKM).
- Pre-Authentication lets a station authenticate simultaneously with multiple APs, so that it can remain associated with an "old" AP while getting ready to roam to a "new" AP. Normally, 802.1X occurs over the air between the station and the AP to which it has just associated. Roaming involves breaking that old association, creating a new association, then repeating 802.1X over the new association. Stations that implement Pre-Authentication can use their existing association to send 802.1X to another AP, assuming those APs can communicate over a back-end (wired) network. Stations can pre-authenticate with several APs so they'll be ready to "hit the deck running" when re-association finally does occur.
These fast roaming options both require over-the-air communication between the station and AP (defined by 802.11i) and back-end communication between APs (beyond the scope of 802.11i). Today, these options are really only relevant to homogeneous networks composed of same-vendor, WPA2-compliant APs and associated infrastructure (e.g., wireless switches). Another emerging standard, 802.11r, will eventually provide the missing pieces for interoperable fast roaming across heterogeneous WLANs, with handoff delays that meet latency requirements for VoWiFi.
If you're starting a new WLAN from scratch, it makes good sense to start with WPA2 – at minimum WPA2-Personal, but preferably WPA2-Enterprise. However, most organizations – including those officially new to wireless – still must deal with devices that do not support WPA2. Such devices may include laptops and PDAs with embedded mini-PCI adapters, wireless printers, and VoWiFi handsets. Companies with existing WLAN deployment may also have invested in APs that lack WPA2 support. In short, many of us will be faced with a period of migration from whatever security measures are available or used today to WPA2. During that period, coexistence will be necessary.
One common method of enabling coexistence involves defining new ESSIDs for stronger-security networks. For example, when T-Mobile upgraded its hotspots from no encryption to WPA-Enterprise/TKIP, it complemented its existing ESSID "tmobile" with another ESSID "tmobile1x."
Those ESSIDs could be supported by two APs, each configured to require different security. Alternatively, many enterprise-grade APs can be configured with several ESSIDs. Such APs may advertise ESSIDs in the same beacon or operate as "virtual APs." With Virtual APs, one physical AP gives the appearance of being several APs, each with its own BSSID (MAC address), advertised in separate beacons. Without Virtual APs, advertising multiple ESSIDs requires adding a new field to beacons – for example, Microsoft's Wireless Provisioning Service Information Element (WPS IE). Virtual APs require AP support; adding an IE requires both AP and station support.
Finding WPA2-capable products
Once you've decided you want to move up to WPA2 and you've thought through your migration and coexistence needs, it's time to start looking into WPA product support. A good starting place is the Wi-Fi Alliance certified products list -- simply check "WPA2-Enterprise" and/or "WPA2-Personal" on the product search page and you'll pull up a list of successfully-tested products.
For starters, you'll need a WPA2-capable AP. Today, most WLAN switching systems, available from companies like Trapeze, Aruba, and Cisco/Airespace, have passed WPA2 testing. Standalone APs like Cisco/Linksys WRT54GX, D-Link DWL-3200AP, and Proxim AP-4000 have also passed WPA2 testing, to name just a few. In general, you are more likely to find WPA2 on newly-released APs, since AES requires hardware support.
You'll also need WPA2-capable wireless adapters (PCI, mini-PCI, USB, etc). Adapter chipsets from Atheros and Broadcom were among the earliest WPA2-certified products, and here again, the odds of support are far higher with newly-released products. A few varied examples include 3Com's OfficeConnect Wireless USB Adapter 3CRUSB10075, Cisco's Aironet PCI Adapter AIR-PI21AG, Dell's Wireless 1370 Mini-PCI Card, and Intel's PRO/Wireless 2100 LAN 3A MiniPCI Adapter.
To make use of WPA2 capabilities in your adapter, you'll need WLAN client and driver software that understands WPA2 and (in most cases) implements an 802.1X Supplicant for your chosen EAP Type(s). Client software that can be used with WPA2 is available from third parties like Meetinghouse, from NIC vendors like Cisco, and from OS vendor Microsoft. For example, Microsoft's recently-released WPA2 patch for Windows XP SP2 adds built-in OS support for AES-CCMP encryption, WPA2 authentication via 802.1X or PSK, Pairwise Master Key caching, and Pre-Authentication.
- Finally, you'll need back-end infrastructure that can support the WPA2 features you plan to use. If you're going to use WPA2-Enterprise, you'll need a RADIUS server that speaks your chosen EAP Types(s) – for example, EAP-TLS, EAP-TTLS, or PEAPv0/v1. Check out the Wi-Fi Alliance's new EAP Certification program. If you'd like to use PMK Caching, you'll probably need a wireless switch that supports PMK Caching on behalf of paired APs. Look carefully at any AP vendor's requirements for WPA2 features – don't just assume that "AES" in a product's spec list implies WPA2 compliance or support for options like Pre-Authentication.
Ultimately, depending on the size and complexity of your WLAN, it may take quite some time for all the requisite pieces to fall into place. And you may need to start small, with trial deployments, to understand all that's really required for a large-scale WPA2 migration. But understanding what you'll need to upgrade is a step in the right direction.
|Read about Lisa|
About the author: Lisa Phifer is vice president of Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.