Recently, University of Maryland published a paper, "Your 802.11 Wireless Network has No Clothes," which highlighted some of the security problems in wireless LANs. While the paper from the University of Berkeley (January 2001) focused on overall vulnerabilities with 802.11 wired equivalent privacy (WEP) encryption, the University of Maryland paper focused on vulnerabilities in 802.11 wireless LAN authentication methods and protocols for access control. The paper also outlined how poor authentication implementations in the industry can cause even more damage than standard WEP. The paper also provides recommendations to address several of these classes of attacks.
Details from the paper can be found at
The paper highlights several deficiencies in 802.11 security implementations from the standpoint of authentication methods and protocols for access control. The authors also provide recommendations on how to mitigate eavesdropping and man-in-the middle attacks using strong authentication and well protected shared keys. The Cisco Aironet® solution incorporates strong key management and authentication framework and is immune to the classes of attacks identified in this paper, unlike some of our competitors. The major components of our overall security framework that address these deficiencies include:
Obtain additional details from the Cisco response to the paper from University of Berkeley at:
"This paper describes the flaws in the two access control mechanisms that exist in access points built using Orinoco/Lucent 802.11 Wavelan PCMCIA cards, and a simple eavesdropping attack against the 802.11 specified shared key authentication mechanism."
"The use of a separate key for each user mitigates the cryptographic attacks found by others, but enforcing a reasonable key period remains a problem as the keys can only be changed manually."
"Worse, in some cases, the details that are available indicate that the vendors 'solution' worsens the problem by using protocols with well-known vulnerabilities, e.g. un-authenticated Diffie-Hellman key agreement."
The authors allude to the poor, unauthenticated Diffie-Hellman key agreement with another vendor's implementation. Such a scheme is vulnerable to man-in-the-middle attack.
The Cisco Aironet solution is immune to man-in-the-middle attack as Cisco conducts a mutual authentication and verifies the legitimacy of the client as well as the ACS RADIUS server. The overall Cisco scheme, based on 802.1x standards, also ensures that the access point is legitimate and not a rogue device, because a secure channel for key exchange is established between the RADIUS server and the access point.
"First, MAC addresses are easily sniffed by an attacker since they MUST appear in the clear even when WEP is enabled, and second most all of the wireless cards permit the changing of their MAC address via software."
The authors acknowledge that robust key management would strengthen WEP-based security schemes and that higher-level security mechanisms such as IPSec would enhance security schemes. Customers can also use the network logon, access control lists in switches and routers, and policies on their firewalls to achieve robust end-to-end network security. Virtual private network (VPN) security can also be deployed in intranets where very high security is essential.
"Fortunately, the 802.11 standards body is currently working on significant improvements to the standard."
Posted: Thu Aug 22 05:58:46 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.