Cryptography for Wireless Local Area Networks

It is extremely important to provide security for wireless networks because they are particularly vulnerable to external attacks. However, one of the most interesting aspects of wireless network security is the cryptographic design errors made when developing certain wireless network security standards.

WLAN background

Many users of computers are accustomed to the inherent network ‘security’ provided by the use of physical wires to communicate between different devices. Although a determined attacker can ‘tap’ a wired communication, this requires physical access to the wires themselves. Hence, many attacks on wired networks tend to focus on the machines at the ends of the wires; for example, by installing malicious software on a machine monitoring traffic being sent and received on the network by this machine.

The advent of wireless communication has brought numerous benefits, perhaps the most significant being convenience. An office or home can easily establish a network without installing messy wiring. Also, networks can be established in places where they were once awkward to install, such as railway stations, restaurants, and conference venues.

However, wireless networks are much more vulnerable to attack without the security provided by physical wires. Without built-in security, the information exchanged over them can be monitored (and potentially modified) by anyone geographically close enough to access them. For example, access to a wired home network is, by and large, restricted to someone who can enter the building and physically access either the machines or the wires. In contrast, a wireless network is potentially accessible to someone outside the building.

The type of wireless network typically deployed between devices in an office or home is known as a wireless local area network (WLAN). The international standards for WLAN communications are governed by the Institute of Electrical and Electronics Engineers (IEEE) and are collectively referred to as IEEE 802.11. The original version of the IEEE 802.11 standards was released in 1997, but many amendments have been made since then. Some devices certified to be compliant with IEEE 802.11 are labeled by the trademark Wi-Fi, which is an indicator of interoperability.

A simple WLAN architecture is shown in the illustration below. A wireless access point is a piece of hardware that acts as a bridge between the wireless network and a wired network (for example, the wired network delivering a connection to the Internet from home). The access point consists of a radio, an interface with the wired network, and bridging software. A device is any computer (for example, a desktop, PC, laptop, or mobile phone) with a wireless network interface card allowing it to communicate over a wireless network. A WLAN may consist of many devices all communicating with one access point or may involve several different access points.