WLAN security threats & solutions

This session will give an overview of the latest security trends in the 802.11 based WLAN technology. WLAN technology in security terms had a hard start with early discovery of multiple weaknesses built into it by the design, or discovered afterwards by the inappropriate use of the crypto technology. Initial development of the WEP (Wire Equivalent Privacy) protocol had missed to address the key exchange mechanism as well as individual user authentication. On top of that it does not provide either crypto integrity checking mechanism or replay protection. Immediately after their discovery and public announcements most of the mentioned weaknesses also got publicly available tools on the Internet for their testing and unfortunately, also possible abuse. There are currently two solution paths in industry for securing the WLAN technology. IEEE and IETF standardization bodies have already developed and proposed multiple protocols such as 802.1x and multiple new EAP's (Extended Authentication Protocol) to address security weaknesses in the user authentication and the lack of a key management. The IEEE TGi (Task Group i) is working on a comprehensive solution within the 802.11i standard to address all of the existing security weaknesses of the WLAN technology. Another industry initiative, driven by the leading WLAN technology vendors, have adopted a subset of the TGi work under name of WPA (Wi-Fi Protected Access) to overcome the time limitations in long standard developments, and apply changes and fixes which are immediately possible to address the most important security weaknesses of a current WLAN technology.