The Institute of Electrical and Electronics Engineers (IEEE) is the professional standards organization for the development of communication and network standards. With the increase in wireless technology, standards such as the IEEE 802.11b became important to provide a mechanism for authentication and encryption in wireless communication. Wireless security provides for the encryption and message security to ensure the confidentiality and integrity of broadcast transmissions. Wireless security is also concerned with securing the sending and receiving devices. One of the first network security protocols defined by the 802.11b standard is Wireless Encryption Protocol (WEP), also called Wired Equivalency Privacy. WEP is a key-phrase based network security protocol that is used to encrypt transmissions being broadcasted. Unfortunately, WEP used a weak key and can be cracked using tools that are freely available.
To strengthen wireless security, Wi-Fi Protected Access (WPA) was developed. WPA was created by the Wi-Fi Alliance and was designed to enhance the security of wireless networks. There are two flavors of WPA: enterprise and personal. The enterprise method uses an authentication server to distribute different keys to each user while the personal method is less scalable and uses ‘pre-shared key’ (PSK) where every authorized computer on the wireless network is given the same passphrase.
WPA encrypts data using the RC4 stream cipher with a 128-bit key and a 48-bit initialization vector (IV). One major improvement WPA had over WEP is the Temporal Key Integrity Protocol (TKI) which changes the keys dynamically as it is being used. This, combined with the larger initialization vector, effectively defeats the key recovery attacks that WEP faces.
Another wireless security method used by mobile devices such as PDAs and phones is the Wireless Application Protocol (WAP). WAP is a wireless security method that provides protection for mobile devices accessing the Internet. It provides session, transaction, and applications services while having low resource requirements. WAP provides security through the Wireless Transport Layer Security Protocol (WTLS) which performs through either anonymous authentication, server authentication, or client and server authentication. WTLS is a security protocol based on the industry standard Transport Layer Security (TLS) protocol that is optimized for narrow bandwidth communication channels. WTLS provides data integrity, privacy, and authentication as well as Denial of Service protection.
A Service Set Identifiers (SSID) is a 32-character unique identifier that is attached to the packets sent over a Wireless Local Area Network (WLAN). This SSID acts like a password to connect to the access points and all those devices that are trying to communicate on the WLAN must have the same SSID. By default, this SSID usually broadcasts itself to everyone in the WLAN, but it is recommended that this SSID broadcast be disabled. This will provide a little security through obscurity.
In addition, it is recommended that Wi-Fi Protected Access (WPA) be utilized over Wired Equivalency Privacy (WEP) due to the added security that WPA provides. WPA provides improved integrity through its use of cyclic redundancy check (CRC) and secure message authentication code, or message integrity code, which uses a frame counter that prevents replay type attacks.