Wireless security and 802.11w

IT Pro Guide: Guy Matthews explains how Wi-Fi security standards for the enterprise are set to improve - in the long term

Most large enterprises are currently evaluating how wireless networks could benefit their business and free up their employees from the tyranny of fixed connectivity. An inevitable part of this process is the unenviable job of keeping tabs on the ever changing landscape of wireless networking standards.

IEEE WiFi standards such as 801.11a and 802.11g are likely to be familiar to anyone who follows this sort of thing. A lot of the 802 standards are already ratified and built into a number of product ranges. Still some way off ratification are standards like 802.11n, designed to deliver what sounds today like a freakishly fast data transfer rate of 300Mb/sec.

Yet further out in the standards stratosphere is 802.11w, which although unlikely to be rubber stamped for another couple of years at least is worth some attention now simply because it concerns something more important to enterprise network managers than mere speed and performance. It's about security, probably the chief reason so many businesses are cautious about the whole wireless issue.

So what is 802.11w all about? And if approved, what security benefits will it deliver?

Advertisement
Advertisement - Article continues below

Patching it up

The existing 802.11i security standard added cryptographic algorithms to the basic wireless specification in order to protect data traveling across a wireless network. Now a new task group has begun work on 802.11w, which will extend security beyond just the data itself to the management frames which are at the heart of the network's operations. These frames are used to circulate system management information.

In the past it was not considered necessary to protect management frames, as they contained no sensitive data. But now other draft wireless standards, like 802.11r, 802.11k and 802.11v, offering features like fast hand-off, radio resource measurement and better network management, mean that unsecured frames are now swapping data as well as just network information.

Plus, if someone bent on malice is able to play around with system management tools, they can seriously disrupt a wireless network even if they can't get hold of data. They can, for example, prevent legitimate network users from going about their business by deauthenticating their messages.

The new 802.11w standard is all about extending 802.11i to cover management frames. This is not straightforward, requiring changes to the firmware of clients and access points. But if the final specification does not require hardware changes, 802.11w might be deliverable as a software-only upgrade to existing wireless hardware.

Triple protection

Protection will be provided in 802.11w in three ways. First by protecting management frames between one access point and one client - the so-called unicast frames. Unsecured unicast frames let an attacker map out the layout of a network and work out the location of devices linked to it, giving him all the information he needs for a denial of service (DoS) attack. The new standard will extend existing encryption algorithms to unicast management frames.

Second, it will cover vulnerabilities in generic broadcast management frames, used to adjust radio frequency properties. A key at each access point will prevent those trying to forge messages from using the network.

The third level of protection is for deauthentication and disassociation frames. Again, by using keys the client can determine if a deauthentication request is valid or if it has been sent by a malicious outsider trying to mess around with the network.

Thus eavesdroppers, forgers, DoS attackers and general trouble makers will be less able to use management frames to ply their illegitimate trade.

Advertisement
Advertisement - Article continues below

Who, what and when?

The 802.11w standard is still in its early proposal stages. The target for ratification is March 2008, which might sound rather far off for anyone with immediate network security issues. But that's the speed these things move at.

Task Group W is still at the stage of drafting a working requirements document and issuing an initial call for standard proposals. If this all sounds a bit laborious, then take some comfort in the relative speed with which it's likely to happen. A Task Group W spokesperson has predicted that 802.11w ratification will be "fast by IEEE standards", calling it a "well-constrained problem".

In standards body terms, this means that management frames security is a fairly self-contained problem, and shouldn't run into the blizzard of controversy that has surrounded other attempts at wireless standardization with broader network implications.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019