1. The Field of the Invention
This invention is related to the field of wireless network analyzers, and more specifically to a system and method for post capture decryption of information captured using wireless network analyzers.
2. The Relevant Technology
Local Area Networks (LANs) have been in existence since the late 1960's. Initially, these networks were connected together using copper wire to transmit signals from computer to computer. In the late 1980's, the copper wire was being replaced by fiber optic cable, which transmitted signals in an optical format at much higher speeds. Development of international standards (such as the IEEE 802.3 Ethernet standard) allowed networking technology solutions to be implemented across geographical and political boundaries, regardless of the type of network or cabling used.
As computer networks became ever more complex, tools were developed to allow network administrators to more effectively manage the data traffic passing across their networks. Numerous companies have developed products such as network analyzers or “packet sniffers” which can be used to determine, for example, the density or intensity of network traffic passing across a given network node, router or switch. Knowing this information allows network administrators to reduce data bottlenecks that decrease the efficiency of, and smooth data flow through, the network. Network analyzers have become increasingly more sophisticated as technology has improved. As network speeds have increased, and the technology has progressed from wire to fiber optic cabling, the numbers and types of data packets being sent over the network have increased as well.
Unfortunately, both wire and fiber optic cable suffer from the same drawback; they require computers that are connected to the network to have a hard-wired connection before any data can be exchanged. By the mid 1990's, work was ongoing to free computers from the necessity of having a hard-wired connection to a network. Work was begun on the IEEE 802.11 Wireless Ethernet standard. Based on the particular frequency, type of modulation being used, and data speeds, the 802.11 standard has been further subdivided into 802.11a, 802.11b, and the newest 802.11g standards. In 2000, the 802.11b standard was finalized and a great deal of relatively inexpensive equipment, such as access points (APs, i.e. wireless hubs, routers or switches), and wireless Ethernet cards, was introduced in the market. The wireless Ethernet network has proven to be very popular, with sales and use of wireless technology increasing at a very rapid pace.
As with wired networks, the difficulty that network administrators face in trying to keep the large amount of network information flowing smoothly increases as the number of users, APs, and data speeds grow. Over time, network administrators realized there was a need for network analyzers that worked with wireless networks.
Unfortunately, the complexity of wireless networks requires that a new battery of tools be included within wireless network analyzers. The types of packets and other data detectable using a wired network analyzer is insufficient to allow complete analysis of wireless network traffic. The complexity associated with analyzing a network increases when the network requires secure data transmission, i.e., encrypted data propagates through the network. In order to be effective, a wireless network analyzer must be able to decrypt the transmitted data packets to verify packet integrity, routing, etc.
One example of data that is captured by a wireless network analyzer but not involved in the operation of wired analyzers is the AP channel. An AP for a wireless network is the piece of equipment (e.g., a router, hub, switch, etc.) that connects wireless clients to the network. APs can typically operate on one of 11 channels under the 802.11b standard. Any wireless client that wishes to communicate with a particular AP must use the channel that the AP is using. The wireless network analyzer must be able to detect and record this information.
Even though there are 11 channels available, a user can only connect to one AP through one AP channel. APs with overlapping coverage are operated on different channels. Because there can be some crosstalk on adjacent channels, many network administrators set all of their APs to use channels 1, 6, and 11.
The requirement to use secure data transmission between the APs and user computers complicates matters even more. Using secure data transmission is necessary because, in many cases, the information transmitted by the wireless stations extends beyond the physical boundaries of the work area, thus potentially allowing unauthorized access to the network. Encrypting all of the data to/from wireless APs alleviates this problem. To more fully understand the details of network encryption, it is necessary to understand the basics of wireless networking.
The simplest form of wireless network is two computers communicating with each other through the use of a wireless card. Each wireless card is called a station, and, as with hard-wired network cards, every card has a unique station identifier (Media Access Control, or MAC address) associated with it. A collection of stations that communicate with each other is known as a Basic Service Set (BSS). All stations in a BSS share a common set of network parameters, including a Basic Service Set ID (BSSID), a character string that identifies the BSS to each user. This network configuration is known as an independent BSS. This means that stations communicate with each other directly through use of wireless cards associated with the stations.
Another type of BSS is the infrastructure BSS. This is the most common type of small wireless network. In an infrastructure BSS, there is one AP that acts as a router/hub for all the stations connected to it. Each station sends all of its data to the AP, which in turn forwards the data either to the recipient station or the network, as appropriate. Typically, the AP operates on a single channel with all stations using the same channel. If data encryption is used, all stations use the same key or keyset. A key is an alphanumeric character string that is used to generate an encryption algorithm. A keyset is a group of keys. In wireless networking, typically four keys are included in a keyset.
A typical infrastructure BSS is shown in FIG. 1, and designated by reference numeral 8. A user group 12 of one or more independent users 12a-12n is connected to network 10 through AP 18. All users in user group 12 use the same channel 14 and keyset 16. In very small networks such as this, with only one wireless AP, controlling the keys and keysets is relatively straightforward. The system works very well for a small number of users and a single AP.
However, the primary advantage of wireless networks is that they allow users to move anywhere in a relatively large area and stay connected to the network. Wireless networks using the 802.11 standard combine multiple infrastructure BSSs into an Extended Service Set (ESS) in order to grow. All BSSs in an ESS use the same ID, which is then known as the Extended Service Set ID (ESSID). In an ESS, each station forms what is known as an association with one and only one AP. Each AP operates on its own channel so that overlapping coverage can be achieved without causing interference.
Users can move from one BSS to another within the ESS. As the user moves, the user's wireless card re-associates with the new BSS and informs the old BSS to void the previous association. As long as all APs in the ESS are using the same keyset, this movement within an ESS is transparent to the user. As far as the user is concerned, they can move around without knowing or caring which AP they are currently associated with or which channel that AP is operating on.
Communications between an AP and a user are made secure using Wired Equivalent Privacy (WEP) encryption. In a WEP-encrypted network, there are currently one to four encryption keys programmed into each user computer and AP on the network. Each computer and AP in a BSS has the same encryption keyset. Currently, these keys can be either 64 bits or 128 bits in length. Regardless of whether 64-bit or 128-bit encryption is used, each AP and user computer must be configured with an identical keyset of one to four keys in order to operate properly.
With 64-bit encryption, the key has a length of 5 characters, or 40 bits. Twenty four bits, or three characters at 8 bits per byte, are used as overhead. With 128-bit encryption, the key has a length of 13 characters, or 104 bits. The keys are often generated using random character generators. The actual size of the keys, whether 64-bit, 128-bit, or larger, and the number of keys in a particular keyset can be varied as desired based upon the level of security required in the network. This information is included here for the sake of clarity and completeness only. The present invention works with keysets using keys of any length.
In a network using 64-bit encryption, each station on the network is programmed with the same one to four 64-bit shared key(s). A station is either a wireless-enabled user computer, or any other piece of hardware connected to the wireless network and capable of sending and receiving encrypted data. When a station has encrypted data to send, it generates a random 24-bit Initialization Vector (IV) and encrypts the data to be sent with the 24-bit vector and one of its 40-bit shared keys. The entire key length is 64 bits. Not all information sent between stations is considered data, as some of the information packets transmitted between stations constitutes network management information used to maintain effective communication between devices. This non-data information is generally not encrypted.
In a network using 128-bit encryption, each station on the network is programmed with one to four 104-bit shared key(s). When a station has encrypted data to send, it generates a random 24-bit IV and encrypts the data to be sent with the 24-bit IV and one of its 104-bit shared keys. The entire key length is 128 bits. Stations send the 24-bit IV along with the encrypted data. A header field tells the receiving station which of the four shared keys is in use for the encrypted data. Receiving stations use the received 24-bit IV and their own stored 40-bit or 104-bit keys to decrypt the received data. To send and receive information within the same BSS in a WEP-encrypted network, stations must use the same encryption keys.
A typical ESS is shown in FIG. 2A. ESS1 100 includes BSS1 110, which operates through AP1 112 and uses Keyset1 114. The user can move seamlessly to BSS2 120, and the user's wireless card will automatically re-associate itself to AP2 122, as long as AP2 122 is also using keyset1 114. Any number of BSSs, characterized as BSSN 140 using APN 142 and Keyset1 114 can be put together in this manner to cover whatever physical area is desired.
As long as all of the BSSs are part of a single ESS using a single ESSID, movement around the network will remain transparent to the user. Note that the borders between BSSs/APs in FIG. 2A are shown as dotted lines. Those skilled in the art realize that the borders between different APs are not clearly defined, and there will be many places in the physical ESS area where there is a sufficiently strong signal that a user could associate with more than one BSS/AP from a particular location. For purposes of the invention, it is not necessary to know how the wireless card associates/re-associates with a particular AP. It is sufficient to know that a user connects to only one BSS/AP at a given time. However, because of this overlapping coverage, a wireless network card in “promiscuous mode” is able to receive traffic from multiple APs and multiple stations at the same time. In promiscuous mode, the card does not communicate with or connect to the APs, it only listens and records everything it hears.
FIG. 2B shows ESS2 200, an alternative arrangement for ESS1 100 of FIG. 2A. Note that everything is the same between the two versions except that, in ESS2 200, BSS2 120 using AP2 122 is now using keyset2 126. While all of the BSSs in this example are still using the same ESSID, users attempting to move into the BSS2 area will be prevented from connecting to the network unless they manually change the keyset being used on their computer. A network administrator might set up an area in this fashion to provide added security within the network, at the expense of diminished user mobility. This might be done, for example, to provide additional security to an accounting department, R&D, or executive offices for a particular company.
A large organization, particularly one with multiple office complexes located in several locations, possibly in different cities, might establish an ESSID and at least one corresponding keyset for each location. As these organizations get larger and larger, keeping the network operating smoothly becomes a more difficult and time consuming task. Any network analyzer used in such networks must be able to access data from all APs.
A network analyzer on a wireless network can operate in one of two modes; real time decryption mode and post-capture decryption mode. When the analyzer operates in real time decryption mode, the analyzer interprets the wireless packets collected by a wireless hardware device. Since the hardware device can only accept one encryption keyset from the analyzer, only the data from one BSS/AP can be decrypted. All the other data will not be interpreted correctly and therefore lost for monitoring or analysis purposes. When used in an analyzer, a wireless card is always in promiscuous mode. It monitors/captures all traffic in a selected channel. This works well when there are only a few APs in an ESS, all of which are using the same keyset, or when the network administrator has some idea of where a problem lies. This situation is shown in FIG. 2A. When monitoring any of the APs 112, 122, 132, 142, keyset1 114 is used.
This foregoing real time technique is not used when a network that uses more than one keyset needs to be monitored. Instead, decryption is disabled for the network card. The post-capture decryption mode is then used. In this mode, the network card gathers all the wireless packets it receives without trying to decrypt them. The packets are stored in a capture buffer, which is a durable data store of WLAN traffic filtered and captured in real time. The buffer can be analyzed or saved to disk and kept for later analysis. This allows for a post-capture decryption and analysis of all packets.
As many decryption keys/keysets as are required can be applied to the captured data so that all packets are correctly decoded. The number of keysets that must be available to the analyzer software can be voluminous. Unfortunately, when dealing with a very large number of ESSs, or with single ESSs having numerous BSSs, each with its own set of keys, the administrative burden of controlling the keys in the keysets becomes unwieldy.
One method available in conventional network analyzers to manage this problem is to manually enter a keyset for an AP into the analyzer software. This method works quite well for a small number of APs using one or two keysets. However, for a large number of ESSs, each potentially having multiple keysets associated with it, this method can be quite cumbersome. An individual must enter each key or keyset into the analyzer software. Since keys are not generally accepted English words, but random groupings of numbers, letters and symbols, it is quite easy to make an error when entering keys manually. A typical key for a 128 bit system might look like “3$k&jud84d1tz”. Having even one character out of sequence will render the key ineffective. If the analyzer does not have the correct key for the particular AP being monitored, the analyzer will be unable to decipher the packet. Such a system is, at best, very labor intensive, and at worst, practically impossible for a network administrator to effectively manage.
The data speeds found on a typical wireless network even further complicate the task of a network analyzer. Under the 802.11b wireless ethernet standard, wireless data is transmitted at a speed of up to 11 megabits per second (Mbps). Under the 802.11g standard, this increases to 54 Mbps. Having such a large quantity of data means that data encryption/decryption must be accomplished at a very rapid pace. Even when the data is downloaded into a file and analyzed at a later time, the large volume of data, the large number of keys and the sheer number of different types of packets involved in a typical network require relatively fast decryption times. Fast decryption is very difficult to accomplish when the keys must be loaded by hand on an individual basis for every AP in the network.
One further problem encountered when dealing with large numbers of keys is determining where the keys are to be stored. Most network administrators would be hesitant to store them in unencrypted form in a file on the network, since access by third parties to the keys could be a serious security breach.