With the advent of low-cost hardware, wireless computer networks are becoming ubiquitous in homes and offices throughout the United States and elsewhere. Many of these networks employ hardware and software for wireless communications that is compliant with one or more of the standards promulgated by the Institute of Electrical and Electronic Engineers (IEEE). For example, the 802.11 family of standards are contemplated which includes 802.11a, 802.11b, 802.11g and others. Among the reasons for widespread adoption of such networks is the flexibility and ease of installation afforded by wireless communications.
With such benefits come some drawbacks, however. For example, wireless networks are known to be less secure than their wired counterparts inasmuch as attacks against such networks can be launched from physically remote locations that network administrators may be incapable of monitoring. To combat such threats, network administrators often employ various security protocols, among them the use of encrypted communications and access control measures. For 802.11-compliant networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) protocols are often used to encrypt data within a wireless network so that only an intended recipient is able to read it. Although neither of these security protocols is perfect, they do afford some protection against casual hackers.
Both WEP and WPA operate on the basis of encryption keys that are used to authenticate devices seeking to gain access to the wireless network and, if desired, to encrypt/decrypt messages exchanged between nodes that are so admitted. Authentication is the process of proving identity and the 802.11 standards specify that, when used, it involves a four-step process to determine whether or not the device seeking access to the network has the correct key.
For example, as illustrated in FIG. 1, a requesting node 100 starts by sending an authentication request in operation 101 to a granting node 102 such as an access point or the like. In an 802.11-compliant network, the granting node 102 taking the form of an access point acts as a gatekeeper, allowing or not allowing other nodes to join the wireless network. The granting node 102 sends a challenge message in operation 104 to the requesting node 100 and, in order to gain admission to the network, the requesting node 100 must successfully encrypt the challenge message 104 using its key (e.g. WEP key, etc.), and send a response (see operation 106) back to the granting node 102.
The granting node 102 then decrypts the challenge message and compares it to the initial message. If the message is equivalent, the granting node 102 assumes that the requesting node 100 has the correct key and will grant that node access to the wireless network by confirming a success, per operation 108. Thus, any new users seeking to join a wireless network secured by WEP or a similar scheme that relies on shared keys must, prior to so joining the network, have knowledge of and/or access to those keys.
Early adopters of wireless networks (such as the one shown in FIG. 1) have, unfortunately, been disappointed to learn that such networks are less secure than their wired counterparts. Although the original IEEE 802.11 standards include cryptographic security measures in the form of WEP, those measures have proved rather easy for hackers to circumvent. As a result, WEP is deemed by most computer security specialists to be a rather weak form of protection for a wireless network.
Further, the aforementioned WPA protocol calls for the use of authentication servers external to a given wireless network to ensure that only authorized clients are given access to that network. This sort of scheme is unfortunately not practical for many networks. Thus, a WPA-PSK (pre-shared key) variant has been introduced which, like WEP, relies on the use of an encryption key that is programmed into an access point and a client in order to authenticate the client before allowing it access to a network. Thus, like ordinary WEP, WPA-PSK is vulnerable if a hacker can uncover the encryption key by monitoring the traffic across the wireless network.
Another updated form of security for wireless networks is temporal key integrity protocol (TKIP) specified in the IEEE 802.11i standard. TKIP uses a mixing function to generate dynamic encryption keys that change over time. This essentially defeats attempts by hackers to recover the key from monitored network traffic, thereby making it much harder for the hackers to infiltrate the network. Unfortunately, however, legacy 802.11 products are not configured to operate using TKIP and so remain vulnerable to attacks by hackers through traffic monitoring.
There is thus a need for overcoming these and other security problems.