WLANs are now in common use in both large and small businesses and home environments with millions of devices now deployed. In a WLAN, one or more base stations or Access Points (AP) bridge between a wired network and radio frequency or infrared connections to one or more mobile stations or Mobile Units (MU). In addition, MUs may communicate on a peer-to-peer basis. The MUs can be any of a wide variety of devices including, laptop computers, personal digital assistants, wireless bar code scanners, wireless point of sale systems or payment terminals, and many other specialized devices. Most WLAN systems used in business environments adhere to the IEEE 802.11 specifications.
The IEEE 802.11 specifications employ the Wired Equivalent Privacy (WEP) protocol to encrypt and decrypt the packets transmitted on the WLAN. The WEP protocol, in effect, acts as an authentication method by assuming that only authorized devices have the correct keys. Unfortunately, the WEP protocol has well known and well documented security deficiencies, which allows an unauthorized person or hacker to determine the WEP encryption key. In AT&T Labs Technical Report TD-4ZCPZZ, “Using the Fluhrer, Mantin, and Shamir Attack to Break WEP,” Aug. 6, 2001, Stubblefield et. al., disclose a practical method for determining the WEP key by passive monitoring of communications. The attack takes advantage of the fact that the identifier for the key, or key index, is transmitted in plaintext in the header of each message. The effectiveness of this attack is improved when either: 1) a known piece of information is transmitted, as is the case with an IP ACK, or 2) a message with the same content is transmitted more than once, as is the case in a retransmission following a packet collision. Once hackers obtain the key they can receive and decode messages transmitted on the WLAN or can actively intrude into the WLAN. In either case the hackers are likely to obtain access to sensitive data. To address these problems with WEP key security, three classes of solutions have been proposed to date:                1) use an alternative encryption and authentication protocol;        2) modify the WEP algorithm to remove the vulnerability by limiting the use of a given WEP key; or,        3) use an alternative security mechanism to the WEP protocols.        
The IEEE 802.1X amendment to the IEEE 802.1 specifications proposes to limit WEP key reuse by providing for session-based keys and by further supporting alternative security protocols. The IEEE 802.1X amendment overcomes the deficiencies of the WEP protocols by using a secure user authentication scheme (the Extensible Authentication Protocol or EAP; RFC 2284), secure distribution of keys, assigning unique keys for each session and by optionally changing keys within a session. Deployment of these protocols requires an authentication server as well as new hardware capabilities, radio drivers and/or firmware and thus may not be possible with existing mobile units and access points. In addition, the IEEE 802.1X amendments do not address peer-to-peer communications.
The temporal key integrity protocol (TKIP), initially referred to as WEP2, attempts to eliminate the key reuse problem of WEP. The TKIP protocol uses a 128-bit “temporal key” shared among clients and access points. Each access point is, in effect, a “master,” distributing temporal keys to the mobile units associating with the access point. The access point authenticates the mobile unit before a temporal key is distributed. TKIP combines the temporal key with the mobile unit's MAC address and adds a 16-octet initialization vector to produce a unique encryption key. This protocol ensures that each entity uses different key streams to encrypt the data. TKIP uses the same RC4 algorithm as WEP, to perform the encryption. TKIP improves on WEP by allowing changes to temporal keys. These changes can be made every so many packets (typically 10,000 to 30,000) or at some time interval (e.g., 15 minutes). This dynamic temporal key updating reduces the primary weakness of WEP. While this algorithm does improve the security of WEP, it requires that the distribution of the temporal key be tightly coordinated between access points and mobile units. Further, the mobile units and access points must have the ability to decrypt the individualized keys used by each communicating entity, which may not be possible with existing 802.11 hardware or software. In addition, the TKIP algorithm does not include provisions for peer-to-peer communications, since access points control the distribution of the temporal keys.
RSA Security, Inc. has proposed an algorithmic modification to the present IEEE 802.11 standards to overcome the inherent weakness in the WEP protocol. This approach is summarized in a white paper, “Wireless LAN upper layer authentication and key negotiation,” Jan. 17, 2002 by Andersson (http://www.rsasecurity.com/newsletter/wireless/2002 winter/feature.html). This approach effectively uses an authentication protocol at a higher network layer level and a new algorithm to compute the keys used for each packet transmitted to eliminate the known problems with the WEP protocol, particularly the problems associated with collisions, while retaining the use of the RC4 encryption algorithm. While the methods discussed effectively solve the security problem in theory, in practice, deployment of these improved protocols requires new hardware capabilities, radio drivers and firmware and thus may not be compatible with existing mobile units and access points.
Additional alternative approaches to WLAN security, which use other IT available technology, have been proposed. These technologies can include Virtual Private Networks (VPN), proxy servers for packet filtering or address translation, cryptographic challenge-response systems and Public Key Infrastructure (PKI). All of these approaches require the deployment of significant new infrastructure.
One possible approach is to force all WLAN connections to use a virtual private network, typically through a firewall. While this approach employs standard IT industry technology, it requires a significant capital investment, considerable system administration effort and a new VPN connection may need to be established when the MU roams between the coverage area of one AP and that of another. A VPN system of this type is commercially available from Bluesocket communications (www.bluesocket.com). This system works with existing WLAN nodes, but requires the deployment and management of significant new infrastructure.
A related approach is disclosed in EP 1113641 to Moles and Herle. The system described employs a specialized proxy server, which uses an address translation protocol to filter packets transmitted between MUs and other nodes on the wired network or WLAN. While this method effectively prevents unauthorized MUs from intruding into the network, it does not attempt to improve the encryption methods or prevent passive detection and decoding of data using an unauthorized MU. The system architecture requires that all WLAN access points be on a separate sub-network, possibly limiting performance. This approach also does not improve the security for peer-to-peer wireless communications.
Another alternative WLAN authorization or authentication method is disclosed in US 20010048744 to Kimura. This system essentially replaces the 802.11b security standard. The system uses a server to manage the cryptographic authentication of MUs. The server requests permission from a network administrator who must be available to authenticate a new MU. This system requires the network administrator to be available to perform the authorization step. In addition, the system does not attempt to improve the encryption methods used to prevent the passive detection and decoding of data using an unauthorized MU. Further, the scheme requires the deployment and management of significant new infrastructure.
In EP 1178644 to Stenman et. al., a system is disclosed which uses the internet key exchange protocol and public key encryption algorithms to first mutually authenticate MUs and APs and then to securely exchange sessions keys used to encrypt subsequent packets. While this technique both authenticates the MUs and APs and cryptographically protects the transmitted packets, it requires the installation and administration of a certificate authority and other network infrastructure. Further, significant time and data bandwidth is consumed by the protocol for each connection, which is a significant consideration when the MU roams.