We know that communication occurs between two or more entities; the trouble with wireless communications is that, when one entity tries to communicate with another entity, a third (or more) outside entity can listen in if the proper security techniques haven't been implemented to protect the communication. In other words, it takes effort to secure wireless communications to prevent uninvited entities from listening in.
A few options are available for achieving security, including the following:
- We don't communicate at all.
- We communicate but restrict all communications to self.
- We communicate but try to be careful with whom or what we communicate.
- We communicate but try to be careful about the nature of what we communicate.
- We communicate but with the knowledge that our communications may not be perfectly secret and accept the risks while trying to mitigate them as best as we can.
Past and current approaches to securing wireless communications tend to use a mixture of options 3, 4, and 5 to do the job.
The third option tackles the issues of communicating securely in a wireless network via means of authentication-either one or all the parties involved in the communications channel try to verify the others' identities.
One approach that fits the fourth option for facilitating secure wireless communications is using cryptographic manipulation and transformation. Cryptographic methods can be used to disguise or manipulate the communication so that it is visible or useful only to the party for which it is intended but useless to any other party.
The fourth option raises other questions and issues. For example, how can you protect or secure something that you can't see? To answer this question, we first have to understand the nature and components of the wireless "frames" being transmitted.
Note Remember that the IEEE 802.11 standard concerns itself with the workings of the Physical layer (PHY) and the MAC sublayer of the Open Systems Interconnect (OSI) reference model. For this reason, most of the common standards-based methods and solutions for securing wireless networks are implemented at the MAC sublayer.
Let's review the MAC frame types:
- Control frames These frame types are very important for all wireless communications and are used to support the delivery of the other (management and data) MAC frame types. They are the most basic frame type. It is important that the information in the control frames be visible to all the nodes in a wireless network; it is not secret in any way.
- Management frames These frame types are used by wireless nodes to join or discontinue their membership in the wireless network and for other miscellaneous housekeeping purposes. Keeping the content of the management frames secret may sometimes be important.
- Data frames These frame types are used for transporting the data payload. They might, for example, contain the information that we are trying to protect and transmit.
Cryptographic techniques can be used to protect information in management and data frames. The following sections discuss security concepts and techniques that can be used in securing wireless communications.
In this tutorial:
- Securing Wireless Networks
- Security Background
- Security Services
- Cryptographic Concepts and Terms
- Encryption and Decryption
- Exclusive OR (XOR)
- Asymmetric Encryption Algorithms
- Public-Private Key Cryptography
- Concealment Ciphers vs. Running Key Ciphers
- Stream Ciphers vs. Block Ciphers
- Cipher Examples
- Cipher Implementations
- Wi-Fi Protected Access
- Wi-Fi Protected Access 2 (WPA2)
- Hash Functions
- EAP Entities
- EAP Grammar
- EAP Types
- IEEE 802.11i
- Four-Way Handshake
- IEEE 802.11i Considerations