802.11w fills wireless security holes

IEEE 802.11i, the standard behind Wi-Fi Protected Access and WPA 2, patched the holes in the original Wired Equivalent Privacy specification by introducing new cryptographic algorithms to protect data traveling across a wireless network. Now, the 802.11w task group is looking at extending the protection beyond data to management frames, which perform the core operations of a network.

Traditionally, management frames did not contain sensitive information and did not need protection. But with new fast handoff, radio resource measurement, discovery and wireless network management schemes (provided in the upcoming 802.11r, 802.11k and 802.11v drafts), new and highly sensitive information about wireless networks is being exchanged in these non-secure frames.

802.11w proposes to extend 802.11i to cover these important frames. IEEE started work on this proposal early in 2005, and an official draft is expected to be ratified in the first half of 2008. 802.11w will require changes to the firmware of clients and access points. It should not require hardware changes, however, and thus might be available as a software-only upgrade to many types of hardware.

Three types of protection

802.11w provides protection in three categories. The first is for unicast management frames, or frames between one access point and one client. By reporting network topology and modifying client behavior, unprotected unicast management frames provide a powerful arsenal to an attacker, who can discover the layout of the network, pinpoint the location of devices and mount far more successful denial-of-service (DoS) attacks against a network.

802.11w tackles this problem by extending the existing notion of data encryption algorithms to the unicast management frames, using the existing Temporal Key Integrity Protocol or Advanced Encryption Standard-based algorithms. This protects against forgeries and provides confidentiality.

The second method is for generic broadcast management frames. These frames are less common and typically are used to adjust radio frequency properties or start measurements, rather than report sensitive information. Thus, 802.11w proposes to protect only against forgeries, and not provide confidentiality. The simplest proposal relies on a message integrity code, which is appended to the non-secure management frame. An access point shares a key with every securely associated client. All devices – including eavesdroppers – can see the message, but the key prevents devices outside the network from forging messages. However, authenticated clients can still pretend to be the access point in this scheme.

The third method is for deauthentication and disassociation frames. By using a pair of related one-time keys, one secret in an access point and one for a client, the client can determine if the deauthentication is valid. This method can present problems for users who deploy or are considering intrusion-prevention systems in their networks.

Overall, 802.11w promises to patch security problems created by the flow of new and detailed information over management frames. By protecting the contents of most frames from eavesdropping, and of certain crucial frames from forging, 802.11w will stop the information leakage and reduce some basic DoS attacks.

Epstein is chief architect at Meru Networks. He can be reached at jepstein@merunetworks.com.