Wireless security and 802.11w

Most large enterprises are currently evaluating how wireless networks could benefit their business and free up their employees from the tyranny of fixed connectivity. An inevitable part of this process is the unenviable job of keeping tabs on the ever changing landscape of wireless networking standards.

IEEE WiFi standards such as 801.11a and 802.11g are likely to be familiar to anyone who follows this sort of thing. A lot of the 802 standards are already ratified and built into a number of product ranges. Still some way off ratification are standards like 802.11n, designed to deliver what sounds today like a freakishly fast data transfer rate of 300Mb/sec.

Yet further out in the standards stratosphere is 802.11w, which although unlikely to be rubber stamped for another couple of years at least is worth some attention now simply because it concerns something more important to enterprise network managers than mere speed and performance. It's about security, probably the chief reason so many businesses are cautious about the whole wireless issue.

So what is 802.11w all about? And if approved, what security benefits will it deliver?

Patching it up

The existing 802.11i security standard added cryptographic algorithms to the basic wireless specification in order to protect data traveling across a wireless network. Now a new task group has begun work on 802.11w, which will extend security beyond just the data itself to the management frames which are at the heart of the network's operations. These frames are used to circulate system management information.

In the past it was not considered necessary to protect management frames, as they contained no sensitive data. But now other draft wireless standards, like 802.11r, 802.11k and 802.11v, offering features like fast hand-off, radio resource measurement and better network management, mean that unsecured frames are now swapping data as well as just network information.

Plus, if someone bent on malice is able to play around with system management tools, they can seriously disrupt a wireless network even if they can't get hold of data. They can, for example, prevent legitimate network users from going about their business by deauthenticating their messages.

The new 802.11w standard is all about extending 802.11i to cover management frames. This is not straightforward, requiring changes to the firmware of clients and access points. But if the final specification does not require hardware changes, 802.11w might be deliverable as a software-only upgrade to existing wireless hardware.

Triple protection

Protection will be provided in 802.11w in three ways. First by protecting management frames between one access point and one client - the so-called unicast frames. Unsecured unicast frames let an attacker map out the layout of a network and work out the location of devices linked to it, giving him all the information he needs for a denial of service (DoS) attack. The new standard will extend existing encryption algorithms to unicast management frames.

Second, it will cover vulnerabilities in generic broadcast management frames, used to adjust radio frequency properties. A key at each access point will prevent those trying to forge messages from using the network.

The third level of protection is for deauthentication and disassociation frames. Again, by using keys the client can determine if a deauthentication request is valid or if it has been sent by a malicious outsider trying to mess around with the network.

Thus eavesdroppers, forgers, DoS attackers and general trouble makers will be less able to use management frames to ply their illegitimate trade.

Who, what and when?

The 802.11w standard is still in its early proposal stages. The target for ratification is March 2008, which might sound rather far off for anyone with immediate network security issues. But that's the speed these things move at.

Task Group W is still at the stage of drafting a working requirements document and issuing an initial call for standard proposals. If this all sounds a bit laborious, then take some comfort in the relative speed with which it's likely to happen. A Task Group W spokesperson has predicted that 802.11w ratification will be "fast by IEEE standards", calling it a "well-constrained problem".

In standards body terms, this means that management frames security is a fairly self-contained problem, and shouldn't run into the blizzard of controversy that has surrounded other attempts at wireless standardization with broader network implications.