Cryptography Reference
In-Depth Information
Device
Wireless
access point
Device
Device
Figure 12.2.
Simple WLAN architecture
PC, laptop or PDA) which has a wireless network interface card that allows it to
communicate over a wireless network. A WLAN may consist of many devices all
communicating with the one access point, or indeed may involve several different
access points.
The original 802.11 standard defined the
Wired Equivalent Privacy
(WEP)
mechanism to protect WLAN communication. WEP was designed to provide
security at the data link layer, which means that it operates at a virtual networking
layer that is close to being the equivalent of physical wires in a wired network.
However, as we will shortly discuss, there were many serious problems with the
deployment of cryptography in WEP. In 2002, an improved security mechanism
known as
Wi-Fi Protected Access
(WPA) was proposed. This was intended to be a
temporary solution, designed to improve security whilst being capable of running
on legacy hardware. In the meantime a complete redesign of the underlying
cryptographic components was underway, which was published as WPA2 in 2004
as part of the IEEE 802.11i standard. We will discuss all of these mechanisms for
securing WLANs, because they not only represent an interesting and important
application of cryptography, but the development process also provides several
valuable cryptographic design lessons.
12.2.2
WLAN security requirements
The scope of the security requirements for aWLAN are defined by the notion that
a WLAN should be
as secure as a wired network
. This idea is rather vague, since
the two types of network are very different and such security equivalence cannot
