Download - Academy Publisher
Download - Academy Publisher
Download - Academy Publisher
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
data to communicate with other client. We can use<br />
Message Integrity Check (MIC)[6] to compute the<br />
checksum. The MIC is based on destination MAC,<br />
source MAC, and payload. Any changes to these will<br />
affect the MIC value that will be checked out. This<br />
method can solve the replay attack.<br />
C. 802.1X/EAP<br />
IEEE 802.1X is a standard of controlling port access.<br />
Extensible Authentication Protocol (EAP), the extension<br />
of Remote Access Dial-In User (RADIUS), allows<br />
wireless client adapters to communicate with different<br />
back-end servers such as RADIUS.<br />
The main function of 802.1X/EAP is that a client and<br />
an AP should be authenticated each other before<br />
communication. The process of authentication as follow:<br />
(1) Wireless client associates with AP.<br />
(2) AP rejects all user requests to WLAN and sends<br />
ask-for password message.<br />
(3) Client inputs user and password.<br />
(4) RADIUS server and client perform mutual<br />
authorization through AP.<br />
(5) RADIUS server delivers the given key to AP.<br />
(6) Client derives a unique WEP key from AP through<br />
radio transmission.<br />
But the WEP key is transmitted with plaintext in this<br />
case. So we can use Lightweight Extensible<br />
Authentication Protocol (LEAP) to solve it. The biggest<br />
difference between EAP and LEAP is that we use a<br />
session key to encrypt the WEP key. This can solve the<br />
insecurity problem of transmitting the WEP key with<br />
plaintext.<br />
LEAP provides two benefits: The first benefit is the<br />
mutual authentication between AP and client before<br />
communication. The second benefit it centralized the<br />
encryption WEP key management to enhance the<br />
security.<br />
Ⅵ. CONCLUSIONS<br />
Because of the characteristic of widely used WLAN<br />
its security problem also becomes more important.<br />
802.11b protocol provides some security mechanisms<br />
such as: SSID association, MAC filtering and WEP<br />
authentication. But we know they are insecure by<br />
analyzing them.<br />
The data, which are encrypted with WEP, are also<br />
insecure. WEP algorithm is based on the RC4, but we<br />
have proved that RC4 has weaknesses. And WEP<br />
algorithm’s weakness is repeat-used IVs. Hackers can<br />
crack the WEP key with these two weaknesses.<br />
To enhance the security of WLAN there are three<br />
mechanisms: WEP improvement, Message Integrity<br />
Check and 802.1X/EAP.<br />
REFERENCES<br />
[1] IEEE Standands Board. 802 part 11: Wireless LAN<br />
Medium Access Control (MAC) and Physical Layer<br />
(PHY). specification. IEEE Standand 802.11, 1999 Edition<br />
[2] WANG S M, TAO R, WANG Y. WLAN and Its Security<br />
Problems[R]. Proceeding of the Fourth International<br />
Conference on Parallel and Distributed Computing,<br />
2003:241-244<br />
[3] Christian Barnes, Tony Bautts. Hack Sproofing Your<br />
Wireless Network[M]. Syngress Press, 2002<br />
[4] Scott Fluhrer, Itsik Mantin, and Adi Shamir. Weakness in<br />
the Key Scheduling Algorithm of RC4. Eight Annual<br />
Workshop on Selected Areas in Cryptography, August<br />
2001<br />
[5] Adam Stubblefield, John Ioannidis, Aviel D, Rubin,<br />
“Using the Fluhrer, Mantin, and, hamir Attack to Break<br />
WEP”, 2001, AT&T Labs Technical Report TD-4ZCPZZ,<br />
pp.1-12<br />
[6] Niels Ferugson, Macfergus Micheal. An Improved MIC<br />
for 802.11 WEP[C]. Document submitted to IEEE 802.11<br />
WG, January 2000<br />
42