Security strategies for wireless technology

Wireless networks continue to enjoy explosive growth, with the demand for radio wave media connections among computing devices seen as a solution to the cost of cable media connectivity. In healthcare, Web technologies are being used to access patient data wherever and whenever it is needed.

As the cost of laptops and personal digital assistants (PDAs) has dropped with the increase in computing power, many radiologists have refocused their interest on these devices. Wireless media provides mobile access among devices in buildings and between buildings, as well as mobile connectivity, satisfying the need for immediate information.

The sole significant obstacle to the proliferation of open wireless networks is the issue of standards for security, authentication, authorization, and encryption. The DICOM Standard, for example, has significantly enhanced the usability of Picture Archiving & Communications Systems (PACS).

This article provides a security overview of three emerging wireless standards-based technologies: Bluetooth Protocol; Wireless Application Protocol (WAP); and the IEEE 802.11 Wireless Local Area Networks (WLANs) Standard.

Bluetooth security protocol

The Bluetooth Standard is a communications protocol designed for use in personal area networks (PANs) or other short-range wireless communications within 10 meters (100 meters with high-powered devices). It is the result of an alliance between mobile communications and mobile computing vendors, including Ericsson, Nokia, IBM, Toshiba, and Intel, who in 1998 formed a group to develop an open wireless specification.

The name "Bluetooth" was taken from the 10th-century Danish King Harold Bluetooth Gormsson. During his reign, Bluetooth ruled all of modern-day Denmark and a portion of Norway. In 986 A.D., Bluetooth was killed during a battle while fighting his son, Svend "Forkbeard."

The Bluetooth Standard provides three levels of security:

1. Non-secure (devices do not initiate security measures).


2. Service-level (service-enforced security, known as Mode 2).


3. Secure (secure mode always implements security, prior to any link-level connection).

Security is implemented at the data link layer of the OSI Reference Model. The International Standards Organization (ISO) published the Open Systems Interconnection (OSI) Reference Model in 1978, a seven-layer model that defines physical, data-link, network, transport, session, presentation, and the upper layer of applications. These layers interact between adjacent layers, thereby reducing the task of modifications.

Bluetooth security protocol is based on the concept of a trusted device. A device attempting to establish a link with another device will either be considered a trusted device or an untrusted device. If the first device is considered trusted, then the second device automatically grants link-layer access to the first device. If not, the first device is considered to be untrusted, which invokes a service-based authentication and authorization mechanism.

It is the device -- not the user -- that is trusted in the Bluetooth security model. This process presents a serious security risk since these devices are portable and easily removed.

The last element of security (after authorization and authentication) is encryption. Encryption is established at the data link layer before the local device grants access to the desired service. The Authorization model for Bluetooth is based upon a shared key: when two Bluetooth devices communicate for the first time, the users of each device will determine if the other device is trusted or not (i.e., mobile phone).

Bluetooth is not an end-to-end security protocol, but rather it provides security only at the data link layer. Security checks cannot be performed on each packet due to the limited processing capacity of the devices using Bluetooth. Security checks are implemented only at connection setup or for connection-oriented traffic.

Bluetooth is an excellent wireless technology that is useful for small mobile devices. However, it is insufficient for larger networking applications.

Wireless Application Protocol (WAP)

The WAP Specification defines protocols at the Application, Session, and Transport layers of the OSI Reference Model. The Application layer addresses the applications that the user employs and the scripting that increases the functionality of the applications. The Session layer manages the connection for the user. The Transport layer receives the communications from one of several types of wireless networks, secures it, and delivers it in a formatted manner.

The WAP Stack Architecture consists of six layers. Starting at the bottom layer, they are:

• Beares, which enables the physical layer for Bluetooth, CDMA, CDPD, and GSM.


• Stack Architectures, the Wireless Datagram Protocol (WDP) that interfaces to the upper layer protocols.


• Wireless Transport Layer Security (WTLS), which deals with privacy and authentication.


• Wireless Transaction Protocol, (WTP) which deals with transaction protocols;


• Wireless Session Protocol (WSP), which deals with session management.


• Wireless Application Environment (WAE), which deals with Wireless Markup Language (WML), scripts and other formats.

The upper layers of the protocol stack are modeled on the Web protocols HTTP 1.1, scripting languages, and markup languages. Security is provided through the Wireless Transport Layer Security (WTLS) layer. WTLS provides authentication, privacy, and data integrity through the use of certificates and encryption. The WTLS layer addresses the problems of limited storage/memory capacity, low bandwidth, low processing capabilities, and long/unpredictable latency.

The WTLS layer sets up the security parameters during a handshake process with a server. This results in the client and the server agreeing upon the requirements for authentication and encryption, the encryption method to be used, certificates that the client will accept, and any other parameters. The three modes of security in the WTLS are:

• Class 1, anonymous authentication.


• Class 2, server authentication.


• Class 3, two-way authentication.

Privacy and data integrity are enforced using encryption and Message Authentication Codes (MAC). WAP relies on existing encryption algorithms such as DES, 3DES, RC5, and IDEA, all of which are block cipher algorithms that encrypt data.

The advantages of WAP include:

1. The core WAP architecture is designed to minimize bandwidth use.


2. It operates over low-bandwidth wireless networks as well as broadband networks.


3. It functions in any other wireless data network. WAP currently operates in the 2.4 GHz bandwidth; this enables a data rate of 11 Mbps.


4. Alternatives and extension to WAP provide improvements to the existing standard.

The disadvantages of WAP are:

1. WAP needs improved authorization and authentication models.


2. It needs impersonation support (the capability to pass your credentials to another process without requesting a new service process).


3. Protected resource authentication schemes are also needed.

Wireless Local Area Networks (WLANS) -- The IEEE 802.11 Standard

The core technology that allows WLANs to communicate is the IEEE 802.11 Wireless Standard. The IEEE 802.11 working group was formed in the early 1990s for wireless LANs operating in the unlicensed 2.4 GHz frequency band. The first incarnation of the IEEE 802.11 supported up to 2 Gbps.

Two ways to configure an IEEE 802.11 WLAN are:

1. Ad hoc (computers are brought together so that everything is mobile and every node is able to communicate with every other node in a peer-to-peer manner).


2. Infrastructure (comes close to a conventional LAN Topology).

Two primary components of Wireless LANs are the wireless network interface card (NIC) in the remote device and the access point. Eleven channels are allocated by the IEEE 802.11b Wireless Standard: Channel 1, 2412 MHz; Channel 2, 2417 MHz; Channel 3, 2422 MHz; etc to Channel 11, 2462 MHz.

The Standard Security Tool for IEEE 802.11 is the Wired Equivalent Privacy (WEP) option. The access point and client can maintain the following three levels of security:

1. No encryption (allows access point and client to use no encryption).


2. Optional (allows clients to connect to the access point with or without data encryption).


3. Full encryption (requires the client to use data encryption when connecting to the access point).

The key size is 40-bit WEP key (the key is 10 hexadecimal) or 128-bit key (the key is 26 hexadecimal digits). The WEP uses the RC4 stream cipher to encrypt packets. It is important to note that in August 2001, Fluher, Martin, and Shamir showed that an eavesdropper who can obtain several million encrypted packets with the first byte in plain text can deduce the base RC4 key. Hence the WEP’s use of RC4 can be broken.

Several attacks were then shown to be successful, rendering the WEP IEEE 802.11 security to be useless.

The WEP of IEEE 802.11 wireless security standard has the following three limitations:

1. Use of WEP is optional (no encryption).


2. It uses a single shared key common to all users of a WLAN.


3. Encryption keys can be recovered through known attacks.

The IEEE 802.11 Task Group "i" (TGi) set about developing the new WLAN security protocols. The Temporal Key Integrity Protocol (TRIP) is a set of algorithms that adapt the WEP protocol to address known flaws, and also define WLAN Authentication and Key Management. The IEEE 802.11i Long Term Solution Counter-Mode-CBC-MAC Protocol (CCMP) addresses all known WEP faults and uses the Advanced Encryption System (AES).

By Samuel Dwyer, III, John S. Koller, and Mary Beth Massat
AuntMinnie.com contributing writers
June 10, 2003

This article was originally published in MEEN Imaging Technology News. For more information about MEEN ITN, go to http://www.itnonline.net.

Wireless security resource list

Summary of Wireless Security Standards

Web Site Links for Wireless Terms & Definitions

Wireless Networking Technologies

Bibliography

1. Security Architecture: Design, Deployment and Organization. Christopher M. King, Curtis E. Dalton, T Evtem Osmanoglu. Osorne/McGraw-Hill, Berkeley, California, 2001

2. Russ Hosley, William Arbaugh. Security Problems in 802.11-Based Networks. Communications of the ACM, May 2003, Vol 46, No 5, p 31-34.

3. Nancy Cam-Winget, Russ Housley, David Wagner, Jesse Walker. Security Flaws in 802.11 Data Link Protocols. Communications of the ACM, May 2003, Vol 46, No 5, p 31-34.

4. Richard E. Smith. Authentication; From Passwords to Public Keys. Addison-Wesley, NY, 2002, Chapter 14, 15.

5. Toby J. Velte, Anthony T. Velte. Cisco, A Beginner’s Guide, Second Edition, Osborne/McGraw-Hill, NY, 2001, Chapter 10.

6. Charles Kaufman, Radia Perlman, Mike Speciner. Network Security, Private Communications in a Public World. PTR Prentice Hall, Englewood Cliffs, NJ, 1995, Chapter 10.

Copyright © 2003 MEEN Imaging Technology News