|
January 06, 2006
Using ITU-T X.805 to Secure WiFi Networks
By Tim Gore, Lucent Worldwide Services, Director, Wi-Fi Solution Development
Gore will be speaking at IT Expo, Thursday, January 26th, 2006, 3:30-4:15 on the panel Technical Challenges To Wi-Fi Deployment.
Recent surveys have shown that security is one of the biggest concerns for enterprises and government organizations in adopting Wi-Fi networks. However, in the last few years both the standards and the products have matured making vast improvements in Wi-Fi security. The end game is to provide an equivalent level of security to wireless networks that is employed in wired networks. One key to accomplishing this is applying a standard that is backed by the International Telecommunications Union (ITU). The ITU-Telecommunications Standardization Sector X.805 (ITU-T X.805) standard was derived from the Bell Labs Security Model and provides a framework for building and achieving end-to-end security across a distributed network.
Wireless LAN products have been commercially available for more than a decade. While the technology is enticing for business and government, because of security concerns the technology has been most often deployed in homes and public places such as cafes, airports, hotels and shopping malls where security is seemingly less critical. However, the cost benefits of Wi-Fi could be extremely attractive to these groups, yielding productivity gains from increased mobility, as well as lower deployment and operational costs and flexibility. In the government sector it would enable new applications such as intra-troop communication and quicker faster communications for disaster relief and recovery.
Currently these advantages need to be weighed against the additional vulnerabilities including a first-level access control that allows for both malicious packet attacks and other types of network eavesdropping. However, by using existing protocols and security mechanisms a reasonably secure Wi-Fi network can be deployed with a tolerable level of risk to most enterprises.
Security Standards Change the Game: ITU-T X.805
The ITU-T X.805 Security Architecture provides a structured framework that forces the consideration of all possible threats and attacks to provide comprehensive end-to-end network security. It starts by defining a hierarchy of network equipment and facility groupings into the following three security layers:
The Infrastructure Security Layer consists of building blocks used to create the network, services and applications and consists of individual communication links and network elements
The Services Security Layer consists of services that end users receive from the network
The Applications Security Layer focuses on network applications that are accessed by end users.
Each of these layers must be addressed when creating an end-to-end security solution because at each point the network may be exposed to a new risk, threat or attack.
Three types of activities are performed on any network and are represented by three security planes:
- The Management Plane
- The Control Plane
- The End User Plane
In a legacy telecommunications network each of these planes would be implemented in separate networks, however typical Wi-Fi networks share the same network for all three planes. Different security vulnerabilities may exist in each of these planes and each plane along with the three layers must be secured in order to provide an effective security plan.
The eight Security Dimensions contained in recommendation ITU-T X.805 represent the classes of actions that can be taken or technologies that can be deployed to counter threats or the potential attacks present at each security layer and plane:
- Access Control provides authorized access to network resources
- Authentication confirms the identity of the communicating party
- Non-Repudiation maintains and audit trail so that the origin of data or the cause of an event or action cannot be denied
- Data Confidentiality protects data from an unauthorized disclosure
- Communication Security ensures that information only flows between authorized end-points without being diverted or intercepted
- Data Integrity maintains the correctness or accuracy of data and protects against unauthorized modification, deletion, creation and replication
- Availability ensures that there is no denial of authorize access to network elements, stored information, information flows, services and applications
- Privacy protects information that might be derived from the observation of network activities
ITU-T X.805 Security Architecture for Systems Providing End-to End Communications
Typical Wi-Fi Architecture
If we examine a typical Wi-Fi architecture, the main purpose of the access point is to provide wireless access to the mobile stations like laptops and PDAs. In the process it provides information about the wireless network to mobile stations and responds to requests form mobile stations.
Each Wi-Fi vulnerability could pose one or more threats or attacks depending on the intent and methodology of the vulnerability. The table below illustrates the mapping of some popular Wi-Fi vulnerabilities to the five threats and attacks specified in the ITU-T X.805 Security Architecture.
|
Threat/Attack
|
WiFi Vulnerability
|
|
Destruction of information and/or other resources
|
Mis-configured APs
|
|
Corruption or modification of information
|
WEP key cracking, Man-in-middle
|
|
Theft, removal or loss of information and/or other resources
|
War Driving, MAC address Spoofing, WEP key cracking, Rogue Devices, Man-in-middle, Layer 3 Hijacking, ad-hoc networks, Mis-configured APs,
|
|
Disclosure of information
|
War Driving, MAC address Spoofing, WEP key cracking, Rogue Devices, Layer 3 Hijacking, ad-hoc networks, Mis-configured APs,
|
|
Interruption of services
|
RF Jamming, Data Flooding, Layer 2 Hijacking, Fake AP, Spoofed De-authenticate Frame, FATA-Jack.
|
Applying the X.805 Security Dimensions
An evaluation would be completed for each of the eight Security Dimensions: Access Control, Authentication, Non-Repudiation, Data Confidentiality, Communication Security, Data Integrity, Availability and Privacy. As an example, we’ll evaluate the strength and weaknesses of 802.11i, WPA2, WPA, and WEP security standards on the wireless interface using the Access Control Security Dimension.
Access Control is how we control the access to the Wi-Fi network. For end-user traffic, 802.1x is used as the access control framework in 802.11i, WPA and WPA2. Original 802.11 specifications including WEP had no built-in access control mechanism. Such networks must use a ‘wireless gateway’ for access control.
Control information stored in the infrastructure elements such as association tables is normally viewable but cannot be modified (no provision in the GUI). But none of these controls cover how this information shall be handled. WEP does not protect the user information such as the MAC address, which is carried in clear text inside 802.11 frames. As an example, “Default Configured or Mis-Configured Access Point” vulnerability is due to the absence of adequate Access Control for the Management Plane-Infrastructure Layer module. Similarly the absence of access control at the End User Plane-Infrastructure Layer module in WEP leads to “Rogue Mobile Station” vulnerability.
|
Access Control Security Dimension
|
|
X.805 Security Plane
|
X.805 Security Layer
|
|
Infrastructure
|
Services
|
|
802.11i
|
WPA2
|
WPA
|
WEP
|
802.11i
|
WPA2
|
WPA
|
WEP
|
|
End-User
|
√
|
√
|
√
|
X
|
√
|
√
|
√
|
P
|
|
Control
|
√
|
X
|
X
|
X
|
√
|
√
|
√
|
X
|
|
Manage-ment
|
NA
|
NA
|
NA
|
NA
|
NA
|
NA
|
NA
|
NA
|
Wi-Fi Security Standards Evaluation for Access Control
|
√
|
Satisfactory Compliance
|
|
P
|
Partial Compliance
|
|
X
|
Not addressed
|
|
NA
|
Not Applicable
|
Table Legend
X.805 Evaluation Summary
The previous section provided an example of how ITU-T X.805 could be applied to a portion of the Wi-Fi network architecture. Evaluation for all eight Security Dimensions for the wireless interface is tabulated below.
|
|
Covered
|
Partially Covered
|
Not covered
|
|
802.11i
|
22
|
8
|
0
|
|
WPA2
|
17
|
11
|
2
|
|
WPA
|
15
|
13
|
2
|
|
WEP
|
0
|
5
|
25
|
Relative Security Compliance Counts For Wi-Fi Standards
Though the count of total numbers of full coverage, partial coverage and not covered from the above analysis for each Dimension is not an indicator of security, it still helps us determine the relative security level of these security standards. To analyze the security provided by these Wi-Fi standards for each of the Dimensions, the relative weights are shown in the graph below.
Relative Security provided in each Dimension by Wi-Fi standards
Based on the above analysis, it is clear that WEP is least secure because it does not fully cover any of the Security Dimensions while only addressing some Dimensions partially. In fact the X.805 analysis reveals that the security of WEP is not good enough for the deployment by either an enterprise or by a service provider. On the other hand 802.11i or RSN is highly secure because it provides good coverage to all Security Dimensions. However there is room for improvement on a few Dimensions like Availability and Non-Repudiation. This also shows that WPA2 offers marginally less security on few Dimensions because of the relaxations made in the standards to interoperate with a less secure WPA.
Conclusion: Building Secure Wi-Fi Networks
With the ITU-T X.805 evaluation, it is apparent that fairly secure Wi-Fi networks can be designed, implemented and maintained using either 802.11i or WPA2 security standards. However the use of these standards does not ensure end-to-end security of the Wi-Fi networks and could leave major security gaps on Dimensions like Availability and Non-Repudiation.
The Management Plane is not addressed by these security standards. Therefore additional controls and measures need to be incorporated in the design, planning and operation of these networks. For example, to improve upon Availability we need to have redundant access points in the coverage area and support pre-authenticated roaming. The use of thin access points capable of communicating with each other and managed centrally, would be highly beneficial to facilitate features such as automatic RF power level adjustments based on the availability of access points in the neighborhood and the secure communication of information related to roaming of clients. Operational security measures like site surveillance can also improve Availability by reducing the risk of attacks like RF jamming.
The application of ITU-T X.805 Security Architecture framework during each stage of network life cycle (Network Design, Deployment, Integration, Operations, and Maintenance) can help to ensure the network is evaluated for applicable threats and ultimately builds a more secure end-to-end Wi-Fi network.
As Director for the Lucent Worldwide Services Wi-Fi Solution Development group, Tim Gore pairs leading edge third-party Wi-Fi technology with Lucent’s world-class professional services to solve his clients’ business challenges. Integrating wireless into enterprise operations in even relatively simple ways—such as equipping their mobile professionals with cell phones—has already significantly improved productivity. More than half of Gore’s twenty-year career in communications has been focused on the professional services business. During that time, Gore has held positions in marketing, operations, and product management for Tellabs, AT&T, and Lucent Technologies and served clients in the healthcare, software, and telecommunications industries. Gore has an MBA from the Kellogg School of Management at Northwestern University and a BSEE from The Ohio State University.
|
Internet Telephony Magazine
Click here to read latest issue
CUSTOMER 
Cloud Computing Magazine
Click here to read latest issue
IoT EVOLUTION MAGAZINE
