Protecting
Your Wireless Communication
By
Clevin Wong
|
|
|
In recent years, due to the proliferation of low
cost mobile devices like notebook/netbook computers and Wi-Fi
phones, more and more people use these devices for communication
and Internet access via the wireless networks.
However, wireless networks are insecure by nature. In wireless
networks, data transmissions are broadcast over radio waves through
the open air. Hence, they are more susceptible to security attacks
(e.g. eavesdropping, unauthorized access) than wired networks
[1]. Data interception and tampering is easy for anyone with the
proper hardware and/or software tools and knowledge.
Therefore, it is important to provide additional measures to
protect the communication to ensure the data confidentiality and
integrity of your data. Data encryption and user authentication
are two of the basic security measures. Data encryption protects
the vulnerable wireless link between client devices and access
points by encrypting all data in the transmission. User authentication
protects against unauthorized access to the wireless network.
Currently, there are three common protection methods for wireless
networks, namely, WEP, WPA and WPA2.
Wired Equivalent Privacy (WEP)
WEP was introduced in 1997, intended to give wireless networks
the equivalent level of privacy protection comparable to that
of a traditional wired network. However, due to its imperfect
encryption key implementation and lack of authentication, several
serious security weaknesses of WEP have been identified and publicly
reported since 2001 [2]. Today, with publicly available tools,
hackers may intercept and modify the transmissions protected by
WEP within minutes. Hence, WEP is regarded as insecure and vulnerable
to network attacks. It is only a little better than having no
encryption. WEP was deprecated as a wireless privacy mechanism
in 2004 though it still is being widely used to-day due to many
legacy mobile devices support only WEP.
Wi-Fi Protected Access (WPA)
Owing to the weaknesses of WEP, WPA was introduced in 2003 to
address all the known weaknesses of WEP. WPA uses a strong encryption
technology called Temporal Key Integrity Protocol (TKIP)
to overcome the security weaknesses of WEP. It also bundles with
authentication service that WEP does not offer. WPA provides assurance
that user data will be protected and that only authorized users
may access the wireless networks. Although considered as a secure
method, it still has its weaknesses chiefly on the TKIP protocol
with weak passwords [8][9].
Wi-Fi Protected Access 2 (WPA2)
WPA2 was introduced in 2004 as the next generation of WPA [4][5].
It is based on the ratified IEEE 802.11i standard. WPA2 is backward
compatible with WPA. WPA2 enhances the encryption strength of
WPA by replacing the TKIP protocol with the Advanced Encryption
Standard (AES) encryption algorithm. AES satisfies the U.S. government
security requirements and complies with the Federal Information
Processing Standards (FIPS) 140-2 standard. Today, WPA2 is
by far the strongest security system available for wireless networks.
Wireless Networks in CityU
The CityU wireless local area network (WLAN) was introduced in
1997 and matured in 2006. Currently two types of connections are
supported: (1) Secure connection with data encryption via WPA/WPA2,
and (2) Insecure connection without data encryption via web logon.
The CSC strongly recommends users to the secure WPA/WPA2 connection
for the sake of data protection. The insecure connection should
be avoided unless your device does not support WPA/WPA2 and data
privacy is unimportant. For details, please refer to the CityU
WLAN page [6].