184 Developing Practical Wireless Applications
Overcoming the Obvious
The sheer simplicity in transforming the PHY and MAC layers of the original NIC has
now brought us the original 802.11 specification. But, not all is what it seems. A fixed
networking environment, in fairness, was secure; hackers had to typically use another
fixed network to attempt to gain access to your network infrastructure. In short, to
achieve unauthorized access a hacker would more or less have to enter a property and
physically connect the cable to a notebook – there are tried and trusted self-defense
mechanisms keeping intruders out (we are referring to more than just security guards
of course). Nowadays, wireless brings about a new breed of hacker; you may recall from
Chapter 4, Can we Confidently Rely on Wireless Communications? when we compared a
hacker to a tramp: someone who scavenges, but then went on to allege that they must
have their hearts in the right place. Anyway, hackers have afforded us an insight into
the vulnerabilities of the original 802.11 specification. As such, we have seen the IEEE
vehemently strive to overcome these shortcomings and offer us WiFi Protected Access
(WPA) which replaced the weaker Wired Equivalent Privacy (WEP).
The original introduction of WEP and its bias towards the RC4 algorithm has
resulted in numerous attacks on WiFi. It seemed that WEP suffered from key recovery
attacks where hackers made assumptions about the WEP key value based upon the value
given in the unencrypted value which was prefixed to a ciphertext. Many individuals and
companies alike have highlighted the ineffectiveness of the RC4 algorithm and with hind-
sight we have been afforded an opportunity to resolve the shortcomings efficiently. WPA
(and WPA2) soon emerged after the weaknesses were identified with WEP. WPA became
ratified by the IEEE in 2004 and WPA2 is the certified 802.11i specification. WPA offers
us several new key enhancements, namely the Temporal Key Integrity Protocol (TKIP), the
802.1X User Authentication and Extensible Authentication Protocol (EAP) which now, in
Figure 13.2
The OSI model
which, to a large
extent, remains
common to all
wireless protocol

Get Developing Practical Wireless Applications now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.