Communications of the ACM
Wireless networking security
Introduction
As increasing numbers of organizations adopt the technology, we are learning how to secure communications at different layers in the network stack, and future standards for wireless protocols appear to have better designs for security.
Most new laptops purchased today are outfitted with built-in 802.11 networking capabilities, and configuring a home or office wireless network out of the box can take less than 10 minutes. Furthermore, PC cards are rapidly coming down in price and increasing in power. The economic forces influencing wireless networking are matched only by the convenience to users. Wide-scale adoption of 802.11 was inevitable, and the general expectation is that it will only increase. Eventually, it is likely that most public areas will offer some sort of wireless connectivity; there are initiatives to extend coverage to airplanes and trains, as well as shopping malls and airports.
The advent of wireless networking has raised some very unique and compelling issues. The first issue is security. Given the open nature of wireless networks, what threats do they introduce? Other issues are legal and social. Is it right for someone to share with their neighbors the bandwidth for which they are paying an ISP? Do service providers have a right to insist on payment from anyone who obtains connectivity? Is it appropriate for a coffee shop to resell Internet service to wireless users?
This special section was developed to address some of these issues. The first article discusses security architectures. The fact that it is trivial for anyone on a network to plug in an access point and turn the network into a wireless one changes the way network architecture should be developed, especially from a security standpoint. While traditional networks used firewalls to partition networks into different trust zones, the possibility of an internal network being accessed by an off-site user changes the way networks should be designed.
One of the ways to deal with the security problems of wireless networking is to build security, using cryptography, right into the wireless standard. Unfortunately, it has been a rocky road for the standards bodies specifying wireless networking. The second article in this section deals with the cryptographic issues involved in wireless networking: some of the mistakes that have been made are discussed and a variety of solutions are proposed.
The third article in this special section is included to show just how open wireless networks are. With minimal off-the-shelf equipment, it is possible to access thousands of networks in a very limited geographical area. The authors discuss some of their experiences mapping access points in the spirit of the so-called war-driving phenomenon where people drive around with 802.11 devices and inexpensive antennas, yielding many open networks not using encryption that are willing to hand out IP addresses to any device that requests one.
While the discussion in the third article deals with the unauthorized use of organizations' wireless networks, an amazing subculture of free wireless networking providers has emerged all over the world. The final article discusses open networks and the sharing of bandwidth in public places. The ease of deployment and configuration and the movement toward built-in wireless connectivity present an opportunity for ubiquitous networking from anywhere on any device. This final article was developed as an educational essay rather than a technical article, to round out the section.
Wireless local area networking has taken the world by storm. As is often the case, proper security was not built in at the beginning, and the act of retrofitting it has not been without difficulty. Nonetheless, as increasing numbers of organizations adopt the technology, we are learning how to secure communications at different layers in the network stack, and future standards for wireless protocols appear to have better designs for security. The articles in this section focus attention on these security technologies as well as on some of the social issues we will all encounter and have to address in some manner soon. Given the rapid pace of development, it is beneficial to begin considering these issues now.
©2003 ACM 0002-0782/03/0500 $5.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2003 ACM, Inc.
No entries found