Wireless LAN – WLAN
34
3.2
Development of WLAN security
BAT54-Rail/F..
Release
7.54
06/08
U Authenticity
Authenticity: Proof of the authorship of the data and the originality of the data
content; the process of establishing this proof is known as authentication.
U Integrity
Once access is provided, one would like to ensure that data packets reach
the receiver without any falsification, that is, that no-one can change the
packets or insert other data into the communication path. The manipulation
of data packets themselves cannot be prevented, but changed packets can
indeed be identified using suitable checksum processes, and then discarded.
U Confidentiality
Quite separate from access security is confidentiality, that is, unauthorized
third parties must not be able to read the data traffic. To this end, the data are
encrypted. This sort of encryption process is exemplified by DES, AES, RC4,
or Blowfish. Along with encryption, of course, there must also be a corre-
sponding decryption on the receiving end, generally with the same key (a so-
called symmetric encryption process). The problem naturally then arises,
how the sender can give the key to the receiver for the first time—a simple
transmission could very easily be read by a third party, who could then easily
decrypt the data traffic.
In the simplest case, this problem is left to the user, that is, one simply as-
sumes that the user can make the key known at both ends of the connection.
In this case, one speaks of pre-shared keys, or 'PSK'.
More sophisticated processes come into play when the use of pre-shared
keys is impractical, for instance in an HTTP connection built over SSL—in
this case, the user can't retrieve a key from a remote web server quite so eas-
ily. In this case, so-called asymmetric encryption methods such as RSA can
be used, that is, to decrypt the data, a different key is used than the one used
to encrypt it, meaning that key pairs are used. Such methods are, however,
much slower than symmetric encryption methods, which leads to a two-
phase solution:
D The sender possesses an asymmetric key pair. It transmits the public part
of the key pair, i.e. the key for encryption, to the receiver as a certificate,
for example. Since this part of the key pair cannot be used for decryption,
there are no misgivings with regard to security.
To Next Page
Loading...
Need help?
General
