Every WISP operator with a network based on 802.11b standards—and that's quite a few by now—knows about the technology's egregious security flaws. If you don't know, you're asleep at the switch.

by Gerry Blackwell [July 19, 2001]

The only protection against intruders 802.11 provides is an encryption scheme that researchers at UC Berkeley, University of Maryland and others have shown is pathetically easy to break.

The most appalling story is the one about the San Francisco hacktivists who walked around the city's business district with a wireless-enabled laptop and a radio antenna—tapping into unprotected corporate WLANs—dozens of them.

"I thought it was just a rumor that you could do that, but it's not," network engineer Matt Peterson told one reporter. Peterson is founder of the Bay Area Wireless User Group.

Others tell tales of driving up to a company's building or into its parking garage, turning on a laptop and almost instantly gaining access to the corporate local area network (LAN), with all its eminently hackable e-mail boxes and files full of trade secrets. Name brand companies are guilty, experimenters say.

Stupid is, as stupid does
How stupid can you get, you're probably thinking. But is your own network any more secure?

The folks at wireless network equipment vendor Proxim Inc. love these stories, even if they do make them cringe a little. "It's funny on the one hand," Proxim product manager Keith Bromberg says. "But it's also pretty serious."

Proxim, a company that came somewhat late to standards-based wireless networking, now sells 802.11b-based equipment and also announced recently it would build equipment compliant with the forthcoming 802.11a standard, which will provide much faster throughput.

But as attractive as standards-based technology is, the company says 802.11b products are not appropriate for outdoor applications where security is a concern. Outdoor applications such as wireless Internet service provider (WISP) access networks, for example.

"The problem with 802.11b is that it makes no attempt to stop people listening in," Bromberg points out. "This is quite deliberate. It's trying to achieve interoperability. And there's a value to that, but there's also a penalty."

Exponential mulct
The penalty is woeful security—the risk of intrusion and theft of data when encryption is broken, denial of service attacks and network freeloading.

Which is why there is still a place for proprietary solutions such as Proxim's Stratum MP wireless bridge, Bromberg argues. The Stratum products work in both the 2.4 GHz ISM and 5 GHz U-NII bands, which can be used for backhaul in wireless access nets. They use a "military-grade" security system developed by Proxim.

The TRANSEC—TRANsmission SECurity system, based on techniques originally developed by the military but readily available to commercial developers—lets a network operator encode transmitted waveforms with continually changing spreading codes to block access to anyone who doesn't have the key to demodulate the signal.

TRANSEC changes the direct sequence code in each successive modulation symbol. The operator sets a 16-bit key to establish one code-change sequence—out of 65,536 possible sequences—for all stations within a security group or cell. Another Stratum MP cannot demodulate the frame data unless its 16-bit key matches exactly.

While encryption protects against data compromise, TRANSEC protects the wireless network itself against eavesdropping, denial-of-service attacks and "other spoofing of the network control function," Proxim says.

Wireless flak jacket
How effective is it? "It's fairly impenetrable," Bromberg claims. And definitely more "bullet proof" than other wireless network security techniques.

How unique is it? Bromberg says he knows of no other vendor using technology based on the same techniques or offering a similar level of security in direct sequence spread spectrum (DSSS) equipment. "Though the basic technique is not something that Proxim claims that it owns," Bromberg hastens to add. "The specific way we use it, maybe."

The company has only been selling its solutions to the WISP market for about 18 months. To date it has somewhere between 20 and 30 WISP installations, including Ashville NC-based Circle Net and Toronto-based MIPPS Inc. But, superior security is not the only reason these WISPs chose Proxim, Bromberg says.

The company claims the Stratum products also outperform competitors' products. The 10 Mbps 2.4 GHz version delivers just over 9 Mbps, twice a fast as rivals' 2.4 GHz products. The 5 GHz U-NII version delivers 100 Mbps—and competes with products that deliver 45 Mbps or less.

Cost accounting
But security is clearly Stratum's new best selling point in light of the flaws discovered in 802.11b standard.

"For WISPs and for outdoor commercial applications where security is a concern, Stratum is a better solution than 802.11b," Bromberg says.

"But we still recommend 802.11b in education settings because of cost considerations and for inside buildings where it's much more possible to control access to the spectrum."

Of course, it's still possible engineers will find ways to fix security flaws in 802.11b, but it's unlikely it would be other than at the cost of retrofitting or replacing existing equipment.

But as Bromberg says, 802.11b does have its mitigating benefits. It's not just interoperability either. One of the resulting benefits of the standardization process is lots and lots of competition, which brings prices down on equipment as well as security services.

So what's the bottom line? You can be sure Stratum MP is not the low-price solution, it retails for around $2,195 per access node. But then, what's the price of a good night's sleep knowing your WISP network is secure from theft and voyeurs?

—End

Related articles:
	[July 12, 2001]	Wireless Freenets
	[June 21, 2001]	Build, Buy or Borrow
	[May 17, 2001]	Betting on U-NII