Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > RF/Microwave

Wireless security: End to end

Posted: 15 May 2002 ?? ?Print Version ?Bookmark and Share

Keywords:wireless security? wlan security? end-to-end security? 802.11 security?

The solution to secure wireless networks is in applying the same techniques used for end-to-end security on wired networks, explains Farpoint Group's Craig Mathias.

Craig Mathias is an analyst at the Farpoint Group.
I get more questions about security than just about any other topic in wireless. My standard answer is a bit surprising, and we will get to that in a moment.

I like to begin conversations about security with the reminder that there is no such thing as absolute security. And security is such a complex topic (incorporating, to name a few big areas, encryption, authentication, physical security, anti-viral warfare, disaster planning and recovery, and even the fundamentally political issue of privacy) that solutions also tend to be complex. Complexity, of course, is the enemy of all engineering solutions, and security is no exception.

It seems the more we try to make our networks secure, the smarter the hackers and crackers get. Remember "war-dialing," looking for modems to hack? Now it is war-driving, looking for WLANs to break into.

The big difference between wireless networks and their wired counterparts is that wireless intentionally radiates into the air. This led to the simple-minded assumption that wireless security could be limited to over-the-air encryption. And many wireless systems, from CDPD to WAP to the ill-fated wired-equivalent privacy in 802.11, have incorporated some form of encryption.

But this approach is fundamentally flawed: The data appears in the clear at the endpoints of the wireless connection. While one of these is presumably the client (and thus, physical security becomes important; lost PDAs can cause damage), the other is just a midpoint in a (presumably wired) network. Thus, we have user data in the clear and that is a bad idea.

The solution--and this is surprising--is to apply in wireless networks the same techniques used for end-to-end security on wired networks. This solves some problems. First, we get uniformity. Solutions like Radius, Kerberos and virtual private networks work on both wired and wireless networks, and mixed media represent little additional challenge. Applications don't have to care what kind of network they are on. Second, there is much development in end-to-end security, and most of it will be directly applicable to wireless. Third, wireless can automatically take advantage of advances in wired security. That is critical given the increasing sophistication of threats against networks.

This is not to say that wireless-specific security isn't a good idea. Indeed, more security is better. Given advances in algorithms and processors, the cost and performance penalties involving security techniques are nearly inconsequential. The same cannot be said of the threats we face.

? Craig Mathias


Farpoint Group

Article Comments - Wireless security: End to end
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top