Despite the known security vulnerabilities introduced by wireless LANs, the inadequacy of early mechanisms such as WEP, and the multitude of attacks that can be mounted with off-the-shelf hardware and publicly-available software, a large portion of enterprise wireless networks still operate with insufficient security measures. For instance, a world-wide wardriving effort performed in June 2004 detected over 200,000 access points, with more than 60% of them running with WEP disabled and over 30% with the default SSID set by the manufacturer. A more recent study performed by RSA and NetSurity revealed that over 30% of enterprise wireless LANs in London, Frankfurt, New York, and San Francisco still lack basic security measures.
We believe these numbers are a result of the clear trade-off between security and management costs imposed by current wireless security solutions. For instance, administrators can opt for simplicity and deploy either open wireless networks or protect them using simple (insecure) methods such as MAC address filtering. In these situations, wireless traffic is usually segregated to a less-privileged VLAN in order to protect sensitive data located in the enterprise intranet. There is probably not much you can do once you get an IP address, but hey, security policies are intuitively simple and easily implementable, and you can browse the web and read your emails. The problem is that laptops all over the neighborhood can also use the wireless infrastructure.
Solutions providing strong security are readily available, but incur considerable management costs and may not be suitable for all deployments. Enterprises that do rely on wireless networks for more than basic operations can choose from a variety of protocols available through the IEEE 802.11i/1X standard, from password-based schemes such as EAP-PEAP to PKI-based alternatives such as EAP-TLS with mutual authentication. Such solutions, however, are a clear overkill for deployments with less sensitive information and weaker threat models, such as networks available in cafeterias and other hotspots and VLAN-segregated networks in enterprise campuses, usually made available to visitors and other transient users.
The main objective of the KIWI Project is to build self-managed wireless LANs that scale to high numbers of access points and clients and allow the implementation of location-based security policies. With such policies, administrators can define geographical boundaries for wireless coverage. Network access can be restricted to those devices physically located inside a service area of interest, such as the interior of an office building or cafeteria. These policies improve security by leveraging physical security measures already in place, such as keys and smart badges. In cafeterias or other hotspots, such policies can be used to block devices located across the street or in nearby buildings. In enterprise environments, they can be used alone to provide basic connectivity to visitors or provide identity-based solutions with another authentication criterion, that of physical proximity.
With 802.11 hardware costs in rapid decline, more access points can be deployed, which improves the performance of our location-based services. For instance, localization can be made both more accurate and more robust against external transmitters. As of access control policies, the increased number of APs decreases the average length of wireless links, further decreasing unwanted coverage outside the intended service area.
- Daniel B. Faria, Ph.D. Candidate
- David Cheriton, Faculty advisor
- Ken Leland, MS Student (Winter'05-Fall'05)
- Alonso AR, BS Student (Summer'05)
Source: Stanford