10.1. Introduction
As previously mentioned, wireless links introduce a new set of problems for network security design. It is much easier for outsiders to observe the communications over the air than over a physical wire. This problem is even more serious when, as is often the case, the boundaries of the wireless network coverage do not coincide with the physical boundaries of the enterprise. An eavesdropper can simply sit in her car in the building's parking lot and listen to the exchanged data over the air by simply tuning her receiver to the communications performed wirelessly inside the building.
The feasibility of eavesdropping makes user authentication mechanisms that pass user's credentials in the clear, such as password authentication protocol (PAP), vulnerable to eavesdropping. The passive attacker can simply capture the user identity and password while they are being passed during authentication exchanges and later impersonate the user by simply replaying the captured identity and password pair for the network. Even challenge response methods are vulnerable to eavesdropping. The attacker, after recording both the challenge from the network and the response from the user in the other direction, can launch an off-line dictionary attack. The attacker does this by testing a large set of keys to arrive at the response from the challenge and that way guesses the password.
Another issue that makes authentication in wireless environments more complicated is the user's lack of ...
Get AAA and Network Security for Mobile Access: Radius, Diameter, EAP, PKI and IP Mobility now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.