1. Home
  2. Networking
  3. Wireless lan security

WLAN Security Domain Conceptual Model

First, look at the WLAN security domain from a conceptual modeling perspective. Figure 1-2 shows the domain conceptual model and the relationship between the various components and acts as a backdrop for this book. This model defines the entities, functionalities, and relationships between them. Further, the mechanisms are the technologies and protocols through which the functionalities are implemented.

Figure 1-2. WLAN Security Domain Conceptual Model


In a nutshell, the WLAN system consists of entities [1] in Figure 1-2. Entities include users, wireless cards, APs, corporate networks, and service provider network access. Each entity is identified by an identity attribute or identifier [2]. Table 1-1 shows the common identifiers for each type of entity.

Table 1-1. Common Identifiers for Entities

Identifier

Entity

Principals

Username, DN in a certificate

Client cards

MAC ID, IP address

Access points

SSID


You need to know how the entities are identified because, in most cases, the identities could be spoofed, so you need forms of authentication to establish the identity. Entities, of course, have credentials [3] for authentication and authorization that are exchanged using authentication protocols [7]. Entities communicate over channels that need to be secured against different types of attacks (passive and active). The final goal is to securely authenticate the entities using authentication systems [6]. The corporate AAA systems [6] hold the various required elements such as keys, usernames, password hashes, policies, and so on. Authentication protocols [7] facilitate authentication mechanisms to exchange credentials and challenge/response handshakes.

After a client is authenticated to satisfaction (based on the network policies in place), the client is authorized [8]. This authorization can take many forms:

  • In the case of enterprises, the client might get full network privilege or access to restricted areas in the network (such as Internet access for guests and visitors).

  • For public WLANs, this might involve payment gateways, account checks with WSP, and so on, with access provided depending on the level of service.

  • Authorization would also include expiration of connections and other similar functions.

  • In many cases, such as conferences, the authorization might be null in the sense that, after it is authenticated, the clients have access to the network resources. Remember in these cases that the network is just a connection to the Internet and possibly a server with conference-related materials.

The other security aspect is the integrity and confidentiality of the communication channels [5]. The confidentiality is achieved by encryption [9], and message integrity is achieved by digital signatures [10] with suitable mechanisms for bootstrapping, key exchange, and key refresh [11].
    		Chapter 1. Securing WLANs Overview
    		WLAN: A Perspective
    		Wireless LAN Components and Terminology
    		WLAN Standards
    		WLAN Security
    		WLAN Security Domain Conceptual Model
    		Navigating this Book and Chapter Contexts
    		Summary
    		Chapter 2. Basic Security Mechanics and Mechanisms
    		Chapter 3. WLAN Standards
    		Chapter 4. WLAN Fundamentals
    		Chapter 5. WLAN Basic Authentication and Privacy Methods
    		Chapter 6. Wireless Vulnerabilities
    		Chapter 7. EAP Authentication Protocols for WLANs
    		Chapter 8. WLAN Encryption and Data Integrity Protocols
    		Chapter 9. SWAN: End-to-End Security Deployment
    		Chapter 10. Design Guidelines for Secure WLAN
    		Chapter 11. Operational and Design Considerations for Secure WLANs
    		Chapter 12. WLAN Security Configuration Guidelines and Examples
    		Chapter 13. WLAN Deployment Examples
    		Appendix A. Resources and References