Without diving into all sorts of arcane, geekified minutae regarding computer communications and cryptographic algorithms, let’s first add some background. Cryptography’s goal is to protect messages (information) for as long as the information has exploitative value. In other words, if I have information that is useless a week from now (say the fact that I’m throwing a surprise birthday party for my friend), then it doesn’t matter if the message gets compromised after that date. If, on the other hand, I’m involved in a hostile takeover of a company, then it may have value for years; then, I would want to protect that information for years. Cryptography’s goal is not necessarily never to be compromised. Yes, the mathematicians may be able to theoretically do this, but for general, everyday use, that is not what is necessary to protect yourself.
Symmetric cryptographic algorithms are the choice of governments (and others) worldwide who have the ability to share private keys through some sort of distribution method. Symmetric algorithms are extremely fast because they don’t have to negotiate the exchange of keys. In addition, they are extremely secure as the actual keys are never available on a communication circuit, whether that is a wireless circuit, radio or a fixed land line. In this type of encryption, both parties MUST have the same key loaded into their encryption/decryption device or software. As is readily apparent, this system quickly becomes clumsy as the number of communicating parties increases, as all of them have to have the same key loaded at the same time. In addition, the distribution of the keys in a secure manner also becomes extremely problematic and cumbersome (you wouldn’t want to call up your buddy on an unsecure line and say ‘hey buddy, the new symmetric key is XYZ123? as it could be compromised; this is how asymmetric, public key cryptographic algorithms came into being.
In the previous section we discussed symmetric cryptography which is great where two or more people know and trust each other and can exchange the keys in a secure manner, perhaps by meeting at the airport or pub and agreeing on a new password, then destroying any evidence of it. However, there’s a big glaring hole: how do people who don’t know each other personally exchange keys without the keys becoming compromised? In addition, how does one ensure that if a key is shared once, that it doesn’t get promulgated everywhere and all of your communications become compromised? This is where public key cryptography comes in. Public key cryptography is known as an asymmetric algorithm because the two parties communicating do not share a common key. Instead,?? if I want to receive encrypted communications (whether a sensitive email, an encrypted web session with Amazon, or whatever), I can publish a public key that anybody can get and they use that to encrypt my message. However, in addition to the public key, I also possess a private key that only I know. I use this private key to actually decrypt the incoming message. Because these two keys are related in a unique combination and only I have the private key, nobody can decrypt communications encrypted with my public key unless they’ve extracted the private key out of me.
Key Length, Complexity and Randomness
The key to good key (password) strength is length, randomness and complexity.
Length, of course, is how many characters long is it. The longer the password, the exponentially harder it becomes to break it. For instance, a four digit PIN number, like on your ATM card, has only 10,000 possible combinations (10 possible digits raised to the 4th power, or 10x10x10x10). Your cell phone could try all 10,000 combinations in less than five seconds, my home workstation would take less than a second to crack your PIN number if I had a card reader attached to it and your card inserted. However, note here that the security is in the fact that I need to possess your actual card (or make a copy of the data with a skimming device. Note, because it is so easy to brute force test every PIN number, the need to record your PIN number with the skimming device, like the article implies, is not true). Now think if you just added one digit to your PIN, now I have to try 100,000, for six, 1,000,000 etc. However, even trying 100,000,000 combinations is trivial for modern day laptops and desktops. So, next, we have to toss in complexity.
Complexity refers to how many different characters are available in the key/password/PIN. As I showed above, using only four digits, like on an ATM card, severely limits the security because it is not nearly complex enough. If your PIN is restricted to just numeric digits, as demonstrated above, there are only 10,000 possible combinations. Now let’s say that you can have both letters and numbers. In the English alphabet, that gives us 26 letters and 10 numbers, for a total of 36 different possible characters. Doing the math on 36^4 (36x36x36x36) combinations, we now have 1,679,616 combinations to plow through, still relatively easy, but certainly a bigger problem. Now let’s say that we can have both upper and lower case and 10 numbers, so now we have 62^4 or 14,776,336 combinations. Finally, if we add in all of the punctuation marks found on my keyboard, I have 92^4 or 71,639,296 combinations to try. And that is just with a four character key! To put it in perspective for you, if you use just a minimum key length of ten characters and you use a complex password that contains upper and lower case, punctuation and digits, the possible combinations are 92^10 or 43,438,845,422,363,200,000! So you can see that complexity really adds to the security of your passwords.
Finally, the part everyone forgets about, is randomness. The above theoretical maximum combinations are of no use if you use combinations of words that are in a dictionary (in any language) or follow some sort of keyboard pattern. If the person who is attacking your encryption (password or key) knows anything about you, any personal information will help him or her break your key quickly. That is why security people harp on not using the names of family, friends, pets, birthdays, anniversaries, etc. It is better to have a 10-12 digit, truly random, password or key and never change it unless it is compromised, than to be constantly changing your password using some predictable pattern that uses words out of a dictionary or personal information. Now that we have some background in the basic cryptography going on, let’s turn to the practicals of how to secure your wireless communications.
Securing Your Wireless Computer Network
Here are the steps to securing your wireless network:
- Choose and implement the strongest encryption algorithms and protocols that your router supports, upgrading if necessary.
- Change your network name (SSID) and make sure that your router does not advertise the network name.
- If your router has the option, reduce the broadcast power setting so that the signal does not work outside of the physical space you need it to (your house, or possibly your house and backyard). Be especially careful that your network is not able to be used from the street in front of your residence.
Choosing your Encryption Protocols
There are three generally available encryption algorithms in use with wireless routers or access points. For home networks these are WEP, WPA and WPA-II.
Wired Equivalent Protocol (WEP)
WEP is deprecated (not used) anymore. If your wireless router uses this protocol and has no other, you should upgrade to one running at least WPA. This is because the authentication method used is extremely susceptible to compromise, especially if you are using Shared Key authentication, which is a symmetric algorithm. Wait a minute, you are saying, I thought you said that symmetric algorithms were probably safer because only I (and the router that I configured) would know what key is being used to encrypt the data? This would normally be the case, however, let’s check out how it actually works.
In Shared Key authentication, the WEP key is used for authentication. A four-way challenge-response handshake is used:
- The client station sends an authentication request across to the wireless network device.
- The router sends back a clear-text challenge.
- The client encrypts the challenge using the configured WEP key, and sends it back in another authentication request.
- The router decrypts the material, and compares it with the clear-text it had sent. If it matches what was sent, then it grants access to the wireless network and the router and the client continue using the shared, symmetric key.
Do you see the problem here? If I’m Johnny hacker hanging out with my laptop, all I have to do is start listening into your network and capturing packets looking for an authentication request. Because the encryption algorithm is publicly known, and I have a clear-text message, all I have to do is start capturing packets and trying different keys until I get the clear-text message to match the encrypted response?
Depending on the amount of network traffic a successful key recovery can take as little as one minute. If an insufficient number of packets are being sent, I can always add packets on the network, stimulating reply packets to aid in finding the key. WEP is easily compromised by just a basic hacker/cracker with a laptop and freely available software such as aircrack-ng.
WPA and WPA II
The Wi-Fi Alliance developed WPA (Wi-Fi Protected Access) in 2003 to address WEP’s weaknesses. Improvements included TKIP Temporal Key Integrity Protocol), which changes the encryption key for each data transmission, unlike with what we saw in WEP. WPA is theoretically breakable, but can be secure on a practical level. With a strong password (as described above in my password discussion: make sure you have complexity and randomness and 21 characters or more) a WPA network can withstand an attack for years. With this type of setup, by the time someone gets around to breaking the key on that one packet of information, then the information should be useless to whomever was seeking it because its value has expired.
In 2004 WPA II (WPA2) came out and switched to using AES (Advanced Encryption Standard) instead of TKIP. AES is a stronger protocol than TKIP and should be used if possible. algorithms are vulnerable, as any algorithm is, to a brute force attack. Thus, your password/key should be as long as possible and not shared with any non-trusted persons or entities. Given the choice between WPA and WAP II, WPA II should be your first choice.
Turning off Network Advertising/Broadcasting
The next step is to stop advertising your network. Although this step helps, it is not going to stop a serious hacker (or government) snoop, but it will slow down the hackers that are out “wardriving” looking for targets of opportunity. This is a three part step. First, login to your wireless router and (using the documentation for your device) disable broadcasting of the SSID (network name). Secondly, while you are in there, you will also want to change the network name; if you don’t, then anybody who’s seen a packet before (like your pesky neighbor that’s been freeloading for the past few years) will still be able to connect to it as they will have the SSID. I recommend using a random string of characters for the network name, just like you used for the password for maximum protection; this is because any would be hacker will now have two highly random and complex things to try and figure out. Lastly, you will have to go back and reconfigure your wireless devices that attach to the network to use the new SSID name and password.
Tune Broadcast Power and Router Location
Finally, you’ll want to reduce the broadcast power and work at shifting the physical location of your device so that it cannot be accessed or seen from the street in front of your house or, if you have one, the alley in back. These devices are really two-radios with an omnidirectional antenna, meaning that they broadcast in a sphere outwards from where the antenna is located. What I recommend is placing the device somewhere near the middle of your location, then setting the broadcast power at its lowest setting. Now, take you laptop or other wireless device and step out on the front porch. Can you still use the network? If not, you might want to up the power setting one notch. Once you can use it on the front and back porch/deck area, carry the device out to the street. Can you still access the network? If so, you might want to adjust the power down so you can’t. Keep playing with the location and power setting until you can use the network where you need it, without it being usuable from the public access points (aka roads and alleys) around your home.
Cell Phones, iPads and Other Wireless Devices
Issues with GPS
If your cell phone or other wireless device has a navigation feature, then it probably has GPS (actually, GPS + some nifty software to triangulate off of cell towers). I recommend that you turn off the GPS chip in your phone by default, only turning it on when needed for navigation. There are several reasons for this: first, if you have a social network you access from the device, it will geo-tag where you are when making updates…embarrasing if the boss figures out you were really at Club Wild instead of at the doc’s office. Secondly, any picture you take, with the GPS chip on, gets geo-tagged with its location. If you decided to “drop off the grid” but upload some photos to Flikr or PhotoBucket, then those photos have ‘metadata’ (i.e. data about the photo) embedded into the photo which is accessible to someone via google maps. Enterprising criminals can then figure out, just by the photos, where your home is, where you like to have lunch, where family members live/are, etc. Not good.
All cell phones have the ability to remotely turn them on, even if they appear to be powered off. They can also be turned into remote listening devices without the pesky nuisance of installing a bug. The cell phone will not appear to be powered on if it has been remotely turned on. Ditto for being able to turn on the GPS feature and figure out where you are at. The only way to circumvent this is to remove the battery and SIM card from the phone. Removing the battery provides better protection than removing the SIM.
One can take steps to protect their wireless personas. While one can really dive down a rabbit hole ala Enemy of the State, that’s not necessary to provide yourself some serious protection. Highlights are: don’t advertise your wireless home network, use WPA II, use strong passwords and turn off your GPS features and remove batteries from phones (sorry iPhone users, android phones win here) when not in use.