ACSAC 2002 (www.acsac.org): PANEL - Wireless Security: Vulnerabilities and Countermeasures

PANEL - Wireless Security: Vulnerabilities and Countermeasures

Chair: Dale Johnson, The MITRE Corporation, USA
Viren Shah, Cigital, USA
Vipin Swarup, The MITRE Corporation, USA

The panel session will cover current issues and problems in wireless security and approaches to dealing with them.

Wireless communications and wireless computing devices are now commonly used and are becoming even more widespread. Several well-publicized events and discoveries over the last couple of years have clearly shown that security for the wireless domain is a definite problem. Security is often quite inadequate. Many network administrators in charge of wireless networks do not even enforce any security. Access points frequently are wide open. When security of one sort or another is put in place, significant gaps and holes remain. For example, the underlying protocols have difficulties and weaknesses. Protocols that are related to wireless communications and security, including WEP, WEP2, EAP, and 802.1X, all appear to need strengthening depending upon what security is required.

Wireless communications naturally lead to mobile environments, so that ad-hoc networks come into play and for security reasons trust relations need to be established quickly. How one develops such trust relations that can be relied upon is a higher-level problem in the wireless domain above the network infrastructure. It is a problem of concern to the wireless user who wants reasonable assurance of, for example, confidentiality or privacy. The aim of this panel is to review briefly some of the security problems and vulnerabilities for wireless communications and especially wireless computing and then explore some of promising proposed countermeasures for them. It is time to take stock of where we are with providing security to the community and to see where we can do better. For the panel session we will cover the following:

1. Review of the wireless security situation in brief: problems with lack of security and difficulties with underlying procedures and protocols

2. Examination of directions being taken toward strengthening the security of wireless networking infrastructure

3. Examination of higher-level concerns and approaches to security with ad-hoc networks and managing trust