Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > Embedded

Securing an embedded 802.11 Wi-Fi device

Posted: 01 Sep 2010     Print Version  Bookmark and Share

Keywords:802.11  Wi-Fi security  embedded security 

The risks to users of wireless technology have increased as the popularity of wireless grows. Hackers are becoming more sophisticated, so it�s very important that wireless device manufacturers secure their devices properly. From wireless authentication protocols to the environment in which the device is deployed, there are numerous considerations when securing an embedded 802.11 device.

The top 10 considerations when securing an embedded 802.11 device include:
1. Consider the environment in which the application is deployed
a. This is easy to forget, but is vital to the security of your application. Embedded systems are deployed in the real world. Physical security is a big issue for these systems since an attacker can usually compromise a device much more easily with physical access. In addition, the noise created by other applications in the same area (especially those using the same radio band) can wreak havoc on communications – a simple microwave oven can be an effective denial-of-service weapon.

2. Wireless networks are inherently less secure than wired ones (in theory).
a. In a wireless network, you are constantly broadcasting information to anyone who has a receiver. In a wired network, the data is directed along the cabling, and getting that data is much more difficult. Sure an attacker could use an inductive sensor to measure that data, but that is a more specialized attack, and you could always wrap the cable in a Faraday cage and bury it in concrete. With wireless you do not have any options.

image name

Figure 1: Wireless communication is less secure than wired (in theory).

3. Do not use WEP
a. WEP (for Wired-Equivalent Privacy) was the original attempt at securing 802.11 networks. Unfortunately, the protocol was broken from almost the moment it was released and can now be compromised in seconds with freely-available software utilities. That being said, a large number of devices were deployed with WEP and still use it to this day. Think long and hard about connecting via WEP and if you do, make sure you are using additional authentication and encryption methods (see #6).

4. WPA-TKIP is probably a bad idea too.
a. WPA was developed as a response to WEP being broken, and was designed to work with the same hardware. Unfortunately, it is showing signs that it might be time to drop it as well. It is not nearly as broken as WEP, but new attacks show that it is weak and will likely join WEP soon. Fortunately, WPA2 was developed as a complete (non-hardware-compatible) replacement. If you are using Wi-Fi encryption, you should always opt for WPA2.

5. Wi-Fi encryption (WPA, WPA2, etc.) is not enough – you need TLS or similar
a. A major caveat to using the Wi-Fi encryption protocols is that they only protect the data as it travels between the device and the Wi-Fi access point. Once the data reaches the access point, it is decrypted and passed along with no protection whatsoever. This might be okay on a private corporate network, but if your device is connected to the Internet you may as well just turn your WPA2 off – there is no security at that point. For this reason, it is advisable to use a higher-level security protocol like Transport Layer Security (TLS) or the Secure Shell (SSH) protocol. Those protocols encrypt everything from the device to the data�s destination, regardless of the network upon which that data travels.

1 • 2 Next Page Last Page

Comment on "Securing an embedded 802.11 Wi-Fi de..."
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top