Wireless LAN (WLAN) technology offers a compelling value proposition to potential video surveillance users, in terms of the freedom to set up surveillance of a location without having to fret about running cables from the surveillance cameras to the NVR.A nagging worry, for users, with respect to wireless networks, is the security of content transmitted over such networks. Legitimate concerns regarding snooping, hacking, and maintaining the fidelity of transmitted content, require to be addressed if users are to wholeheartedly adopt WLAN technology in video surveillance applications.
There are a few security mechanisms currently in use in the Wi-Fi domain, and this note recaps them and places them in context.
SSID (Service Set IDentifier):The other element in the security of an 802.11 wireless network is the SSID; which is a human-readable name that identifies a particular 802.11 network, consisting of an Access Point (AP) and stations (STA). Multiple APs can be used to provide extended physical coverage, and they share the same SSID.In order to establish a connection with a wireless network, one needs to know the SSID. Administrators routinely disable SSID broadcasting in Wireless Access Points and Wireless Routers, to hide and protect the wireless network from outsiders. However, there are ways to retrieve a hidden SSID, so it is mandatory that an administrator use further security measures such as 802.11i/WPA2 to secure an 802.11 wireless network.
802.11 Security Standards:
WEP was introduced in 1997, with the objective of bringing confidentiality to IEEE 802.11 wireless network transmissions, and making such transmissions as secure as wired transmissions. However, by 2001 serious limitations were discovered in the WEP algorithm, making it easy to crack.This led IEEE to set up a task force, 802.11i, to address afresh the issue of confidentiality on 802.11 wireless networks. In the time it took the 802.11i task force to release and ratify the 802.11i standard, the Wi-Fi Alliance (a trade group that owns the trademark to Wi-Fi) released an interim standard, WPA, to replace WEP. WPA implemented a subset of 802.11i.The 802.11i standard was finally ratified in 2004, and the Wi-Fi Alliance released WPA2 as its approved, interoperable implementation of full 802.11i. IEEE 802.11i/WPA2 is the current fully-secure security standard for 802.11 wireless networks. It provides strong confidentiality, integrity and per-packet authentication of data frames, and is superior to WPA.
WEP (Wired Equivalent Privacy)
| Uses the stream cipher RC4 for confidentiality, and the CRC-32 checksum for integrity. | |
| Is no longer considered secure. |
IEEE 802.11i/WPA2 (Wi-Fi Protected Access 2)
| Uses the Robust Security Network (RSN) specification to provide strong confidentiality, integrity and per-packet authentication of data frames. | |
| Uses the block cipher AES (Advanced Encryption Standard) and an AES-based cipher suite, CCMP, for confidentiality and integrity. |
WPA (Wi-Fi Protected Access)
| Uses the stream cipher RC4, and an RC4-based cipher suite, TKIP, for confidentiality and integrity. | |
| Use of TKIP allows it to be run on older hardware manufactured before the 802.11i specification was available. | |
| However, TKIP is weaker than CCMP. |
There are two different authentication mechanisms which can be used with both WPA and WPA2:
Pre-Shared Key (PSK): A common, pre-configured key is used by all the stations in the wireless network. This is easy to set up.
802.1X/EAP: A separate key is derived for every station based on credentials such as a user name/password combination, digital certificates, etc. 802.1X and Extensible Authentication Protocol (EAP) are used to manage the process of verifying the credentials against an authentication server (e.g. RADIUS), deriving the key, and opening access to the wireless network. This authentication mode is useful for fulfilling some Enterprise requirements such as per-user/per-role access control, management of a large number of temporary users, etc. However, this mode can sometimes be challenging to set up and manage.
|
||||||||||||||||||||||||
| Table 2: Components of 802.11 Security Standards |
Wireless Security on the Smartvue S8:
The Smartvue S8 system uses 802.11i/ WPA2-PSK at all times. The AES based CCMP algorithm is used. Thus, the strongest cipher suite has been chosen, while ensuring simplicity of use. Besides, the Hidden SSID feature is implemented.
