Securing Wireless Local Area Networks using Smart-Card-based Digital Certificates from the DoD Public Key Infrastructure

With the emergence and widespread use of digital technology at all levels, security of systems and the networks that they connect to has taken on paramount importance. The past decade has seen widespread development, innovation, and growth within the DoD, government, and commercial communities of public key infrastructure (PKI) to meet these security needs. PKI is a robust technology, supporting numerous applications including user and computer authentication, secured communications, data encryption, and digital signature. Concurrent with the emergence of PKI has been the explosion of network security issues related to the problem of proper user authentication and the protection of data confidentiality, integrity, and availability. With the expansion of ethernet protocol-based networking into the wireless realm via the IEEE 802.11 standards family, the problems of network security and user authentication have finally come to a head. In a wireless local-area network (WLAN), protecting the network requires protecting not only the communications medium, but also the authentication medium. This paper examines the problems inherent in securing an IEEE 802.11 WLAN, and discusses how PKI-based authentication of hosts and users can be used with the new WiFi protected access (WPA) and WPA-2 protocols to achieve a highly secure wireless network environment. It discusses issues, including digital certificate format, remote authentication dial-in user service (RADIUS) authentication, and client platform compatibility, that must be addressed as part of a successful implementation.