TB3182007WiFiProtectedAccessforprotectionandautoma

318WI-FIPROTECTEDACCESSFORPROTECTIONANDAUTOMATIONWorkingGroupB5.22April2007iWI-FIPROTECTEDACCESSFORPROTECTIONANDAUTOMATIONWorkingGroupB5.22Atthetimethisreportwascompleted,WorkingGroup22ofCIGREStudyCommitteeB5hadthefollowingmembership[CorrespondingMemberisdesignatedCM]:DennisHOLSTEIN(UnitedStates),ConvenorJoseMiguelARZUAGA(Spain)MohindarSACHDEV(Canada)ToddDAVIS(UnitedStates)DidierSTOM(UnitedStates-CM)LucHOSSENLOPP(France-CM)SimonTERRY(UnitedKingdom)RussellHOUSLEY(UnitedStates-CM)IvanSUSANTO(UnitedStates-CM)TomKROPP(UnitedStates-CM)WaiTSANG(UnitedStates-CM)CharlesNEWTON(UnitedStates)DarrenWEBB(UnitedKingdom-CM)DavidWHITEHEAD(UnitedStates)Copyright©2007“OwnershipofaCIGREpublication,whetherinpaperformoronelectronicsupportonlyinfersrightofuseforpersonalpurposes.Areprohibited,exceptifexplicitlyagreedbyCIGRE,totalorpartialreproductionofthepublicationforuseotherthanpersonalandtransfertoathirdparty;hencecirculationonanyintranetorothercompanynetworkisforbidden”.Disclaimernotice“CIGREgivesnowarrantyorassuranceaboutthecontentsofthispublication,nordoesitacceptanyresponsibility,astotheaccuracyorexhaustivenessoftheinformation.Allimpliedwarrantiesandconditionsareexcludedtothemaximumextentpermittedbylaw”.n°ISBN:978-2-85873-008-7iiiTableofcontents1.Introduction..............................................................................................................11.1Scope...................................................................................................................11.2Purpose................................................................................................................12.Summaryoffindingsandrecommendations...........................................................23.WhatwaslearnedfromtheWi-Fiusesurvey..........................................................33.1Communicationsinsidethesubstationfence.......................................................33.2Wi-FitoaccessIEDsatanytimeregardlessoflocation......................................43.3Theissueissecurity............................................................................................63.3.1TheissueofusingWi-Fiformissioncriticaltasks.........................................73.3.2Asimilarstoryforoperationalapplications....................................................83.3.3TheWi-Fimarketlooksgoodforenterpriseapplications..............................94.AnarchitecturalviewontheuseofWi-Fiforprotectionandautomation..............104.1Selectedusesfortheradiospectrum................................................................114.2Comparativespeedsof802.11implementations...............................................114.3Increasingthephysicaltransferratemayincreasecost....................................124.3.1Antennadiversity.........................................................................................134.3.2Spatialdivisionmultiplexing.........................................................................134.4Legacycoexistence...........................................................................................134.5VLAN–provisionsfortrafficseparation.............................................................135.HowWi-Fiaccesscontrolandinformationsecuritymechanismswork.................145.1WebeginwithIEEE802.1x...............................................................................145.2AES–CounterModeCBC-MACProtocol(CCMP)...........................................175.2.1WhyAES.....................................................................................................175.2.2GivenAES-CCMP,howshoulditbeimplemented......................................175.3Robustsecurenetworkparameters...................................................................236.Strategyfordefense-in-depth................................................................................246.1Defense-in-depthisneededtoachieveinformationassurance.........................246.1.1Whoaretheadversaries.............................................................................256.1.2Whatmotivatesthesepeople......................................................................266.2Typeofthreatdictatesthedefense-in-depthstrategy........................................266.2.1Passiveeavesdroppingandtrafficanalysis.................................................266.2.2Activeeavesdroppingformessageinterception,deletionandinjection......266.2.3Masqueradingandmaliciousaccess...........................................................266.2.4Denialofservice..........................................................................................276.2.5Viralinfectionandpropagation....................................................................276.3Whatshouldbedonetomitigatethesetypesofattacks....................................276.3.1Itstimefortheleadershiptostepuptotheplate.........................................276.3.2Noexcuses–thetechnologyisavailable....................................................276.3.3Operationsisthe