Smartcard Secuirty

Securing the air: Don't let your wireless LAN be a moving target

New technologies seek to rectify WEP's security shortcomings

Document options

Print this page

E-mail this page

Rate this page

Help us improve this content

Level: Introductory

Kimberly Getgen (kgetgen@rsasecurity.com), Product Marketing Manager, RSA Security

01 Nov 2001

The many inadequacies of the Wireless Equivalent Protocol have been fodder for debate over the recent months. According to Kim Getgen, such failures are inevitable when security experts aren't consulted when specifications are written. Fortunately, the next generation of wireless protocols should be more secure.

After all the hype this year in the wireless space, something interesting started happening. We began to hear about wireless network "drive-by hacking" incidents. From the Highway 101 corridor that connects San Francisco to the Silicon Valley,to the financial and technology districts of New York, Boston, and London, similar reports were being published by a number of different independent researchers. (See Resources for links to these and other stories.) Sitting in the parking lots of reputable companies, or even driving down city streets, reporters, researchers, and ethical hackers were proving that businesses had indeed deployed wireless networks -- and that employees were using them. Unfortunately, the benefits of deploying these technologies came at the expense of exposing these companies' private networks.

And while the many surveys cited above did not jeopardize any vulnerable company's digital assets, the gathering of this information confirms what security practitioners like Chris Wysopal, research director from the security consulting firm @Stake, have been saying for a long time: that "many organizations leap before they look at the security implications of the new technology they deploy or build."

Wireless LAN insecurity

Today, the most popular wireless local area network (WLAN) deployed is the 802.11b network. The access points are widely available and the 802.11b WLAN NIC cards that fit into your laptop are reasonably priced. But these networks, although inexpensively priced and easy to install, have two critical security flaws -- poor data protection and authentication mechanisms -- built in, making them prime candidates for the "drive-by hack." This article will outline what went wrong and what improvements are being made to 802.11 standards to improve security at the network level.

WEP: Why Encrypt Packets?

The encryption scheme in 802.11 wireless LANs that protects data packets is known officially as the Wired Equivalent Protocol, or WEP. But due to some fundamental security flaws and the fact that most enterprises do not turn WEP on, it might be more infamously remembered as the "Why Encrypt Packets" protocol. The preliminary reports from the independent surveys taking place in London, New York, and the Silicon Valley suggest that the majority of wireless LANs deployed do not use WEP at all.

The weaknesses within WEP were first exposed by researchers from Intel, the University of California at Berkeley, and the University of Maryland, all of whom published independent papers this year on the various vulnerabilities they discovered within WEP. But the most damning report came from Fluhrer, Mantin, and Shamir, which outlined a passive attack that Stubblefield, Ioanndis, and Rubin at AT&T Labs and Rice University implemented by capturing a hidden WEP key based on the attacks proposed in the Shamir et al. paper. This attack took just hours to implement. (See Resources for links to these papers.)

IVs: Use with care

Initialization vectors (IVs) are random numbers used as starting points when encoding data. WEP defines an IV as a 24-bit value generated by a 40-bit WEP seed value that is transmitted with the WEP key in plain text, but offers no guidance as to who to establish that value. The danger here is that systems can begin with an IV of zero and generate more IVs in a manner which is easy to predict. Expect more secure versions of WEP to be based on better random number generation techniques. For more information on IVs and cryptography, see Resources below.

The vulnerabilities exposed in WEP can be traced back to two problems in the standard: (1) the limitations of the initialization vector (IV) (see the sidebar, "IVs: Use With Care") combined with (2) the use of static WEP keys where the odds of collisions are very high. IV collisions produce so-called "weak" WEP keys when the same IV is used with the same WEP key on more than one data frame. When a number of these weak keys can be analyzed, WEP can be attacked to expose the shared secret.

This is worth repeating, because some early reports inferred that the stream cipher used for WEP encryption -- RC4 -- was the weakness. But this is not the case, as Dr. Hоkan Andersson, senior research engineer at RSA Laboratories explains. "The vulnerabilities exposed in WEP can be traced back to the way the initialization vector and the WEP key are combined to get a per-packet RC4 key. Some IVs produce 'weak' RC4 keys that leak information on the WEP key."

The effects of this revelation were like a dam bursting. Only one month after the Shamir report, free tools like AirSnort and WEPCrack appeared as scripts on the Internet that anyone could use to attack WEP. AirSnort authors claim their code can capture WEP keys after gathering information from just 2,000 packets with weak keys. It is estimated that out of 16 million keys generated using 128-bit WEP encryption, 3,000 are weak. (Keep in mind that 802.11b actually calls for the use 40-bit WEP encryption, which is even more vulnerable. Many vendors are going one step ahead of the spec and providing 128-bit WEP encryption in their products today -- but even this tighter security

...