Proceed to WirelessDevNet Home Page
Publications, e-books, and more! Community Tutorials Store Downloads, tools, & Freebies! IT Career Center News Home
newnav.gif
Newsletters
EMail Address:
   Content
  - Articles
  - Columns
  - Training
  - Library
  - Glossary
 
   Career Center
  - Career Center Home
  - View Jobs
  - Post A Job
  - Resumes/CVs
  - Resource Center
 
   Marketplace
  - Marketplace Home
  - Software Products
  - Wireless Market Data
  - Technical Books
 
   News
  - Daily News
  - Submit News
  - Events Calendar
  - Unsubscribe
  - Delivery Options
 
   Community
  - Discussion Boards
  - Mailing List
  - Mailing List Archives
 
   About Us
  - About WirelessDevNet
  - Wireless Source Disks
  - Partners
  - About MindSites Group
  - Advertising Information
 

Wired Equivalent Privacy (WEP) - Gone in 15 Minutes!

by Nicki Hayes, August 16, 2001

As world renowned cryptography experts describe their "devastating attack" on WEP's use of the RC4 cipher in WLANs at the Selected Areas in Cryptography (SAC) conference in Toronto today, WDN asks "Is it time to put security in the hands of the end user?".

The WLAN market is valued at $2bn for 2001 and $4bn by 2003. So news that leading cryptographers Adi Shamir (the S in RSA), Istik Mantin (both of Israel's Weizmann Institute of Science) and Scott Fluhrer (of Cisco Systems) managed to crack Wi-Fi (802.11) security in just 15 minutes is sure to send shock waves reverberating through the industry.

Such news is set to break today (16 August) as these authors present their report "Weaknesses in the Key Scheduling Algorithm for RC4" at a cryptography conference in Toronto. The RC4 cipher is the basis for WLAN's wired equivalent privacy (WEP) encryption scheme, and, according to experts such as NTRU's director of research and development Dr William Whyte, the weaknesses revealed in the report point to the need for a new approach to wireless security - one which puts security in the hands of the end user.

So how weak is RC4?

According to the authors anyone with a WLAN-enabled laptop and some readily available 'promiscuous' network software can retrieve a network's key and gain full user access in a matter of minutes. So, more of an Achilles' foot than an Achilles' heel then!

Think about it. The report's authors not only succeeded in recovering the full 128-bit network key - they did so in just fifteen minutes. The previous best attempt had taken several days and had only managed to capture data - not the full network key. It's like stealing the key to the bar and finding you've got the master key to the brewery. What a result! The guys most have felt like they'd drunk the rewards. But as with alcohol-induced euphoria, their happiness would have been short-lived once the true significance of the test began to sink in. For, if hackers are able to break the WEP scheme with so few resources, and if this attack scales linearly, as the report suggests, then wireless security is in big trouble!

Dr William Whyte, director of research and development with NTRU certainly thinks so. NTRU has recently patented a new technology enabling the world's fastest and smallest public key cryptography solution for wireless and embedded consumer applications (it works up to 2,000 times faster then current systems in 1/50th the footprint - see www.ntru.com), so they know a thing or two about cryptography.

"While the industry is to be commended on its efforts to continuously improve security standards, this news means it's time to draw breath and re-evaluate current trends. Any future versions of WEP will have to be redesigned from the ground up; it's no use simply using longer keys as, according to the report, the WEP attack scales linearly with the number of bits used.

"The fact that this attack was completely passive is also significant. It required no network response, so, at this point in time, there can be no defense or means of predicting such attacks," he advised.

According to Dr Whyte, this points to the need to ask "Where does wireless security really belong - in the device or with the end-user? He is among a growing group of experts who believe that it belongs with the end user, not solely within the device, and that the use of end-to-end mechanisms, such as virtual private networks (VPNs), may help:

" Under WEP, a wireless device authenticates itself to the WEP access point by possessing a shared secret, but, the same secret is in every wireless-networked machine, and so, potentially, any employee could have copied it, independent of the break".

So, because the same secret is in every wireless-networked machine its sending doesn't actually really authenticate the machine - just because the data has been encrypted from your machine to the access point doesn't mean that it's protected elsewhere in the network.

"Even if WEP hadn't been cracked, the above argument would still apply. That's why security experts have been looking into ways around such authentication issues and why many are coming to the conclusion that encryption does not belong solely in the device. It is something that should be done by the end-user and done end-to-end," he explained.

But how can this be delivered?

It's simple according to Whyte. Wireless VPNs are the way forward:

"If you place the WLAN outside the firewall and require devices to IPsec in, then each machine is authenticated separately, a far more scrutinized protocol is being used and the security is truly end-to-end," he concluded.

The Wireless Ethernet Compatibility Alliance (WECA) would, presumably agree. In response to the news of the eminent cryptographers success in cracking 802.11they recommend the use of end-to-end security mechanisms such as VPNs and suggest that, for now, WLAN users install 802.11 outside the firewall, use a VPN, change the default key, then continue to change it frequently.

While such key swapping could buy time, it's not a long-term solution - not now Shamir, Mantin and Fluhrer have discovered a mechanism to find all keys. It seems to me that Dr Whyte has a point. Perhaps it is time to look at implementing end-to-end networks such as VPNs and to put security in the hands of the end user. Let's hope this report is the Achilles' boot that kicks the proverbial butt into action!

Previous NewsByte... THE BLUETOOTH BLUES

About the author:
Nicki Hayes is a freelance writer and corporate communications consultant specialising in business to business internet issues. She has contributed editorial to a number of publications including Unstrung.com, Guardian Online, Financial Times, Banking & Financial Training, eAI Journal and Secure Computing. Nicki is also the European correspondent for The Wireless Developer Network. Nicki is based in Dublin, Ireland and also has a base in Cambridge, UK. Through her consultancy, Hayes-Singh Associates, she has access to a number of technical writers and PR consultants throughout Ireland and the UK.

About the WirelessDevNet (www.wirelessdevnet.com):
The Wireless Developer Network is an on-line community for information technology professionals interested in mobile computing and communications. Our mission is to assist developers, strategists, and managers in bridging the gap between today's desktop and enterprise applications and tomorrow's mobile users communicating via wireless networks. We are interested in supporting the deployment of these evolving technologies through high-quality technical information, news, industry coverage, and commentary. This information is provided within a true on-line community that supports developer/vendor dialogue through message boards and user-submitted tips, articles, links, and software downloads.

Sponsors

Search

Eliminate irrelevant hits with our industry-specific search engine!





Wireless Developer Network - A MindSites Group Trade Community
Copyright© 2000-2010 MindSites Group / Privacy Policy
Send Comments to:
feedback@wirelessdevnet.com