WLAN security developments
Wireless LANs (WLANs) have been plagued by security problems ever since Fluhrer, Mantin Shamir published their paper illustrating how wireless security could be broken. I would like to ask about the problems with WLAN security at a general level and what developments are taking place to remove them?

    Requires Free Membership to View

    Login

    By submitting your registration information to SearchNetworking.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchNetworking.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Fluhrer et al found that poor initialization vector (IV) implementations and key sequencing algorithms significantly reduced the traffic required for WEP cracking. Many products (particularly those sold to enterprises) have long since patched around that particular problem. Attackers can still crack WEP if the same WEP key is used long enough, but cracking now takes longer.

The next step was to eliminate static WEP keys. Products that implement proprietary methods for dynamic WEP key delivery have been available for quite some time. Those products are increasingly taking a back seat to implementations of the IEEE 802.1X standard for port access control with session key delivery. 802.1X shipped with Windows XP and is available for most Win32 operating systems. (To learn more, read this SearchNetworking article.) Attackers can still crack a long-running association that uses dynamic keys, but damage is limited to just that session, and refreshing the key can further reduce risk.

An underlying problem with WEP is that it uses an IV that's just too short to prevent keystream reuse, and keystream reuse leads to key cracking. Fixing the IV requires a new encapsulation - that's where the Temporal Key Integrity Protocol (TKIP) comes in. TKIP uses the same RC4 cipher as WEP, but derives per-packet encryption keys by mixing base keys with much longer IVs and the sender's MAC address. TKIP can receive its base key via 802.1X or by deriving it from a secret passphrase. By getting rid of the worst WEP flaw, TKIP makes key cracking much, much harder. Proprietary implementations of TKIP are available today (for example, from Cisco) and implementations certified by the Wi-Fi Alliance will be available around mid-year.

Additional security improvements are yet to come. The IEEE 802.11i standard will include a much stronger privacy protocol based on the Advanced Encryption Standard (AES), in addition to a final version of TKIP and 802.1X for key delivery and refresh. But don't expect to see 802.11i products until next year, in next-generation hardware.

This was first published in April 2003