Wireless LANs (WLANs) have been plagued by security problems ever since Fluhrer, Mantin Shamir published their paper illustrating how wireless security could be broken. I would like to ask about the problems with WLAN security at a general level and what developments are taking place to remove them?

    Requires Free Membership to View

    Login

Fluhrer et al found that poor initialization vector (IV) implementations and key sequencing algorithms significantly reduced the traffic required for WEP cracking. Many products (particularly those sold to enterprises) have long since patched around that particular problem. Attackers can still crack WEP if the same WEP key is used long enough, but cracking now takes longer.

The next step was to eliminate static WEP keys. Products that implement proprietary methods for dynamic WEP key delivery have been available for quite some time. Those products are increasingly taking a back seat to implementations of the IEEE 802.1X standard for port access control with session key delivery. 802.1X shipped with Windows XP and is available for most Win32 operating systems. (To learn more, read this SearchNetworking article.) Attackers can still crack a long-running association that uses dynamic keys, but damage is limited to just that session, and refreshing the key can further reduce risk.

An underlying problem with WEP is that it uses an IV that's just too short to prevent keystream reuse, and keystream reuse leads to key cracking. Fixing the IV requires a new encapsulation - that's where the Temporal Key Integrity Protocol (TKIP) comes in. TKIP uses the same RC4 cipher as WEP, but derives per-packet encryption keys by mixing base keys with much longer IVs and the sender's MAC address. TKIP can receive its base key via 802.1X or by deriving it from a secret passphrase. By getting rid of the worst WEP flaw, TKIP makes key cracking much, much harder. Proprietary implementations of TKIP are available today (for example, from Cisco) and implementations certified by the Wi-Fi Alliance will be available around mid-year.

Additional security improvements are yet to come. The IEEE 802.11i standard will include a much stronger privacy protocol based on the Advanced Encryption Standard (AES), in addition to a final version of TKIP and 802.1X for key delivery and refresh. But don't expect to see 802.11i products until next year, in next-generation hardware.

This was first published in April 2003

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top