WLAN security developments

The next step was to eliminate static WEP keys. Products that implement proprietary methods for dynamic WEP key delivery have been available for quite some time. Those products are increasingly taking a back seat to implementations of the IEEE 802.1X standard for port access control with session key delivery. 802.1X shipped with Windows XP and is available for most Win32 operating systems. (To learn more, read this SearchNetworking article.) Attackers can still crack a long-running association that uses dynamic keys, but damage is limited to just that session, and refreshing the key can further reduce risk.

An underlying problem with WEP is that it uses an IV that's just too short to prevent keystream reuse, and keystream reuse leads to key cracking. Fixing the IV requires a new encapsulation - that's where the Temporal Key Integrity Protocol (TKIP) comes in. TKIP uses the same RC4 cipher as WEP, but derives per-packet encryption keys by mixing base keys with much longer IVs and the sender's MAC address. TKIP can receive its base key via 802.1X or by deriving it from a secret passphrase. By getting rid of the worst WEP flaw, TKIP makes key cracking much, much harder. Proprietary implementations of TKIP are available today (for example, from Cisco) and implementations certified by the Wi-Fi Alliance will be available around mid-year.

Additional security improvements are yet to come. The IEEE 802.11i standard will include a much stronger privacy protocol based on the Advanced Encryption Standard (AES), in addition to a final version of TKIP and 802.1X for key delivery and refresh. But don't expect to see 802.11i products until next year, in next-generation hardware.