From: Ioannis Giotis (giotis@cs.washington.edu)
Date: Tue Nov 23 2004 - 16:57:51 PST
Security in wireless systems is a more challenging problem than in wired
networks as adversaries can easily listen all traffic. 802.11 uses WEP
as a security protocol. WEP is a secret key cryptosystem that uses the
secret key and a random vector to generate an encoding key of equal
length to the packet.
Unfortunately, despite the desired theoretical aspects of WEP, poor
implementations and practice, render this system somewhat insecure.
First of all, network card manufacturers did not use much randomness in
creating the "random" vector making it easy to find two packets encoded
using the same vector. Secondly, using known dictionary techniques one
could take advantage of partial knowledge of the packet's contents to
gain full access to all packets. Finally, as in all secret key systems,
the distribution of the secret key itself renders this system somewhat
insecure.
Another aspect of WEP is message authentication and digital signatures.
Using a CRC-32 checksum, encoded with the message, is not enough to
guarantee malicious attacks detection. Since CRC-32 was built as a
random error detection mechanism, it can be exploited by someone who
already knows its nature and is careful enough.
I was surprised to find the same old mistakes done in older secret key
cryptosystems, found in WEP as well. The authors do a good job at
pointing out these problems, and their claims seam reasonable. However,
the paper leaves something to be desired. By 2001, there were a lot more
common problems when using secret keys, that I don't see the authors
mentioning. One could also try to exploit several other properties of a
wireless network. For example, could one exploit network protocol
mechanisms to derive the secret key by say jamming frequencies ?
Nothing much has changed since the paper was written. The same problems
remain and we are clearly away from finding robust solutions in these
area. I would imagine that large deployment of wireless networks these
days will bring surface more and more ways to attack WEP.
This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 16:57:52 PST