Intercepting Mobile Communications: The Insecurity of 802.11

From: Danny Wyatt (danny@cs.washington.edu)
Date: Tue Nov 23 2004 - 17:49:24 PST

  • Next message: Chandrika Jayant: "802.11 Insecurity"

    Intercepting Mobile Communications: The Insecurity of 802.11
    Nikita Borisov, Ian Goldberg, David Wagner

    Though you wouldn't think it was still necessary, this paper explains
    that one time pads aren't secure if you ever reuse a pad. Then they
    show that WEP cannot but reuse pads, and is thus insecure. This is
    because WEP's OTP generator is initialized with an infrequently changed
    key and a very small, publicly broadcast initialization vector. The
    smallness of the IV (in addition to poor implementations) ensures it
    will be reused, and broadcasting the IV saves attackers much work by
    telling them exactly which messages were encrypted with the same pad.
    As if that weren't enough, they also show that by using only checksums
    to verify message contents, encrypted messages can be modified
    undetectably without the attacker needing to know either the entire
    plaintext or the encryption key.

    This last vulnerability becomes even worse when the tension between
    clean software engineering and security concerns is considered. WEP is
    designed to protect only the link layer and be indifferent to any other
    layer above it. An attacker need not be so indifferent, and can exploit
    the network layer (by using IP redirection to have the base station send
    a decrypted copy of a message to a hostile address) or the control layer
    (by using a reaction attack to have the receiving TCP implementation
    provide information about the plaintext). By ignoring other the other
    layers in the network stack, WEP has ignored the information they can
    leak and the vulnerabilities they can introduce.

    This comes back to the end-to-end argument, since for security the only
    guarantee that should be relied on are those that are isolated
    completely within the application. A perfect example of this is our own
    department's network: wireless traffic is completely unencrypted but no
    system will accept logins that are not secure at the application level.

  • Next message: Chandrika Jayant: "802.11 Insecurity"

    This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 17:49:30 PST