From: Chandrika Jayant (cjayant@cs.washington.edu)
Date: Tue Nov 23 2004 - 18:37:27 PST
“Intercepting
Written by Borisov, Goldberg, and Wagner
Reviewed by Chandrika Jayant
In the past few years, wireless networks have been becoming very popular. Network security in a wireless environment becomes a big concern, as transmissions are broadcast over radio waves. Wired Equivalent Privacy (WEP) was introduced a few years back for the 802.11 wireless LAN standard to attempt to protect the confidentiality of user data, and to try to fix other security problems encountered while transmitting link-level data . This paper(2001) points out WEP’s security flaws and shows specific attacks on them, but doesn’t seem to provide many answers.
WEP uses a secret key k shared between the communicating nodes, and relies on checksumming and encryption to try satisfying confidentiality, access control, and data integrity. Attacks are shown for all three, the authors basically just calling them failures. The authors show attacks that allow eavesdropping and show the dangers of keystream reuse because of a short IV string, possible improper IV management, and random IV reuse. Subversion of the integrity checksum field can allow a user to modify the contents of a transmitted message. Malicious users can use controlled modifications to a ciphertext without changing the checksum. CRC's are meant for random errors, not malicious user errors. The authors also show that new traffic can be pushed into the network. Packets can be forged if the user knows 1 arbitrary plaintext message, the keystream can be recovered and a new message can be encrypted and sent out. Access point manipulation for decryption via IP redirection and reaction attacks is also shown.
I liked how the authors talked about how feasible attacks really could be. Brute force attacks seem fairly simple if classic WEP (40 bit keys) are used- even some more difficult attack schemes would be worth it for many people or organizations if the motivation is there. Also, the fact that many consumers have wireless Ethernet interfaces gives them a simple way to access the data. It’s important that the authors discuss this because it provides the motivation for the paper. The assumption is made that attackers will have full access to the link layer for passive AND active attacks.
More solid suggestions would have been helpful and made this a more progressive paper. The authors do a great job convincing me that WEP is not nearly good enough for wireless communication security, but they could have presented some more tangible ideas for improvement, and maybe some really crazy ideas that could possibly end up working out.
Some things that needed immediate improvement were secret key size(making the standard use a longer key), using a secure keyed MAC, better IV management, and better distribution of keys. A single key for a whole network increases chances of IV collision and isn’t intuitively logical security-wise, the hosts in a network shouldn’t be assumed to all be on the same side. Finally, these ideas should be tested out proactively- the importance of public review is a very valid point the authors end with.
This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 18:37:32 PST