From: Ethan Katz-Bassett (ethan@cs.washington.edu)
Date: Tue Nov 23 2004 - 19:28:48 PST
In this paper, the authors present multiple flaws in 802.11's Wired
Equivalent Privacy (WEP) protocol that make it susceptible to attack. WEP
is supposed to protect against eavesdropping, provide access control, and
ensure data integrity. The paper presents flaws that keep WEP from
attaining any of these goals. The authors detail potential attacks. They
successfully carried out some of the attacks using off the shelf equipment.
I was especially surprised at how easy authentication spoofing is, by
intercepting a challenge and response. I want to read more about how to
recover plaintexts given the XOR of two plaintexts.
The authors do not give detailed reforms to fix the protocol. They do
provide some guidelines. The protocol needs to specify more about how the
IVs are chosen.
Argument for end-to-end security. They conclude that CRC cannot be used for
message authentication and that a cryptographically secure authentication
code must be used. The question remains of how to do automated key
distribution.
The failures of WEP point to the value of end-to-end security. Data
integrity (meaning, the ability to detect tampering) and confidentiality-two
of the three goals-- could be ensured even over insecure WEP by appropriate
application-level solutions.
Interestingly, the authors point out that some of the common goals of
protocol design (stateless and liberal) may be at odds with security goals.
The WEP engineers did not properly understand the cryptography. This
problem seems somewhat similar to what we saw with distance vector; a
protocol is though correct, but does not have desired properties when it is
applied. Sometimes there is misunderstanding between the theory community
and others; it can go the other way too, as when theoreticians study a model
that is incorrect for the problem they are hoping to solve.
This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 19:28:53 PST