From: Jonas Lindberg (jonaslin@cs.washington.edu)
Date: Tue Nov 23 2004 - 20:36:34 PST
Review of N. Borisov, I. Goldberg, and D. Wagner's "Intercepting Mobile
Communications: The Insecurity of 802.11"
By: Jonas Lindberg
This paper presents a number of serious flaws in the widely deployed Wired
Equivalent Privacy (WEP) protocol. WEP is included in the 802.11 standard
for wireless networks and its goal is to protect wireless communication from
eavesdropping and other attacks. Borisov et al. explains why the protocol
fails to achieve this goal by showing how malicious individuals can use the
security holes in practice.
The first security flaw presented is keystream resuse. In WEP, messages are
encrypted by XORing the plaintext message with a keystream (a sequence of
pseudorandom bits). When using keystream encryption, it is critical to never
reuse keystreams. This, however, is not a requirement in the WEP protocol.
On the contrary, the architecture actually makes all WEP implementation
suffer from a substantial risk of keystream reuse.
The second flaw is a consequence of the WEP checksum being a linear function
(and not a keyed function) of the message. This fact makes it possible to
figure out how the checksum should be altered to make a modified message
look correct. The fact that old IV values can be reused makes it possible to
send a modified message to an access point. One way of using this could be
to alter the destination address so that a message, after being decrypted by
the access point, is sent to the eavesdropper's computer. The possibility to
modify messages also opens up for what the authors calls "reaction attacks".
I think this is a great paper. It is well written, the structure is good and
the work is clearly motivated. Borisov et al clearly explains the flaws; how
they could be used; and how to secure our wireless connections today. They
also present ideas of how to develop a better protocol next time. The
widespread and fast growing usage of wireless connections and WEP makes this
security flaws, and thereby this paper, very interesting and relevant.
This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 20:36:38 PST