From: Erika Rice (erice@cs.washington.edu)
Date: Tue Nov 23 2004 - 21:23:51 PST
"Intercepting Mobile Communications: The Insecurity of 802.11" by Nikita
Borisov, Ian Goldberg, and David Wagner:
This paper describes several security risks of the Wired Equivalent
Privacy (WEP) protocol used to ensure confidentiality, access control,
and data integrity in wireless communications. The attacks are based on
inherent vulnerabilities in the mathematical methods used in the
protocol, not on implementation bugs in specific protocols. Although
some of the attacks could be prevented by following recommendations in
the protocol (like not reusing stream keys), others cannot be.
Perhaps the largest contribution of the paper was not the specific
attacks themselves, although those are interesting, but the fact that
the authors found attacks in all three areas that the protocol tries to
protect against. There were attacks that could compromise the
confidentiality of the transmitted data, allow unauthorized access, and
attacks which could change data without those changes being detected.
Weaknesses in security are not surprising when they are of types of
security not specifically addressed by the protocol, but this paper
teaches us that even the kinds of security a protocol is trying
specifically to prevent can be victim of attacks.
This paper does provide a grain of comfort though. The attacks that are
described are fairly sophisticated and would take a dedicated attacker
to execute them. Since we will never get rid of all potential security
problems, it is at least satisfying to know that the low hanging fruit
has been removed.
This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 21:23:51 PST