From: Alan L. Liu (aliu@cs.washington.edu)
Date: Tue Nov 23 2004 - 23:36:07 PST
# What is the main result of the paper? (one or two sentence summary)
The WEP standard for 802.11 communications has some fundamental problems
that make it relatively easy to compromise security. By design, ciphers
can be reused and therefore remembered by attackers. Checksums are used
to ensure packet integrity, despite the fact that the CRC checksum is a
linear function, making it easier to alter both data and checksum.
I think the most interesting thing about the paper is how manufacturers
and the standards body that created 802.11 do some pretty bad things,
such as being deceitful over its security while making it hard for
security experts to give input to the development of the standard. This
is security through obscurity, and it doesn't work well given that
802.11 is not an obscure technology from the usage standpoint.
Another interesting point the paper brings up is how the traditional
view of design robustness is to be conservative in sending and liberal
in accepting, while from the security standpoint the reverse is far more
secure. This exactly points towards a tradeoff that must be made --
should a design cater to the lowest common denominator at the expense of
security? At least from the findings of 802.11's weaknesses, it *seems*
that you have to pick one or the other, but not both.
I felt that the paper did a fantastic job describing WEP's
shortcomings, but it did not too as good a job at providing fixes or
alternatives, short of telling administrators that they have no security.
The general feeling I got out of reading this paper was "Bummer. Oh
well I'm glad I just upgraded all my router/nic firmware and drivers
last week to get me some WPA," but taking a step back, I think relying
on WPA is clearly foolish. Perhaps the standards body let Dave Wagner in
on the design of WPA. Perhaps not. In either case, the end-to-end
argument tells us that trusting that layer is bad. If I want something
securely transmitted, I better damn well be sure it's secure from as
high a level as possible. Not working under the assumption that the
lower layers are insecure (e.g., there are no eavesdropper) would be
making the same mistake as assuming that the underlying network is
perfectly reliable -- more wishful thinking than reality.
This archive was generated by hypermail 2.1.6 : Tue Nov 23 2004 - 23:36:09 PST