From: Rosalia Tungaraza (rltungar@u.washington.edu)
Date: Wed Nov 24 2004 - 01:03:44 PST
This paper is about the Wired Equivalent Protocol (WEP) that was created
in order to prevent third parties from eavesdropping on network packets
that do not belong to them (or in other words, that they have no
permission to read). The protocol is implemented at the link-layer. Apart
from confidentiality (prevent eavesdropping), this protocol was also
designed to enable authentication (make sure every participant was
invited/ or is allowed to participate) and data integrity (keeping the
message in its original form or untempered).
I think the success of this work lies in the fact that the authors managed
to provide evidence of the fact that WEP is flawed in that it leaves users
of wireless networks susceptible to attack. They show that an outsider
could at the very least passively attack a wireless network by using off
the shelve tools, messages could be altered without the CRC error
correcting code recognizing the change, and uninvited users could gain
access to the network (poor keystream reuse).
One thing the authors could improve upon is to talk more about how they
envision a solution for the current deficiencies of the WEP. They seem to
have a firm knowledge of what is available from the cryptographic
community and past network protocol designs that had similar purposes as
the WEP. Thus, I think they should have presented modifications to the WEP
or incorporation of ideas from the other protocols into the WEP to suggest
solutions to the problems they discovered in WEP.
In terms of future work, the authors suggest designing a secure and
easy-to-use mechanism for automated key distribution to all users of
wireless connections. In this mechanism, they stress the idea that first
keys should be changed with a high frequency and that each host should
have its own encryption key.
This archive was generated by hypermail 2.1.6 : Wed Nov 24 2004 - 01:03:44 PST