From: Tom Christiansen (tomchr@ee.washington.edu)
Date: Wed Nov 24 2004 - 01:21:55 PST
This is a GREAT article!!! Reasonably short, concise, and to the point at
all times. Excellent work.
This article brings up a number of fundamental security issues with the WEP
part of the 802.11 protocol used in wireless networking.
0) All you need to hack into a wireless network is a network card and the
knowledge to modify the firmware and/or the device driver to allow you to
inject and extract raw network traffic from the network card.
1) The number of encryption keys is limited. Even through a brute-force
attack it is possible to calculate the correct deciphering keys with a
reasonable effort.
2) As the number of keys is limited, the keys are recycled at regular
intervals. The keys are generated from a 24-bit initialization vector (IV).
When you need a new key, you generate a new IV and from that a new key. The
problem is that in 802.11, the IV is reset every time the network adaptor
is initialized and in some implementations, the IV is simply incremented,
thus, making it fairly simple to generate the keys needed to decrypt the
messages sent over the network.
3) The text is encrypted using XOR. The article shows that this makes the
message very easy to decrypt - or even modify without knowing the
decryption key. Similarly, the encryption integrity checksum is also based
on an XOR and can be cracked in the same fashion.
4) Due to the known structure of TCP/IP frames, it is also possible to hack
the IP packets directly, thus, redirecting them to an Internet host
controlled by the attacker. The packets will arrive at the destination
unencrypted...
The strong points of the article is the scientific evidence presented. It
is clearly shown that it is indeed rather simple to crack the code on
WEP. The security issues are well described and suggestions for fixing the
issues provided.
The article is a little unclear about what exactly "reasonable effort"
means when it comes to brute-force attacks. The article indicates that the
encryption keys could be collected in a matter of minutes, but other than
some back-of-the-envelope calculations it presents no data to support this
claim.
It is shocking to note that the standard doesn't require changing the
encryption key for every network packet.
The authors make a bitter notion of the fact that many of the security
holes could have been spotted if the standard had been out in the open or
at least offered for review to the encryption community. But of course
hindsight is always 20/20 (actually it's more like 20/15... ;-)
I think I'll go turn off my wireless router now...
This archive was generated by hypermail 2.1.6 : Wed Nov 24 2004 - 01:22:04 PST