From: Lillie Kittredge (kittredl@u.washington.edu)
Date: Wed Nov 24 2004 - 01:35:29 PST
This paper discusses the design and weaknesses of wired equivalent
privacy.
WEP works by xoring the data and its checksum with a keystream generated
from a private key and an initialization vector. While it prevents causal
eavesdropping, it is fairly easy to break if one finds two packets
excrypted with the same keystream. The authors point out the common poor
implementation of WEP which does not generate IVs very intelligently,
leading to repeat keystreams. They also discuss the failures of the CRC
to prevent tampering with the message, and the assorted attacks that can
be based on this.
I'm impressed by the extremely evil suggestion of sending spam to users so
you know some plaintext that they're going to look at. That's just so
mean on so many levels. Also, I suspect that the graduate sutends who
reverse-engineered the network key did no do so _entirely_ "for the sake
of convenience". There was likely some showing off involved as well.
I found it interesting that they discuss the WEP standard and the way it's
written. They point out that the standard does not recommend any way of
choosing IVs to avoid repeat keystreams. I thought this was an
interesting example of a siutation in which the designers of a protocol
need tot take into account the likely actions of the implementors of the
protocol. I also liked the practical countermeasures for the future, such
as subjecting proposed standards to a large amount of peer review.
This archive was generated by hypermail 2.1.6 : Wed Nov 24 2004 - 01:35:30 PST