From: Jenny Liu (jen@cs.washington.edu)
Date: Wed Nov 24 2004 - 01:56:47 PST
"Intercepting Mobile Communications: The Insecurity of 802.11" points
out many security flaws with the 802.11 Wired Equivalent Privacy (WEP)
protocol. In particular, the authors address the insecurities that stem
from a connection re-using the same (publicly declared) key with the
same secret key multiple times, and point out that the same keystream is
quite likely to be re-used in a very short amount of time given that the
secret key doesn't change often and the public key is only 24 bits
long. Thus, over time, an attacker can compile a dictionary of all (or
many) possible keystreams and use them to decode all (or many) packets.
The authors also point out how relatively easy it is to modify encrypted
messages undetected. They go on to show that an attacker can inject
fake messages into the network undetected, and use that to authenticate
himself for the network. An attacker can also redirect messages (for
example to an IP address that he controls), or intercept and modify
messages and observe the receiver's response to these modified messages
to learn something about the encrypted plaintext. Finally, the authors
suggest countermeasures against some of these attacks and outline
lessons learned from the WEP debacle.
The paper brings to light the disconnect between what happens in
academia and what happens in the real world. The engineers of WEP did
not bring their proposal to the cryptography community and the result is
that the protocol fails to meet its design goals. The paper also puts
forth a good argument for the end to end argument in system design:
lower levels may not necessarily be trusted.
The paper does not offer an easy solution to the problem. However,
perhaps a deeper issue is that network traffic at the link layer should
in general be treated as insecure. It might be somewhat easier to
intercept a wireless signal, but it's also not impossible to physically
eavesdrop a wired signal. Furthermore, in many instances even on a
wired network, your network traffic may eventually be routed along to a
portion of the network controlled by other powers. The end to end
argument for system design applies here, and if the data you're
transferring over the network is really extrememly sensitive, then you
can afford to put in extra cryptographic measures at higher levels.
This archive was generated by hypermail 2.1.6 : Wed Nov 24 2004 - 01:56:50 PST