From: T Scott Saponas (ssaponas@cs.washington.edu)
Date: Wed Nov 24 2004 - 07:58:35 PST
"Intercepting Mobile Communications: The Insecurity of 802.11" identifies security flaws in the 802.11 Wired Equivalent Privacy (WEP) protocols. Specifically, this paper describes doable methods to eavesdrop, modify the contents of messages, and inject new traffic into the network. Eavesdropping (any other security vulnerabilities) in WEP is made possible by exploiting keystream reuse. It shown that keystream reuse is very common because the implementation of at least some wireless NICs is to reset the public IV to 0 after each reset. And since the IV is publicly available (in the unencrypted part of the packet) an attacker knows when they are seeing keystream reuse. The authors point out that even in the best implementations keystream reuse is bound to occur frequently because since the private key is changed rarely and the IV length is hard coded to 24 bits. Keystream reuse allows an attacker to discover the keystream and build a dictionary of keystreams. Thus whenever a WEP packet is discovered they must simply look at the IV to figure out which entry in their keystream dictionary to use to decrypt the message. The paper also discusses the pitfalls of choosing a CRC checksum as the WEP integrity check and its impact on message modification and injection.
This paper's contribution of identifying security issues with WEP is very relevant today's networks because I am using a WEP protected 802.11 AP as I type this. The reason that I and some many others are using WEP is not necessarily that none of us know WEP has security holes but because WEP was rolled out and we all invested money in wireless infrastructure that use WEP and are too cheap to buy new hardware. As the authors point out, the less here is that when developing a security standard it is critical to consult the cryptography community and examine previous security efforts. In this case, those standardizing WEP could have avoided some of the security issues encountered by looking at how IPSEC and others dealt with some of the same issues. Similarly, cryptography experts would have been able to point out the fairly well know flaws of inevitable keystream reuse and CRC integrity checking.
While this paper does do a good job of identifying security issues with WEP and pointing out how they could have been avoided, it could have done more to suggest solutions to wireless security. However, a few counter measures are suggested.
This archive was generated by hypermail 2.1.6 : Wed Nov 24 2004 - 07:58:40 PST