Securing the Air: Don't Let Your Wireless Lan Be a Moving Target

Securing the air: Don't let your wireless LAN be a moving target

New technologies seek to rectify WEP's security shortcomings

Document options

Print this page

E-mail this page

Rate this page

Help us improve this content

Level: Introductory

Kimberly Getgen (kgetgen@rsasecurity.com), Product Marketing Manager, RSA Security

01 Nov 2001

The many inadequacies of the Wireless Equivalent Protocol have been fodder for debate over the recent months. According to Kim Getgen, such failures are inevitable when security experts aren't consulted when specifications are written. Fortunately, the next generation of wireless protocols should be more secure.

After all the hype this year in the wireless space, something interesting started happening. We began to hear about wireless network "drive-by hacking" incidents. From the Highway 101 corridor that connects San Francisco to the Silicon Valley,to the financial and technology districts of New York, Boston, and London, similar reports were being published by a number of different independent researchers. (See Resources for links to these and other stories.) Sitting in the parking lots of reputable companies, or even driving down city streets, reporters, researchers, and ethical hackers were proving that businesses had indeed deployed wireless networks -- and that employees were using them. Unfortunately, the benefits of deploying these technologies came at the expense of exposing these companies' private networks.

And while the many surveys cited above did not jeopardize any vulnerable company's digital assets, the gathering of this information confirms what security practitioners like Chris Wysopal, research director from the security consulting firm @Stake, have been saying for a long time: that "many organizations leap before they look at the security implications of the new technology they deploy or build."

Wireless LAN insecurity

Today, the most popular wireless local area network (WLAN) deployed is the 802.11b network. The access points are widely available and the 802.11b WLAN NIC cards that fit into your laptop are reasonably priced. But these networks, although inexpensively priced and easy to install, have two critical security flaws -- poor data protection and authentication mechanisms -- built in, making them prime candidates for the "drive-by hack." This article will outline what went wrong and what improvements are being made to 802.11 standards to improve security at the network level.

WEP: Why Encrypt Packets?

The encryption scheme in 802.11 wireless LANs that protects data packets is known officially as the Wired Equivalent Protocol, or WEP. But due to some fundamental security flaws and the fact that most enterprises do not turn WEP on, it might be more infamously remembered as the "Why Encrypt Packets" protocol. The preliminary reports from the independent surveys taking place in London, New York, and the Silicon Valley suggest that the majority of wireless LANs deployed do not use WEP at all.

The weaknesses within WEP were first exposed by researchers from Intel, the University of California at Berkeley, and the University of Maryland, all of whom published independent papers this year on the various vulnerabilities they discovered within WEP. But the most damning report came from Fluhrer, Mantin, and Shamir, which outlined a passive attack that Stubblefield, Ioanndis, and Rubin at AT&T Labs and Rice University implemented by capturing a hidden WEP key based on the attacks proposed in the Shamir et al. paper. This attack took just hours to implement. (See Resources for links to these papers.)

IVs: Use with care

Initialization vectors (IVs) are random numbers used as starting points when encoding data. WEP defines an IV as a 24-bit value generated by a 40-bit WEP seed value that is transmitted with the WEP key in plain text, but offers no guidance as to who to establish that value. The danger here is that systems can begin with an