Chair of IEEE 802.11 Responds to WEP Security Flaws

Jamie Walker writes "The following e-mail is routing around concerning the recent articles concerning security flaws in the 802.11 Wired Equivalent Privacy algorithm. The response comes from the committee Chair." We posted a story about WEP security flaws a while ago, but the submissions keep coming in - here's a response from the top.

Subject: WLAN/ Response of WEP Security
Importance: High

Response from the IEEE 802.11 Chair on WEP Security

Recent reports in the press have described the results of certain research efforts directed towards determining the level of security achievable with the Wired Equivalent Privacy algorithm in the IEEE 802.11 Wireless LAN standard. While much of the reporting has been accurate, there have been some misconceptions on this topic that are now spreading through the media. Befitting the importance of the issue, I am inclined to make a response from the Chair to clarify these issues with the following points:

1. Contrary to certain reports in the press, the development of WEP as an integral part of the IEEE 802.11 standard was accomplished through a completely open process. Like all IEEE 802 standards activities, participation is open to all interested parties, and indeed the IEEE 802.11 committee has had a large and active membership.

2. The acronym WEP stands for Wired Equivalent Privacy, and from the outset the goals for WEP have been clear, namely to provide an equivalent level of privacy as is ordinarily present with a wired LAN. Wired LANs such as IEEE 802.3 (Ethernet) are ordinarily protected by the physical security mechanisms within a facility (such as controlled entrances to a building), and the IEEE wired LAN standards do not incorporate encryption. Wireless LANs are not necessarily protected by physical security, and consequently to provide an equivalent level of privacy it was decided to incorporate WEP encryption into the IEEE 802.11 standard. However, recognizing that the level of privacy afforded by physical security in the wired LAN case is limited, the goals of WEP are similarly limited. WEP is not intended to be a complete security solution, but, just as with physical security in the wired LAN case, should be supplemented with additional security mechanisms such as access control, end-to-end encryption, password protections, authentication, virtual private networks, and firewalls, whenever the value of the data being protected justifies such concern.

3. Given the goals for Wired Equivalent Privacy, WEP has been, and continues to be, a very effective deterrent against the vast majority of attackers that might attempt to compromise the privacy of a wireless LAN, ranging from casual snoopers to sophisticated hackers armed with substantial money and resources.

4. The active attacks on WEP reported recently in the press are not simple to mount. They are attacks, which could conceivably be mounted given enough time and money. The attacks in fact appear to require considerable development resources and computer power. It is not clear at all whether the payoff to the attacker after marshalling the resources to mount such an attack would necessarily justify the expense of the attack, particularly given the presence of cheaper and simpler alternative attacks on the physical security of a facility. Key management systems also reduce the window of these attacks succeeding.

5. In an enterprise or other large installation, the complete set of security mechanisms typically employed in addition to WEP would make even a successful attack on WEP of marginal value to the attacker.

6. In a home environment, the likelihood of such an attack being mounted is probably negligible, given the cost of the attack versus the typical value of the stolen data.

7. IEEE 802.11 is currently working on extensions to WEP for incorporation within a future version of the standard. This work was initiated in July 1999 as Task Group E, with the specific goal of strengthening the security mechanisms so as to provide a level of security beyond the initial requirements for Wired Equivalent Privacy. The enhancements currently proposed are intended to counter extremely sophisticated attacks, including those that have been recently reported on in the press. In addition it needs to be noted that the choice of encryption algorithms by IEEE 802.11 are not purely technical decisions but they are limited by government export law restrictions as well.

8. Certain reports in the press have implied that frequency hopping wireless LAN systems would be less vulnerable to security attacks than other wireless LANs. This is not true given that in such frequency hopping systems the hopping codes and timings are unencrypted and consequently are easily available to an attacker.

9. By far the biggest threat to the security of any wireless LAN is the failure to use the protection mechanisms that are available, including WEP. Any IEEE 802.11 installation where data privacy is a concern should use WEP.

I would like to thank the following long serving members of the IEEE 802.11 Working Group, and those Wireless Ethernet Compatibility Alliance members, for their efforts in assisting me in drafting this response from the Chair to this important issue:.

• Vic Hayes, IEEE 802.11 member & ex-IEEE 802.11 Chair
• Al Petrick, IEEE 802.11 WG Vice-Chair
• Harry Worstell, IEEE 802.11 WG Vice Chair
• John Fakatselis, IEEE 802.11 Task Group E Chair & TGE QoS Sub-Group Chair
• Dave Halasz, IEEE 802.11 TGE Security Sub-Group Chair
• Matthew Shoemake, IEEE 802.11 Task Group G Chair
• Phil Belanger, WECA Chairman & IEEE 802.11 member
• Greg Ennis, WECA Technical Director & IEEE 802.11 member.

Stuart J. Kerry
Chair, IEEE 802.11 , Standards Working Group for Wireless Local Area Networks.
http://www.ieee802.org/11

Re:That's no excuse.

You basically need a laptop, a 2.4GHz receiver, and an antenna.

You forgot the most expensive resource: tons of time. In order to do anything meaningful without being attached to the wired portion of the network as well, you need to wait for the IV (salt) bits to be repeated. It will take few hours on a very busy LAN, and months on your home installation. Even after this IV collision, all you get is a XOR of two frames - not nearly enough to recover even one of them. Essentially, few hours of work yield you one bit of data (not key!). Of course, if you have enough patience to sit (literally!) for years in the close proximity (or direct line of sight with directional antenna) from the target, you may finally be able to fake few packets on the air.

Please note, that this does not even take into the account the cost of tools, since the tools are indeed a one-time investment.

If you have access to the wired network behind the firewall, breaking into the wireless portion becomes much easier. However, in this case the easiest thing to do would be just to use the wired connection for hacking anyway, and not even bother about wireless. That's what WEP was designed to do: make the wireless piece of the LAN to be about as hard to hack as the wired one.

Encryption will be broken, Point of entry is key

Seriously... if they try, they'll break it. If they have a signal amplifier, they can sniff their way in from the comfort of their home, not "sitting in a car outside the company gates for 24 hours" as we've been led to believe.

Connectionless-oriented networks will ALWAYS be more susceptible to attack for this reason; POE. One point of entry from any connection-oriented LAN (router) means that hackers have only one way to touch your network, assuming a decent NAT is setup, or a correctly configured firewall... and also assuming each user on the network doesn't have a static external IP address.

But if you're using a wireless LAN, none of those precautions matter. Once the encryption is broken, you've lost the benefits that a single POE can provide. Now they don't have to pass the NAT and get through the firewall... they can just slink in from some poweruser's account who decided "password" would be sufficient to authenticate him to the server. Hey, we shouldn't be too rough on the guy, at least he didn't leave it blank like some other users I've seen.

Of course, if you don't know how to setup a wireless LAN and don't even bother installing encryption, and decide DHCP will make everything so much easier, then all the hacker has to do is set himself to grab an available IP off the network, and we're back to guessing any user's password.

No, they still can't gain root access this way, but they can still do a ton of damage to company data that the user had access to.

Any company that values their data will keep building network infrastructures and pulling drops of CAT5 through the ceilings and walls.

I can't wait to see how Intel's internal wireless LAN works. It should be a good test.

Protector of Capitalist views,

That's no excuse.

First of all, I dispute that a lot of resources are required to crack these systems. You basically need a laptop, a 2.4GHz receiver, and an antenna. The laptop (assuming it's new) should provide more than enough computing power for this job. Sure you need some software, but really, how much longer do you think it'll be before script kiddies will have access to software to do this for them?

I also dispute that your average enterprise network provides adequate security to protect it's data even in the event that WEP is compromised. Most corporate security systems I know essentially assume that unwanted parties cannot join the network and listen in on traffic. If I break the WEP key for a network, this assumption becomes invalid. The attacker can then watch as proprietary documents get passed over the network (normally documents move unencrypted) and read them.

As for the "wired-equivalent" aspect of this. I can't remember a wired network that I could compromise without having to get physical access to a network jack. Corporations could increase their security based on how hard they made it to get to those jacks. Indeed, in some cases there are no controls, but in most companies, there are at least some controls and companies have the option of significantly increasing the physical access security. WEP does not provide an equivalent to this (indeed, I'm not sure there's a clear standard meant by "wired-equivalent").

Finally, after reading over the material on this, I have to say that the WEP group just went about this fundamentally the wrong way. They tried to use RC4 for authorization, which it's not particularly well suited for. They also effectively tried to use a single key for both authorization and encryption. They used 24-bits of variability to protect against RC4 compromise, even though that's significantly less than one would need. All of these are no-no's, and the WEP group should have been aware of these problems (and made some effort to address them).

It is possible, today, to do wireless communications securely. WEP could have employed existing proven approaches, but instead they rolled their own. Guess what happens when you do this boys and girls?

Re:That's no excuse.

Every security mechanism is a trade-off of security for convenience. Even 1024-bit RSA encryption is a trade-off, in terms of assuming that the cost in time and computing cycles to factor the key is not worth the data being encrypted.

Furthermore, one must keep in mind that this is only network-level encryption. There is nothing preventing further, more secure encryption at the transport or session layers. WEP provides minimal security, hopefully equivalent to the difficulty of plugging in to a wired network (hence the name). As always, it is the decision of the network admin/user to supplement this with further security measures. For example, if you're worried about your home wireless LAN being snooped upon, use SSL communication between your machines.

I obtained my first network experience on my college network, and let me tell you, I'd feel a lot better about 802.11 with WEP than I used to about ethernet in my residence hall!