Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security

Researchers Claim to Crack 802.1x WiFi 109

Posted by timothy from the security-is-an-illusion dept.
satsujin writes: "Researchers from the University of Maryland have released a paper on the weaknesses found in the 802.11x protocol. It looks like it might not be as strong as Cisco has contended."
This discussion has been archived. No new comments can be posted.

Researchers Claim to Crack 802.1x WiFi More

Researchers Claim to Crack 802.1x WiFi

Comments Filter:

  • Inevitable (Score:1, Redundant)

    by MxTxL ( 307166 )
    With time, everything gets broken. The world's hackers (and even our crackers) are just too good. There are too many smart minds out there trying to solve the million puzzles like this that someone WILL find a way.
    • Wrong. First note that a successful break implies finding a way to do what the system was designed for with significantly less effort than the original security analysis claimed to be necessary. So if somebody "breaks" AES128 with effort 2^128, this is not a break. It was knowen all the time that this was possible.

      With time some schemes may become insecure without having been broken. Others will not. For example it is unknowen whether one-time pads can be broken in this Universe. Current physical theory says they cannot.

      Second, some schemes might be feasible to break, but nobody competent enough is interessted in doing it.

      Third, an "academic break" is not necessarily a "practical break". For example an academic break may find a polynomial way of reversing an one-way function, but with a minimal exponent on the polynomial of, say, 1000. For most/all practical purpose the one-way function is still secure.

      My opinion is that most/all of the recent wave of breaks is due to incometence of the designers. A lot of the industrial crypto is like that. People that believe they understood the matter and can design a complex cryptological system by themselves in a small group. Most of them fall on their face, but the supply of people that don't get it seems to be indefinite. Just have a look at all the claims of being "unbreakable" in,
      e.g. sci.crypt. Some of these are broken in 5 minutes, i.e. the time needed to read the description. Or remember Oracle's claim about their "unbreakable" security.

      Crypto is hard! You cannot test it to determine its quality, like you can with code. You have to understand it, and that is infinitely more complicated than just doing some tests.
      • Wow.. dude... I think your WRONG for being such a arse about your opinions. Essentially you say one person is wrong, and then write a paragraph explainnig basically what they said in a sentance. Yes, your salient poitns are correct, but they only server to fillin what the parent post already said.

        Further, Cicso is not exactly know for security, and just look how easy it is to break the password on only cicsco router, or switch. Just change the rom to 0x2102, or was that 0x2101? Oh well, when you change the rom, it boots up without any security. And the passwords are not even strong. I know of many crack programs to break their password encryption scheam.

        The fact is that, like the parent post points out, that when you have the entire wolrd working on this type of puzzle, it is only a matter of time, despite the good or week system involved.

        Crypto is hard! You cannot test it to determine its quality, like you can with code. You have to understand it, and that is infinitely more complicated than just doing some tests. I duno... crypto is actually really easy once you get past the assumtion that it should be hard. Only people who don't really know anything about crypto tyend say its hard. That is normally because of the mystic that surrounds crypto.... sorta like the mystic that surrounds everything you don't understand. So the point now is why is this troll think he has anything to say about security?
        • So the point now is why is this troll think he has anything to say about security?

          Maybe because I have seen to much bad crypto already? And maybe because I do teaching and research in security, an area that is in part close to crypto?

          My point is not that crypto cannot be done properly, but that far to many people think it is easy and, by not respecting the complexities, screw up.
          • That is so true... and the real problem is in developer miss-education about programming. The root is that the universities don't teach under-grad application security at an early level. They have a hard enough time to teach folks the right way to program in syntax, let alone security. It think Bruce Schneier said about his book causing people to create bad crypto systems in that they read it, think they know crypto like gods (they really don't) and go off and write bad API's.. So in that way I can agree.

            On the greater subject of complexity theory, I'd say that in this day and age we will see a growth of those so called lighning strikes where that one lucky person find the hole in the systems API. Especially as computer power increases across the board.
        • ok how will you change the boot register, magic? You can do it by breaking out during a boot at the local console, wow no one will notice their router rebooting. Plus you shouldn't have physical access to the router anyways. Also the passwords are pretty secure if secret-5 is used (the only thing anyone with sense would do) plus the real answer is to use tacacs so the passwords aren't on the router at all.
          • That is correct about not allowing people anywhere near the Cicso gear: routers, or switches. I'd also say the TACAS is the way to go. About the boot registers, the hint is in the name. Even thought that is not very discrete way to get in. The solution is to lock the door of your wire closet, and fill it with noxtious non-breathable gas. Alas, the secret-5 hashing system. All I have to say in regards to secret-5 is the answer exist in polynomial-time, so it is automatically a contender for the average joe type cracker with a laptop. Even then there is logging, and triggers mechanisms to catch intruders. The answer is to track down people who attempt to login over the internet, and chop their fingers off.

    • How messed up is it that the THIRD post, and the first actual post from an intelligent life form is moderated as "redundant"?

      I try to moderate while not completly wasted and I expect the same curtosy. This person deserves the same.

      Moderation is dead! Long live the moderator!

      Also Known As - Jack

  • The Unofficial 802.11 Security Web Page (Score:5, Informative)

    by arnoroefs2000 ( 122990 ) on Saturday February 16, 2002 @10:50AM (#3017926) Homepage
    ...has alot more info on the security issues concerning this protocol.

    The Unofficial 802.11 Security Web Page [drizzle.com]

  • 802.1x NOT 802.11x (Score:1, Insightful)

    by John2583 ( 302168 )
    The articles states this clearly. There is a differnce in meaning, I believe.

  • Oh come on!!! (Score:1, Redundant)

    by evilviper ( 135110 )
    Can anyone really say that they DIDN'T see this comming?
    • Can anyone really say that they DIDN'T see this comming?

      Well, they could have hierd some real experts...

      But I admit I am not surprised that they continue to think they can do this on their own.
  • IMHO, it's on its way out anyway.

  • but I still love the wireless (Score:5, Interesting)

    by stego ( 146071 ) on Saturday February 16, 2002 @11:04AM (#3017982) Homepage
    I have a wireless setup at home and absolutely love it. I also assume that everything I do on the network is transparent and so take appropriate steps when the situation is called for. Props to all the developers of GPG and OpenSSH.

    And - this type of thing will only eventually lead to us having a more secure wireless networking protocol. Aren't you glad that these guys have the freedom to this kind of research?
    • At least these guys are open to correcting the problem, unlike the goons who sat on Felten et. al.
    • All the more reason to pipe your communications through known, and accepted secure protocols like OpenSSH and GPG (for documents).

      Wireless protocols are not peer reviewed to the extent AES was, so why not run your communication through an AES tunnel? It only makes sense to do so. And since OpenSSH supports AES (128bit, 192bit, and 256bit) it makes good sense to take advantage of the encryption.
  • Is it just me, or have the many weaknesses in 802.1x security already been beaten to death?

    It is clearly a broken and insecure technology. Workarounds are possible, but don't fix the underlying problem.

    There. Now you don't need to read this and you can go look at userfriendly.

    D
    • I think you're confusing the weaknesses in 802.11b and specfically WEP that you've heard about with 802.1x.

      802.1x when used in conjunction with rapid re-keying is a moderate to good security solution. Coupling all of this with an ACL(Access Control List) provides a good to very good solution.

      Running something like SSH over all of this make an excellent solution, AES be damned!

  • So which is it? 802.1x or 802.11x? (Score:1, Insightful)

    by Anonymous Coward
    Sure, I know the article only says "802.1x" but slashdot says 802.11x so they MUST have broken 802.11x instead!!!!

  • The Researchers' Wireless Research Page (Score:5, Informative)

    by guttentag ( 313541 ) on Saturday February 16, 2002 @11:11AM (#3018013) Journal
    Here's the UMD Professor's 802.11 Research page [umd.edu]

  • Let's get the "Inherrent Problems" out in the open (Score:5, Informative)

    by Millard Fillmore ( 197731 ) on Saturday February 16, 2002 @11:13AM (#3018020) Homepage Journal
    This article mentions "inherrent problems" quite a bit, but doesn't really enumerate them. Let me try and do that. In a wireless network, every piece of data being sent between any two nodes is available to anyone in the area with the right kind of radio receiver. It's that simple. Some of the more advanced authentication protocols make it harder for someone to set up a session on a wireless network, and from there get access to an entire LAN, but regardless of that, there is still data being sent over the airwaves.

    Because of this, a security administrator, or even a home user, has to assume that every packet sent over a wireless connection is intercepted. Until there is reliable encryption that takes prohibitively long periods to break (remember, WEP is broken, and the break is a relatively quick one), this technology is simply unsecure, particularly for corporate use.

    • Until there is reliable encryption that takes prohibitively long periods to break (remember, WEP is broken, and the break is a relatively quick one), this technology is simply unsecure, particularly for corporate use.

      You can two parties can use Diffie-Hellman key exchange [swcp.com] to agree on a key even when all traffic is being watched.

      Also, there is plenty of "reliable encryption that takes prohbitibitively long periods to break", such as triple DES (Data Encryption Standard), and any of the the Advanced Encryption Standard finalists [nist.gov], at least in the sense that a lot of very qualified people have tried hard to break them for a long time in a very open process and so far failed. (Rijndael won [nist.gov] the AES endorsement, but, not to my knowledge, because of a vulnerability discovered in any of the other finalists.) Granted, these algorithms are not mathematically proven to require a substantial number of cycles to break or even to be as difficult as some other famous problem (like Michael Rabin's public key algorithm), but, if that is your standard of security, then you also should not be sending even your encrypted traffic over any internet backbone links that are not known to you to be physically secure.

      • Re:Let's get the "Inherrent Problems" out in the o (Score:5, Informative)

        by swillden ( 191260 ) <shawn-ds@willden.org> on Saturday February 16, 2002 @12:59PM (#3018383) Journal

        You can two parties can use Diffie-Hellman key exchange [swcp.com] to agree on a key even when all traffic is being watched.

        As long as an attacker can only watch, this is true. An active attacker can mount a man in the middle attack (one of the attacks in the article was exactly this type) against a naive implementation. However, used correctly, DH can provide secure key agreement.

        Also, there is plenty of "reliable encryption that takes prohbitibitively long periods to break", such as...

        All of this is unnecessary. Why would we want to use a prohibitively slow block cipher like 3DES, or even a moderately slow block cipher like any of the AES finalists, when the stream cipher already used in WEP is perfectly adequate? RC4 is a well-respected cipher and can accomodate ridiculously large key sizes. WEP's problems aren't related to the algorithm, but to the misuse of the algorithm (it's a well-known fact that with RC4 you *must* discard the first few bytes of the keystream to permit the state table to be adequately mixed).

        The article commented that they're considering AES for the next generation of wireless security, which makes it clear to me that they still don't get it. The problem *isn't* that RC4 is insecure, in which case using AES would be a nice fix, the problem is that *any* cipher applied in a foolish way by people who don't understand cryptographic protocol design will be weak, no matter how good that underlying cipher is.

        I only hope that they're smart enough to publish the new protocol and solicit reviews and comments from people who do know what they're doing. Of course that only helps if they listen to the responses. As Arbaugh and Mishra point out "If anybody breaks [the encryption], they not only break the confidentiality but they also break the access control and the authentication so one break breaks everything. That is not good design. Each security mechanism should stand on its own." What they need is a fundamental redesign, not a new cipher, and they may not want to hear that.

        • the problem is that *any* cipher applied in a foolish way by people who don't understand cryptographic protocol design will be weak, no matter how good that underlying cipher is.
          You are absolutely right. A prime example is the obsolete SSL v1 protocol. They used RC4, which is fine in itself, but they used CRC32 for message authentication. Unfortunately, in this setup, it is next to trivial to modify the ciphertext and update the encrypted checksum without ever knowing the plaintext.

          However, Netscape was smart enough to learn from this disaster and hire some qualified expert cryptographers. (I think Taher el Gamal was involved in the design of SSL-v2.)

          Let's hope that some competent people will redesign this thing from the bottom up.

    • More important... WHat isn't breakable now, may be tomorrow. So while you may be "secure" in the knowledge that what you transmit today is indeed not being read, tomorrow there may be a crack and all that data is cach'd n compromis'd...
    • Because of this, a security administrator, or even a home user, has to assume that every packet sent over a wireless connection is intercepted.

      Provocative question: how is this different from "wired" IP across several routers? That's why you need strong endpoint-to-endpoint encryption, e.g. SSL/TLS.

      One additional problem seems to be that a simple way of session hijacking would enable a nasty Denial of Service Attack, but the other points are inherent problems in IP4 without IPsec (i.e. probably 99% of internet traffic) as well.

    • Actually assuming that a wireless network is similar to an old style bus topology ethernet is a good approach. There everybody can read everything.

      Unfortunately some people don't understand this and do stupid things like having a switched network for security and then connecting some users via wireless.

      With Unix the solution (even for coperate use) is simple: Only allow ssh, sftp, and scp and ban (and scan ports to be sure it is not used) telnet, rsh, ftp,... for internal use. You don't even need to do a possibly difficult IPSec setup. Insecure services can be tunneled through ssh.
    • True, you should consider every packet of -encrypted- data as intercepted,
      however: this isn't a problem, this has been a standard scenario for cryptology ever
      since radio transmissions were first broadcast a hundred years ago..

      The problems are inherent to the encryption algorithm, not the mode of communication.

      SSH sure seems strong enough, we should be able to expect the same level of security in wireless networks.

  • Just curious... (Score:4, Interesting)

    by siliconwafer ( 446697 ) on Saturday February 16, 2002 @11:13AM (#3018022)
    Would authentication using Mac Addresses take care of this problem? Or at least mac-address checking... Each wireless client has a Mac Address, after all....
    • It's not just a matter of preventing a malicious foreign host from starting a session on your wireless LAN, it's a matter of protecting the data that traverses the WLAN. See my comment above. It's also true that a "man-in-the-middle" type attack as described in the article could rip the mac address from a client and use that.
    • No, not unless the communication stream were also encrypted. All you'd have to do is setup a wireless sniffer, capture the MAC addresses in DHCP requests, wait for one to go offline, and jump in with your NIC set to the MAC address of your choice.

    • Re:Just curious... (Score:5, Informative)

      by gclef ( 96311 ) on Saturday February 16, 2002 @11:47AM (#3018113)
      Sorry, no. Many operating systems (and most cards these days) allow you to change the MAC address of the card. Given that you're broadcasting your MAC with all the rest of your traffic, someone could just change their card to your MAC address & be on your network.

  • Is this protected by DMC (Score:3, Interesting)

    by monkeyserver.com ( 311067 ) on Saturday February 16, 2002 @11:27AM (#3018063) Homepage Journal
    Maybe this is a question of understanding, if some corporation was sponsering or developed these standards could they sue these dudes under the DMC?

  • Secure wireless (Score:2, Interesting)

    by mrneutron ( 61365 )
    I'm trying to design a secure wireless architecture for a multi-site, multi-floor deployment (with roaming). I have to deploy soon: within a month or so, and can't afford to wait until IEEE fixes the standards.

    I see possible 2 ways to attempt this (with 802.11b or 802.11a when it's available):

    - VPN over wireless
    - 802.1x authentication with TKIP

    Both have their pros and cons.

    I demoed Bluesocket (VPN concentrator/firewall for building wireless DMZ networks), which works. I found it difficult to administer, lacking reporting, and wonder how many VPN tunnels it will handle.

    I'd prefer to go with the new industry standard (TKIP and 802.1x auth), and segregate wireless traffic onto DMZs, protected by a custom machine running iptables/sport, to provide firewalling, routing, IDS, arpwatch, etc.

    I can't use 802.1x if it's insecure, and I'm having a difficult time determing how insecure 802.1x is based on the articles I've read.

    Assuming I used 128 bit WEP, TKIP with fast key rotation, EAP auth via 802.1x, and segregate traffic on a WDMZ with a firewall and IDS, what vulnerabilities are left to exploit?

    If it's the MiM attack, VPN over wireless may have the same issue, unless I roll out strong mutual authentication via certificates. Doable, but very unwieldy.

    I'd appreciate anyone's throughts on this matter.

    - Eric

    • Re:Secure wireless (Score:4, Informative)

      by lizrd ( 69275 ) <[su.pmub] [ta] [mada]> on Saturday February 16, 2002 @11:47AM (#3018112) Homepage
      I don't see why you'd have a particualr problem if you implemented your system with the industry standard TKIP and 802.1x. After reading the UMD paper it seems that the two types of attacks can both be prevented with those systems. If you use 802.1x authentication without TKIP you could run into problems with the session hijacking. Most wireless manufacturers do not allow their access points to operate in this mode, though the ever popular Cisco is an exception.

      The man in the middle attack can be avoided by using mutual authentication which is a part of the EAP-TLS standard usually used to implement 802.1x. The version of the standard being urged by MS and being shipped with Windows XP can be configured to not have this vulnerability. The problem here is that this must be configured on the client and you might not always have control over the clients.

    • That the security of your wired LAN depends on all the multihomed PCs attached to the Wireless network not having any remote root type exploits.
    • WEP is a very weak protocol. The scary thing is that some vendor WEP implementations are actually even _more_ weak than a complete and correct WEP implementation would be.

      Avoid any new technology for security--not only does it not have a lot of analysis and peer review on paper, but vendors usually don't get the implementation right on the first try in silicon and code. Chances are if the spec has "theoretical weaknesses," the vendor's product will have "exploitable vulnerabilities."

      I generally design such systems by re-using existing practices and technology wherever possible. So my wireless LAN is a bunch of AP's connected to an ethernet switch (or, if you have less than about 8 AP's in one site with a few 100mbit wired ports on each, you can usually just connect them all to each other). The wireless LAN is then connected to the hostile side of the existing corporate firewall--either the firewall connected to the Internet, or a nearly identical copy of it. The wireless LAN and anything connected to it is assumed to be as hostile as the public Internet.

      For extra security, add an IDS box to monitor the network. The IDS box should do both passive listening (watching for non-VPN traffic) and active scanning (scan for open ports on all active IP's), and should be able to disconnect misconfigured hosts. Most AP's have some kind of web or SNMP interface these days that the IDS box can use, and most should support allowing or denying traffic based on MAC address of the wireless card.

      The role of the IDS box here is to detect and shut down script kiddies and legitimate users with fatally misconfigured machines (e.g. the user or some program has tampered with the security policy or disabled the client's firewall). You probably want one of these even if you're doing 802.1x stuff, or even on Internet connections, since any machine connected to the protected LAN--from anywhere--that isn't sufficiently locked down creates a vulnerability for the entire LAN. The IDS doesn't give much protection against competent attackers, but it does let you know about the incompetent ones nicely.

      Of course, the IDS box opens up a whole world of DoS attacks...and you'll need someone to monitor it...and if your VPN and firewalls are working, you don't need (or already have) IDS. So I consider it optional, and leave it up to my client to decide to use one or not.

      On the client machines I use exactly the same VPN and firewall security software that I use for machines who attach to the LAN from the public Internet. It doesn't matter what VPN you use here. All the wireless I or my clients have deployed so far use different VPN products in their implementations. Since the same VPN is used for wireless and the existing external Internet access, the client doesn't have to retrain anyone or reconfigure or reinstall anything.

      IMHO the public Internet is a much more dangerous place than a wireless network--with wireless, your attackers have to be within a certain physical distance, while on the Internet you can be attacked by anyone in the world.

  • 802.1x != 802.11x (Score:5, Informative)

    by lizrd ( 69275 ) <[su.pmub] [ta] [mada]> on Saturday February 16, 2002 @11:29AM (#3018070) Homepage
    Please note that the x in 802.1x is not a place holder for the the 1b at the end of 802.11b. 802.1x is a port bases security standard that was developed mostly for the use of switches to allow access even when the physical location of a switch port might not be physically secure.

    This standard has been extended for wireless use. The problem described in the paper is quite different from the problem of cracking WEP. 802.1x uses a similar method of authentication and encryption that SSL does. It also provides for the possibility of changing WEP keys periodically. Although WEP is quite flawed, that problem can be avoided by changing the key on a per client basis with greater frequency than is required to determine what the key is.

    The problems described by the paper could only happen in an exceptionally poorly configured wireless deployment. For these exploits to work you would have to be using 802.1x with WEP encryption disabled. This would be a strange thing to do since one of the main purposes of using 802.1x is to get effective WEP key rotation. For the man in the middle attack, you would need to have an imporperly configured authentication server (usually RADIUS).

    • I'm glad somebody else pointed out the fact that 802.1x is not 802.11x.

      Although IEEE nomeclatures can be tough to keep track of, I'm sick of every marketing moron I meet spouting how they need 802.11x when there is no such thing.
  • Cisco uses LEAP for its secure wireless. Cisco supports WEP only for non-cisco product support. LEAP provides unique authentication to prevent session hijacking and man-in-the-middle. You also get to pay at least three times as much for Cisco. If you really don't care about security that much then you can go buy Linksys or some other commodity brand. This article was pretty crappy anyway. Some guy said he found some weaknesses in wireless security. Some other guy said he was not surprised. If you are using wireless in a hotspot, you should be using a VPN client to encrypt your data, just like if you were connecting from your hotel room. One time passwords and digital certs prevent highjacking of corporate data. Obviously this ass clown never thought of that. Here is an article on LEAP http://www.nwfusion.com/reviews/2001/1217revside3. html
  • Longer term, the IEEE Standards body intends to adopt AES [Advanced Encryption Standard], the same security protocol sponsored by the National Institute of Standards. "AES is state of the art encryption technology," said WECA chairman Eaton. But AES requires hardware acceleration using a co-processor to off-load the encryption and decryption or it would slow the throughput down to an unacceptable level, according to Eaton as well as Instat's Paulo. It also requires new Wi-Fi cards in the client devices. AES will be available in the first quarter of 2003.
    Am I missing something here? AES is an approved standard, implementations have been available for years.

    Concerning Speed: the Rijndael AES proposal gives 70.5 Mbits/s for a VisualC++ Implemetation of Rijndael on a P200. This should be fast enough for the clients. Can anyone provide accurate figures, e.g. for the current implementation used in gpg?

    Above all: AES is a symmetric block cipher, so this has nothing to do with the security problems adressed, as these seem to be flaws in the protocol. (session hijacking, man in the middle, etc.) These are questions of key managment, not of the block cipher used.

    Seems that the chairman is not exactly an expert in crypto...
    • You're not incorrect, it's just that the chipmakers want to offload host processing to the chipsets instead of relying on host processing. This assures more symmetric performance across all machines and in network intensive situations in which you might be running 802.11a (54 Mbps raw), sucking host computational power may not be appropriate. For smaller devices that are Compact Flash based and use ARM processors or similar devices, host processing would be in appropriate and require a separate chipmaking development track.

      The OEMs, likewise, don't want to pay and support driver development for host-based processing. They want to feed data into an onboard MAC that offloads it to the on-board encryption which sends it off to the PHY and radio.

      You're absolutely right on all the other fronts, of course: AES is a piece of the puzzle and there's not a specific reason to not use host processing; it's a gestalt.

      As for the rest, the industry hasn't yet taken that deep breath and said, we have to rethink the problem end-to-end.

  • Who cares (Score:3, Funny)

    by xinu ( 64069 ) on Saturday February 16, 2002 @12:12PM (#3018189) Homepage Journal
    I'm using 802.11b on my laptop as we speak, I have no luck in getting it to work 2 rooms over or on the patio.

    So basically the person trying to steal my info would have to be hiding in my closet to even see the signal, nevermind cracked.

    Sounds more like the makings of a scary movie instead of a techno hacker thriller...

    • So basically the person trying to steal my info would have to be hiding in my closet to even see the signal, nevermind cracked.

      Relax, a professional attacker would just use a better antenna and possibly HF-Amplifier. In fact you may feel even more secure as the attacker could be several hundred metres away, by investing in special equipment. And if it is real professionals they will not interrupt your operation at all, as that could make you suspicous.

      Don't worry, if it is not the kids next door that try to listen, you will not be disturbed at all (expect for the SWAT Team breaking down your door when they have read the data you send over the network....;-)===)

  • Classical goofs (Score:5, Insightful)

    by gweihir ( 88907 ) on Saturday February 16, 2002 @12:50PM (#3018345)
    In any good crypto lecture you learn that there are two parts to authentication:
    1. Authentication of both sides towards the other.
    2. Keeping up the authentication while you communicate.

    Seems these people goofed in both tasks! First they did not do two-way authentication. So everybody can claim to be the non-authenticated party. Then they used a form of authentication that allows a succesful imposter to now pose as the authenticated party. And third they did not prevent session hijacking, i.e. do not keep up the authentication!

    Very, very incompetent. Obviously these people did not have a good crypto lecture or did not understand what they where supposed to learn there.

    And they apperaently did not even read the specification of the infrastructure they are using. My favorite quote:

    "If you look at the 802.1x, they tell you the 1x protocol is insecure when used in a shared medium environment unless a security association is established. Since 802.11 doesn't do that, so by IEEE's own words it is insecure," Arbaugh said.

  • Old news (Score:1, Informative)

    by Anonymous Coward
    This is old news. IEEE 802.1x is EAP, which has been used for dialup connections with PPP for years. The problems are well known.

    You can run Protected EAP on top of EAP/802.1x and protect the connection from the problems, see:

    PEAP draft [ietf.org]

    Of course, you'd need the WEP fix to solve the privacy and integrity problems of the connection as well.
  • Cisco has already implemented TKIP - as seen in figure 4.9 here:
    http://www.cisco.com/univercd/cc/td/doc/product/ wi reless/airo_350/accsspts/ap350scg/ap350ch4.htm#680 78

    Plus - with Cisco products, if you want LEAP authentication, you now HAVE to use WEP. Before, WEP was optional.


    The real problem is the fundamental way in which Wi-Fi works, according to Arbaugh. Although rapid rekeying of WEP keys, for example, which will be implemented in the next security standard called TKIP [Temporal Key Integrity Protocol], makes it more difficult to crack, Arbaugh said the entire design is just not good security.

    "You are relying on a confidentiality mechanism, and in general that is considered bad design," he said.

    The next generation of security is TKIP and is backward-compatible with current Wi-FI products and upgradeable with software. TKIP is a rapid re-keying protocol that changes the encryption key about every 10,000 packets, according to Dennis Eaton, WECA chairman.

    • Yes, and if we bow down to might Cisco and use their equipment throughout the entire network, we get the privledge of using a proprietary protocol(LEAP) where we should be using an open standards-based implementation such as 802.1x using EAP w/ TLS or TTLS.

      No disrespect to Cisco on their backbone equipment, but buying your way into the Wireless segment, and then pushing proprietary crap is not what the networking community really needs.
  • They didn't say if their attack gets around MIC, which is a part of what 802.11 group i is wokring on.

    I'm not convinced this is a real crack.

  • Oh come on....security 101 (Score:1, Interesting)

    by Anonymous Coward
    Why on earth use a symetric cipher (rc4), and publish the private key?. Why not simply an asymetric system (rsa/dh/dsa)?

    Isn't this all rather over the top? all the hard work has beem done already, why don't we learn?
    All the popular operating systems now have built in public key, proved/tested technologies.

    This all seems like madness, re-inventing the wheel.

    VPN's to everywhere, hub and spoke, meshed, sureley its not that hard! We run 1000+ users, on a mixed wireless/hardwire network. All users are authnticated using SecureID onetime passwords (yes I've read the L0pht stuff, utter fantasy), so we have Authentication and Accountability! ONE POINT.

    Then guarantee (as best as possible) confidentiality! easy use public key encryption, built into IPSEC. TWO POINTS.

    And the lucky winner of 3 points, and I'm not a french judge! is, well availbility, retrict who
    can access the network/data/entity.

    What what!, no hacks yet!, I don't trust anyone, users are the worst, second external attackers, and then me and my staff.

    SCORE:3 Insightfull.

  • Just use IPv6 (Score:1, Offtopic)

    by konmaskisin ( 213498 )
    ... www.sixgirls.org

  • Client availability is the problem (Score:3, Interesting)

    by sjhwilkes ( 202568 ) on Saturday February 16, 2002 @03:05PM (#3018877)
    I'm responsible for security for a 20 acre wireless net. The biggest problem I have is that I inherited the net and it's multivendor.
    Cisco LEAP is great on 1/3 of it - and with WEP and 4 hour keys I feel it's as secure as I'd like it - running a VPN seems overkill and not user friendly. The Avaya (Lucent/Orinoco) bits are a pain because the client devices don't support any advanced security (they're cash registers) and on the Symbol bit the clients are handheld bar code scanners - which don't even support WEP.

    The solution, firewalls - each wireless net is a VLAN which only has limited connectivity to the rest of the net. Some cracker can spend the time to get onto the LAN if they want to but they're not going to find anything interesting. The couple of servers that are available are hardened as if they were on the DMZ - I suspect this is the answer for alot of firms until multi-vendor wireless security is sorted out, which I think will be in a year when the clients/APs are replaced with 802.11a or 802.11g devices (we'll wait for 802.11g 'cos the range on 802.11a is unworkable)

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close