Slashdot Mirror
New flaws in 802.11B
obobo writes "The New York Times (free reg yadda yadda) has a story about new flaws in the 802.11 standard, based on this paper. The upshot is that even with 128 bit encryption and MAC address control lists, it's still easy to hack."
Storing anything online makes it more easily accessible for good and for evil. Wireless is even less secure than online because a listen only tap point is untraceable.
Get an older scanner that will cover 868-894MHz (analog cellular). You'd be surprised how many people still read their credit card numbers, social security numbers, etc. over the air and in the clear.
The problem is not just encryption, its all that other stuff that goes around it. You need a good way to create and distribute keys and make sure that they are used well. Designing a secure system is not just slaping a 128 bit key encryption system onto what you already have, you need to plan it from the ground up very carefully.
Think of it this way if the bank has the world's best vault but transports the money in bob's old VW van. Then the bank has lousy security.
Erlang Developer and podcaster
Would you post a white-paper saying that the 802.3 NIC you bought didn't encrypt your traffic?
Unlike Ehternet/802.3, IEEE 802.11b is advertised as being secure. It isen't.
Papers like this one are important as it shows how expected features aren't there. It is a paper that that techs can use to show their managers why 802.11b should not be used, or why it is going to cost more then a few hours and the cost of the nics.
The reason that there's normally not security in layer 2 is because it usually is a physical connection, and thus you use physical security. Logical connections require logical security. Since you don't have control of the "wires" in wireless LANs, you _do_ need security.
Engineering and the Ultimate
The difference is that with a regular wired LAN, you can have physical security - you can control the wires. With wireless you have a totally new can of worms, because the wires are no longer under your control.
Engineering and the Ultimate
As noted in several other replies, 802.11a "operates at the 5-GHz UNII (unlicensed National Information Infrastructure) band and can achieve data rates as high as 54 Mbits/s" as noted by eetimes here and here
Twelve-and-three-quarter inches. Unyielding. This wand belonged to Bellatrix Lestrange.
ETSI (Europe) has lower maximum power requirements but they allow the same number of hopping frequencies as in the USA. In Japan and Canada, though, FHSS radios are limited to the lower half of what is the ISM band in the United States. So they hop on frequencies twice as much as they do in the USA. Something interfering with a radio in Canada would cause twice as much performance degridation as the same radio in the USA, but the problem is even worse with DSS radios in these markets because with only half of the US's ISM band to use, there are no overlapping channelsthus without proper antenna placement and frequency seperation, you are very limited to the total amount of bandwitdh you can aggregate with either technology, and especially DSSS.
~GoRK
The hopping sequence of a BSS cannot be determined or recieved reliably by a single radio without knowing the ESS ID of whatever cell you are currently in; however, the ESS ID can be determined easily after determining the hopping sequence.
As far as speed and range, Breezecom equipment (that I know of) will break the 802.11a spec and communicate at 3mbps. If another manufacturer's 802.11a radio comes within range, it will communicate with that raido at 2mbps, but 50% performance above the 802.11a spec often gives these radios a performance advantage over even DSSS radios, since a DSSS radio will talk at 11Mbps, 5.5Mbps, then 2 and 1. Over long ranges it is extremely rare that you can make a full 11Mbps link, and more likely that your 5.5Mpbs link will have less than 50% throughput... meaning that if you get about 2.9Mbps out of your DSSS radio at some distance, you are doing well, and if you can get 2.4Mbps out of a breezecom radio at the same distance, then you are not losing a lot by going with FHSS... Add to that the fact that because of the nature of FHSS technology, you can place probably 10-30 radios in the same band and aggregate the bandwidth, you will leave 802.11b in the dust.
Just some more thoughts on the matter...
~GoRK
I did not say it was impossible. I said it was much harder than DSSS. To reliably intercept FHSS with or without WEP requires 72 radios. Without knowing the ESS ID, you will not be able to accurately determine the hopping sequence of your BSS. I suppose you could have a smaller number of radios guessing the sequence, but it would take much longer and be much more complicated. Once you have the hopping sequence worked out, then you can deduce the ESS ID and then after that you could configure one radio to that hopping sequence and then you'd be in the same boat with 802.11b as far as the security of WEP goes. So, the hopping sequence on 802.11a is cryptographically secure from the ESS ID - but I do admit it is very weak crypto. If someone is spending this much money to hork onto your wlan, they could probably physically infiltrate your facility and steal the information necessary to jump on it a lot easier than they could figure it out. If you are that paranoid about your data, then you should be running a more secure form of crypto on top of the base anyway, like I said in my initial post.
~GoRK
You know you would have thought that with all the 802.11b stories on here, somebody would have mentioned the much more secure counterpart to 802.11b -- which is 802.11a, a frequency hopping standard that defines a much much much harder to intercept, much much much more stable, reliable communication (we are talking orders of magnitude) above 802.11b (Oh yeah, and plenty of equipment is available also.)
How come when LAN's go wireless, geeks suddenly forget the basic fundamentals of RADIO which, for the specific technology we are discussing, is almost as well understood as power generation. Wait a minute, but didn't the folks who delegated the IP address space give RADIO OPERATORS a quite enormous chunk for EXPERIMENTATION? Where are all these guys. For instance, the story that ran a few days ago where someone at O'Really (sic) declared that a 802.11b product was good because his microwave oven did not interfere with its operation might have taken one second to read the frequency of his microwave off the little label inside the door and look up the frequency of whatever channel his DSSS radio's was on before realizing that the microwave was (99% likely) not even on the same frequencies.
It's about time for all of you to go out and read how these radios and standards really work before making wild comparisons, accusations, etc. or being suprised when someone points out that the standard is not fundamentally secure. Here's a hint: It was never designed to be any more secure than wireline communications. The amount of money someone would have to spend to tap into your wired LAN is equivalent to the amount of money they would have to spend to intercept your wireless. If you require secure communications over wireless, use IPSec or encrypted tunnels. Just like you would do on the wireline.
Get it together. I am losing faith in you guys.
~GoRK
That's a pretty 1337 title for a paper, why didn't they just call it:
But seriously, this points out that you can't just trust someone to tell you their product is secure. Lucent's "closed network" sounds great, except for the part where it broadcasts the shared secret in the clear!
[smacks head in disgust, and hopes to never commit such a colossal blunder in my own work]
Your right to not believe: Americans United for Separation of Church and
I don't know where you make this stuff up from. There are exactly three hop sequences defined for use in North America and most of Europe.
From "The IEEE 802.11 Handbook: A designers Companion":
Set 1:(0,3,6,9,12...75)
Set 2:(1,4,7,10,13...76)
Set 3:(2,5,8,11,14...77)
Unless I am misreading something, there are only three sets of hopping numbers. Not exactly a difficult thing to guess if you need to.
Your insistance that DSSS is somehow easier to eavsdrop on FHSS is just a bunch of crap. Neither technology was designed with any resistance to eavesdropping in mind at all. You can't specify your own hopping sequence for FHSS, and you can't specify your own Barker sequence for spreading DSSS. Had the 802.11 folks cared at all about making eavsdropping hard, they would have let you do these. Of course, they probably wouldn't have gotten FCC approval, but what the hell.
So, just drop it. What little security you have is based entirely on the WEP, and not at all on your choice of slow FHSS vs fast DSSS.
I found some references. It is not possible to set arbitrary sequences. According to Breezecom (cached version here):
---quote---
For FHSS systems IEEE 802.11 defines 79 different hops for the carrier frequency. Using these 79 frequencies, IEEE 802.11 defines 78 hopping sequences (each with 79 hops) grouped in three sets of 26 sequences each. Sequences from same set encounter minimum collisions and they may be allocated to collocated systems. Theoretically, 26 FHSS systems may be collocated. However, as synchronization among independent systems is forbidden (synchronization would eliminate collisions), the actual number of systems that can be collocated is around 15.
---end quote---
I assume the three sequences are the ones I originally listed. If I'm not mistaken, it's considered a different "sequence" if you start in a different place. So:
1-5-9 is different from 5-9-1 and 1-5-9. So, an evesdropper would not be trying to guess a random sequence, he would just camp on one frequency, listen, and if a signal showed up he would start hopping. In other words, the 26 seqences vary only in time, so an eavesdropper only has to listen for a few seconds on one frequency to "check" all 26 sequences based on that set. Is that a fair assumption?
I also found a reference to an algorithm for determining which country you are in by checking which frequencies the AP broadcasts beacons on. In order for this to work, it requires the hop sequences to be well known for a given country. It's here
So, given this little bit of research, I still believe the claim that FHSS 802.11 is somehow more secure than DSSS 802.11 is basically crap. I would love to be proven otherwise.
But who ever said one of the duties of layer 2 was to provide security?
That's not entirely an accurate statement, I relize.. but the concept is there.
Ethernet is very hackable.
You should rely on higher-layer protocols to prevent hackability.... not your lowest layers. 802.11b was not developed for super-secret communications; it's not for spies. It's for every-day-people...
That's rather obvious. but you see, from a data protection point of view, most places don't audit every single jack in every single wall. They don't run switches in ultra-secure mode and don't use static arp tables on all their servers, etc etc etc....
Yes, there is a point, in that others should not be able to connect to your network. That's important.. but not the same thing as network security. We still need higher layer secure protocols.. ALL protocols...
By Pass Free Reg Required:
F LAW.html
http://channel.nytimes.com/2001/04/03/business/03
Wrong. You obviously missed this very important sentence at the end of section 5:
What's the significance of that? Well, we already knew that running an 802.11b network without WEP would be the act of a total moron. What the paper is saying is that *with* WEP you can attach to the network but you can't actually use it without the methods mentioned in the Borisov/Goldberg/Wagner paper. Those methods, in turn, are far from trivial. In fact, they're extremely difficult (but, admittedly, not impossible) to implement in the real world. In other words, nobody's network is actually likely to be compromised in this way. As another poster said, it's theoretically interesting, but of very little practical import.
Slashdot - News for Herds. Stuff that Splatters.
Frequency hopping 802.11a is dead easy to hack into - the standard ensures it. Basically, because all devices on the network need to know which frequency to hop to, this info is broadcast, along with timing details and other useful bits and pieces. So you don't need to guess. I have used a £100 802.11a card to hop on to a WLAN in under 2 minutes. It would have been faster, but I was using Winblows that day, and I had to reboot. 802.11a is cheap, low security and dead simple.
802.11b has its advantages - it is a lot harder to hack in a lot of situations, due to ambient rf noise and the chipping code can add a fair amount of front end security if you use a very long sequence, but it too can be monitored. Hence the term WEP - wired equivalent privacy.
I agree with the rest of the post, though:
You wouldn't have sensitive data on your wired network for all to see would you? No, you would encrypt it and use secure encrypted links. Do the same on your wireless LAN.
THAT'S THE WHOLE POINT
Here in the UK, the fact that we can only transmit at 100mW means an attacker does have to be fairly close, and some of my clients do add 'Tempest' type shielding where there is rf leakage, but again, their security comes from encrypted point to point links, and other means
Frog51
Actually, there is a really easy way to make these networks secure. Put your wireless access point outside of your firewall, then use VPN software on the client to connect to your intranet. You can also filter at your router to prevent people from getting a "free ride" on the internet if you are concerned about that.
That way, you totally bypass the WEP and have a reasonablly well tested security model (VPN) guarding your data.
When I set up 802.11b in my house, that is what I am going to do...
One thing that you may also want to consider is that you may wish for your wireless clients to be behind a firewall for one reason or another. In the case of most home users they probably need their firewall to assign non routable IPs via DHCP for all wireless connections. Thus, for the home user a DMZ of sorts would be an ideal solution. Naturally, your trust model for this DMZ would be different than for a DMZ that consists of webservers and such and would be on a different segment than the webserver DMZ.
_____________
I don't want free as in beer. I just want free beer.
An analysis of the WEP algorithm can be found here. The document points out a lot of the flaws in the algorithm and what attacks it is vulnurable to.
Fine. I don't think the code should be released either. But they damn well ought to test it, see how long cracks take under various real world conditions, and publish the results. If it's under an hour, businesses should throw 802.11b out the window immediately. But if it takes a week of constant sniffing, personally I'd be more worried about black hats posing as janitors or some such.
burden of proof lies on the IEEE group to prove that WEP is secureSure, I agree that WEP is weak. But all security is relative. Any prime-number-based encryption can be broken with sufficient cycles. So tell me Mr Owl, how many licks does it take to get to the center of 802.11b?
So yet another academic has written up a mathematical proof of the flaws in 802.11. Hurrah. I see one small flaw in their reasoning -- not a single one of those papers includes a section where the author says "I personally sat down with my laptop outside a WEP-enabled office building and cracked the network in [foo] minutes/hours/days/whatever".
My BS is in Math, so I know for a fact that this old joke is often true: "Mathematicians don't need to be good at counting, we just care if it's countable". Until one of these professors (or more likely their grad students) actually writes the necessary decryption code and does it, we still don't know exactly how easy or difficult the crack is.
Honestly, I've gotten to the point where I don't trust wires of any kind, let alone wireless. It's hard enough to trust the endpoints and the encryption between in a secure exchange, never mind trusting your ethernet. Maybe if the government wasn't all gung-ho about preventing nefarious criminals from getting encryption (as if the government opposing it would stop them), then the citizens would already have lightweight encryption capable of securing even a communications medium like this. But, hey, "law-abiding citizens don't need encryption", right?
Lets spend just a minute thinking about how important this really is. When Bobby Java is sitting in Starbucks, using their wireless connection, what is he likely to be doing? Deleting the 12 e-mails he got last night offering him a low rate mortgage and greater sexual prowess? Browsing the New York Times? /.? Making a lunch date or dinner reservations? Reading Doonesberry? I'm sure there will be eight or 10 people cruising the streets of Seattle trying to pick that important information out of the air.
......
My US Mail is left every day in a box, on a pole, by the curb, next to the street. No lock. No encryption. I can't remember worrying about someone getting in and stealing my weekly discount shopper coupons or my bank statement or my VISA bill.
Come to think of it
You don't 'control the wire' unless they're both fully tempest shielded and contained in an airtight pipe pressurized with inert gas.
Vintage computer games and RPG books available. Email me if you're interested.
I could duct tape an IPSec security gateway (e.g. Nortel) to an AirPort and have a solution for secure, point-to-point wireless connectivity. The government couldn't stop me from selling that - and they won't stop router makers from adding 802.11 to secure vpn products. Haven't for years.
sulli
RTFJ.
Seeing how security over normal wires is very hard to implement, it's really no surprise that wireless devices are more vulnerable...
/. has a few articles that touch these subjects. Shielded PC casings. Some TEMPEST docs released. More docs revealed. Scan the EMF spectrum. This is the same docs as above I think.
I guess the only way to make something like that secure to a satisfactory degree (right now), would be to build a radio-dead building with radio-dead windows, so that only wireless devices within the building can connect... That'd bring security up to current level of wiredevices... Which means that you would have to have physical access to the LAN...
Building something like that has a few advantages for the paranoid, it would also block electronic emanations. I think buildings like that are referred to as TEMPEST buildings...
Any technology distinguishable from magic, is insufficiently advanced.
Dave Wagner at Berkeley published info about weaknesses in 802.11 several months earlier.
The basic protocol flaw is that a stream cipher is used with an insufficiently large initialization vector. If a block cipher had been specified the protocol would actually be reasonably secure. The reason a stream cipher is problematic is that the ciphertext consists of the plaintext xored with the cipher stream. This makes all sorts of integrity attacks possible and means that the security of the system depends on the initialization vectors never being re-used.
The more serious flaw is the belief that the difference between a wireless network and a wired one is that the network is no longer protected by physical security measures. Ethernet may be insecure, but in most cases access to an ethernet requires physical access to the building in question. With a wireless card a sacked employee can be surfing the intranet from the car park.
The most serious security risk of wireless then is the lack of authentication, in an ethernet network there is an implicit authentication that is obtained by having got through the front door. WEP makes no attempt to duplicate this, nor do the remediated versions of WEP. All the 802.11b users in a network share the same access key
There are plenty of ways to make this secure, unfortunately that is not on the agenda. Patching up the privacy so as to make the cards sellable is all that is likely to happen in the short run. Bodge 'em and flog 'em. The purpose of WEP is not to give users security it is to overcome the customer's legitimate security concerns so as to make a sale.
The obvious security solution is to bind a private key into each card, just as is happening with newer cable modems. The public key certificate fingerprint for the card is printed on the case. To enable a new card for access to the network the admin adds the fingerprint to the 'authorized users' list.
Sure there are some remaining risks - extracting the private key from the device for e.g. but it is unlikely to be possible to extract a private key without the authorized device holder knowing (particularly if we all read Paul Kocher's articles on timing and power analysis attacks).
In summary, the WEP protocol should be discontinued in its present form. Early deployers would be well advised to ignore the layer 2 security on the card and wrap VPN security arround it, such as IPSEC or PTPP etc. That gives security but the crypto processing is now being done on the processor and not on the 802.11b co-processor where it belongs.
The other piece missing from 802.11b deployments is that at the moment security is a binary switch. I would quite like visitors to the company to have Internet access from our conference rooms but not Intranet access. It should be possible to configure the base station to allow any PC to connect to the outside Internet without requiring an authentication key ahile requiring an authentication key for access to the local area network. Same goes in a large enterprise where employees from another division may be allowed access to the Internet (and their own LAN) but not the division they are visiting.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
WEP is encryption, the problem is that it is bad encryption. They used a stream cipher in a way that a stream cipher does not provide security.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Do remember that if someone is willing to spend big $$$ on it, they can pick up everything passing through those twisted pairs from an antenna across the street. The CIA has done much tougher interception jobs. I think few, if any, industrial spies would have the capability now, but that sort of equipment will benefit from Moore's law also. So some day you are either going to have to encrypt everything, or run fiber to the NIC...
But wireless has an extra layer of insecurity -- not only can you spy on it easily, but you can also inject false data.
True, true... For an analogy from a slightly different field: some professional car thieves can create a key to fit your car and drive away in 60 seconds, but most stolen cars had the keys left in them...
1. Who ever told you the Internet was secure? Whoever it was, is, as we say, a lamer.
2. I ran into the Airwave guys in front of Fry's Palo Alto store a couple of weeks ago, and snarfed some of their lit. Their idea is cute, but they have a major chicken-and-egg problem: they need to either sell access to users before locale proprietors will sign up en masse, or they need to sell locale installations before the users will sign up en masse. And 90% of their 100 or so hits so far are coffee shops. Who spends more than ten minutes in a coffee shop, and are enough of those droids interested in wireless connectivity that you'll make any money at $1.99/use or $9.99/mo? And now their tech is compromised, so you can't even trust you're not giving away your Next Great Mobile SKU Database Platformation Business Model plan to the Latte Mafia when you're WEPping it to your bankroid. Tsk, tsk.
--Blair
"There's a joke here about ALL YOUR BW ARE BELONG TO US but I'm feeling too conservative to use it, today."