New flaws in 802.11B

obobo writes "The New York Times (free reg yadda yadda) has a story about new flaws in the 802.11 standard, based on this paper. The upshot is that even with 128 bit encryption and MAC address control lists, it's still easy to hack."

Re:point to point encryption

[Zachary+Kessin]

The problem is not just encryption, its all that other stuff that goes around it. You need a good way to create and distribute keys and make sure that they are used well. Designing a secure system is not just slaping a 128 bit key encryption system onto what you already have, you need to plan it from the ground up very carefully.

Think of it this way if the bank has the world's best vault but transports the money in bob's old VW van. Then the bank has lousy security.

Re:Gee... you think?

[GoRK]

I did not say it was impossible. I said it was much harder than DSSS. To reliably intercept FHSS with or without WEP requires 72 radios. Without knowing the ESS ID, you will not be able to accurately determine the hopping sequence of your BSS. I suppose you could have a smaller number of radios guessing the sequence, but it would take much longer and be much more complicated. Once you have the hopping sequence worked out, then you can deduce the ESS ID and then after that you could configure one radio to that hopping sequence and then you'd be in the same boat with 802.11b as far as the security of WEP goes. So, the hopping sequence on 802.11a is cryptographically secure from the ESS ID - but I do admit it is very weak crypto. If someone is spending this much money to hork onto your wlan, they could probably physically infiltrate your facility and steal the information necessary to jump on it a lot easier than they could figure it out. If you are that paranoid about your data, then you should be running a more secure form of crypto on top of the base anyway, like I said in my initial post.

~GoRK

Gee... you think?

[GoRK]

You know you would have thought that with all the 802.11b stories on here, somebody would have mentioned the much more secure counterpart to 802.11b -- which is 802.11a, a frequency hopping standard that defines a much much much harder to intercept, much much much more stable, reliable communication (we are talking orders of magnitude) above 802.11b (Oh yeah, and plenty of equipment is available also.)

How come when LAN's go wireless, geeks suddenly forget the basic fundamentals of RADIO which, for the specific technology we are discussing, is almost as well understood as power generation. Wait a minute, but didn't the folks who delegated the IP address space give RADIO OPERATORS a quite enormous chunk for EXPERIMENTATION? Where are all these guys. For instance, the story that ran a few days ago where someone at O'Really (sic) declared that a 802.11b product was good because his microwave oven did not interfere with its operation might have taken one second to read the frequency of his microwave off the little label inside the door and look up the frequency of whatever channel his DSSS radio's was on before realizing that the microwave was (99% likely) not even on the same frequencies.

It's about time for all of you to go out and read how these radios and standards really work before making wild comparisons, accusations, etc. or being suprised when someone points out that the standard is not fundamentally secure. Here's a hint: It was never designed to be any more secure than wireline communications. The amount of money someone would have to spend to tap into your wired LAN is equivalent to the amount of money they would have to spend to intercept your wireless. If you require secure communications over wireless, use IPSec or encrypted tunnels. Just like you would do on the wireline.

Get it together. I am losing faith in you guys.

~GoRK

Re:Gee... you think?

[Xenu]

If you think frequency hopping is, by nature, secure and hard to intercept, I have a nice bridge in Brooklyn that I would be willing to sell you. The NSA and military have been intercepting these types of systems for decades.

If the system does not have a cryptographically secure hopping sequence, which is just about everything on the market, it is trivial to intercept. Even with a secure hopping sequence, it is possible to reconstruct the signal in many cases. Think wideband receivers and directional antennas connected to a signal processing computer.

"Your 802.11 Wireless Network has No Clothes"

[ethereal]

That's a pretty 1337 title for a paper, why didn't they just call it:

"All Your WEP Are Belong To Us"

But seriously, this points out that you can't just trust someone to tell you their product is secure. Lucent's "closed network" sounds great, except for the part where it broadcasts the shared secret in the clear!

[smacks head in disgust, and hopes to never commit such a colossal blunder in my own work]

No Free Reg Required.

[matth]

By Pass Free Reg Required:

http://channel.nytimes.com/2001/04/03/business/03F LAW.html

WEP algorithm

[danielhsu]

An analysis of the WEP algorithm can be found here. The document points out a lot of the flaws in the algorithm and what attacks it is vulnurable to.

Damn ivory tower papers

[frankie]

So yet another academic has written up a mathematical proof of the flaws in 802.11. Hurrah. I see one small flaw in their reasoning -- not a single one of those papers includes a section where the author says "I personally sat down with my laptop outside a WEP-enabled office building and cracked the network in [foo] minutes/hours/days/whatever".

My BS is in Math, so I know for a fact that this old joke is often true: "Mathematicians don't need to be good at counting, we just care if it's countable". Until one of these professors (or more likely their grad students) actually writes the necessary decryption code and does it, we still don't know exactly how easy or difficult the crack is.

point to point encryption

[MattW]

Honestly, I've gotten to the point where I don't trust wires of any kind, let alone wireless. It's hard enough to trust the endpoints and the encryption between in a secure exchange, never mind trusting your ethernet. Maybe if the government wasn't all gung-ho about preventing nefarious criminals from getting encryption (as if the government opposing it would stop them), then the citizens would already have lightweight encryption capable of securing even a communications medium like this. But, hey, "law-abiding citizens don't need encryption", right?

Re:point to point encryption

[Gruneun]

Honestly, I've gotten to the point where I don't trust wires of any kind

Agreed, but encryption will never be absolutely secure, despite what a government does or does not do. The key is to know who's intereted in your data and plan accordingly. The level of encryption only needs to be stronger than what someone else is willing to attempt breaking.

A prospective victim in a police station isn't absolutely safe, but it's much more likely that they'll be left alone there by someone only interested in lifting thir wallet. The mob snitch is a different story.

Well...

[Daath]

Seeing how security over normal wires is very hard to implement, it's really no surprise that wireless devices are more vulnerable...
I guess the only way to make something like that secure to a satisfactory degree (right now), would be to build a radio-dead building with radio-dead windows, so that only wireless devices within the building can connect... That'd bring security up to current level of wiredevices... Which means that you would have to have physical access to the LAN...
Building something like that has a few advantages for the paranoid, it would also block electronic emanations. I think buildings like that are referred to as TEMPEST buildings...
/. has a few articles that touch these subjects. Shielded PC casings. Some TEMPEST docs released. More docs revealed. Scan the EMF spectrum. This is the same docs as above I think.