Slashdot Mirror
Wireless LAN Encryption Standard Broken
doug13 writes: "A Rice University student cracks 802.11x encryption protocol in a week. Here is how he did it." We mentioned the cryptographic paper that underlies this attack a few days ago.
← Back to Stories (view on slashdot.org)
I'm not sure you said what you meant. If it is an SSL connection to buystuff.com then your traffic is already encrypted. If you introduce a proxy into this you will break the SSL. The salient point about WEP that people tend to ignore is that it is not designed to provide security, only Wired Equivalent Privacy. And indeed, even with the recent announcements 802.11 is at least as secure as running Ethernet cables through your parking lot.
The problem of being able to access someone elses 802.11 network is totally different than the problems with WEP.
Si vis pacem, para bellum
The only thing more annoying than a Libertarian is an (un|mis)informed Libertarian
For one thing, most of these attacks rely on sophisticated equipment that isn't readily available for people to use. And as the authors point out, the simple fix is to use end-to-end encryption (e.g., SSH) instead of expecting the WEP do it for you -- just as you would if you were on a broadcast network through your ISP (e.g., Roadrunner).
There is a threat of abuse from people with serious resources (e.g., the governments of developed nations), but even that threat is small. For now.
While I am occasionally one to lambast the hypocracy of slashdot (promoting products of the MPAA despite the MPAA's thus-far-successful attack on Free Software through movie and DVD reviews ... though the latter seem to have thankfully been discontinued), and while I concurr with your criticism (the link should not be to a format promoted by a company all those with conscience should be boycotting), this is, I think, reflective of lax editorial work rather than outright hypocracy. The link was submitted by a reader, not a slashdot editor.
... anyone analyzing the statistics of the logs will gain a false impression of people's preferences WRT the document's format, thus promoting PDF at a time we really don't want to be doing so.
That having been said, would the slashdot editors please change the link to point to the HTML version of the document? Boosting the clickthroughs to a proprietary format from an offensive company at the expense of clickthroughs to an open format (HTML) isn't helpful regardless
Just my 2 cents, of course.
The Future of Human Evolution: Autonomy
Agreed, but what needs to be done to make an 802.11b connection secure is combining a base station with a proxy server running SSH, tunneling the most common protocols (HTTP, SSL, FTP, NNTP, NTP, Telnet for the masochists). If there's no proxy tunneling my SSL connection to www.buystuff.com, then my credit card number will go through the air, completely insecure.
A Unix box with an 802.11 card running sshd and natd/ipfw could solve this problem; thing is that it'll cost about 4x more than just the base station, and most people don't understand why it's so necessary.
-jon
Remember Amalek.
He didn't crack any encryption, he merely showed a real world implementation of someone elses work using cheap hardware ...
Oh, like that will stop them from tossing him in the jail when they bust into his house.
Not.
--- Will in Seattle - What are you doing to fight the War?
> i'm not very well versed in encryption schemes,
> but why is it that the encryption schemes in
> DeCSS, Adobe PDF, and now 802.11 are so 'easily'
> broken, as opposed to 3DES or RSA that are
> being used in SSH & SSL? why aren't these
> algorithms being applied in 802.11?
A very simple reason underlies all of this: cost.
You see, your PC has a whole lot more horsepower than a PC card, both in terms of CPU and in terms of memory. It can easily afford the memory space and CPU cycles to perform beefier algorithms. PC cards, on the other hand, are much more limited, due to the fact that in order to make any profit, they have to be made for as little money as possible (believe it or not, pretty much all 802.11 radios are sold with exceedingly low profit margins. You'll notice the cheaper ones have lesser or no WEP capabilities, for instance). A few things sacrificed to cost: CPU speed, FLASH space, and RAM size. This is an environment where 80MHz is a high-powered CPU, and 1MB is alot of storage capacity/memory space. WEP encryption is only one of many, many other options that have to fit in there. Now, one option is to put the encryption into its own hardware. That frees up CPU cycles, plus some RAM space and FLASH (though not all by a long shot). However, hardware encryption adds to the cost of the PC card. In other words, it's real hard to win in these situations. This is why all manufacturers of WiFi radios recommend using VPN over a wireless connection, and not relying on WEP. WEP is there to help (it'll at least stop the random script kiddie from setting their card to associate to "ANY", walking through your parking lot and hopping on your LAN), but it was never meant to be the end-all-be-all of security for wireless connections.
That being said, IEEE is working on further security standards that require a lot more pieces (e.g. authentication servers, etc), but those standards are not yet finalized, and even when they are, the radios, access points, and servers will all cost extra.
It all boils down to this: to get a more adequate security system implemented costs more money, and most people don't want to spend more money on 802.11 equipment. (At least, that's been my personal observation, based on conversations with friends and customers of 802.11 equipment).
-Freeptop
Wrong. That wouldn't fix the 802.11b security problem at all.
The problem with this and all of the other recommendations about VPNs, SSH, etc. to "fix" the WEP problem is that they only work if every machine that uses the wireless LAN is secure. Because if one of them has an exploitable security hole, the whole network is compromised.
"But, but, those wirelessly-connected machines are outside the firewall," you say. Yeah, and they have all the keys, passwords, etc. required to slide right through that nice VPN connection and inside the network.
Face it: If you need security, and you need wireless, you have to have a firewall on every single wireless client as well as on the AP. Oh, and you'd better have a full-time admin for all of them as well, to keep up on the security patches.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Doing RC4 or AES at 11 Mbps in software is no problem.
Punching a hole in a standard is not illegal. Telling other people that you have punched a hole in a standard is not illegal. Demonstrating that you have punched a hole in a standard is not illegal. Telling others about how you punched that hole in a standard isn't illegal. Distributing the product that punches the hole in a manner reasonably calculated to advance the state of knowledge or development of encryption technology when engaged in a legitimate course of study and then providing the copyright owner with notice of the findings and documentation of the research is not illegal. Distributing the hack for noncommercial purposes is not criminally illegal.
Dmitry was allegedly selling a product designed primarily to commit illegal acts. That's why he was arrested, not because he demonstrated a security hole. He found it, then he tried to profit off of it by distributing it to people who paid him. Allegedly.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
the standard wasn't engineered to protect passwords from eventual decryption, etc. instead, it's a way that a network access point can enforce a security policy so that no traffic can get through on the lowest network layers until a client has sufficently authenticated to the access point. so a wireless hub (or even a wired hub) can say "hey, identify yourself!" and the client can say "hey, this is me!" and the hub will go to a authentication server (in Microsoft's case, they say a RADIUS server) and say "hey, is this (so and so)?" and if the authentication server says yes, then the hub will let the client's traffic through.
coupled with that is a protocol where access points can enforce a policy where clients must refresh their encryption keys on a hourly basis. so a network intruder must be able to crack these keys on an hourly basis to gain access to the network. a week is a joke... these 802.11x access points will be through several iterations of keys by the time one is cracked.
(interestingly enough, the protocol also includes provisions for someone who is wandering between wireless access points where one hub can vouch for the user and cause the newer hub to forward their traffic until authentication by the server is achieved, allowing for roaming without the 3 or so second delay that would be necessary for all of this to happen).
the point of all this is that it's not there to secure your cleartext POP password.. 802.11x is there because access points (be they wireless or ethernet or whatever) are becoming more prevalent in our society in public, physically insecure places, so a protocol has to be developed so that network admins can be sure that the right people are using it.
the protocol even allows (given 802.11x aware hardware) that user levels be granted based on the authentication server, so a guest might be allowed restricted gateway access to the Internet but their traffic may be physically restricted from reaching the LAN fileserver, whereas the admin is given the red carpet.
pretty sweet, from an admin perspective.
Just raise the taxes on crack.
Stubblefield's attempt took just under a week, which included the time taken to deliver the card, set up the testbed, perform debug and then finally retrieve the key.
Ouch.
-----
In all honesty though, this -could- be a good thing for us regarding laws. Here's an American graduate student that showed an immense weakness in a standard encryption protocol. Furthermore, he did it for no profit, without violating any copyrights, and while working with AT&T.
This could be very good. People (as in general society) would be a bit leary of Dmitry Skylarov because he is Russian and becuase it was a for-profit venture.
This student, OTOH, broke this w/o profit and without breaking any copyrights.
Hopefully (though I doubt it) this can hit at least semi-mainstream news, or, at a minimum, the ears of lawmakers and security analysts.
just so you know, airport uses 802.11, which is a fairly popular standard for wireless networks.
-- free as in swatantryam - not soujanyam.
As others have noted, end-to-end encryption is the best bet. However...
If there are control functions used by 802.11 nodes that depend on WEP for their integrity/privacy, the network could still be susceptible (even if your application data is secured end-to-end).
Would someone familiar with 802.11x internals shed some light on this? Thanks.
Yes this is new, because now it's no longer theoretical. It has been known for some time that WEP has problems. This attack was based on another paper that outlined WEP's weaknesses. What's new is that these guys went ahead and actually did it, in under a week, including locating the necessary hardware. They've gone beyond discussion, and demonstrated that WEP is fundamentally flawed.