Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Fast Packet Keying" Improvements to WEP

Posted by michael on from the what-me-worry dept.

Weedstock writes: "BBC Tech News has an article about the latest development in wireless networking security. It seems that RSA Security has improved the encryption system used by the protocol. Will this new update finally make wireless networking secure? You can also find a list of papers about wireless security issues here." RSA has a press release about their changes to WEP being accepted by the 802.11 committee.

5 of 88 comments (clear)

  1. I know... by The+Paradox · · Score: 3, Insightful
    ...that it isn't fashionable - or geeky - or (mostly) smart - to thumb one's nose at security issues. But frankly... I'm not that worried about 802.11b's encryption problems. Why? I use 802.11b over my home network, totally unencrypted. I live on a dead-end court, so "war drivers" aren't an issue, especially since the access point I'm using has an effective range that makes me turn the 'top the right way to get reception when I'm on the other side of the house (not centered, because of layout issues).

    Yes, I know, perhaps it's stupid of me, and I'm planning to set up some kind of security. But for many users out there - the people who wanna be able to check their email from the kitchen - weak security is just not a problem. Just so long as the spooks don't start wanting wireless access... :D

    --
    Pain(n): when you're telnetting into a box doing somethin cool, and some luser calls for help with a 'critical error' ad
    1. Re:I know... by Anonymous Coward · · Score: 2, Insightful

      its great that you dont care. this doesnt change the fact that someone can use your wireless connection to do something illegal and you're going to have a very difficult time proving that it wasnt you. this also doesnt stop others from snooping everything you do over your wireless connect. just because you personally have no interest in security doesnt make it a non issue. in fact, its makes it more of an issue because lots of people feel like you--they could care less about keeping up with security. its up to those who care to make things safe and secure for those who dont.

  2. Re:not that secure by swillden · · Score: 3, Insightful

    All the stations on the wireless lan are configured to drop all but the IPSEC traffic.

    Bravo! This is the absolutely crucial element that most people miss. If any of the wirelessly-connected stations accept any non-authenticated traffic, they're vulnerable to being compromised, which, in turn, compromises the entire network, wired and wireless.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  3. Re:not that secure by swillden · · Score: 3, Insightful

    The "improved" technique has been changed a few times as weaknesses were discovered. It is quite possible that the new WEP can be cracked as thoroughly as the original.

    Remember, it's a *good* thing that the new technique has been cracked a few times. Had serious (or even rudimentary) cryptanalysis been applied to the original protocol, we'd never have gotten into this mess. RSA Data knows how to create good cryptography, and wireless networking is important enough that many other people will take a hard look at this new protocol before it's implemented.

    the key-mixing technique requires that a new temporal key be set up every 16K packets - a sign of weakness

    Very possibly. It certainly seems not to leave a whole lot of margin for improvement in the face of any new attacks. However, I don't know how much conservatism is built into the 16K number.

    It is more foolproof to rely on IPSEC as other posters observe.

    Absolutely. As long as all hosts have firewalls that drop all non-IPSEC traffic. However, it's worth remembering that the original intent of WEP was to build something that approximated the security of a wired network. Although the first attempt failed utterly, if the upgraded protocol can just make all passive attacks infeasible and make active attacks fairly difficult then the original intent will have been achieved.

    Had it been designed by knowledgeable cryptographers, WEP would have been as strong as IPSEC, which would have been great. As things are now, the patched system won't ever be as good as WEP could have been, but it probably will be as strong as it needs to.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  4. Problems... by Tom7 · · Score: 2, Insightful


    - every card knows every other card's public key, so the storage requirement grows polynomially with the size of the network (not good).
    - key exchange is a non-trivial step; in order to have adequate security you need to protect against man-in-the-middle attacks.
    - using fixed keys is probably not so smart, since recovering the device would mean that you could decode all messages previously sent to that device, and a device with a compromised key could never be used securely again.