Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Claim to Crack 802.1x WiFi

Posted by timothy on from the security-is-an-illusion dept.

satsujin writes: "Researchers from the University of Maryland have released a paper on the weaknesses found in the 802.11x protocol. It looks like it might not be as strong as Cisco has contended."

6 of 109 comments (clear)

  1. The Unofficial 802.11 Security Web Page by arnoroefs2000 · · Score: 5, Informative

    ...has alot more info on the security issues concerning this protocol.

    The Unofficial 802.11 Security Web Page

  2. The Researchers' Wireless Research Page by guttentag · · Score: 5, Informative

    Here's the UMD Professor's 802.11 Research page

  3. Let's get the "Inherrent Problems" out in the open by Millard+Fillmore · · Score: 5, Informative
    This article mentions "inherrent problems" quite a bit, but doesn't really enumerate them. Let me try and do that. In a wireless network, every piece of data being sent between any two nodes is available to anyone in the area with the right kind of radio receiver. It's that simple. Some of the more advanced authentication protocols make it harder for someone to set up a session on a wireless network, and from there get access to an entire LAN, but regardless of that, there is still data being sent over the airwaves.

    Because of this, a security administrator, or even a home user, has to assume that every packet sent over a wireless connection is intercepted. Until there is reliable encryption that takes prohibitively long periods to break (remember, WEP is broken, and the break is a relatively quick one), this technology is simply unsecure, particularly for corporate use.

  4. 802.1x != 802.11x by lizrd · · Score: 5, Informative
    Please note that the x in 802.1x is not a place holder for the the 1b at the end of 802.11b. 802.1x is a port bases security standard that was developed mostly for the use of switches to allow access even when the physical location of a switch port might not be physically secure.

    This standard has been extended for wireless use. The problem described in the paper is quite different from the problem of cracking WEP. 802.1x uses a similar method of authentication and encryption that SSL does. It also provides for the possibility of changing WEP keys periodically. Although WEP is quite flawed, that problem can be avoided by changing the key on a per client basis with greater frequency than is required to determine what the key is.

    The problems described by the paper could only happen in an exceptionally poorly configured wireless deployment. For these exploits to work you would have to be using 802.1x with WEP encryption disabled. This would be a strange thing to do since one of the main purposes of using 802.1x is to get effective WEP key rotation. For the man in the middle attack, you would need to have an imporperly configured authentication server (usually RADIUS).

    --
    I don't want free as in beer. I just want free beer.
  5. Re:Just curious... by gclef · · Score: 5, Informative

    Sorry, no. Many operating systems (and most cards these days) allow you to change the MAC address of the card. Given that you're broadcasting your MAC with all the rest of your traffic, someone could just change their card to your MAC address & be on your network.

  6. Re:Let's get the "Inherrent Problems" out in the o by swillden · · Score: 5, Informative

    You can two parties can use Diffie-Hellman key exchange [swcp.com] to agree on a key even when all traffic is being watched.

    As long as an attacker can only watch, this is true. An active attacker can mount a man in the middle attack (one of the attacks in the article was exactly this type) against a naive implementation. However, used correctly, DH can provide secure key agreement.

    Also, there is plenty of "reliable encryption that takes prohbitibitively long periods to break", such as...

    All of this is unnecessary. Why would we want to use a prohibitively slow block cipher like 3DES, or even a moderately slow block cipher like any of the AES finalists, when the stream cipher already used in WEP is perfectly adequate? RC4 is a well-respected cipher and can accomodate ridiculously large key sizes. WEP's problems aren't related to the algorithm, but to the misuse of the algorithm (it's a well-known fact that with RC4 you *must* discard the first few bytes of the keystream to permit the state table to be adequately mixed).

    The article commented that they're considering AES for the next generation of wireless security, which makes it clear to me that they still don't get it. The problem *isn't* that RC4 is insecure, in which case using AES would be a nice fix, the problem is that *any* cipher applied in a foolish way by people who don't understand cryptographic protocol design will be weak, no matter how good that underlying cipher is.

    I only hope that they're smart enough to publish the new protocol and solicit reviews and comments from people who do know what they're doing. Of course that only helps if they listen to the responses. As Arbaugh and Mishra point out "If anybody breaks [the encryption], they not only break the confidentiality but they also break the access control and the authentication so one break breaks everything. That is not good design. Each security mechanism should stand on its own." What they need is a fundamental redesign, not a new cipher, and they may not want to hear that.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.