Replacing WEP for Wireless Security

i.r.id10t writes "Over at infoworld.com they have an article about the organization that certifies wireless LAN products under the Wi-Fi name revealed new specifications Thursday for how vendors should make their products more secure. The guidelines call for new mechanisms to replace the current security system, based on WEP, which has come under fire for being too easy to circumvent. The certification body, Wi-Fi Alliance, plans to lay the mechanisms out as optional features beginning in February and require them for Wi-Fi compliance about six months later, said Dennis Eaton, chairman of the Wi-Fi Alliance."

Secure by default

[iiioxx]

I think it's great that wireless standards are expanding to include better security, but I think the real problem is with the way the products ship from the manufacturers. WEP would be a "good enough" security protocol for the average application, IF IT WAS USED CONSISTENTLY.

But every wireless product I've ever used (and there have been a lot of them) shipped by default with WEP disabled, I guess to make it more plug-and-play. In my mind if you want to make wireless networking more secure, start by shipping the products with WEP enabled by default, and require the user to configure a unique SSID and WEP passphrase when they setup the equipment.

I mean, you could have a rock-solid encryption protocol, but if nobody is using it... what's the point?

Compatibility

[JoshuaDFranklin]

A task group within the IEEE... 802.11 working group... is now working on a tough new security standard called 802.11i. However, it isn't expected to ratify that standard until September 2003, so the Wi-Fi Alliance took a "snapshot" of 802.11i.

Great! More non-standard possibly incompatible implementatins ahead.

For home users, the eventual goal is to have the new security features activated out of the box

This would actually help a lot, as long as "activated" doesn't mean "password set to 1234".

This article also didn't say anything about vender support, especially whether all the existing 802.11b gear will get new firmware. This is a really big deal for someone like a Uni or Wireless ISP where students/customers are going to try to buy the cheapest stuff they can find and expect it to work.

But is it easy to implement?

[robdeadtech]

I don't see this doing much good for the 60-70% of access points that are totally unsecured out there today.

Wireless manufacturers are doing such a poor job now "wizardizing" or even simply mentioning security concerns in the setup of the access point/wireless card, you could have DH encryption on the thing and 70% of the AP's out there would still be wide open.

Also, I don't see how this will affect the majority of the wireless access pionts currently out there. Will the current access points be able to inherit this functionality via a BIOS flashe to support this encrytion? and if so, how many people will actually do it?

Stupid!

Wired equivalent privacy? You haven't sniffed an ethernet cable, have you?

Don't trust the wire (or wireless). YOU DON'T HAVE TO!!!

Why try to create new technology for this? The problem can be solved with technology OFF THE SHELF.

Linksys makes a "VPN router" that uses IPSEC and 3DES for under $100. It works fine with windows 2000 ipsec and many many others. I use it with OpenBSD. Linksys also makes wireless access points. Combine the two devices! Problem solved.

Now if linksys would combine the two devices into 1 box and write some clear documentation for the newbies, they would have a great product!

Are you listening linksys? d-link? netgear?

Hmmm. Maybe I should go patent this idea.

Government Security Flaw

[UTPinky]

I don't remember if this was ever posted to /., but this summer I was reading an article in some magazine, where supposedly a group stood across the street of some high-security military building (I want to say pentagon, but I'm not 100% sure) and was able to sniff the wireless network name. They then did a DOS on one of the APs, stole it's IP and had full access to the wireless part of the network. Now granted the wireless network was not connected to anything "too sensitive" but was used to control all of the security cameras... There's our tax dollars at work for you. It was supposedly fixed immediately once they were contacted about the whole... Just thought of this as I was reading and figured I'd share.

Re:why don't they realize

[invenustus]

The best thing to do, if you have the option, is to have a box somewhere on the network with inbound ssh access. At work and at home, I've got a laptop and a Linux workstation. I SSH-tunnel everything sensitive (IMAP, AIM, even web pages) through the work station. People can sniff my traffic all they want and without breaking SSH2, they can't do anything with it.

At some point, I'd like to write a tool that would set this all up transparently, but that's in the distant future. (Is there a way to add a tunnel to a running SSH session?)

WEP as expression of intent

[Ungrounded+Lightning]

... if the manufacturers ship with WEP by default, then there'd be quite a few people leaving them on with the default keys... yet another problem

Actually, it looks more like a solution.

WEP, now that it's so thoroughly cracked, is useless for actual security against even a mildly-interested eavesdropper. But WEP also serves another funciton.

In much of the computing industry and culture, permissions serve another purpose - the expression of intent. A read-any file is intended to be read without bothering to ask, a read-owner-only file is intended to be private (i.e. don't break the lock without asking even if you're the sysadmin), and so on.

Many people deliberately leave their WiFi hubs open and allow them to be used (on a non-interference-with-owner's-use basis), for a variety of reasons. The configuration COULD be used to indicate intent - open = go ahead, WEP on = I want it private, etc.

But that is compromised by the practice of having WEP off by default. If WEP is on it's clear that the owner DOESN'T want you using it without at least asking permission. But if it's off, was it because the owner is granting permission, or because he just left the default in place, typically through ignorance.

Shipping with WEP on and a default key adds a clear third category:

- WEP off: It was TURNED off, a clear sign of intent to let the port be generally used (or total cluelessness).
- WEP on, non-default key: The key was changed, a clear sign that the user INTENDED the port to be reserved for those to whom the owner granted permission.
- WEP on, default key: The configuration is default. The user's just plugged it in and started using it, so his intent is not clearly expressed.

Unfortunately, every security option that's on by default means an additional barrier between a new user and getting something to work. So it represents a flood of service calls, and a heavy extra expense. Thus, vendors have an incentive to ship products with security options off by default, leaving the user wide open until they become sufficiently educated (or burned) to pay attention to plugging the security holes.

PKI

[redcliffe]

Why don't we just add public key encryption to the TCP/IP stack? When you join a WLAN you broadcast your public key, the others broadcast their's back to you. This key could be used to sign messages and to join the network you'd have to have your key signed by someone already in the network. With sufficiently long keys it's unbreakable by the script kiddie walking past.