Slashdot Mirror

← Back to Stories (view on slashdot.org)

Replacing WEP for Wireless Security

Posted by michael on from the ha-ha,-he-said-wireless-security dept.

i.r.id10t writes "Over at infoworld.com they have an article about the organization that certifies wireless LAN products under the Wi-Fi name revealed new specifications Thursday for how vendors should make their products more secure. The guidelines call for new mechanisms to replace the current security system, based on WEP, which has come under fire for being too easy to circumvent. The certification body, Wi-Fi Alliance, plans to lay the mechanisms out as optional features beginning in February and require them for Wi-Fi compliance about six months later, said Dennis Eaton, chairman of the Wi-Fi Alliance."

3 of 79 comments (clear)

  1. Re:WEP? by Proaxiom · · Score: 1, Offtopic

    Yes, but for some reason that's a common error. I've seen WEP expanded to 'Wireless Encryption Protocol' in a few places. It's just one of those things, it seems.

  2. Re:WEP? by Zeinfeld · · Score: 1, Offtopic
    Yes, but for some reason that's a common error. I've seen WEP expanded to 'Wireless Encryption Protocol' in a few places. It's just one of those things, it seems.

    I don't know if the change is official yet but I have been deliberately trying to change the name.

    The problems with WEP started with the name. It contains a broken metaphor and dooms the project to failure. First it asserts that privacy is the issue, ignoring integrity and access control is a typical rookie mistake

    Second we have security by analogy. If X is secure and we provide the security characteristics of X we have security - NOT. Ross Andersson has some great examples here. I use WEP as my example. The problem is that the security threats faced in a wireless protocol are completely unrelated to those of a wired protocol. It is no longer necessary to have a physical connection to access the network.

    Bodging the requirements means that WEP did not address important issues like how to deal with the sacked employee who is surfing the internal network from the car park.

    Yet another problem is that to some people 'privacy' is simply a weaker form of confidentiality. I don't think that it was being considered in the comsec sense of a very challenging form of confidentiality where you attempt to disclose information but with strings attached.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  3. Re:WEP? by geekindustries · · Score: 0, Offtopic
    But Google finds over 20 times as many hits on "Wired Equivalent Privacy," so that's the de facto winner. I'm guessing "Wireless Encryption Protocol" is just such a good expansion of the acronym that it's sprouted up all by itself. That's actually what I had understood "WEP" to mean until 10 minutes ago. :)

    google fight show this: Wired Equivalent Privacy ( 61 400 results) versus Wireless Encryption Protocol ( 129 000 results)

    --
    Hard work usually pays off over time, but procrastination pays off now.