Slashdot Mirror
Security evaluation of 802.11i
Uberhacker.Com writes "Server Pipeline features an interesting report on the security viability of 802.11i. As most observers of the WLAN industry are aware, the security features found in the original standard were woefully inadequate. To a certain degree, these deficiencies reflected the perception that security services are normally implemented at layer 3 and above. 802.11i's privacy services are built on top of AES, a strong encryption standard that passes muster with even the most paranoid security administrators."
It's "pass muster"...muster is a roll call of troops or an inventory. To pass muster is to have enough x on hand for the job.
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
...to crack WEP, according to Airsnort. Whew!
The Army reading list
Perhaps because it was not invented in the US?
Perhaps because the NSA already tried (and failed miserably) to obtain and enforce a monopoly on cryptography. (remember clipper? well phase II was to make all non clipper cryptography illegal, they failed)
There are legit explanations besides the old "NSA can break ANYTHING" one.
Frankly it is probably easier for them to intimidate/bribe people into giving them encryption keys than breaking the algorithm.
Finkployd
That's security through obsurity, really, isn't it?
AES et. al. means that noone can eavesdrop on your conversation - It's encrypted form end to end. That means if your talk to your bank via https over an AES secured connection, your connection is secured to thier web server at layer 2, while your passwords etc. - session data - are encrypted at layer 4.
That way, if someone does somehow break into your converstaion, the session data is still protected.
AES secures the physical layer, the other systems secure the actual conversation.
Soko
"Depression is merely anger without enthusiasm." - Anonymous
"802.11i's privacy services are built on top of AES, a strong encryption standard that passes muster with even the most paranoid security administrators" No, not really. I would much rather use Serpent (the AES runner-up) than Rinjdael (the AES standard) for my encryption. As one of "the most paranoid security administrators," I'm rather annoyed that speed was chosen over security for the AES standard.
In soviet russia, You ask not what country do for you, but what you do for country!
Oh wait...
As a person working in the network security arena for nearly 15 years the problem is divulging your internal topology. Now this might not bother you at home for corporations that deal with real data (see $$$) are very concerned about this.
I have worked with the air fortress and it encrypts at the layer 2 level so no network topology can be determined.
Very nice but it would be even better is it didn't require a client or that the client was ubiquitous with the driver.
Nick Powers
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
There is definite advantage to hiding what packets are going where.
:) and because I rarely get postal mail, but it is possible.
Extreme Example: I may check mail from a corporate mail server. My mail session is encrypted via SSL but you can still tell which server I am communicating with. Let us say someone knew that an employee of my company lives in my town, and they wanted to find out which house that employee (me) lived in so that they could start monitoring their physical mailbox for some important letter.
If they came to my town, which uses 802.11b WISPs which 1/2 of don't use encryption because WEP is so breakable (I wish they'd turn it on to protect from casual tapping, but oh well, at least my email is sent over SSL), they could drive around for a few minutes sniffing until they triangulated the signal that was sending packets to that corporate mail server.
Am I worried about this happening? Not so much, because I have a P.O. box
Additionally, many people don't have the ability to tunnel their unencrypted data (like port 80 web traffic) to obtain ubiqitous encryption over wireless. I personally think that is the next evolution of wireless routers (including easy but secure VPN services on the router itself which can be used in conjuction or in place of lower level encryption). But until it becomes easy for the masses having a strong, common low level encryption technology is key.
It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
Personally, I don't see why they don't use public-key systems for this stuff. Why doesn't each client just generate a keypair and use that to exchange a random session key?
Crypto 101: don't encrypt any redundant or easy-to-guess data.
Completely wrong. Crypto 101: don't try and work around unknown flaws in the crypto at higher protocol levels - you're doomed to be chasing your tail forever. Use a secure protocol, and rely on it. AES in EAX mode will be secure no matter how redundant or easy-to-guess your data is.
I'm pretty sure your information about Kerberos is wrong - the Kerberos people had better cryptographers than to make a mistake like that. There were other cryptographic mistakes, though - in particular they tried to encrypt and authenticate with a single pass of the block cipher, a problem that wasn't correctly solved until IACBC and IAPM were proposed by Jutla in late 2000.
Xenu loves you!
That's security through obsurity
Please stop abuseing the phrase "security through obscurity." The catch phrase was meant to apply to one and only one case: The practive of obscuring encryption algorithms. Bruce Schneier's thesis was that an encryption system that relied on a secret or hidden algorithm was not secure. The phrase "security through obscurity" does not apply to anything else.
Some forms off security relies on obscurity. Encryption is just a fancy word for data obscurity. Passwords, secure tokens, and RSA private keys should all be kept hidden or obscured. It should not be to hard to think of many forms of physical and data security that include some form of obscurity.
One of the advantages to using encryption at the link layer is that it is harder to perform traffic analysis if an attacker can't determine the destination of the packet. Another advantage is access control. Only hosts that know the secret key can join the network. Both of these advantages are forms of security.
The AES process was designed with the help of the worldwide cryptographic community for maximum openness and public participation. The winning algorithm was designed by two Belgians; it's way too simple to hide any chicanery in. It has now seen more cryptanalysis than any other algorithm ever except DES - which, incidentally, IBM/the NSA secretly wired to make *more* secure - and held up well. There's not a reputable cryptographer anywhere in the world who thinks there's a serious chance of AES being broken in a way that would do an attacker any real good.
The NSA approved all five finalists for the AES algorithm. If you really believe they can really break all five, then you might as well give up and start forwarding the plaintext of your email to nsa.gov now.
There's just no sane way to maintain the belief that the NSA somehow rigged the whole thing so they could read your messages. Don't let me deny you your tinfoil hat though.
Xenu loves you!
Last I heard, it look like the Courtois and Pierpzyk attack wouldn't fly. And wasn't that attack *more* effective against Serpent than against Rijndael anyway?
Even the designers of Serpent would say that they believe there are no practical attacks against AES. I voted for Serpent myself, but I still believe Rijndael is an excellent cipher the whole community can rally behind, and overwhelmingly that's what the crypto community is doing.
Xenu loves you!
That's security through obsurity, really, isn't it?
You fail to understand the security community's use of "security through obscurity." In its proper context, this phrase means that one attempts to secure (for example) an implementation of a security protocol by not disseminating information about how that system works. For example, if someone creates a new asymmetric encryption algorithm, and does not subject it to publication and the scrutiny of peer review... then that's security through obscurity. Security through obscurity, for topics like encryption algos, is heavily frowned upon. Historically, peer review has proven best able to create robust protocols and implementations.
Locking down multiple layers in the network stack has another phrase that is very applicable: "defense in depth". I.e. if one of your security measures fails, you are wholly or partially protected by one or more other security measures. Defense in depth is generally considered to be a good technique to employ.
"The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths." [PDF]
Of course, in this context, "NSA-approved cryptography consists of an approved algorithm; an implementation that has been approved for the protection of classified information in a particular environment; and a supporting key management infrastructure." I suspect 99.99% of civilian users of any encryption lack an NSA-approved key management system...
Facts do not cease to exist because they are ignored. - Aldous Huxley
Out of curiosity, why?
I don't recall the details, but an attack was found a few years ago that allows the key to be recovered if the attacker can get the first few bytes of the keystream. Doing it requires the first few bytes of many related keystreams, and getting the keystream from the ciphertext requires that the attacker have the plaintext. With WEP, RC4 is rekeyed for every packet, and the first few bytes of each packet are highly predictable, so an eavesdropper can fairly easily gather enough data to mount the attack.
Got any links so I can read up on the why and wherefore?
Google turns up plenty. Here is the original paper, which has all of the dirty details. Here is a paper that describes how to use it to attack WEP. And, of course, if you'd like to read code that implements the attack, look at Airsnort.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.