Security evaluation of 802.11i

Uberhacker.Com writes "Server Pipeline features an interesting report on the security viability of 802.11i. As most observers of the WLAN industry are aware, the security features found in the original standard were woefully inadequate. To a certain degree, these deficiencies reflected the perception that security services are normally implemented at layer 3 and above. 802.11i's privacy services are built on top of AES, a strong encryption standard that passes muster with even the most paranoid security administrators."

5 million packets and 1 minute...

[tcopeland]

...to crack WEP, according to Airsnort. Whew!

Re:Security?

[Soko]

That's security through obsurity, really, isn't it?

AES et. al. means that noone can eavesdrop on your conversation - It's encrypted form end to end. That means if your talk to your bank via https over an AES secured connection, your connection is secured to thier web server at layer 2, while your passwords etc. - session data - are encrypted at layer 4.

That way, if someone does somehow break into your converstaion, the session data is still protected.

AES secures the physical layer, the other systems secure the actual conversation.

Soko

Re:Security?

[Jahf]

There is definite advantage to hiding what packets are going where.

Extreme Example: I may check mail from a corporate mail server. My mail session is encrypted via SSL but you can still tell which server I am communicating with. Let us say someone knew that an employee of my company lives in my town, and they wanted to find out which house that employee (me) lived in so that they could start monitoring their physical mailbox for some important letter.

If they came to my town, which uses 802.11b WISPs which 1/2 of don't use encryption because WEP is so breakable (I wish they'd turn it on to protect from casual tapping, but oh well, at least my email is sent over SSL), they could drive around for a few minutes sniffing until they triangulated the signal that was sending packets to that corporate mail server.

Am I worried about this happening? Not so much, because I have a P.O. box :) and because I rarely get postal mail, but it is possible.

Additionally, many people don't have the ability to tunnel their unencrypted data (like port 80 web traffic) to obtain ubiqitous encryption over wireless. I personally think that is the next evolution of wireless routers (including easy but secure VPN services on the router itself which can be used in conjuction or in place of lower level encryption). But until it becomes easy for the masses having a strong, common low level encryption technology is key.

Re:Security?

[Bishop]

That's security through obsurity

Please stop abuseing the phrase "security through obscurity." The catch phrase was meant to apply to one and only one case: The practive of obscuring encryption algorithms. Bruce Schneier's thesis was that an encryption system that relied on a secret or hidden algorithm was not secure. The phrase "security through obscurity" does not apply to anything else.

Some forms off security relies on obscurity. Encryption is just a fancy word for data obscurity. Passwords, secure tokens, and RSA private keys should all be kept hidden or obscured. It should not be to hard to think of many forms of physical and data security that include some form of obscurity.

One of the advantages to using encryption at the link layer is that it is harder to perform traffic analysis if an attacker can't determine the destination of the packet. Another advantage is access control. Only hosts that know the secret key can join the network. Both of these advantages are forms of security.

AES is good enough for the most paranoid.

[Paul+Crowley]

Last I heard, it look like the Courtois and Pierpzyk attack wouldn't fly. And wasn't that attack *more* effective against Serpent than against Rijndael anyway?

Even the designers of Serpent would say that they believe there are no practical attacks against AES. I voted for Serpent myself, but I still believe Rijndael is an excellent cipher the whole community can rally behind, and overwhelmingly that's what the crypto community is doing.

Re:Security?

[John+Whitley]

That's security through obsurity, really, isn't it?

You fail to understand the security community's use of "security through obscurity." In its proper context, this phrase means that one attempts to secure (for example) an implementation of a security protocol by not disseminating information about how that system works. For example, if someone creates a new asymmetric encryption algorithm, and does not subject it to publication and the scrutiny of peer review... then that's security through obscurity. Security through obscurity, for topics like encryption algos, is heavily frowned upon. Historically, peer review has proven best able to create robust protocols and implementations.

Locking down multiple layers in the network stack has another phrase that is very applicable: "defense in depth". I.e. if one of your security measures fails, you are wholly or partially protected by one or more other security measures. Defense in depth is generally considered to be a good technique to employ.

Re:ARGH! (RC4)

[swillden]

Out of curiosity, why?

I don't recall the details, but an attack was found a few years ago that allows the key to be recovered if the attacker can get the first few bytes of the keystream. Doing it requires the first few bytes of many related keystreams, and getting the keystream from the ciphertext requires that the attacker have the plaintext. With WEP, RC4 is rekeyed for every packet, and the first few bytes of each packet are highly predictable, so an eavesdropper can fairly easily gather enough data to mount the attack.

Got any links so I can read up on the why and wherefore?

Google turns up plenty. Here is the original paper, which has all of the dirty details. Here is a paper that describes how to use it to attack WEP. And, of course, if you'd like to read code that implements the attack, look at Airsnort.