Security glitches part of WLAN evolution

“It’s just a natural evolution of the security process,” said Dennis Eaton, Wireless Ethernet Compatibility Alliance (WECA; www.wi-fi-com) vice chairman & technical committee chairman, in discussing the latest security flaw discovered in the 802.11b (Wi-Fi) specification for wireless LANs.

The problem was discovered by Scott Fluhrer of Cisco Systems (www.cisco.com) and Itsik Mantin and Adi Shamir of Weizmann Institute (wis-wander.weizman.ac.il) who contacted WECA with their findings before a scheduled presentation at a crypography workshop this week.

Eaton said the issue relates to RC4, the cipher used by the wired-equivalent privacy (WEP) algorithm to scramble data.

“They found that the way WEP uses RC4 exposes some weaknesses in the key scheduling algorithm,” Eaton explained. He said there’s a strong correlation between the front part of the key that is input into the RC4 cipher and the cipher text that it will generate, which then is used to scramble the data. Because of the correlation between the input and the output, a hacker could use that information to decipher the shared secret key used by WEP and all of the clients that are in the network. With that key, someone could theoretically look at all the packets going over the air, he said.

The current flaw is “more practical” than flaws in 802.11b security which were outlined in a paper from the University of California at Berkeley about a year ago ( www.isaac.cs.berkeley.edu/isaac/mobicom.pdf), Eaton said. Those earlier flaws had more to do with the ways WEP was implemented by some vendors rather than anything inherently insecure in WEP itself, he said. A hacker exploiting those weaknesses would have had to gather tens of gigabits of data and do a lot of post processing to break some percentage of packets over the network, which made the process fairly impractical.

The latest glitch only would involve the accumulation of between one million and eight million packets, much fewer than the Berkeley attacks would suggest, Eaton said.

To the three men who discovered the latest breech, this is an academic exercise, he said.

“They invent security algorithms, try to find the weakness in security algorithms, and then people fix them, and life goes on,” Eaton said, noting that Shamir is actually “the S in RSA Security (www.rsasecurity.com), which holds the rights to the RC4 crypto algorithm.”

As far as remedies are concerned, Eaton said that WECA always has held that WEP was never designed to be the sole security mechanism in the network. WEP will keep the casual snooper off the network, but anyone with sensitive data should consider the use of a layered security approach such as a VPN for a total end-to-end security solution.

WECA also is looking at some short-term remedies, but it is too soon for any recommendations. For example, in their paper the three authors identify keys of a certain format that will generate the highly correlated output.

“What you can do when the keys are generated is skip over them and go on to the next key,” Eaton said. This could be done immediately without affecting the interoperability of the equipment in question. The 802.11i Task Force for advanced security was established as a result of issues raised by the Berkeley paper a year ago and also will be addressing the recent issue. It currently has adopted an IEEE (www.ieee.org) standard for per-port authentication, 802.1x, to be applied to 802.11 wireless LANs as part of the security solution. The task force also seems convinced that a different encryption algorithm called AES (advanced encryption standard) will be part of a draft standard to take the place of WEP. Eaton said it is likely that the industry will migrate equipment away from WEP eventually.

Leading companies in the wireless LAN arena, including Cisco (www.cisco.com), 3Com (www.3com.com), Agere (www.agere.com) and possibly others, either already incorporate 802.1x or have a feature that behaves like it, Eaton said.

“With that feature, they can configure their product so that everyone on the network gets an individual key,” Eaton said. That keeps the traffic down per key and eliminates the time available for an attack, because if data is spread out over many different keys, it takes longer to collect. Also 802.1x can dynamically allocate a new key. If equipment is configured to do that every ten minutes or so, an attacker would never have the time to pull off an attack, he said. WECA believes it’s fortunate this new security glitch was uncovered now because an alternative to AES, WEP2, was under consideration. Because it still was based on RC4, WEP2 also would have been vulnerable to attack.

Should WLANs Make Mobile Carriers Nervous?

MSC Networks (www.msc-networks.com) announced this month that it was installing high-speed (11Mb/s) WLANs at eight Florida shopping centers. Using Agere Systems’ (www.agere.com) Orinoco product (www.orinocowireless.com ), MSC will offer its merchants Internet access along with services such as remote store monitoring using wireless cameras as well as devices that count the numbers of customers.

MobileStar (www.mobilestar.com) already has WLANs in 500 Starbucks so customers can access the Internet during their coffee breaks. More locations are being added.

Wayport (www.wayport.net) announced in April that it installed wireless Internet access at the San Jose, CA, airport, its fourth airport and one of more than 400 locations it now serves, including hotels and restaurants.

All of these high-speed data-access points are based on the 802.11b wireless LAN (Wi-Fi) standard using the 2.4GHz unlicensed bands. With the continued growth in the WLAN market, it’s perhaps not surprising that consulting firm BWCS (www.bwcs.com) believes WLAN operators may be in a good position to spoil the fun for 3G mobile carriers.

In Wireless LANs and the Threat to Mobile Revenues, BWCS notes that WLANs can reach data rates of more than 10Mb/s, have a widely supported global standard, 802.11b, and have interoperable equipment. Workers want access to data-intensive applications, not while they’re on the move, but when they are seated in a hotel, café, airport or conference center — places that BWCS calls hotspots. The workers also want fast access — not the 384kb/s offered by 3G mobile phones, the report says.

The United States currently is the country with the widest-ranging WLAN systems. BWCS, which is based in the United Kingdom, forecasts that U.S. hotspot locations will increase from 1,770 at the end of 2000 to more than 28,800 within six years. At the same time, BWCS notes that 3G services are not expected to launch in the United States until late 2002, and only 80% of North Americans will be covered by 3G networks by 2006. With such a head start on 3G, WLANs have a chance to become entrenched.

Although Europeans mobile carriers have expressed no concerns publicly over a WLAN challenge to 3G, three major Scandinavian carriers have launched WLAN services of their own, and Nokia (www.nokia.com) has aimed its WLAN product at the GSM carrier market, the report says.

Roaming will be the key to the development of the public WLAN market. Members of the Wireless Ethernet Compatibility Alliance (www.wi-fi.com) currently are studying ways to make this happen.