New flaws in 802.11B 93
obobo writes "The New York Times (free reg yadda yadda) has a story about new flaws in the 802.11 standard, based on this paper. The upshot is that even with 128 bit encryption and MAC address control lists, it's still easy to hack."
Re:point to point encryption (Score:1)
Really, I'm looking forward to that day.
NY Times no-registration backdoor link (Score:1)
Re:Technology (Score:2)
Storing anything online makes it more easily accessible for good and for evil. Wireless is even less secure than online because a listen only tap point is untraceable.
Get an older scanner that will cover 868-894MHz (analog cellular). You'd be surprised how many people still read their credit card numbers, social security numbers, etc. over the air and in the clear.
Re:point to point encryption (Score:4)
Think of it this way if the bank has the world's best vault but transports the money in bob's old VW van. Then the bank has lousy security.
Old news (Score:1)
802.11 is insecure, but this is well known.
Re:Technology (Score:1)
The current world climate isn't paranoid enough.
Perhaps privacy is as bad as it has always been, I've studied people through the "analog" trail everyone have.
It should be noted that I live in sweden where govement information are openly available.
What people don't know is that they are even less private that way.
You might worry about someone finding you creditcard number on the web. Take a look at some slips in your wallet.
Another thing that's a little frightening is to call some companys and claim to be someone else, most companys don't care because they want to be "customer friendly".
I think privacy is a thing you have earn through caution. Don't feed the papertrail!
// yendor
--
It could be coffe.... or it could just be some warm brown liquid containing lots of caffeen.
Re:Layer 2 (Score:2)
Would you post a white-paper saying that the 802.3 NIC you bought didn't encrypt your traffic?
Unlike Ehternet/802.3, IEEE 802.11b is advertised as being secure. It isen't.
Papers like this one are important as it shows how expected features aren't there. It is a paper that that techs can use to show their managers why 802.11b should not be used, or why it is going to cost more then a few hours and the cost of the nics.
Re:Just a thought... (Score:2)
Re:Layer 2 (Score:2)
Re:Damn ivory tower papers (Score:1)
Sort of like alot of the BS in this article?
MISINFORMATION--MODERATE THE ABOVE COMMENT DOWN!!! (Score:2)
Re:Gee... you think? (Score:2)
~GoRK
Re:Gee... you think? (Score:2)
As far as speed and range, Breezecom equipment (that I know of) will break the 802.11a spec and communicate at 3mbps. If another manufacturer's 802.11a radio comes within range, it will communicate with that raido at 2mbps, but 50% performance above the 802.11a spec often gives these radios a performance advantage over even DSSS radios, since a DSSS radio will talk at 11Mbps, 5.5Mbps, then 2 and 1. Over long ranges it is extremely rare that you can make a full 11Mbps link, and more likely that your 5.5Mpbs link will have less than 50% throughput... meaning that if you get about 2.9Mbps out of your DSSS radio at some distance, you are doing well, and if you can get 2.4Mbps out of a breezecom radio at the same distance, then you are not losing a lot by going with FHSS... Add to that the fact that because of the nature of FHSS technology, you can place probably 10-30 radios in the same band and aggregate the bandwidth, you will leave 802.11b in the dust.
Just some more thoughts on the matter...
~GoRK
Re:Gee... you think? (Score:3)
~GoRK
Gee... you think? (Score:5)
How come when LAN's go wireless, geeks suddenly forget the basic fundamentals of RADIO which, for the specific technology we are discussing, is almost as well understood as power generation. Wait a minute, but didn't the folks who delegated the IP address space give RADIO OPERATORS a quite enormous chunk for EXPERIMENTATION? Where are all these guys. For instance, the story that ran a few days ago where someone at O'Really (sic) declared that a 802.11b product was good because his microwave oven did not interfere with its operation might have taken one second to read the frequency of his microwave off the little label inside the door and look up the frequency of whatever channel his DSSS radio's was on before realizing that the microwave was (99% likely) not even on the same frequencies.
It's about time for all of you to go out and read how these radios and standards really work [tcr.com] before making wild comparisons, accusations, etc. or being suprised when someone points out that the standard is not fundamentally secure. Here's a hint: It was never designed to be any more secure than wireline communications. The amount of money someone would have to spend to tap into your wired LAN is equivalent to the amount of money they would have to spend to intercept your wireless. If you require secure communications over wireless, use IPSec or encrypted tunnels. Just like you would do on the wireline.
Get it together. I am losing faith in you guys.
~GoRK
Re:"Your 802.11 Wireless Network has No Clothes" (Score:1)
OK, I didn't think it was that insightful, but thanks, I guess.
"Your 802.11 Wireless Network has No Clothes" (Score:3)
That's a pretty 1337 title for a paper, why didn't they just call it:
But seriously, this points out that you can't just trust someone to tell you their product is secure. Lucent's "closed network" sounds great, except for the part where it broadcasts the shared secret in the clear!
[smacks head in disgust, and hopes to never commit such a colossal blunder in my own work]
There are only three hop sequences (Score:2)
From "The IEEE 802.11 Handbook: A designers Companion":
Set 1:(0,3,6,9,12...75)
Set 2:(1,4,7,10,13...76)
Set 3:(2,5,8,11,14...77)
Unless I am misreading something, there are only three sets of hopping numbers. Not exactly a difficult thing to guess if you need to.
Your insistance that DSSS is somehow easier to eavsdrop on FHSS is just a bunch of crap. Neither technology was designed with any resistance to eavesdropping in mind at all. You can't specify your own hopping sequence for FHSS, and you can't specify your own Barker sequence for spreading DSSS. Had the 802.11 folks cared at all about making eavsdropping hard, they would have let you do these. Of course, they probably wouldn't have gotten FCC approval, but what the hell.
So, just drop it. What little security you have is based entirely on the WEP, and not at all on your choice of slow FHSS vs fast DSSS.
Re:There are only three hop sequences (Score:2)
I have no doubt that with some other gear you can change it to whatever you want. But, I have never seen anybody produce a reference to an 802.11 parameter to change the hop sequence. If you can produce a link, I would love to see it.
Found some references (Score:2)
---quote---
For FHSS systems IEEE 802.11 defines 79 different hops for the carrier frequency. Using these 79 frequencies, IEEE 802.11 defines 78 hopping sequences (each with 79 hops) grouped in three sets of 26 sequences each. Sequences from same set encounter minimum collisions and they may be allocated to collocated systems. Theoretically, 26 FHSS systems may be collocated. However, as synchronization among independent systems is forbidden (synchronization would eliminate collisions), the actual number of systems that can be collocated is around 15.
---end quote---
I assume the three sequences are the ones I originally listed. If I'm not mistaken, it's considered a different "sequence" if you start in a different place. So:
1-5-9 is different from 5-9-1 and 1-5-9. So, an evesdropper would not be trying to guess a random sequence, he would just camp on one frequency, listen, and if a signal showed up he would start hopping. In other words, the 26 seqences vary only in time, so an eavesdropper only has to listen for a few seconds on one frequency to "check" all 26 sequences based on that set. Is that a fair assumption?
I also found a reference to an algorithm for determining which country you are in by checking which frequencies the AP broadcasts beacons on. In order for this to work, it requires the hop sequences to be well known for a given country. It's here [technion.ac.il]
So, given this little bit of research, I still believe the claim that FHSS 802.11 is somehow more secure than DSSS 802.11 is basically crap. I would love to be proven otherwise.
you dont even know what a MAC Address is ... (Score:1)
Just a thought... (Score:2)
That's not entirely an accurate statement, I relize.. but the concept is there.
Ethernet is very hackable.
You should rely on higher-layer protocols to prevent hackability.... not your lowest layers. 802.11b was not developed for super-secret communications; it's not for spies. It's for every-day-people...
Well.. (Score:2)
Yes, there is a point, in that others should not be able to connect to your network. That's important.. but not the same thing as network security. We still need higher layer secure protocols.. ALL protocols...
Re:"Your 802.11 Wireless Network has No Clothes" (Score:1)
Cisco/Aironet access points also have this option to disallow access via the broadcast ssid, with one important difference:
When broadcast ssid is disallowed, the ssid is NOT transmitted in the beacons, which makes associating to those AP's more difficult. (The ssid field in the beacon is nulled out)
Also, as far as I know, Cisco/Aironet does not recommend the usage of shared key authentication, but gives the user the option....
Disclaimer: I work for Cisco/Aironet
Re:Gee... you think? (Score:2)
You only need a single wideband receiver.
Re:Gee... you think? (Score:3)
If the system does not have a cryptographically secure hopping sequence, which is just about everything on the market, it is trivial to intercept. Even with a secure hopping sequence, it is possible to reconstruct the signal in many cases. Think wideband receivers and directional antennas connected to a signal processing computer.
No Free Reg Required. (Score:5)
http://channel.nytimes.com/2001/04/03/business/03
Re:Gee... you think? (Score:1)
--
The end user doesn't want to deal with security (Score:1)
If you take every attempt to provide good security, the customer will find your key management such a big hassle that they won't buy your products. Popular magazines will make fun of your complicated methods, and elaborate network setup, and will praise the Plug-and-Play method of your competitor. The only way to survive as a vendor is to make it easy on the user. Unfortunately, tight security and ease of use don't mix very well.
I'll bet that more 802.11 networks are broken into that are simply not using any security at all, than networks that have had their WEP security cracked. Just because the network manager couldn't be bothered to check the box that said 'use WEP security'. And even if people do enable WEP security, how many do you think will opt for a 128 bit hex string, as opposed to an easy to remember dictionary word ?
Re:Gee... you think? (Score:1)
I wish "too many access points" was a problem that I had to deal with. Every wireless install plan that I've seen has assumed some degree of airspace cooperation, and the emphasis is usually on covering an area with as few access points as possible.
You make a good point about dropping connections with 802.11b, but unless things have changed in the last few months, all of the 802.11a stuff that I've seen has the same problem.
how come nobody talks about the 26mb FHSS equipment that is due to come out soon.
There's a lot of cool technology that's "due to come out soon." When it makes the transition from vaporware to hardware, we'll talk about it. I suspect that it'll have the same problems as most high-speed wireless "extensions": you only get the speed if you're within a few feet of the access point. Otherwise, it drops back to the same old slow speed.
--
Re:Gee... you think? (Score:2)
I haven't read both specs, but I'd guess that 802.11b (Wi-Fi) devices can share a frequency, while 802.11a devices just hop to a new freqency if theirs is in use. When the number of users gets close to the number of frequencies, things fall over and go boom.
I work for a university that recently deployed a large wireless network, and 802.11a was totally unacceptable for even a medium-sized classroom. 802.11b was able to handle the load, though it is pretty slow when you have 50 users sharing a 2Mbps connection.
--
Re:Damn ivory tower papers (Score:2)
Wrong. You obviously missed this very important sentence at the end of section 5:
What's the significance of that? Well, we already knew that running an 802.11b network without WEP would be the act of a total moron. What the paper is saying is that *with* WEP you can attach to the network but you can't actually use it without the methods mentioned in the Borisov/Goldberg/Wagner paper. Those methods, in turn, are far from trivial. In fact, they're extremely difficult (but, admittedly, not impossible) to implement in the real world. In other words, nobody's network is actually likely to be compromised in this way. As another poster said, it's theoretically interesting, but of very little practical import.
Hate to disagree a bit, but... (Score:2)
802.11b has its advantages - it is a lot harder to hack in a lot of situations, due to ambient rf noise and the chipping code can add a fair amount of front end security if you use a very long sequence, but it too can be monitored. Hence the term WEP - wired equivalent privacy.
I agree with the rest of the post, though:
You wouldn't have sensitive data on your wired network for all to see would you? No, you would encrypt it and use secure encrypted links. Do the same on your wireless LAN.
THAT'S THE WHOLE POINT
Here in the UK, the fact that we can only transmit at 100mW means an attacker does have to be fairly close, and some of my clients do add 'Tempest' type shielding where there is rf leakage, but again, their security comes from encrypted point to point links, and other means
Frog51
VPN Anyone? (Score:1)
If you are implementing this on a corporate level you should know this. This is your job. Obviously, the problem here is that we have people implementing networks (MIS graduates) that don't want to look at what fundamentally is going on with the technology. They simply hook up the cards, install the windows drivers and move on to their exchange servers. I guess its not their fault really. Companies know their background. Companies should have some hackers working on breaking into their system. Those white hat hackers could easily expose this stuff. I guess thats what security experts are for..
JOhn
Re:Well... (Score:2)
That way, you totally bypass the WEP and have a reasonablly well tested security model (VPN) guarding your data.
When I set up 802.11b in my house, that is what I am going to do...
Re:The end user doesn't want to deal with security (Score:1)
How's about both? 0xDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF DEADBEEFDEADBEEF. Is a hex string that is made up of easy to remember dictionary words, especially if you're British.
_____________
Re:dmz (Score:2)
_____________
Re:There are only three hop sequences (Score:1)
I agree with you, FHSS is harder to intercept but not impossible... so instead of whining about how insecure it is, use the means available to add security over insecure channels (IPSEC, PPTP, VPN software, etc).
WEP algorithm (Score:5)
nice to see (Score:1)
Re:Gee... you think? (Score:1)
I'm not sure about the capacity of 802.11a, first glance places it in 5-foo GHz, which would greatly increase bandwidth, if implimented correctly (but markedly reduces range). If you're talking about 2.4GHz FreqHopping, it's limited to 2Mbps total, which would give it about 1Mbps throughput).
--
Layer 2 (Score:1)
Would you post a white-paper saying that the 802.3 NIC you bought didn't encrypt your traffic? How about that 802.3 hub that lets anyone who has an ethernet card and a long enough (within 100m of course) cable see all your data, unencrypted?! Notice anything yet? That's right, 802.11, just like 802.3 is just a layer 2 application. The highest level 802.* understands is MAC address. I, for one, am thankful that the folks who developed it went the extra mile to put a few controls ON THE RF SIDE of things to make it difficult for an attacker to enter a wireless network. However, the person who doesn't understand that 802.11 devices are either a) NICs or b) Bridges, is delusional, and needs to (re)take that Introduction To Networking class.
<rant>
Oh, yeah, and it has become very bothersome, personally, when someone mis-configures, or doesn't configure a device, and then complains about the failures and shortcommings that ensue, blaming the protocol/device/technology/product.
We didn't give the Netcraft "benchmarks" any credence, why should we pay attention to this crap?
</rant>
--
Re:Layer 2 (Score:1)
What you forget is that if someone had the time and money, they could intercept the signals travelling from your keyboard to the computer, the display buffer's signals to the monitor, the ethernet signal travelling down your UTP cable
The point is that to the average person, a *properly configured* wireless LAN, using WEP, is exactly as private as sitting on a hub.
--
Re:Gee... you think? (Score:1)
The performance of FHSS systems is lower than DSSS systems, typically 50% - 33% of DHSS systems. This is the greatest disadvantage of FHSS.
The only disadvantage of DSSS is that you can't point antennas at each other on the same channel or it will boost the SNR beyond belief. Strategically placed antennas will NOT have this problem. FHSS can deal with it better, however you still lose bandwidth.
Another disadvantage when using FHSS is the frequency problems. 79 in most parts of the world but then you have japan and france(?) with what, 23?
And of course FHSS might be harder but it isn't hard to crack either. Ask any army boy you know that works in that branch.
/Richard
Re:"Your 802.11 Wireless Network has No Clothes" (Score:1)
---GEEK CODE---
Ver: 3.12
GCS/S d- s++: a-- C++++ UBCL+++ P+ L++
W+++ PS+ Y+ R+ b+++ h+(++) r++ y+
Re:nice to see (Score:1)
---GEEK CODE---
Ver: 3.12
GCS/S d- s++: a-- C++++ UBCL+++ P+ L++
W+++ PS+ Y+ R+ b+++ h+(++) r++ y+
Re:Damn ivory tower papers (Score:2)
Fine. I don't think the code should be released either. But they damn well ought to test it, see how long cracks take under various real world conditions, and publish the results. If it's under an hour, businesses should throw 802.11b out the window immediately. But if it takes a week of constant sniffing, personally I'd be more worried about black hats posing as janitors [google.com] or some such.
burden of proof lies on the IEEE group to prove that WEP is secureSure, I agree that WEP is weak. But all security is relative. Any prime-number-based encryption can be broken with sufficient cycles [distributed.net]. So tell me Mr Owl, how many licks [tootsie-roll.com] does it take to get to the center of 802.11b?
Damn ivory tower papers (Score:5)
So yet another academic has written up a mathematical proof of the flaws in 802.11. Hurrah. I see one small flaw in their reasoning -- not a single one of those papers includes a section where the author says "I personally sat down with my laptop outside a WEP-enabled office building and cracked the network in [foo] minutes/hours/days/whatever".
My BS is in Math, so I know for a fact that this old joke is often true: "Mathematicians don't need to be good at counting, we just care if it's countable [interaccess.com]". Until one of these professors (or more likely their grad students) actually writes the necessary decryption code and does it, we still don't know exactly how easy or difficult the crack is.
point to point encryption (Score:4)
Re:Gee... you think? (Score:1)
I don't buy the argument that WEP and 802.11b were supposed to be no more secure than your wired LAN. They are, in fact, much _less_ secure because your network is not bounded by physical means anymore. Someone with a high gain antenna can "plug in" to your lan from a few kilometers away and you wouldn't be the wiser. You'd probably notice a 2km cat5 cable running into the hills away from your building.
I ask you this, if the FHSS or DSSS were meant to provide security (and not the S/N increase, etc. originally intended), why do you need WEP at all? WEP was introduced with 802.11a (which uses your beloved SS system) and lives on in 802.11b.
My read of the 802.11x specs shows no mention of FHSS or DSSS to provide security. The sequence is not meant to be secret! Read the paper and see that associate/disassociate messages are all sent in the clear (and all devices can communicate with APs regardless of FHSS/DSSS because that facilitates interoperability). Also, an attacker could steal a WLAN card and all security of your FHSS/DSSS is gone with the card or laptop (assuming you had a secret sequence to provide security in the first place, which you don't).
-core
Re:Damn ivory tower papers (Score:1)
-core
Perspective (Score:2)
My US Mail is left every day in a box, on a pole, by the curb, next to the street. No lock. No encryption. I can't remember worrying about someone getting in and stealing my weekly discount shopper coupons or my bank statement or my VISA bill.
Come to think of it
Re:Technology (Score:1)
Email originally was viewable by everyone, completely open on the system.
Re:Layer 2 (Score:2)
Re:Gee... you think? (Score:1)
Re:Gee... you think? (Score:2)
Um... no. 802.11 defined the basic standard as well as Direct Sequence Spread Spectrum and Frequency Hopping Spread Spectrum. 802.11a defines the protocol for up to 54Mbps. 802.11b expands the 802.11 standard and includes things such as defining how clients that can support different speeds can all connect to the same access point.
Re:No Free Reg Required. (Score:1)
gives you a directory back to 1919...
Thanks.
Re:WEP algorithm (Score:1)
---
Re:Technology (Score:1)
m$ passport anyone?
Software layer as a solution (Score:1)
There is a possible solution: use software with encryption. There are point to point tunneling solutions with encryption and more... Hey, there's money to be made in encrypted wireless networks/intranets. Don't complain, start coding today.
This security issue is unrelated to Airwave (Score:1)
Airwave [airwave.com] uses unencrypted traffic, not WEP. As a previous poster noted, WEP requires a shared secret among users. There would not be much point to sharing a secret with your fellow coffee drinkers if your purpose is to keep them from reading your Business Plan.
As you point in in #1, it's not secure once it leaves the cafe anyway. If you are concened, use ssh or https or encryption in email for your business plan anyway.
And get a pair of those glasses with mirrors on the front so you can make sure nobody is looking at your laptop screen either!
And to bring everything but the CueCat [slashdot.org] into this, I got mail from Airwave saying that their DSL in the local cafe here used NorthPoint [northpoint.net].
Re:Gee... you think? (Score:1)
government has no authority (Score:2)
Re:point to point encryption (Score:1)
Like we're worried about hacking... (Score:1)
We don't need to worry about security on these wireless devices! Most of the ones that are setup have full blown access to anyone passing by due to a lack of FULL configuration!
Tom says, "No! Stop! it's working... I'm on the net! And I can see the fileserver. Don't mess with it!"
mod this up (Score:1)
Signature != Encryption (Score:1)
Re:Damn ivory tower papers (Score:1)
It would really help if people would actually read the links before posting.
Well... (Score:4)
I guess the only way to make something like that secure to a satisfactory degree (right now), would be to build a radio-dead building with radio-dead windows, so that only wireless devices within the building can connect... That'd bring security up to current level of wiredevices... Which means that you would have to have physical access to the LAN...
Building something like that has a few advantages for the paranoid, it would also block electronic emanations [www.hot.ee]. I think buildings like that are referred to as TEMPEST buildings...
Earlier work (Score:2)
HardEncrypt (Score:1)
Unbreakable encryption is possible: the key must be the same size as the data. See http://www.bebits.com/app/1100 [bebits.com]... Source included.
Re:Wi-Fi, Lies, and Propaganda (Score:1)
Intel sponsored the study because a year ago Intel was full-blown behind Bluetooth. Bluetooth has since died a nasty death, and Intel has changed courses to embrace Wireless Ethernet.
Bluetooth died? I must have missed that one... Bluetooth never really lived so far, at least it did not live as a grown-up, just as a kid that is in the kindergarten-age. But Bluetooth currently grows up really fast (with the problems involved by fast growth...).
Intel never left the Bluetooth-path, but they turned over from HomeRF to IEEE802.11b. Maybe you mixed this up with bluetooth.
As for security concerns, most products on the market today conform to Wi-Fi which is a more highly secure (and compatibile) variant of the original 802.11b specification.
Sorry, but this is wrong. WiFi is a consortium that does some tests to ensure that the theoretical interoperability achieved with the IEEE 802.11b is true in real life with the tested equipment. It is no way a better or somehow changed version of the 802.11b standard, so the WiFi-Logo does in no way tell anything about better security!
cu, otakuWaiting isn't going to solve anything (Score:1)
The best thing to do is put it out there with the appropriate caveats, and work to secure it as best you can as you go along. If you are waiting until it is bulletproof, you'll never release it.
Re:point to point encryption (Score:5)
Agreed, but encryption will never be absolutely secure, despite what a government does or does not do. The key is to know who's intereted in your data and plan accordingly. The level of encryption only needs to be stronger than what someone else is willing to attempt breaking.
A prospective victim in a police station isn't absolutely safe, but it's much more likely that they'll be left alone there by someone only interested in lifting thir wallet. The mob snitch is a different story.
Re:Damn ivory tower papers (Score:1)
espo
--
Re:Damn ivory tower papers (Score:2)
So do you have to wait for the first satelite to orbit it to believe that there is another side to the moon?
Actually when I spoke to Ian Goldberg about this they had written plenty of code, guess what though they don't think it is necessary to make the code available to make the point. The only reason to have the code would be to do something malicious with it.
But that is irrelevant, the demand for absolute proof is ridiculous, the burden of proof lies on the IEEE group to prove that WEP is secure Most of us would prefer to know well in advance of a system being broken that it is vulnerable. Measuring the degree of security even if it cannot be broken is still an important thing to do.
As for actually reifying the break as code, I don't have to see that done to have it proved to me. I know how RC4 works, I know how WEP performs keying. I can calculate that someone can break the scheme with a few weeks of effort and a moderately fast machine.
Lucent et. al. are charging premium prices for 128 bit encryption what they are delivering is only worth 24 bits that is misleading advertising at the very least - particularly since they knew about the flaw for over a year.
Wireless Equivalent Privacy (Score:2)
The basic protocol flaw is that a stream cipher is used with an insufficiently large initialization vector. If a block cipher had been specified the protocol would actually be reasonably secure. The reason a stream cipher is problematic is that the ciphertext consists of the plaintext xored with the cipher stream. This makes all sorts of integrity attacks possible and means that the security of the system depends on the initialization vectors never being re-used.
The more serious flaw is the belief that the difference between a wireless network and a wired one is that the network is no longer protected by physical security measures. Ethernet may be insecure, but in most cases access to an ethernet requires physical access to the building in question. With a wireless card a sacked employee can be surfing the intranet from the car park.
The most serious security risk of wireless then is the lack of authentication, in an ethernet network there is an implicit authentication that is obtained by having got through the front door. WEP makes no attempt to duplicate this, nor do the remediated versions of WEP. All the 802.11b users in a network share the same access key
There are plenty of ways to make this secure, unfortunately that is not on the agenda. Patching up the privacy so as to make the cards sellable is all that is likely to happen in the short run. Bodge 'em and flog 'em. The purpose of WEP is not to give users security it is to overcome the customer's legitimate security concerns so as to make a sale.
The obvious security solution is to bind a private key into each card, just as is happening with newer cable modems. The public key certificate fingerprint for the card is printed on the case. To enable a new card for access to the network the admin adds the fingerprint to the 'authorized users' list.
Sure there are some remaining risks - extracting the private key from the device for e.g. but it is unlikely to be possible to extract a private key without the authorized device holder knowing (particularly if we all read Paul Kocher's articles on timing and power analysis attacks).
In summary, the WEP protocol should be discontinued in its present form. Early deployers would be well advised to ignore the layer 2 security on the card and wrap VPN security arround it, such as IPSEC or PTPP etc. That gives security but the crypto processing is now being done on the processor and not on the 802.11b co-processor where it belongs.
The other piece missing from 802.11b deployments is that at the moment security is a binary switch. I would quite like visitors to the company to have Internet access from our conference rooms but not Intranet access. It should be possible to configure the base station to allow any PC to connect to the outside Internet without requiring an authentication key ahile requiring an authentication key for access to the local area network. Same goes in a large enterprise where employees from another division may be allowed access to the Internet (and their own LAN) but not the division they are visiting.
Re:Wireless Equivalent Privacy (Score:2)
The more serious flaw is the belief that the difference between a wireless network and a wired one is the lack of privacy. In fact the most important difference is the fact that the network is no longer protected by physical security measures
Re:Software layer as a solution (Score:2)
WEP is encryption, the problem is that it is bad encryption. They used a stream cipher in a way that a stream cipher does not provide security.
Re:Layer 2 (Score:2)
But wireless has an extra layer of insecurity -- not only can you spy on it easily, but you can also inject false data.
Re:The end user doesn't want to deal with security (Score:2)
Some things (Score:2)
2. I ran into the Airwave guys in front of Fry's Palo Alto store a couple of weeks ago, and snarfed some of their lit. Their idea is cute, but they have a major chicken-and-egg problem: they need to either sell access to users before locale proprietors will sign up en masse, or they need to sell locale installations before the users will sign up en masse. And 90% of their 100 or so hits so far are coffee shops. Who spends more than ten minutes in a coffee shop, and are enough of those droids interested in wireless connectivity that you'll make any money at $1.99/use or $9.99/mo? And now their tech is compromised, so you can't even trust you're not giving away your Next Great Mobile SKU Database Platformation Business Model plan to the Latte Mafia when you're WEPping it to your bankroid. Tsk, tsk.
--Blair
"There's a joke here about ALL YOUR BW ARE BELONG TO US but I'm feeling too conservative to use it, today."
Re:Gee... you think? (Score:1)
Re:Wi-Fi, Lies, and Propaganda (Score:1)
This is horribly misinformed. Bluetooth hasn't died; it hasn't really shipped. It will, almost certainly. Intel didn't drop Bluetooth; it dropped HomeRF, a competing high-speed networking standard. Bluetooth's purpose is wholly different - mostly for very low-power synchronization and info exchange, like synching a Palm with a laptop, loading phone numbers into a cell phone, etc.
We'll see if Bluetooth lives up to it. But Intel is pouring lots of cash into the hole, as are several other major chipset makers and many many hundreds of manufacturers. As with cell phones that browse the Web, the design will determine it's really useful and consumers (business and home) actually want it.
But it's coming. 802.11b and Bluetooth won't be competing; they'll be complementary, because 802.11b, for the foreseeable future, takes up too much power, and won't be cheap enough ($20 vs. $5 ultimately) per chipset to integrate into the simple devices that will use it.
Re:Some things (Score:2)
In Sweden, Telia has put WiFi in quite a few locations, and is about to expand in partnership with SAS to a number of European outlets, and a couple in the US - all SAS waiting lounges.
The deployment is underway; the real problem is roaming agreements, so you pay a single monthly fee and can access all networks. There are some problems with that, of course, because of the nature of access points and access lists. Too long to go into here.
I wrote about this at length back on Feb. 22. Here's the NY Times link (no reg required link): http://www.nytimes.com/2001/02/22/technology/22WIR E.html?pagewanted=all
no (Score:1)
dmz (Score:1)
Wireless is not really the point (Score:1)
In office buildings it's often even easier.
The real solution is to use encryption at a higher (lower?) level: IPSec or so. I don't know why this is not becoming a common practice yet, but I suspect the difficulty of software setup is one of them.
When I complained to some (fairly intelligent) friends about the security of wireless LAN, and how I didn't trust it because the MAC addresses are always plaintext, they replied that if there where security issues, surely big companies like Lucent would have fixed it by now, right?
Kind of shows the average attitude towards security. Most people just don't give a shit.
Re:dmz (Score:1)
Jeez, This Is Bad. (Score:1)
You don't even know what a URL is (Score:1)
BTW, YHBT HAND ;)
802.11 makes it easy (Score:1)
From a high building with line of sight and a directional antenna it is not hard to connect to a LAN several miles away.
Nothing new, not a comprehensive view either (Score:1)
Products like Cisco's Aironet have implemented additional security enhancements, such as dynamic WEP keys using LEAP, which reduces the risk dramatically.
Wireless still isnt overly secure, but if used with all the available security measures can be a mitigatable risk. Then there is minimising RF leakage....