Seven months after researchers at the University of California at Berkeley discovered flaws in the encryption algorithm designed to protect wireless LANs, a different group of experts has uncovered a new, more dangerous method of attack that they say should be sounding security alarms throughout the business world.
Researchers from Rice University and AT&T Labs in Florham Park, New Jersey, published a paper on Aug. 6 outlining a new passive attack that is capable of defeating the 128-bit version of the Wired Equivalent Privacy (WEP) encryption algorithm used to protect 802.11 wireless LANS.
In their paper, the researchers state that all industry standard 802.11 wireless LANs should be viewed as insecure and those users should "treat all systems that are connected via 802.11 as external." They also urged corporate users to "place all access points outside the firewall."
Unlike the Berkeley attack, which required skilled hackers to break the encryption keys, this new attack method "is much stronger and much easier for a generic person to carry out," said Adam Stubblefield, a graduate student at Rice and co-author of the report. "The adversary is completely passive. He can just listen to the network traffic and the victim will never know they've been compromised."
The new attack method discovered by Stubblefield and Aviel Rubin, a researcher at AT&T Labs, came one week after Scott Fluhrer at Cisco Systems Inc. and Itsik Mantin and Adi Shamir at the Weizmann Institute in Israel published a paper describing the attack in theory. Stubblefield took that paper and, using a US$100 wireless LAN card he purchased from Irvine, California-based Linksys Group Inc., proved after less than two hours worth of coding that it was possible to recover the 128-bit secret WEP key used in wireless LANS.
However, Rubin said it's important to point out that generic 128-bit encryption is still secure and that this most recent discovery demonstrates flaws in the way WEP uses the WEP RC4 cypher. "You can take cyphers that use a 128-bit key and design or use them in an unsecure way. In WEP, it's a flawed design," he said.
Though WEP today uses 64-bit encryption, the industry plans to move to a 128-bit key for additional protection in a new standard due out later this year. But, the Fluhrer paper said, existing weakness in WEP means a successful attack can be mounted against "any key size," including "the revisited version WREP2."
Fluhrer and his colleagues said that WEP could be cracked by exploiting what they called "large classes of weak keys" in the protocol that make it vulnerable to attack. The Fluhrer paper added that attackers could also target another related key vulnerability by exposing part of the key to the attacker. Attackers can "then rederive the secret part by analyzing the initial word of the key streams with relatively little work."
John Pescatore, an analyst at Stamford, Connecticut-based Gartner Inc., said his company has been telling clients for some time to run virtual private networks (VPN) to secure wireless LANs. "Treat WLANs like you do the Internet," said Pescatore. "Don't trust the security [that's] built in."
"Some of the vendors like Cisco have built in better security than WEP, but Rubin's attack against streaming crypto shows the need to run proven stuff like IPSec or [Secure Socket Layer]."