Network managers worried about the security of their wireless LANs may soon be able to sleep a little easier: The standards committee responsible for the broken wireless LAN encryption algorithm, WEP (Wired Equivalent Protocol), has approved a fix to the system which can be applied to existing equipment, according to RSA Security Inc. and Hifn Inc., two of the companies represented on the committee.
The fix for the WEP encryption standard uses a technique called fast-packet keying to rapidly generate unique encryption keys for each data packet transmitted. The fix has been approved by a committee of the Institute of Electrical and Electronics Engineers Inc. (IEEE) responsible for WEP and a clutch of other wireless LAN standards, RSA Security and Hifn said in a statement Monday.
Equipment vendors can distribute the fix as a software or firmware patch, allowing users to update existing vulnerable devices, according to RSA Security and Hifn.
Traffic on wireless LANs can be overheard by anyone with an appropriate radio receiver, so the WEP (Wired Equivalent Privacy) standard was adopted by the IEEE 802.11 standards committee as a way of encrypting this traffic to make it as secure from eavesdroppers as traffic on wired LANs.
Other representatives of the 802.11 committee could not be reached for comment.
However, flaws in the encryption algorithm meant that it was relatively simple to guess the keys with which successive packets of data were encrypted on WEP wireless LANs, because the keys were too closely related to one another.
Current implementations of the WEP standard use RSA Security's RC4 algorithm for encryption.
RSA Security defended its encryption algorithm, saying the successful attacks against WEP were not a result of any weakness in RC4, but rather in how WEP created encryption keys for each data packet based on a secret code known only to the base station and the remote terminal in the wireless LAN. The keys for different packets were too similar, RSA said, meaning that hackers could exploit the similarity to deduce the secret code, and with it, the content of all network traffic.
The fast packet keying method can be used to reduce the similarity between keys used to encrypt successive data packets, making it harder for hackers to guess the secret code known to the network terminals, RSA Security said.