Proprietary Improvements to WEP and WEP Usage

by Hazrul Aaron.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on network security  

You are here: Categories » Electronics and communication » Network security

The article devoted to the proprietary and standards-based improvements for currently vulnerable 802.11 safeguards.

The most publicized 802.11 vulnerability is the insecurity of WEP. We have already reviewed the cryptographic weaknesses of WEP linked to the key IV space reuse and insecure key-from-string generation algorithm. There are also well-known WEP key management issues:

  • All symmetric cipher implementations suffer secure key distribution problems. WEP is no exception. In the original design, WEP was supposed to defend small, single-cell LANs. Wireless networks of the 21st century often involve thousands of mobile hosts, making manual distribution and change of WEP keys a nightmare.

  • The WEP key supplies device and not user-based authentication. If a cracker steals or finds a lost device, he or she steals access to the WLAN this device is configured to connect to.

  • All hosts on the LAN have the same WEP key. Sniffing WLAN is as easy as sniffing shared Ethernet, and other devastating attacks can be launched. Remember that internal malcontents among employees present even more of a threat than external attackers. Users on the wireless network who share the same WEP key belong to the same data domain, even if the wireless network is split into different broadcast domains. All the internal attacker who knows WEP needs to do to snoop on traffic belonging to different WLAN subnets is to put his or her card into the promiscuous mode.

Both cryptographic and key management issues were addressed (or, at least, attempted to be addressed) by the IEEE standards committee and various WLAN equipment and software vendors.

The first response by many vendors was increasing the standard implemented WEP key length to 128 bits (so-called WEP2) or higher. As you should already know, such an approach will not help against anything but simple brute-forcing unless the IV space is increased.

The first real fixes for the WEP insecurities were probably the RSA propositions considering use of per-packet keying and elimination of the first keystream bytes. It appears that the Agere/Proxim WEPPlus has implemented the elimination of first keystream bytes or a similar solution with the release of the eigth version of the Agere/Proxim WLAN card firmware. We have tested WEPPlus against AirSnort using the AP 2000 Orinoco access point and Orinoco Gold 802.11a/b ComboCards, which used WEPPlus, and we can confirm that in a three-day traffic dumping session we didn't discover a single interesting IV frame. Of course, if some of the clients on the WLAN do not implement WEPPlus, the whole purpose of the countermeasure will be defeated because a fallback to the standard WEP will occur


Cisco SAFE blueprints implement key rotation policies that can be centrally configured at the Windows-based access control server or UNIX-based access registar. Of course, modern Cisco SAFE is fully WPA-compliant, but here we refer to the initial and still widely used Cisco Centralized Key Management (CCKM). CCKM ensures that the WEP key change occurs transparently for end users. With CCKM, it is possible to configure key rotation policies at the Cisco Aironet access points and use recording, auditing, and even charging for WLAN usage employing RADIUS accounting records. CCKM is set on a per-SSID basis and requires configured EAP-based authentication on the network. A CCKM-enabled access point on your WLAN acts as a wireless domain service (WDM) and maintains a cache of security credentials for all CCKM client devices on the subnet. Cisco has also developed its own improvements to WEP and basic WEP integrity check. These improvements include Cisco Key Integrity Protocol (CKIP) and Cisco Message Integrity Check (CMIC), which are based on the early developments of the 802.11 task group "i." They can be enabled on Cisco Aironet access points using encryption mode cipher ckip, encryption mode cipher cmic, and encryption mode cipher ckip-cmic commands on a per-VLAN basis. Thus, even the pre-WPA Cisco SAFE blueprints provide a sufficient level of 802.11 security to rely on. Of course, they still suffer from the same problem as any other proprietary security solution: You must have a uniformed Cisco Aironet WLAN. With public wireless access spots or conference WLANs, this is not possible.

Share
Leave a comment or ask a question
Total comments: 0

Network security Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Wireless Crackers: Who Are They - Knowing what kind of individual might launch an attack against your wireless network is just as important as being aware of his or her motivations. From the motivations already outlined, it is (more...)
Wireless Security Policy - The first thing to start from when deploying and securing a corporate wireless network is a design of a proper wireless security policy. The best source of information on writing a detailed a (more...)
The Usefulness of WEP Closed ESSIDs MAC Filtering and SSH Port Forwarding - This brings us to the topic of enabling WEP, closed ESSIDs, and MAC filtering as protective measures. Such defenses are "bypassable", you know how to do it. However, there are still sound reaso (more...)
Layer 1 Wireless Security Basics - Let's build on the more technical aspects of the discussed policy considerations. We'll start from physical layer security. The physical layer security of wireless networks encompasses avoiding (more...)
Network Vulnerability Analysis - Vulnerability analysis, sometimes called vulnerability scanning, is the act of determining which security holes and vulnerabilities may be applicable to the target network. In order to do this, (more...)
Wireless attacks at Corporations Small Companies and Home Users - There is a general misconception that only large enterprises are at risk from cracking, wireless cracking included. This is a myth, but it is very prevalent. Large corporations are where the mo (more...)
Practical Use of Asymmetric Cryptography: Key distribution Authentication and Digital signatures - The basic idea of using asymmetric cryptography is distributing public keys while keeping the private keys private and using a person's public key to encrypt data sent to this particular indivi (more...)
Deploying a Linux Based Custom Built Hardened Wireless Gateway - We have to ensure the security of the gateway that separates our AP or bridge or wireless-connected VLAN from the wired side. Such gateways are nothing more (or less) than a flexible stat (more...)
Network Isolation - Isolation of networks affects the flow of network data, which services run on particular systems, and where they are located. It does not affect any of the internal or external network data f (more...)
Ethernet specification - The progenitor of all of today's networks was the Ethernet system originally developed in the 1970s at the Xerox Corporation's Palo Alto Research Center for linking its Alto workstations to lase (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.