Wireless LANs Dealt New Blow

Security goes from bad to worse

A new attack that can compromise the encryption cipher used on wireless networks has many users and security experts questioning the future of a technology that has long been touted as the future of enterprise computing.

The latest blow to the already shaky security reputation of WLANs (wireless LANs) is the worst one yet. The attack, devised by three well-known cryptographers and re-created successfully by a team of AT&T Labs researchers, enables an eavesdropper to capture a small amount of network traffic and recover a users secret key in less than an hour.

"This is the last straw for WEP [Wired Equivalent Privacy]," said Adam Stubblefield, a summer intern at AT&T Corp.s famed lab in Florham Park, N.J., who wrote the code used to compromise WEP. "WEP is basically useless."

While WLAN vendors scrambled to do damage control and assess the implications for their products last week as word of the attack leaked out, users sounded a uniformly grim note on WEP and WLAN security.

"To be honest, security was a low consideration [when we built our WLAN] considering what it was to be used for," said Gary Moore, assistant dean for IS at Hofstra University School of Law, in Hempstead, N.Y., which has a WLAN that its law students use to access e-mail and law databases. "[But] if I were building a new building, security would be the No. 1 concern, especially after this [attack]."

WLAN gear vendors have always maintained that WEP is insufficient, and they recommend that users augment the protocol with extra layers of security, such as a VPN (virtual private network) or a secure shell. In fact, vendor confidence in WEP is so low, the encryption is turned off by default on all access points when they are shipped.

But, in practice, many users simply use the gear in its out-of-the-box configuration and dont bother to pair it with a VPN or other more secure technologies.

Some users, however, have found it necessary to use alternative encryption schemes.

"WEP was not on by default," said Steve Durst, co-founder of Skaion Corp., a North Chelmsford, Mass., security vendor that recently installed a WLAN. "The truly important things, like X Window and the Unix Shell, I encrypt anyway, so WEP is superfluous."

Meanwhile, WLAN advocates defended the technology and said that while the new attack is a problem, its not insurmountable.

"Well probably see some short-term impact, but this is the natural evolution of the security process," said Dennis Eaton, vice chairman of the Wireless Ethernet Compatibility Alliance, of San Jose, Calif., which promotes the 802.11b standard and compatibility among various WLAN products. "The sky is not falling."

Although there are several efforts under way to improve upon WEP or replace it with a more secure protocol—including one that would substitute the new Advanced Encryption Standard for RC4—they are a long way from implementation. And one of the proposed standards, known as WEP2, is just as vulnerable to this new attack as is the existing protocol, according to security experts.

The flaws that the new attack exploits are in the key scheduling algorithm of the RC4 cipher on which WEP is based. Using little more than a notebook PC with a wireless network card, an attacker would need only to eavesdrop on a small amount of WLAN traffic and then perform some number crunching to decipher a users secret key.

And, unlike some other attacks, the length of the key makes little difference in the attacks success, as the complexity of the operation grows linearly instead of exponentially in relation to key size.

The paper disclosing the vulnerability in RC4, "Weaknesses in the Key Scheduling Algorithm of RC4," was written by Adi Shamir and Itsik Mantin of the Weitzmann Institute, in Israel, and Scott Fluhrer of Cisco Systems Inc., in San Jose, three of the best-regarded cryptographers in the world.

The authors will present their work at a cryptography conference in Toronto this week.

Although there have been two other widely publicized papers detailing attacks on WLANs, this one details an attack that is much more efficient and potentially devastating to users of wireless networks, experts said.

"This is really bad," said William Arbaugh, an associate professor of computer science at the University of Maryland, in College Park, and co-author of another paper on security problems with WEP. "With currently deployed equipment, the security on these networks is such that you might as well say there isnt any security."