Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Wireless LANs Dealt New Blow

    By
    Carmen Nobel
    -
    August 13, 2001
    Share
    Facebook
    Twitter
    Linkedin

      A new attack that can compromise the encryption cipher used on wireless networks has many users and security experts questioning the future of a technology that has long been touted as the future of enterprise computing.

      The latest blow to the already shaky security reputation of WLANs (wireless LANs) is the worst one yet. The attack, devised by three well-known cryptographers and re-created successfully by a team of AT&T Labs researchers, enables an eavesdropper to capture a small amount of network traffic and recover a users secret key in less than an hour.

      “This is the last straw for WEP [Wired Equivalent Privacy],” said Adam Stubblefield, a summer intern at AT&T Corp.s famed lab in Florham Park, N.J., who wrote the code used to compromise WEP. “WEP is basically useless.”

      While WLAN vendors scrambled to do damage control and assess the implications for their products last week as word of the attack leaked out, users sounded a uniformly grim note on WEP and WLAN security.

      “To be honest, security was a low consideration [when we built our WLAN] considering what it was to be used for,” said Gary Moore, assistant dean for IS at Hofstra University School of Law, in Hempstead, N.Y., which has a WLAN that its law students use to access e-mail and law databases. “[But] if I were building a new building, security would be the No. 1 concern, especially after this [attack].”

      WLAN gear vendors have always maintained that WEP is insufficient, and they recommend that users augment the protocol with extra layers of security, such as a VPN (virtual private network) or a secure shell. In fact, vendor confidence in WEP is so low, the encryption is turned off by default on all access points when they are shipped.

      But, in practice, many users simply use the gear in its out-of-the-box configuration and dont bother to pair it with a VPN or other more secure technologies.

      Some users, however, have found it necessary to use alternative encryption schemes.

      “WEP was not on by default,” said Steve Durst, co-founder of Skaion Corp., a North Chelmsford, Mass., security vendor that recently installed a WLAN. “The truly important things, like X Window and the Unix Shell, I encrypt anyway, so WEP is superfluous.”

      Meanwhile, WLAN advocates defended the technology and said that while the new attack is a problem, its not insurmountable.

      “Well probably see some short-term impact, but this is the natural evolution of the security process,” said Dennis Eaton, vice chairman of the Wireless Ethernet Compatibility Alliance, of San Jose, Calif., which promotes the 802.11b standard and compatibility among various WLAN products. “The sky is not falling.”

      Although there are several efforts under way to improve upon WEP or replace it with a more secure protocol—including one that would substitute the new Advanced Encryption Standard for RC4—they are a long way from implementation. And one of the proposed standards, known as WEP2, is just as vulnerable to this new attack as is the existing protocol, according to security experts.

      The flaws that the new attack exploits are in the key scheduling algorithm of the RC4 cipher on which WEP is based. Using little more than a notebook PC with a wireless network card, an attacker would need only to eavesdrop on a small amount of WLAN traffic and then perform some number crunching to decipher a users secret key.

      And, unlike some other attacks, the length of the key makes little difference in the attacks success, as the complexity of the operation grows linearly instead of exponentially in relation to key size.

      The paper disclosing the vulnerability in RC4, “Weaknesses in the Key Scheduling Algorithm of RC4,” was written by Adi Shamir and Itsik Mantin of the Weitzmann Institute, in Israel, and Scott Fluhrer of Cisco Systems Inc., in San Jose, three of the best-regarded cryptographers in the world.

      The authors will present their work at a cryptography conference in Toronto this week.

      Although there have been two other widely publicized papers detailing attacks on WLANs, this one details an attack that is much more efficient and potentially devastating to users of wireless networks, experts said.

      “This is really bad,” said William Arbaugh, an associate professor of computer science at the University of Maryland, in College Park, and co-author of another paper on security problems with WEP. “With currently deployed equipment, the security on these networks is such that you might as well say there isnt any security.”

      Avatar
      Carmen Nobel

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×