WLAN Security in Neutral

As the process for developing a replacement for a leading wireless security protocol drags on, new questions are arising about the effectiveness of the replacement and whether WLAN vendors will even implement it once its ready.

With sales of 802.11b gear brisk, most vendors are reluctant to implement a replacement to the WEP (Wired Equivalent Privacy) protocol, which would require expensive re-engineering. Meanwhile, wireless networking companies are continuing to tweak wireless LAN security in the hope that interim fixes can keep users comfortable until the standards issue is resolved.

The result: Despite academic advancements, the security of WLANs in the real world is unlikely to improve any time soon.

The Institute of Electrical and Electronics Engineers Task Group I has been working for months on enhancements to the security in 802.11b WLANs.

While the initial focus of the group was to replace WEP with a backward-compatible version dubbed WEP2, the scope of the IEEEs work has expanded to include a new authentication mechanism. The new protocol will likely be based on the new AES (Advanced Encryption Standard), which addresses more security problems than either WEP or WEP2.

This shift, however, is problematic for wireless networking vendors that have invested much in products configured to work with WEP and the cryptographic stream cipher known as RC4.

“The security of wireless LANs, to a large degree, is a victim of their success,” said William White, director of cryptographic research at security vendor Ntru Inc., of Waltham, Mass., and a member of the IEEE Task Group. “Vendors dont want to deploy anything that will break whats out there, but the security of these things is so broken it needs to be completely rebuilt. RC4 is going to be there for the time being.”

WLAN users say that security should be the top concern for vendors. “Its in the wireless vendors best interests to implement the new IEEE security protocol,” said Gary Moore, assistant dean for IS at the Hofstra University School of Law, in Hempstead, N.Y. “[WLANs] may be selling well now, but many universities and businesses are probably holding off on large-scale wireless implementations due to security concerns.”

Researchers from RSA Security Inc. and Hifn Inc. in December unveiled a technology that addresses one of the main security problems with WEP, a weakness in the implementation of RC4 used in the protocol.

The vulnerability enables an attacker to sniff a small number of packets on a WLAN and then guess the private encryption key thats being used. Known as “fast packet keying,” the new technology is essentially a firmware patch for existing WLAN gear.

“I expect [fast packet keying] to be part of near-term wireless LAN security solutions, and I expect AES to be part of long-term wireless LAN security solutions,” said Russ Housley, senior consulting architect at RSA Laboratories, in Herndon, Va., and co-author of the new modification.