The latest blow to the already shaky security reputation of WLANs (wireless LANs) is the worst one yet. The attack, devised by three well-known cryptographers and re-created successfully by a team of AT&T Labs researchers, enables an eavesdropper to capture a small amount of network traffic and recover a user's secret key in less than an hour.
"This is the last straw for WEP (Wired Equivalent Privacy)," said Adam Stubblefield, a summer intern at AT&T's famed lab who wrote the code used to compromise WEP. "WEP is basically useless."
While WLAN vendors scrambled to do damage control and assess the implications for their products as word of the attack leaked out last week, users sounded a uniformly grim note on WEP and WLAN security.
"To be honest, security was a low consideration (when we built our WLAN) considering what it was to be used for," said Gary Moore, assistant dean for IS at Hofstra University School of Law, which has a WLAN that its law students use to access e-mail and law databases. "(But) if I were building a new building, security would be the No. 1 concern, especially after this (attack)."
WEP workarounds
WLAN gear vendors have always maintained that WEP is insufficient, and they recommend that users augment the protocol with extra layers of security, such as a VPN (virtual private network) or a secure shell. In fact, vendor confidence in WEP is so low, the encryption is turned off by default on all access points when they are shipped.
But, in practice, many users simply use the gear in its out-of-the-box configuration and don't bother to pair it with a VPN or other more secure technologies.
Some users, however, have found it necessary to use alternative encryption schemes.
"WEP was not on by default," said Steve Durst, co-founder of Skaion, security vendor that recently installed a WLAN. "The truly important things, like X Window and the Unix Shell, I encrypt anyway, so WEP is superfluous."
Meanwhile, WLAN advocates defended the technology and said that while the new attack is a problem, it's not insurmountable.
"We'll probably see some short-term impact, but this is the natural evolution of the security process," said Dennis Eaton, vice chairman of the Wireless Ethernet Compatibility Alliance, which promotes the 802.11b (Wi-Fi) standard and compatibility among various WLAN products. "The sky is not falling."
Although there are several efforts under way to improve upon WEP or replace it with a more secure protocol--including one that would substitute the new Advanced Encryption Standard for RC4--they are a long way from implementation. And one of the proposed standards, known as WEP2, is just as vulnerable to this new attack as is the existing protocol, according to security experts.
The flaws that the new attack exploits are in the key scheduling algorithm of the RC4 cipher on which WEP is based. Using little more than a notebook PC with a wireless network card, an attacker would need only to eavesdrop on a small amount of WLAN traffic and then perform some number crunching to decipher a user's secret key.
And, unlike some other attacks, the length of the key makes little difference in the attack's success, as the complexity of the operation grows linearly instead of exponentially in relation to key size.
Cracking WLANs
The paper disclosing the vulnerability in RC4, "Weaknesses in the Key Scheduling Algorithm of RC4," was written by Adi Shamir and Itsik Mantin of the Weitzmann Institute, in Israel, and Scott Fluhrer of Cisco Systems, three of the best-regarded cryptographers in the world.
The authors will present their work at a cryptography conference in Toronto this week.
Although there have been two other widely publicised papers detailing attacks on WLANs, this one details an attack that is much more efficient and potentially devastating to users of wireless networks, experts said.
"This is really bad," said William Arbaugh, an associate professor of computer science at the University of Maryland, and co-author of another paper on security problems with WEP. "With currently deployed equipment, the security on these networks is such that you might as well say there isn't any security."
