Home: www.packetnexus.com
Cipher attack delivers heavy blow to WLAN security By Patrick Mannion, EE Times Aug 3, 2001 (3:51 PM) URL: http://www.eetimes.com/story/OEG20010803S0082 MANHASSET, N.Y. — A new report dashes any remaining illusions that 802.11-based (Wi-Fi) wireless local-area networks are in any way secure. The paper, written by three of the world's foremost cryptographers, describes a devastating attack on the RC4 cipher, on which the WLAN wired-equivalent privacy (WEP) encryption scheme is based. The passive network attack takes advantage of several weaknesses in the key-scheduling algorithm of RC4 and allows almost anyone with a WLAN-enabled laptop and some readily available "promiscuous" network software to retrieve a network's key — thereby gaining full user access — in less than 15 minutes. The new attack has implications for a wireless LAN market that is on the cusp of reaching critical mass. According to Frost & Sullivan, the WLAN's market value will approach $2 billion by the end of this year and spring to almost $5 billion by 2005. The fallout for WLANs could be "huge, mainly because you can recover the key in roughly 15 minutes with a 40-bit key," said Bill Arbaugh, assistant professor of the Computer Science Department at the University of Maryland and the author of that university's WEP attack. "And it scales linearly with the number of bits used. It makes little to no difference if you go to 128 bits." The IEEE-802.11i Task Group (TGi) has been hard at work defining a second version of WEP (WEP2) that would use a 128-bit key instead of the 40-bit key now widely deployed. Complicating the matter, said Arbaugh, is that in many cases RC4 is implemented as an ASIC, so it is impractical to make changes to deployed systems. Other schemes tend to put the encryption in software and hence can be upgraded in response to such attacks. Previous attacks on the long-embattled WEP protocol — most notably by researchers from Berkeley and the University of Maryland — have taken anywhere from eight hours to several days. And those attacks resulted only in the capture of finite amounts of data passing on that network, not the retrieval of the full network key. Renowned cryptographers Adi Shamir and Itsik Mantin of the Computer Science Department of the Weizmann Institute (Rehovot, Israel) and Scott Fluhrer of Cisco Systems Inc. (San Jose, Calif.) describe the new attack in a report titled "Weaknesses in the Key Scheduling Algorithm for RC4." They will present the report at the Selected Areas in Cryptography (SAC) conference in Toronto Aug. 16-17. Devastating blow "This is devastating to the standard," said David Wagner, an assistant professor in the Computer Science Department at Berkeley, who worked with the two students involved in the infamous Berkeley attack earlier this year. "They're able to break the scheme with fewer resources, and the impact [of that break] is much more significant. "It's definitely a big advance and leaves me all the more worried about security, as more than ever it raises the possibility of someone riding around in a van and intercepting your wireless communications in the office." "We all knew it could be done," Craig Mathias, principal at the Farpoint Group (Ashland, Mass.), said of the attack. "The whole purpose of WEP was to make it difficult, not impossible. Forty bits was all the [IEEE 802.11 Working Group] could legally