Wireless LAN Security


Thread Starter

Ramer-1, Carl

There's been a small thread regarding wireless operation and the potential for security problems in that environment. Here's some news that may open an eye or two. Extracted from Security Wire Digest, Vol 3, No. 63, August 13, 2001.


By Shawna McAlearney
Any remaining illusions about the security of 802.11 protocol for wireless local-area networks (WLAN) were dashed last week when AT&T Labs released a report describing a devastating new attack that acquires a network key in 15 minutes.

Based on the RC4 cipher, the wired-equivalent privacy (WEP) encryption scheme has weaknesses in the key-scheduling algorithm that allows an
attacker to retrieve a network's key, gaining full user access in less than 15 minutes, according to the report written by AT&T's Adam
Stubblefield, John Ioannidis and Avi Rubin.

University of Maryland computer scientists earlier this year found a way to "sniff" cleartext messages containing the name of the network, which is used as a shared secret for authentication in some 802.11 implementations.
A similar problem was found in the media access-control addresses used on the WLAN cards, which also broadcast in easy-to-capture cleartext. A third flaw involved an encryption error that allows an attacker to capture plaintext and ciphertext of shared keys and leverage them against WEP's shared-key authentication to join the network.

Earlier, researchers at the University of California at Berkeley found a number of ways to intercept and modify wireless transmissions and to
access restricted networks.

Previous attacks have taken from eight hours to several days to exploit, and resulted in the capture of finite amounts of encrypted data--not the retrieval of the full network key.

"It's much worse than the Berkley paper," says Chris Wysopal, @stake's director of research and development, also known as Weld Pond. "Their
attack never recovered the key--only bits and pieces of encrypted data--and it was fairly difficult to do because you captured the data and
then had to go and crack it. That's not the case with the new exploit...."

Read the rest of this article and others at http://infosecuritymag.bellevue.com.

Carl Ramer, Engineer
Controls & Protective Systems Design
Space Gateway Support, Inc.
Kennedy Space Center, Florida
(V) 321-867-1812
(F) 321-867-1495

Unsponsored professional posting