5-Minute Security Advisor - Strengthening Wireless Encryption
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
It's a truism in the security world that the worst kind of security feature is one that lulls you into a false sense of security. After all, if you know something's insecure, you can take protective measures accordingly; if you think something's already secure, you're not likely to pay it much attention. Encryption for wireless networks regrettably falls into the category of security-blanket security measures: They give you a comforting feeling without actually delivering much. Though it's true that Wired Equivalent Privacy (WEP) is much better than no encryption at all, it's important to understand its limitations so that you have an accurate picture of what you're getting. It's equally important to know how to get the maximum security possible from WEP.
On This Page
How WEP Encryption Works
WEP encryption uses a shared- secret key and the RC4 encryption algorithm. The access point (AP), and all stations that connect to it, must use the same shared key. For each packet of data sent in either direction, the transmitter combines the contents of the packet with a checksum of the packet. The WEP standard then calls for the transmitter to create a packet-specific initialization vector (IV), which is combined with the key and used to encrypt the packet. The receiver generates its own matching packet key and uses it to decrypt the packet. In theory, this approach is better than the obvious tactic of using the shared-secret key alone, because it adds a packet-specific bit of data that should make it harder for an opponent to crack.
Why WEP is Vulnerable
In general, you should avoid using a shared key, because if that key is compromised, it means an attacker can eavesdrop on your traffic or join your network. Strike #1 against WEP is its requirement that you establish a shared secret; you'd be much better off if you could use a challenge-response mechanism such as the ones used in 802.1X or Kerberos. However, shared secrets aren't the biggest problem; strike #2 is that the WEP design engineers made some bad choices about how to implement WEP encryption. Accordingly, some smart cryptographers figured out severaltheoretical attacks against WEP, some of which quickly became practical attacks. The method has several problems:
The RC4 algorithm itself has a subtle weakness that can be exploited to crack keys.
The WEP standard allows the IV to be reused (on average, about every five hours). This feature makes attacking WEP much easier, since repeating the IV guarantees that the attacker will have some repeating ciphertext to analyze.
The WEP standard doesn't provide for any way to automatically change keys. As a result, you can only rekey an access point (AP) and its stations manually; as a practical matter, therefore, no one changes keys, thereby exposing their Wireless LANs (WLANs) to passive attacks that gather traffic and crack the keys.
The first few vendor's WEP implementations provided only 40-bit encryption—a laughably short key length. More modern systems provide 128-bit WEP; the 128-bit key length minus the 24-bit IV actually gives an effective 104-bit key length, which would still be acceptable were it not for the other weaknesses.
These weaknesses add up to more than three strikes, but WEP's not out—it's still better than nothing, as long as you understand that WEP isn't unbreakable.
Strengthening your Wireless Encryption
The IEEE is aware of the problems with WEP, but—as with most other hardware standards—it's too late to fix the problems in the millions of already-deployed 802.11b devices. However, you can take some practical steps to make your own WLANs more secure:
Make sure WEP is turned on to its maximum strength. 128-bit WEP is better than no WEP at all—without WEP, anyone can sniff your traffic.
Consider putting your APs outside the firewalls of your network. In essence, this precaution forces you to treat wireless connections as untrusted, just as you would any other from-the-Internet connection.
Require that WLAN clients use virtual private networking to secure their traffic. This step is simple with Windows 2000 or Windows XP, and now there's a robust IPsec VPN client for Windows 98, Windows ME, and Windows NT Workstation clients as well.
For future deployments, choose 802.11b hardware that supports automatic WEP rekeying. Cisco' Aironet line (which is what Microsoft uses internally) offers this feature; the IEEE's Temporal Key Integrity Protocol (TKIP) specifies interoperable methods for doing automatic WEP rekeying, and vendors are now adding this feature to their existing equipment by using firmware releases.