Encrypting for the Future
August 09, 2002
WEP as we know it is not considered great security, but it's better than no security. If you're still holding out for the ultimate in WLAN encryption, here's a look at what is coming to protect your 802.11 connection.
Just as 802.11 describes wireless communications, WEP (Wired Equivalent Privacy) currently describes wireless security. Today, WEP comes in 64-bit and more secure 128-bit, as well as proprietary versions that are designed to stop unauthorized access. But is 128-bit WEP the ultimate in wireless security that will withstand everything that hackers can throw at it? And what about the immediate future for wireless security? For answers, we asked a panel of wireless and security analysts.
The biggest WEP issue today is the inherent weaknesses that remain even as the technology evolves. Navin Sabharwal, Director of Residential & Networking Technologies at Allied Business Intelligence, finds three major flaws in WEP. To start, the technology relies on a short initialization vector (IV), which when used with the shared key is eventually reused. By monitoring a network for an hour or less, hackers can theoretically crack a key that the network is using.
A second major flaw is WEP's use of a static shared key. Should hackers crack the key, it is clearly exposed and easily exploited. Sabharwal says that stronger security demands a dynamic key that, when exposed, is quickly replaced by a new one.
"By using a much larger key, 128-bit encryption provides greater cryptographic protection," says Michael Greeson, Senior Analyst, Director of Broadband Research for Parks Associates. "Although more difficult to hack, 128-bit WEP falls victim to many of the same problems of lower bit WEP encryption. Many observers believe that the 128-bit WEP extension is really not that much more secure than its brethren."
"128-bit WEP is not the final answer, although it will serve as an interim solution," adds Greeson. "WEP is only reasonably effective when combined with more traditional security practices, such as a firewall."
"128-bit is a successive technology approach that links consumer demand for greater encryption," says Frank J. Bernhard, Managing Principal, Supply Chain and Telecommunications Practice, at OMNI Consulting Group LLP. "Most vendors have moved in this direction as an evolving standard but given little thought to the real risk mitigation effects of the technology."
"The apparent downside to 128-bit WEP is really an interoperability issue within mixed vendor environments," says Bernhard. "Networks that apply varying versions of WEP protection find configuration and maintenance challenges to be an operational stumbling block."
"WEP offers a basic level of security for residential users and small businesses, but it is not a suitable solution for large corporations and public access in hotspots," says Monica Paolini a consultant for Analysis Consulting. "Clearly WEP (128-bit as well as 64-bit) is by far preferable to no security."
Proprietary WEP flavors have come to market, most notably, Agere's WEPplus. According to the company, WEPplus remedies the initialization vector problem. However, is the proprietary version more secure than conventional 128-bit WEP?
"The word on the street is that WEPplus is truly more secure than other WEP extensions," says Greeson. "Given the use of a key generation algorithm that avoids weak keys, WEPplus is more difficult to crack." Greeson warns that Agere claims its WEPplus only "reduces the vulnerability," as opposed to eliminating it.
"Orinoco's WEPplus is clearly an interim innovation, which definitely provides added security over the basic WEP protocol," says Sabharwal. "It is capable of defeating AirSnort, though ultimately it implies that both the client and access point devices have implemented WEPplus. [AirSnort is a hacker tool that enables someone with a PRISM2-based 802.11b card, Linux 2.4 kernel based system, and WLAN drivers to guess a network's WEP key after passively gathering between 100MB-1GB of data.] That is why in the longer run the industry must move towards truly standardized security solutions."
Patches and Progress
There are two key technologies that are designed to improve wireless security: Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES) protocol. TKIP's dynamic scheme is designed to remedy WEP's static key problem by changing the temporal key every 10,000 packets. While the IV used under TKIP is larger, TKIP still relies on RC4 encryption.
A big benefit here is that most of the 802.11 installed base can upgrade to TKIP though firmware patches. According to Sabharwal, TKIP was initially called WEP2, but its name was changed so it wouldn't be associated with "WEP" security.
Sabharwal says that AES offers far stronger encryption than RC4. The main drawback is that AES requires more processing horsepower, and may only be used with new WLAN products. "Longer-term vendors should look towards AES simply because it is essentially a more secure encryption technology, versus RC4 (which both WEP and TKIP use)," says Sabharwal.
"One must ask the ultimate question of whether or not a "patch" is consistent with their comfort level of security," says Bernhard. "Since TKIP was augmented to fashion itself around legacy technology (and early stage 802.11standards), the patchwork quilt of security may not shore the confidence necessary to convince CIOs and their business peers that the enterprise remains secure."
Graham Titterington, Senior Analyst at Ovum, views TKIP as an unhappy compromise that provides limited security with significant performance overhead. "It does provide a third alternative between doing nothing and moving to full IPSEC VPN level security," says Titterington.
"TKIP is an improvement on WEP and as such it is a welcome measure to address some of the security concerns - especially in the consumer and public access market where standardization and interoperability are key," says Paolini.
"TKIP is a good interim addition, as it can be a firmware upgrade to existing equipment," says Russ Craig, Research Director, Digital Consumer Technology Practice, Semiconductor Practice at Aberdeen Group. "As backward compatibility concerns in the Enterprise Market are very real, TKIP will continue to be supported along with AES for some time to come."
"The long term solution is the IEEE 802.11i standard which is currently being worked on," says Sabharwal. "This specification, which will be delivered by end of 2002, will apply a new security scheme to all the 802.11 protocols (a, b and g)."
According to Titterington, the long term solution will replace WEP with something that is AES-based and offer stronger security without the massive throughput hit.
"While the IEEE pushes the fix into the mainstream, adoption is slow as vendors focus on next generation products that deliver superior encryption schemes and a platform that doesn't attempt to readdress the weakness," says Bernhard.
"I think that increasingly we will see wireless security becoming fully integrated with overall network security (which traditionally has been about wired communications) and as such, there will be a tendency to adopt solutions that are suitable for both," says Paolini. "However, because users will use different devices, different networks and access technologies, it will be difficult for corporations to rely on less flexible proprietary solutions."
"The year 2001 proved to be a wake-up call for corporate IT security and not just because of the 9/11 tragedy," says Bernhard. "In 2002, broad base demand for wireless is coming to critical mass, and the economic viability of mobile user security is being felt across the globe. As more departments and metro networks turn to wireless solutions, the imperative for WEP security and advanced security means will be an obvious investment point."