New Encryption Technology Closes WLAN Security Loopholes
September 13, 2001
Chip-based security system is designed to shore up the vulnerable Wired Equivalent Privacy protocol without requiring additional network componentsor increasing the cost of hardware.
Although wireless networking based on theIEEE 802.11b standard has achieved increasing popularity over the past 12 to 18 months, a number of well-publicized studies have pointed out the relative weakness of the standard's built-in security protocol, known as Wired Equivalent Privacy or WEP.
Experts have demonstrated that a hacker sniffing a WLAN from a public location can piece together a WEP encryption key sequence in short timesome say as little as 15 minutes. This has become a matter of increasing concern, especially in enterprise installations.
"In the past, security has been a concern with the 802.11 standard," said NextComm CEO Jerry Wang. "Now, with our Key Hopping technology, wireless LAN users can rest easy knowing their data is secure" he added.
At the core of the Key Hopping technology is the ability to change encryption keys rapidlyas often as every three secondsso attackers don't have time to accumulate enough information to piece together patterns and decipher the datastream. "We use the MD5 algorithm and fast key management techniques to increase the complexity of the resulting key patterns. They can't be analyzed as quickly; it would take years," said Wang.
Specifically, MD5 is used in this context to conceal, via encryption, communication between access point and station about intended keys. Although there are more secure algorithms, MD5 can't be broken in anything like the times attackers will have available. Its advantage over other, more secure algorithms is lower computational overhead, Wang said.
The Key Hopping system is backwards-compatible with 802.11b (Wi-Fi) and the higher-speed 802.11a; the WEP enhancements are activiated by a user-selectable "enhanced security" mode. A proprietary technology, Key Hopping must be operating on both ends of a WLAN link.
Other proprietary WLAN security-enhancing technology is available, but according to Wang, all such products require the increased expense and overhead of adding a separate access control server to the network.
NextComm's Key Hopping solution will first be built into the company's latest 802.11b MAC (media access controller) integrated circuit. NextComm will work with OEM hardware manufacturers to implement the technology on both wireless access points and network interface cards (NICs). According to CEO Wang, components using the new secure technology should not cost any more than currently available equipment.
Product trials are scheduled begin next month (October 2001), and commercially available WLAN products using the technology are expected by year's end.