New Encryption Technology Closes WLAN Security Loopholes

By Ted Stevenson

September 13, 2001

Chip-based security system is designed to shore up the vulnerable Wired Equivalent Privacy protocol without requiring additional network components—or increasing the cost of hardware.

Kirkland, Washington-based NextComm, Inc. yesterday (September 12, 2001) announced the launch of a new technology—dubbed Key Hopping—aimed at enhancing the security of wireless local area networks (WLANs).

Although wireless networking based on theIEEE 802.11b standard has achieved increasing popularity over the past 12 to 18 months, a number of well-publicized studies have pointed out the relative weakness of the standard's built-in security protocol, known as Wired Equivalent Privacy or WEP.

Experts have demonstrated that a hacker sniffing a WLAN from a public location can piece together a WEP encryption key sequence in short time—some say as little as 15 minutes. This has become a matter of increasing concern, especially in enterprise installations.

"In the past, security has been a concern with the 802.11 standard," said NextComm CEO Jerry Wang. "Now, with our Key Hopping technology, wireless LAN users can rest easy knowing their data is secure" he added.

NextComm's Key Hopping uses the MD5 ("message digest, version 5") algorithm, once employed extensively in secure digital document "signing." "When you're talking about security, you're really talking about two elements: the strength of the lock, and how difficult it is for the attacker to find the key," Wang said. "The way WEP uses the lock, "the key patterns generated are easily identified."

At the core of the Key Hopping technology is the ability to change encryption keys rapidly—as often as every three seconds—so attackers don't have time to accumulate enough information to piece together patterns and decipher the datastream. "We use the MD5 algorithm and fast key management techniques to increase the complexity of the resulting key patterns. They can't be analyzed as quickly; it would take years," said Wang.

Specifically, MD5 is used in this context to conceal, via encryption, communication between access point and station about intended keys. Although there are more secure algorithms, MD5 can't be broken in anything like the times attackers will have available. Its advantage over other, more secure algorithms is lower computational overhead, Wang said.

The Key Hopping system is backwards-compatible with 802.11b (Wi-Fi) and the higher-speed 802.11a; the WEP enhancements are activiated by a user-selectable "enhanced security" mode. A proprietary technology, Key Hopping must be operating on both ends of a WLAN link.

Other proprietary WLAN security-enhancing technology is available, but according to Wang, all such products require the increased expense and overhead of adding a separate access control server to the network.

NextComm's Key Hopping solution will first be built into the company's latest 802.11b MAC (media access controller) integrated circuit. NextComm will work with OEM hardware manufacturers to implement the technology on both wireless access points and network interface cards (NICs). According to CEO Wang, components using the new secure technology should not cost any more than currently available equipment.

Product trials are scheduled begin next month (October 2001), and commercially available WLAN products using the technology are expected by year's end.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.