Encrypting for the Future

Just as 802.11 describes wireless communications,
WEP (Wired Equivalent Privacy) currently describes wireless security. Today,
WEP comes in 64-bit and more secure 128-bit, as well as proprietary versions
that are designed to stop unauthorized access. But is 128-bit WEP the ultimate
in wireless security that will withstand everything that hackers can throw at
it? And what about the immediate future for wireless security? For answers,
we asked a panel of wireless and security analysts.

The biggest WEP issue today is the inherent weaknesses
that remain even as the technology evolves. Navin Sabharwal, Director of Residential
& Networking Technologies at Allied Business Intelligence, finds three major
flaws in WEP. To start, the technology relies on a short initialization vector
(IV), which when used with the shared key is eventually reused. By monitoring
a network for an hour or less, hackers can theoretically crack a key that the
network is using.

A second major flaw is WEP’s use of a static shared
key. Should hackers crack the key, it is clearly exposed and easily exploited.
Sabharwal says that stronger security demands a dynamic key that, when exposed,
is quickly replaced by a new one.

Last, WEP relies on RC4 encryption. While RC4 was
state-of-art when WEP was adopted, Sabharwal says that it has been surpassed
by stronger encryption schemes. "The move to 128-bit WEP by itself does
not solve the weaknesses in WEP, it just makes it harder to crack the key,"
says Sabharwal.

"By using a much larger key, 128-bit encryption
provides greater cryptographic protection," says Michael Greeson, Senior
Analyst, Director of Broadband Research for Parks Associates. "Although
more difficult to hack, 128-bit WEP falls victim to many of the same problems
of lower bit WEP encryption. Many observers believe that the 128-bit WEP extension
is really not that much more secure than its brethren."

"128-bit WEP is not the final answer, although
it will serve as an interim solution," adds Greeson. "WEP is only
reasonably effective when combined with more traditional security practices,
such as a firewall."

"128-bit is a successive technology approach
that links consumer demand for greater encryption," says Frank J. Bernhard,
Managing Principal, Supply Chain and Telecommunications Practice, at OMNI Consulting
Group LLP. "Most vendors have moved in this direction as an evolving standard
but given little thought to the real risk mitigation effects of the technology."

"The apparent downside to 128-bit WEP is really
an interoperability issue within mixed vendor environments," says Bernhard.
"Networks that apply varying versions of WEP protection find configuration
and maintenance challenges to be an operational stumbling block."

"WEP offers a basic level of security for
residential users and small businesses, but it is not a suitable solution for
large corporations and public access in hotspots," says Monica Paolini
a consultant for Analysis Consulting. "Clearly WEP (128-bit as well as
64-bit) is by far preferable to no security."

Proprietary Versions

Proprietary WEP flavors have come to market, most
notably, Agere’s WEPplus. According to the company, WEPplus remedies the initialization
vector problem. However, is the proprietary version more secure than conventional
128-bit WEP?

"The word on the street is that WEPplus is
truly more secure than other WEP extensions," says Greeson. "Given
the use of a key generation algorithm that avoids weak keys, WEPplus is more
difficult to crack." Greeson warns that Agere claims its WEPplus only "reduces
the vulnerability," as opposed to eliminating it.

"Orinoco’s WEPplus is clearly an interim innovation,
which definitely provides added security over the basic WEP protocol,"
says Sabharwal. "It is capable of defeating AirSnort, though ultimately
it implies that both the client and access point devices have implemented WEPplus.
[AirSnort is a hacker tool that enables someone with a PRISM2-based 802.11b
card, Linux 2.4 kernel based system, and WLAN drivers to guess a network’s WEP
key after passively gathering between 100MB-1GB of data.] That is why in the
longer run the industry must move towards truly standardized security solutions."

Patches and Progress

There are two key technologies that are designed
to improve wireless security: Temporal Key Integrity Protocol (TKIP) and Advanced
Encryption Standard (AES) protocol. TKIP’s dynamic scheme is designed to remedy
WEP’s static key problem by changing the temporal key every 10,000 packets.
While the IV used under TKIP is larger, TKIP still relies on RC4 encryption.

A big benefit here is that most of the 802.11 installed
base can upgrade to TKIP though firmware patches. According to Sabharwal, TKIP
was initially called WEP2, but its name was changed so it wouldn’t be associated
with "WEP" security.

Sabharwal says that AES offers far stronger encryption
than RC4. The main drawback is that AES requires more processing horsepower,
and may only be used with new WLAN products. "Longer-term vendors should
look towards AES simply because it is essentially a more secure encryption technology,
versus RC4 (which both WEP and TKIP use)," says Sabharwal.

"One must ask the ultimate question of whether
or not a "patch" is consistent with their comfort level of security,"
says Bernhard. "Since TKIP was augmented to fashion itself around legacy
technology (and early stage 802.11standards), the patchwork quilt of security
may not shore the confidence necessary to convince CIOs and their business peers
that the enterprise remains secure."

Graham Titterington, Senior Analyst at Ovum, views
TKIP as an unhappy compromise that provides limited security with significant
performance overhead. "It does provide a third alternative between doing
nothing and moving to full IPSEC VPN level security," says Titterington.

"TKIP is an improvement on WEP and as such
it is a welcome measure to address some of the security concerns – especially
in the consumer and public access market where standardization and interoperability
are key," says Paolini.

"TKIP is a good interim addition, as it can
be a firmware upgrade to existing equipment," says Russ Craig, Research
Director, Digital Consumer Technology Practice, Semiconductor Practice at Aberdeen
Group. "As backward compatibility concerns in the Enterprise Market are
very real, TKIP will continue to be supported along with AES for some time to
come."

"The long term solution is the IEEE 802.11i
standard which is currently being worked on," says Sabharwal. "This
specification, which will be delivered by end of 2002, will apply a new security
scheme to all the 802.11 protocols (a, b and g)."

According to Titterington, the long term solution
will replace WEP with something that is AES-based and offer stronger security
without the massive throughput hit.

"While the IEEE pushes the fix into the mainstream,
adoption is slow as vendors focus on next generation products that deliver superior
encryption schemes and a platform that doesn’t attempt to readdress the weakness,"
says Bernhard.

"I think that increasingly we will see wireless
security becoming fully integrated with overall network security (which traditionally
has been about wired communications) and as such, there will be a tendency to
adopt solutions that are suitable for both," says Paolini. "However,
because users will use different devices, different networks and access technologies,
it will be difficult for corporations to rely on less flexible proprietary solutions."

"The year 2001 proved to be a wake-up call
for corporate IT security and not just because of the 9/11 tragedy," says
Bernhard. "In 2002, broad base demand for wireless is coming to critical
mass, and the economic viability of mobile user security is being felt across
the globe. As more departments and metro networks turn to wireless solutions,
the imperative for WEP security and advanced security means will be an obvious
investment point."

News Around the Web