Encryption: The Achilles' Heel of Wireless

Companies are hot for wireless, but the current encryption standard is weak

Michael Murphy, director of information systems support services at Minneapolis-based Carlson Hotels Worldwide, parent company to more than 300 hotels in North America, would like to use stronger encryption to secure his 802.11b wireless LAN.

But for the moment, he's stuck using the industry-standard 40-bit encryption --considered the least secure -- because the products that support higher encryption aren't interoperable.

Once you try to go above 40-bit encryption to enhance security, you run into "some problems with compatibility," he says. "Forty bit seems to be the maximum level [of encryption] compatibility between the different vendors" that make the access point devices and the mobile network interface cards for wireless LANs, Murphy says.

"If you're using access points from Cisco and network cards from Lucent [Technologies Inc.], for example, they don't work," he says. Although Cisco Systems Inc. and Santa Clara, Calif.-based 3Com Corp. have introduced products with dynamic 128-bit encryption, they are proprietary products that force companies to standardize on a single vendor's hardware, experts say.

And that's just the beginning of the wireless encryption challenges for IT managers, who will spend as much as $2.4 billion on wireless networks by 2004, according to a report from Cahners In-Stat Group in Newton, Mass.

Simply installing an industry-standard 802.11b wireless LAN and expecting the default encryption settings to be enough to make it secure is asking for trouble, say experts and users.

Today's wireless LAN trailblazers find themselves in this unfortunate position because of the inherent weakness of the 802.11b encryption algorithm—known as the Wired Equivalent Privacy (WEP) key—used to encrypt wireless LAN traffic.

In simple terms, the problem is that WEP can be -- and has been -- cracked. In fact, researchers have demonstrated hacks against WEP-protected wireless LANS twice in the past eight months, including a very simple attack capable of recovering the 128-bit WEP key. In essence, experts say WEP is no longer considered secure.

The vulnerability stems in part from the fact that WEP keys are shared—that is, all clients and access points on 802.11b networks use the same key to encrypt and decrypt data. Therefore, WEP-protected networks are inherently vulnerable to authentication spoofing and other hacker exploits.

In February, researchers at the University of California, Berkeley, demonstrated the ability to read WEP-protected traffic, inject traffic onto WEP-protected networks and modify data. Separately, in August, researchers from Rice University in Houston and AT&T Labs demonstrated a passive attack capable of defeating WEP's 128-bit encryption; it required very little hacker expertise in cracking encryption.

"WEP provides sufficient security to discourage experimenters and casual eavesdroppers," analyst John Pescatore wrote in a July report by Stamford, Conn.-based Gartner Inc. "But [it] will not stop a motivated attacker."

For example, the new vulnerability of 128-bit WEP encryption -- discovered by Adam Stubblefield, a graduate student at Rice, and Aviel Rubin, a researcher at AT&T Labs -- came one week after Scott Fluhrer at Cisco and Itsik Mantin and Adi Shamir at the Weizmann Institute in Israel published a paper describing the attack in theory.

Stubblefield took that paper and, using a $100 wireless LAN card he purchased from Irvine, Calif.-based Linksys Group Inc., proved after less than two hours of coding that it was possible to recover the 128-bit secret WEP key used in wireless LANs.

This new attack method "is much stronger and much easier for a generic person to carry out," Stubblefield says. "The adversary is completely passive. He can just listen to the network traffic and the victim will never know they've been compromised."

Added Layers

Because of these vulnerabilities, companies are being forced to take other measures to enhance the security of wireless LANs. In addition to using WEP keys, most companies employ one or more of the following additional security options:

  • Service set identifiers (SSID) to control access to segmented subnetworks
  • Media Access Control (MAC) address filtering, where each access point contains a list of unique, authorized machine addresses
  • Virtual private network (VPN) tunneling, considered by most experts to be the most suitable wireless LAN security option for corporations

Experts agree, however, that only large companies with large budgets are deploying VPNs with every wireless access point. Gartner's Pescatore goes so far as to say that few companies even turn on the default security settings in wireless LANs.

"Tunneling through a VPN takes somebody with quite a bit of VPN knowledge," says Mandy Andress, president of Dublin, Calif.-based ArcSec Technologies Inc. "That's where it gets really difficult and why some companies are not deploying them."

But the other options can also be difficult to manage. For example, if administrators unwittingly leave SSIDs in what is known as broadcast mode, any client computer that isn't configured with a specific SSID will be able to receive the SSID and access the wireless LAN. That eliminates any added security SSIDs might have provided.

In addition, MAC addresses must be entered into wireless access points and updated manually. Therefore, managing hundreds or thousands of users can easily overwhelm administrators.

Companies that already have VPNs deployed find them to be the most scalable and cost-effective option for securing wireless LANS, analysts say. But for those that don't have VPNs in place, deploying a $1,000 to $1,500 VPN device with every wireless access point can be too costly.

Therefore, for bare-bones, non-VPN wireless security, Andress and other experts recommend using devices with 128-bit encryption with MAC address filtering and SSIDs.

United Parcel Service Inc. in Atlanta acknowledges the need to study add-on security measures for 802.11b networks. UPS recently announced a $100 million project to field 15,000 wireless access points at 2,000 shipping hubs worldwide. The project would combine Bluetooth handheld and 802.11b wireless LAN technologies.

"We will probably implement application-specific value-added software" for security, said Dave Salzman, UPS project manager for information services. "There are a lot of options open to us, but it is premature to say what techniques we will be selecting." Salzman said it could be a year before UPS decides what approach to take.

The challenge for UPS and other companies considering Bluetooth-based devices, says Mandress, is that although Bluetooth is a different standard that uses different encryption, "it, too, is easily cracked."

"Currently, both Bluetooth and 802.11b standards only authenticate the wireless device; they do not authenticate the end user," says Andress.

"Bluetooth is very promiscuous," agrees Dan Lieman, co-founder of NTRU Cryptosystems Inc., a security firm in Burlington, Mass. "Bluetooth devices immediately try to talk to each other," he says, adding that UPS will need to develop an additional layer of authentication that could slow performance.

But there may be some hope for Bluetooth. Symbol Technologies Inc. in Holtsville, N.Y., which has a contract to supply wireless LAN hardware to UPS, uses Kerberos in products designed to fend off the kind of key-sniffing exploited by Stubblefield. That attack took advantage of a static key, and Kerberos, an authentication protocol developed at MIT for Windows 2000 security and for centralized user authentication and identification, is designed to deflect such an attack by allowing the dynamic changing of keys.

Carlson Hotels' Murphy says that although laptop performance hasn't suffered as a result of the use of encryption and authentication, handheld performance has been degraded by 15% to 20%.

Still, Murphy says he's looking closely at VPN options that will enable him to use Remote Authentication Dial-In User Service (RADIUS)—a central repository of authentication information for the network—on top of the 40-bit encryption in WEP. "We think that will give us the level of protection that we need," he says.

Next Generation

The Institute of Electrical and Electronics Engineers Inc. this year will introduce a new standard, 802.1x. The standard will use encryption keys that are unique for each user and each network session, and will support 128-bit key lengths. It will also support the use of RADIUS and Kerberos.

Most of the major wireless vendors have announced plans to support the new standard with products due out early next year. In fact, Cisco has already introduced Lightweight Extensible Authentication Protocol (LEAP) for its Aironet devices. With LEAP, client devices dynamically generate a new WEP key instead of using a static key as part of the log-in process.

As soon as interoperable products with 128-bit encryption are commercially available, Carlson Hotels plans to upgrade, says Murphy. However, for now, "I'm forced to move as fast as my vendors move," he says.

Copyright © 2001 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon