[Long Rant] Re: Encryption Question

Dominick, David David.Dominick at delta.com
Tue Sep 18 03:40:35 EST 2001 

I am sorry, but I am not sure where you get your information. That is wrong.
The encryption is irrelevant to the way we break WEP. The Initialization
Vector is 24 bit period. that does not change based on encryption size. 

The initialization vector in WEP is a 24-bit field, which is sent in the
clear text part of a message. Such a small space of initialization vectors
guarantees the reuse of the same key stream. A busy access point, which
constantly sends 1500 byte packets at 11Mbps, will exhaust the space of IVs
after 1500*8/(11*10^6)*2^24 = ~18000 seconds, or 5 hours. (The amount of
time may be even smaller, since many packets are smaller than 1500 bytes.)
This allows an attacker to collect two ciphertexts that are encrypted with
the same key stream and perform statistical attacks to recover the
plaintext. Worse, when the same key is used by all mobile stations, there
are even more chances of IV collision. For example, a common wireless card
from Lucent resets the IV to 0 each time a card is initialized, and
increments the IV by 1 with each packet. This means that two cards inserted
at roughly the same time will provide an abundance of IV collisions for an
attacker. (Worse still, the 802.11 standard specifies that changing the IV
with each packet is optional!)

The first attack follows directly from the above observation. A passive
eavesdropper can intercept all wireless traffic, until an IV collision
occurs. By XORing two packets that use the same IV, the attacker obtains the
XOR of the two plaintext messages. The resulting XOR can be used to infer
data about the contents of the two messages. IP traffic is often very
predictable and includes a lot of redundancy. This redundancy can be used to
eliminate many possibilities for the contents of messages. Further educated
guesses about the contents of one or both of the messages can be used to
statistically reduce the space of possible messages, and in some cases it is
possible to determine the exact contents.


http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
 is one of a hundred examples I can send you as to how to break WEP without
cracking the encryption.


-----Original Message-----
From: Alex Satrapa [mailto:grail at goldweb.com.au]
Sent: Monday, September 17, 2001 10:44 AM
To: Steven Hanley
Cc: wireless at lists.samba.org
Subject: [Long Rant] Re: Encryption Question


At 00:58 +1000 2001-09-11, Steven Hanley wrote:
>umm, okay, first off, the hardware encryption with wirelss cards is broken
and
>can not be relied on for any security at all. Anyone who wants to can rock
up
>with a standard laptop running linux and work out the key for the
encryption
>in about 15 minutes and thus have full access to all your data going across
>wireless.

First, sorry for the late reply.

Don't discount WEP so readily.

If you have a 128bit encryption card with encryption enabled, then 
the potential AirSnorter has to use a 128bit encryption card to sniff 
the connection.

WEP as an obfuscation mechanism works at least as well as ROT14* - 
someone who's geared up to AirSnort on a clear or 64bit connection is 
like the script kiddy with the ROT13 decoder. It makes it just that 
little bit harder for:
  - Casual or "accidental" snooping
  - Script Kiddies using "standard" cards (as opposed to "Gold")

Using WEP, especially with 128bit encryption, means that someone has 
to be monitoring your network with the intent of breaking in. Should 
you ever catch them physically (eg: you see the kid sitting out the 
front of the office with the laptop on the bike), it's much easier to 
prove intent. They were *trying* to break into your network. They 
weren't just WarDriving/Sailing/Riding.

I do agree with Steven on the VPN bit - the network connected to the 
wireless access point should be treated as *less* trusted than The 
Internet. Kids *are* going to be lugging their wireless laptops 
around on bikes, they *are* going to find your network. 802.11 
networks are the proverbial pots full of bragging rights at the end 
of the rainbow ("Mate - these people had access direct to the 
Internet over their wireless network, and guests had write access to 
their NT server, so I downloaded 1Gb of pr0n for them").

Have a host on that network that supports IPsec, PPPoE, PPTP or even 
PPP over SSH, and only allow "real" network access through this host. 
Do what you can to limit connections to the access point based on MAC 
address of the 802.11 cards (once again, this is obfuscation**). Do 
not allow routing between wired and wireless networks. Do not have 
any ports listening on the wireless network (except the VPN service). 
These are what I would consider part of setting up a wireless access 
point, even for "community" access.

But at least enable WEP and MAC restrictions, since you then arm 
yourself with proof of intent, should you ever catch someone snooping 
around your wireless network. WEP and MAC restrictions are much like 
putting a 30cm high picket fence between your front lawn and the 
footpath. It provides a barrier which people have to consciously 
cross. If you see someone snooping around in your wireless network 
after you've enabled WEP and MAC restrictions, they didn't get there 
by accident. You can get exercise your righteous indignance.

Alex

*Yes, I mean ROT14. Absolutely transparent to someone who knows what 
they're doing, but totally opaque to the script kiddy with the ROT13 
decoder. Of course the script kiddy with lots of money gets a ROT14 
decoder and you're back to square 1. And with that, I'll cease my 
analogy of 128bit WEP as ROT14.

**Security solely through obscurity is bad. That doesn't mean that 
you shouldn't use obscurity where it's cheap and effortless to 
implement. Obfuscation means that life is harder for script kiddies, 
and adds more ammo to your proof of intent argument.

PS: Don't forget that wireless security works both ways. It's not 
just the sitting-on-desks bit of the network you have to secure, it's 
also the sitting-on-lap bit of the network you have to secure. It's 
no use locking down the access point tighter than a fish's [thing] if 
the laptop is left wide open. The "firewall" on the laptop (or even 
wireless desktop) needs to be as tight (if not tighter) than the 
access point "firewall".

PPS: This opens up an activity which is the inverse of WarDriving. 
Rather than wandering around looking for networks that are open - how 
many people are wandering around with laptops that are happily 
chatting away on 802.11 to anyone who'll listen? I know some people 
who don't even know about turning off their PC Card ethernet when 
they leave the office, and I wouldn't expect them to understand about 
switching off the 802.11 card when they leave the office either.
-- 
Alex Satrapa                      tSA Consulting Group Pty Limited
ICQ: 5691434                 1 Hall Street, Lyneham, Canberra 2603
PGP Key 0x4C178C9C        fx: +61 2 6257 7311  ph: +61 2 6257 7111
PGP Fingerprint E4FA ADE6 97A4 3610 E008  A466 A03E 3D01 4C17 8C9C

More information about the wireless mailing list