Re: New Protection for 802.11
Well, you see some of the people working on improving 802.11 security, in particular some members of 802.11 Task Group i noted that IEEE procedures have no interoperability demonstration requirements. So they formed a little group that took a subset of the then current 802.11i draft and tried to implement it and interoperate. (Problems were found and fixes feed back into the standards process.) The subset choosen, called SSN, included the 802.1X authentication and anti-replay features of 802.11i and the TKIP branch of 802.11i. SSN does not cover ad-hoc (station to station) mode, only station - access point. (The current 802.11i draft has three branch, TKIP (Temporal Key Ingegrity Protocol) for legacy hardware via firmware/sofware upgrade that uses RC4, but with a different key for every packet, plus a specially designed (for weak legacy hardware) keyed message integrity code with about 22 bits of strength (optional) WRAP (Wirelss Robust Authenticated Protocol) for new hardware that uses AES in OCB mode for encryption and integrity (optional) CCMP (CCM Protocol) for new hardware that uses AES in CCM mode, that is, AES-CTR for encryption and AES-CBC-MAC for integrity. (mandatory) There being a lot of pressure for improved security soon, the WiFi Alliance essentiallly adopted SSN with some profiling as a security certification standard and called this WiFi Protected Access (WPA) v1. The plan is for full 802.11i to be called WiFi Protected Access v2. Donald On 6 Nov 2002, Perry E. Metzger wrote: Date: 06 Nov 2002 15:32:30 -0500 From: Perry E. Metzger [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: New Protection for 802.11 From Dave Farber's Interesting People list. Does anyone know details of the new proposed protocols? == Donald E. Eastlake 3rd [EMAIL PROTECTED] 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: New Protection for 802.11
David Wagner said: It's not clear to me if WPA products come with encryption turned on by default. This is probably the #1 biggest source of vulnerabilities in practice, far bigger than the weaknesses of WEP. Maybe this is the case in the USA but from my own informal surveys in Helsinki and London I've found that 90% of private WLANs operate with WEP enabled (FWIW). Those with no WEP often appear to be deliberate, indicated by 'welcoming' SSIDs. Commercial WLAN operators also typically choose to deploy with no WEP, controlling access via transparent proxying or similar methods. If WLAN systems were supplied supposedly 'secure' out of the box, consumers might have even less interest in changing defaults. Automated key distribution at set-up time would likely introduce its own problems. I'm fairly sure that J. Consumer connecting their home PC to DSL or cable with no firewall typically expose themselves to greater risk than deploying 802.11b with no WEP. cheers, -thomas -- Men of lofty genius when they are doing the least work are most active -- da Vinci gpg: pub 1024D/81FD4B43 sub 4096g/BB6D2B11=p.nu/d 2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: New Protection for 802.11
Reading the Wifi report, it seems their customers stampeded them and demanded that the security hole be fixed, fixed a damned lot sooner than they intended to fix it. Which is sort of a shame, in a way. 802.11b has no pretense of media layer security. I've been thinking of that as an opportunity for folks to get smarter about network and application layer security - PPTP, IPSEC, proper authentication, etc. A lot of sites are putting their wireless access points outside the firewall and doing VPNs and the like to build secure links. If WiFi gets reasonable media layer security soon, that pressure will go away and we'll go back to media-based security. I think that's a bad thing in the long run; you end up with systems that may be somewhat secure at the gateway/firewall but are soft inside. [EMAIL PROTECTED] . . . .. . . . http://www.media.mit.edu/~nelson/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: New Protection for 802.11
-- Reading the Wifi report, http://www.weca.net/OpenSection/pdf/Wi- Fi_Protected_Access_Overview.pdf it seems their customers stampeded them and demanded that the security hole be fixed, fixed a damned lot sooner than they intended to fix it. I am struck the contrast between the seemingly strong demand for wifi security, compared to the almost complete absence of demand for email security. Why is it so? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG IWe4JFeDeor04Pxb96ZsQ7xX+JAwxSs8HQfoAeG5 4rQX6tgLhAvAwLjF+SXlRswSmphBhw4cOXLe9Y4r5 - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: New Protection for 802.11
James A. Donald[SMTP:[EMAIL PROTECTED]] wrote: Reading the Wifi report, http://www.weca.net/OpenSection/pdf/Wi- Fi_Protected_Access_Overview.pdf it seems their customers stampeded them and demanded that the security hole be fixed, fixed a damned lot sooner than they intended to fix it. I am struck the contrast between the seemingly strong demand for wifi security, compared to the almost complete absence of demand for email security. Why is it so? --digsig James A. Donald How many stories have you read in the last year about non-LEOs stealing email? How many stories in the last year have you read about wardriving? Further, tapping into 802.11b nets * gives the attacker access to your internal network. You already know what you're sending in email, and eavesdropping on data you've already decided to send to someone else feels different than someone trolling through your file system without your knowledge. * requires that the tapper be more or less nearby physically. This feels a lot different than worrying that a distant router is compromised. Peter Trei - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
New Protection for 802.11
From Dave Farber's Interesting People list. Does anyone know details of the new proposed protocols? ---BeginMessage--- From: Dewayne Hendricks [EMAIL PROTECTED] Subject: [Dewayne-Net] New Protection for 802.11 To: Dewayne-Net Technology List [EMAIL PROTECTED] Date: Tue, 05 Nov 2002 13:17:54 -0800 Reply-To: [EMAIL PROTECTED] New Protection for 802.11 While WLAN admins continue to wait for IEEE 802.11i, the non-profit Wi-Fi alliance has approved a replacement for the much derided Wired Equivalent Privacy (WEP) encryption. by Eric Griffith 80211-Planet Managing Editor [November 5, 2002] http://isp-planet.com/fixed_wireless/business/2002/wpa.html The non-profit Wi-Fi Alliance, the consortium behind interoperability standards and testing for 802-11based networks, has announced an official replacement for the much derided Wired Equivalent Privacy (WEP) encryption. The new solution, called Wi-Fi Protected Access (WPA), is a subset of the still unfinished IEEE 802.11i security specification and will be usable by both home and enterprise wireless networks. Why not wait for 802.11i? According to Dennis Eaton, the chairman of the Wi-Fi Alliance, the [IEEE] Task Group I doing 802.11i is still on a path to be complete about this time next year with a fully ratified standard, but that's a little too long. We had to do something sooner. That something sooner is WPA, which, according to Eaton, will work with the majority of 802.11-based products out today once they've gone through a firmware/software upgrade. WPA is forward compatible with 802.11i. By the time 11i is ratified around September of next year, expect to see a WPA version 2.0 with full 802.11i support. Eventually, the Alliance expects to require Wi-Fi products to shop with WPA turned on as a default. The way WPA will work in the enterprise is similar to the setup of any 802.1X authentication system. The clients and access points must have WPA enabled for encryption to and from an 802.1X with Extensible Authentication Protocol (EAP) authentication server of some sort, such as a RADIUS server, with centralized access management. The server provides the scalability for the design, user credentials, authorization as users request access, and generates the keys for Temporal Key Integrity Protocol (TKIP) encryption...TKIP is part WPA, says Eaton. Once the server authenticates the user, the access point will let that user on to the wired network-up to that point, the client only talked to the server. Home network users usually won't have an authentication server, but the WPA solution still uses 802.1X. They won't get the upper layer authentication, but can take advantage of Pre-shared Key mode. Pre-shared Key is used much like WEP-you key in a pass phrase [called the master key] in both the client and access point, says Eaton. In the association process, if the password matches, then the access point allows access to the Internet or wired network. You still get the advantage of 802.1X, so my key is different from my wife's key on the same access point, but our key's are refreshed every time we connect. The pass phrase is the same, but the key is generated. WEP, on the other hand, uses a static key that is seldom changed by users. This cryptographic weakness is responsible for many of the known security issues in WLANs today-any patient criminal hacker can eventually figure out the encryption key and get on the network. WPA takes advantage of the 802.11i specifications requirements for things like 802.1X and TKIP, but leaves out things that require a hardware upgrade or aren't ready, such as secure fast handoff, secure de-authentication and disassociation, and AES-CCMP enhanced encryption. The Wi-Fi Alliance is only requiring products going forward to have WPA built in if they expect to get the Wi-Fi Certification stamp-older and current WLAN products don't have to get a WPA upgrade. However, Eaton expects that upgrades to WPA will start appearing from vendors in the next several months. Whether vendors provide the upgrade for individual products or not depends upon their stance and whether they get support for it from the core technology providers such as the chipset makers. Already announcing support for WPA with future upgrades are major 802.11 vendors (and Wi-Fi Alliance members) such as Agere, Atheros, Atmel, Funk Software, Intersil, Proxim, Resonext, and Texas Instruments. We're fully behind it, says Bill Carney, Director of Marketing and Business Development at Texas Instruments. It's important security. Security is the biggest roadblock to adoption. Companies are free to resubmit older products with WPA implemented to the Alliance for testing. Interoperability testing such products will begin in February 2003. Archives at: http://web.wireless.com/index.php?name=Mailing_Listfn=viewmlmid=4 -- ---End Message---
Re: New Protection for 802.11
At 03:32 PM 11/6/02 -0500, Perry E. Metzger wrote: Does anyone know details of the new proposed protocols? Small article at: http://www.eetimes.com/story/OEG20021031S0007 Somewhere I read a larger article; things that stuck in memory are: No AES, a cipher called Michael being used; also, the change is intended to be a software-upgrade to existing devices, which is why so many features were omitted. There were also comments about legacy issues --you have to upgrade everyone, so its likely that back-compatibility will not completely obsolete wardriving. Much like Microsoft's OS-interop-legacy-security problems. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: New Protection for 802.11
It uses: -IEEE 802.1x for access control and authentication -RC4 but with a new key mixing/generation method called TKIP that provides for per packet keys and eliminates the Fluhrer et. al. attack. Russ Housely, Doug Whitting, and Nils Ferguson designed TKIP. -Michael is the MAC/MIC that provides 20 bits (yes 20 bits) of security. The reason they chose that is because older AP hardware can't do much more. Nils Ferguson designed Michael. Michael MUST be used with detection methods to prevent integrity attacks. Hopefully, the vendors will do it correctly. I'll try and dig up the documents that define each of this and post them somewhere. Bill On Wednesday, Nov 6, 2002, at 17:19 US/Eastern, David Honig wrote: At 03:32 PM 11/6/02 -0500, Perry E. Metzger wrote: Does anyone know details of the new proposed protocols? Small article at: http://www.eetimes.com/story/OEG20021031S0007 Somewhere I read a larger article; things that stuck in memory are: No AES, a cipher called Michael being used; also, the change is intended to be a software-upgrade to existing devices, which is why so many features were omitted. There were also comments about legacy issues --you have to upgrade everyone, so its likely that back-compatibility will not completely obsolete wardriving. Much like Microsoft's OS-interop-legacy-security problems. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: New Protection for 802.11
See the following two Intel links with detailed discussions of TKIP and Michael which i found via Google: Increasing Wireless Security with TKIP Forwarded from: eric wolbrom, CISSP, sa ISN-a... http://www.secadministrator.com/Articles/Index.cfm?ArticleID=27064 Mark Joseph Edwards October 23, 2002 For a more in-depth look at wireless encryption technology, especially WEP and TKIP, be sure to read two articles from Intel. The first article discusses encryption key management in both WEP and TKIP protocols, and the second article discusses TKIP in considerable detail. -- http://cedar.intel.com/media/pdf/wireless/80211_1.pdf http://cedar.intel.com/media/pdf/security/80211_part2.pdf Gojko Vujovic http://www.elitesecurity.org/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]