Re: New Protection for 802.11
>Reading the Wifi report, it seems their customers stampeded them and >demanded that the security hole be fixed, fixed a damned lot sooner >than they intended to fix it. Which is sort of a shame, in a way. 802.11b has no pretense of media layer security. I've been thinking of that as an opportunity for folks to get smarter about network and application layer security - PPTP, IPSEC, proper authentication, etc. A lot of sites are putting their wireless access points outside the firewall and doing VPNs and the like to build secure links. If WiFi gets reasonable media layer security soon, that pressure will go away and we'll go back to media-based security. I think that's a bad thing in the long run; you end up with systems that may be somewhat secure at the gateway/firewall but are soft inside. [EMAIL PROTECTED] . . . .. . . . http://www.media.mit.edu/~nelson/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: New Protection for 802.11
> James A. Donald[SMTP:[EMAIL PROTECTED]] wrote: > > > Reading the Wifi report, > http://www.weca.net/OpenSection/pdf/Wi- > Fi_Protected_Access_Overview.pdf > it seems their customers stampeded them and demanded that the > security hole be fixed, fixed a damned lot sooner than they > intended to fix it. > > I am struck the contrast between the seemingly strong demand > for wifi security, compared to the almost complete absence of > demand for email security. > > Why is it so? > > --digsig > James A. Donald > How many stories have you read in the last year about non-LEOs stealing email? How many stories in the last year have you read about wardriving? Further, tapping into 802.11b nets * gives the attacker access to your internal network. You already know what you're sending in email, and eavesdropping on data you've already decided to send to someone else feels different than someone trolling through your file system without your knowledge. * requires that the tapper be more or less nearby physically. This feels a lot different than worrying that a distant router is compromised. Peter Trei - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New Protection for 802.11
David Wagner said: > It's not clear to me if WPA products come with encryption turned on by > default. This is probably the #1 biggest source of vulnerabilities in > practice, far bigger than the weaknesses of WEP. Maybe this is the case in the USA but from my own informal surveys in Helsinki and London I've found that 90% of private WLANs operate with WEP enabled (FWIW). Those with no WEP often appear to be deliberate, indicated by 'welcoming' SSIDs. Commercial WLAN operators also typically choose to deploy with no WEP, controlling access via transparent proxying or similar methods. If WLAN systems were supplied supposedly 'secure' out of the box, consumers might have even less interest in changing defaults. Automated key distribution at set-up time would likely introduce its own problems. I'm fairly sure that J. Consumer connecting their home PC to DSL or cable with no firewall typically expose themselves to greater risk than deploying 802.11b with no WEP. cheers, -thomas -- Men of lofty genius when they are doing the least work are most active -- da Vinci gpg: pub 1024D/81FD4B43 sub 4096g/BB6D2B11=>p.nu/d 2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New Protection for 802.11
-- Reading the Wifi report, http://www.weca.net/OpenSection/pdf/Wi- Fi_Protected_Access_Overview.pdf it seems their customers stampeded them and demanded that the security hole be fixed, fixed a damned lot sooner than they intended to fix it. I am struck the contrast between the seemingly strong demand for wifi security, compared to the almost complete absence of demand for email security. Why is it so? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG IWe4JFeDeor04Pxb96ZsQ7xX+JAwxSs8HQfoAeG5 4rQX6tgLhAvAwLjF+SXlRswSmphBhw4cOXLe9Y4r5 - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New Protection for 802.11
Well, you see some of the people working on improving 802.11 security, in particular some members of 802.11 Task Group i noted that IEEE procedures have no interoperability demonstration requirements. So they formed a little group that took a subset of the then current 802.11i draft and tried to implement it and interoperate. (Problems were found and fixes feed back into the standards process.) The subset choosen, called SSN, included the 802.1X authentication and anti-replay features of 802.11i and the TKIP branch of 802.11i. SSN does not cover ad-hoc (station to station) mode, only station <-> access point. (The current 802.11i draft has three branch, TKIP (Temporal Key Ingegrity Protocol) for legacy hardware via firmware/sofware upgrade that uses RC4, but with a different key for every packet, plus a specially designed (for weak legacy hardware) keyed message integrity code with about 22 bits of strength (optional) WRAP (Wirelss Robust Authenticated Protocol) for new hardware that uses AES in OCB mode for encryption and integrity (optional) CCMP (CCM Protocol) for new hardware that uses AES in CCM mode, that is, AES-CTR for encryption and AES-CBC-MAC for integrity. (mandatory) There being a lot of pressure for improved security soon, the WiFi Alliance essentiallly adopted SSN with some profiling as a security certification standard and called this WiFi Protected Access (WPA) v1. The plan is for full 802.11i to be called WiFi Protected Access v2. Donald On 6 Nov 2002, Perry E. Metzger wrote: > Date: 06 Nov 2002 15:32:30 -0500 > From: Perry E. Metzger <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: New Protection for 802.11 > > >From Dave Farber's Interesting People list. > > Does anyone know details of the new proposed protocols? == Donald E. Eastlake 3rd [EMAIL PROTECTED] 155 Beaver Street +1-508-634-2066(h) +1-508-851-8280(w) Milford, MA 01757 USA [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New Protection for 802.11
See the following two Intel links with detailed discussions of TKIP and Michael which i found via Google: Increasing Wireless Security with TKIP Forwarded from: "eric wolbrom, CISSP", sa ISN-a... http://www.secadministrator.com/Articles/Index.cfm?ArticleID=27064 Mark Joseph Edwards October 23, 2002 For a more in-depth look at wireless encryption technology, especially WEP and TKIP, be sure to read two articles from Intel. The first article discusses encryption key management in both WEP and TKIP protocols, and the second article discusses TKIP in considerable detail. -- http://cedar.intel.com/media/pdf/wireless/80211_1.pdf http://cedar.intel.com/media/pdf/security/80211_part2.pdf Gojko Vujovic http://www.elitesecurity.org/ - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New Protection for 802.11
Perry E. Metzger wrote: >Does anyone know details of the new proposed protocols? WPA seems to be TKIP (a short-term improvement to WEP) + 802.1x (user authentication, typically hooked into RADIUS?). The background is that the IEEE 802.11i working group is developing two fixes to WEP: TKIP, the short-term patch, and AES-CCMP, the long-term fix. TKIP isn't perfect but it seems to be quite reasonable. As far as I know, WPA should fix the cryptographic attacks on WEP. However, as far as I can tell, we may still be left with key management and "turning on the crypto" as the two most important issues in practice. (It's probably too soon to know for sure.) Of course, if you don't upgrade your equipment, you don't get the benefits of WPA. However, it seems that the Wi-Fi consortium is claiming that in some cases a software upgrade might be sufficient to get WPA support -- I'm not too clear on the details. It's not clear to me if WPA products come with encryption turned on by default. This is probably the #1 biggest source of vulnerabilities in practice, far bigger than the weaknesses of WEP. For a little more, see http://www.weca.net/OpenSection/ReleaseDisplay.asp?TID=4&ItemID=118&StrYear=2002&strmonth=10 http://www.weca.net/OpenSection/pdf/Wi-Fi_Protected_Access_Overview.pdf - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New Protection for 802.11
It uses: -IEEE 802.1x for access control and authentication -RC4 but with a new key mixing/generation method called TKIP that provides for per packet keys and eliminates the Fluhrer et. al. attack. Russ Housely, Doug Whitting, and Nils Ferguson designed TKIP. -Michael is the MAC/MIC that provides 20 bits (yes 20 bits) of security. The reason they chose that is because older AP hardware can't do much more. Nils Ferguson designed Michael. Michael MUST be used with detection methods to prevent integrity attacks. Hopefully, the vendors will do it correctly. I'll try and dig up the documents that define each of this and post them somewhere. Bill On Wednesday, Nov 6, 2002, at 17:19 US/Eastern, David Honig wrote: At 03:32 PM 11/6/02 -0500, Perry E. Metzger wrote: Does anyone know details of the new proposed protocols? Small article at: http://www.eetimes.com/story/OEG20021031S0007 Somewhere I read a larger article; things that stuck in memory are: No AES, a cipher called "Michael" being used; also, the change is intended to be a software-upgrade to existing devices, which is why so many features were omitted. There were also comments about legacy issues --you have to upgrade everyone, so its likely that back-compatibility will not completely obsolete wardriving. Much like Microsoft's OS-interop-legacy-security problems. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: New Protection for 802.11
At 03:32 PM 11/6/02 -0500, Perry E. Metzger wrote: >Does anyone know details of the new proposed protocols? Small article at: http://www.eetimes.com/story/OEG20021031S0007 Somewhere I read a larger article; things that stuck in memory are: No AES, a cipher called "Michael" being used; also, the change is intended to be a software-upgrade to existing devices, which is why so many features were omitted. There were also comments about legacy issues --you have to upgrade everyone, so its likely that back-compatibility will not completely obsolete wardriving. Much like Microsoft's OS-interop-legacy-security problems. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
