[Dshield] DI-624 encryption - Run it if you have it!

John Holmblad jholmblad at aol.com
Wed Feb 25 17:21:12 GMT 2004


Mark,

here are a few comments with respect to your post on Wired Equivalent 
Privacy (WEP) and Wireless Protected Access (WPA) based on my own 
research and experience with both standards.  If you are interested in 
more details  please contact me off list and I will forward you a paper 
documenting this research.

WPA is a subset of the soon to be ratified IEEE 802.11i wireless 
security standard and WPA has been set forth as an interim standard by 
the WIFI alliance.

Regarding Stephane's comments in response to your post about always 
using VPN technology to mitigate WEP's weaknesses, I agree completely 
with respect to his view when operating in an environment that uses WEP, 
and yes, depending upon the traffic load on the LAN, the wep keys can be 
compromised very quickly. On the other hand, I think you will find that 
if you research the new WPA standard and the IEEE 802.11i standard 
yourself you will see that either WPA or 802.11i (once finalized) will 
do the trick satisfactorily and VPN will then become a "belts and 
suspenders" add-on that is not really required. The problem is that 
there is so much legitimate FUD concerning WEP that users will be wary 
of these new standards until they have proven themselves in action. 
Unless you work for either the WIFI Alliance or as a member of the IEEE 
802.11i standards committee you will have to pay $$ to get the source 
documents as I did with some reluctance especially since 802.11i is 
still in draft form. I actually think this is a marketing mistake on the 
part of both the WIFI alliance and the IEEE given all the bad press the 
initial 802.11 WEP standard has received. They should be flooding the 
market with free copies of this information if only to let users 
understand, first hand, how they have fixed the WEP "problem". Having 
said that it is my understanding that  cryptologists have been all over 
both standards (WPA is a subset of 802.11i) like a cheap suit and they 
have not found any material cryptographic flaws to date in either WPA or 
802.11i.


re: TKIP for Message Privacy

Temporal Key Integrity Protocol (TKIP) is the part of the Wireless 
Protected Access (WPA) standard that replaces WEP with respect to 
message privacy,  but uses the same RC4 encryption method in order to 
provide backward compatibility with most but not necessarily all of the 
already deployed 802.11 a, b, or g wireless NIC's and Access points. 
TKIP solves the WEP weak key  and key IV reuse problem through  the use 
of a key mixing algorithm that can be implemented in software and/or 
firmware while leaving the RC4 hardware logic intact.

re: Michael for Message Integrity

WPA also solves the weaknesses in WEP  in the area of message integrity 
by implementing a more robust message integrity check than is used in 
WEP. This new method is called Michael.

re: Mutual authentication of NIC and AP

WPA also solves the weakness of WEP in the area of NIC client 
authentication to the AP and AP authentication to the client. This is 
accomplished by adapting the IEEE 802.1x port based authentication 
protocol for use in an 802.11 environment combined with  the use of 
Transport Layer Security (TLS) on the communications between the NIC 
client and the authentication server during the negotiation of the 
security association and the establishment of the session keys. One nice 
aspect of this solution is that it can be integrated in a 
straightforward way  with Remote Authentication and Dial In User Service 
(RADIUS) infrastructure and also, in the case of Microsoft networks, 
with Kerberos authentication in a Windows Active Directory domain 
environment. Microsoft's RADIUS product, Internet Authentication Server 
(IAS) supports both password based authentication of the NIC client 
using its version of Protected Extensible Authentication Protocol 
(PEAP)  called MS-CHAP V2 (I understand that Cisco has a different, 
competing version of PEAP) or, alternatively, using a digital 
certificate from the NIC client. The authentication server always uses a 
digital certificate as its credential when authenticating to the NIC client.

For small networks that do not have RADIUS deployed, WPA specifies an 
option for a pre-shared key of 256 bits that is configured on the AP and 
on each client NIC. In this case there is no need to have a key 
negotiation session between a NIC client and an authentication service 
such as RADIUS. Of course this alternative does not scale well to large 
numbers of clients and the risk of key compromise grows as the number of 
clients with the pre-shared key grows.

It should also be pointed out that WPA is in fact a subset of the soon 
to be ratified IEEE 802.11i standard. This standard also provides the 
option for the use of the Advanced Encryption Standard (AES) instead of 
TKIP for message privacy.  AES is considered to be an even stronger 
cryptographic method than TKIP but it does require the implementation of 
a different hardware based crypto engine than that used for RC4 which is 
a fast and simple algorithm to implement in hardware. The details of the 
802.11i  standard which remain to be worked out pertain to such things 
as how to implement roaming access  of a NIC client from one AP to the 
next without requiring re-authentication. The goal of the IEEE 802.11i 
standards committee is to get this standard wrapped and ratified during 
2004.

-- 

Best Regards,

 

John Holmblad

 

Televerage International

 

(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388

 

www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

text email address:         jholmblad at vtext.com




More information about the list mailing list