Previous Page
Next Page

WEP

There is no way to use WEP securely and any device that you have probably has upgrades available to help it support WPA-PSK. If you aren't sure, double-check. If you really can't upgrade an AP or card, and you can't justify spending the money to replace it, the following precautions will help minimize your exposure from WEP.

If you are really truly stuck using WEP, the best thing you can do is use a random 104-bit key and rotate it regularly. Of course, that's the tricky part because there is no standard way to rotate WEP keys. Many organizations rotate static WEP keys once a month, or even every three months. But this is totally inadequate. If an attacker can monitor any reasonable amount of traffic, they will be able to recover a static WEP key in a week or two at most.

Secure Key Generation

If you are using WEP, it should go without saying that you should use a 104-bit key. It is also important that this key be random. Do not use your AP's built-in passphrase-to-WEP-key generation "feature." This will only make things worse. Either roll a die, cat /dev/random, or exploit your ability as nondeterministic carbon-based life-form to create some random numbers and use them. For reasons not to use the AP's key generator, please refer to Chapter 6 and the section "Dictionary Attacks Against WEP."

Vendor Fixes

This section covers techniques that various vendors have employed as stopgap solutions to prevent WEP from being totally bypassed. If you are forced to use WEP, it is important that you are not lulled into a false sense of security by using these quick fixes. All of these fixes are band-aids and only make the recovery of a WEP key using statistical methods more time-consuming for an attacker, not impossible.

Weak-IV Avoidance

The most misunderstood vendor fix is known as weak-IV avoidance. The first statistical attack (aka the FMS attack) against WEP could only be used on initialization vectors fitting a very specific pattern. These IVs could easily be filtered out by software, and the AP could avoid using them to encrypt traffic.

What this fix doesn't take into account is the fact that clients can use weak IVs to encrypt data, not just the AP. Though it is quite possible for individual client wireless drivers to avoid using these IVs as well, it is hard to track which ones do or don't.

The biggest problem with weak-IV avoidance is not that clients can use weak IVs; instead, it is the fact that there are currently 17 known statistical attacks against WEP. Even if no data is encrypted using the first type of weak IV (aka classically weak IVs), an attacker can still discover the WEP key. Filtering against classically weak IVs is easy, filtering against 17 different types of weak IVs is difficult, and unless your vendor explicitly says they filter against all 17 types, they probably don't.

Dynamic WEP Keys

One of the biggest problems with WEP is that everyone is using the same secret key. If users all employed different keys, this would severely reduce the amount of data attackers have to analyze. It would also prevent users from decrypting each other's traffic. Many vendors sell dynamic WEP key-based solutions, but pre-WPA versions of Cisco's LEAP are the most popular.

Though dynamic WEP keys do cut down significantly on the amount of traffic encrypted with any given key, they don't make it impossible for an attacker to gather enough data to launch a statistical attack. Two things that WPA has that dynamic WEP lacks are replay protection and periodic rekeying.

When using WPA, the encryption keys are dynamically generated during association and then periodically rotated. When using dynamic WEP, every implementation I know of generates a dynamic key during association and then uses it until the user disassociates. This means that users who stay connected persistently may be vulnerable to the statistical attacks outlined in Chapter 6. The lack of replay protection on dynamic WEP schemes enables savvy attackers to generate traffic that targets a specific user, which speeds up the attack.

In summary, although combining WEP with these fixes is better than employing WEP without them, they are not enough to stop a sophisticated attacker. If you are using WEP, upgrade to WPA as soon as possible.


Previous Page
Next Page