Ops's profileOperational SecurityPhotosBlogListsMore  |  Tools Help |
|
|
December 19 Are You ProtectedAre You Protected?
October 16 ENDGAME: A Quantum Encryption BreakthroughENDGAME: A Quantum Encryption Breakthrough This “well known” technique quails eavesdropping endeavors...
Researchers at the University of Toronto have shown, in a study published in the February 24 issue of Physical Review Letters, that one of the present liabilities of quantum cryptography can be turned into an advantage. Using "quantum decoys," Professor Hoi-Kwong Lo and his team are increasing the distance that quantum-encrypted data can be sent over fiber-optic cable.
Quantum cryptography uses particles of light called photons to create and send keys used for coding and decoding messages. A photon can transmit bits of a key by representing a 1 or 0, depending on a property called polarization. The sender of this key (physicists call her "Alice") transmits a string of randomly polarized single photons to the recipient ("Bob"), who collects each photon, one at a time.
The reason this technique is so secure is that photons possess a safeguard inherent in quantum mechanics. For an eavesdropper to listen in, he or she must tap the fiber-optic line and measure the polarization of the photons with a detector as the photons arrive. But quantum mechanics dictates that any measurement, such as the one taken by the eavesdropper, unavoidably modifies the polarization. This means that Bob would notice if a transmission had been intercepted -- as soon as he and Alice compared notes (over a channel that doesn't need to be secure) about the polarization of photons sent and received. Any inconsistency in the sent and received photons would alert them to the fact that the key had been stolen.
A problem arises, however, when more than a single photon is inadvertently sent at a time -– a common occurrence since no perfect single photon emitter exists. This happens, says Jonathan Habif, quantum information research scientist at BBN Technologies, because scientists send pulses of laser light through a series of filters until only one photon squeezes through; but the filtering process isn't perfect, and sometimes more than one photon per pulse gets through.
When two photons of the same polarization are sent, one of them can be picked off by the eavesdropper, while the other one will go through unchanged, as if nothing is amiss. Additionally, Habif says, in order to send a quantum-encrypted key farther, the initial light from the laser must be more intense, which means there must be more photons to begin with, thus increasing the likelihood that more than one photon will squeak through the filters.
Professor Lo, lead scientist on the Toronto study, has cleverly used these problematic extra photons to dupe eavesdroppers. The light in his experiment is prepared in such a way that a small percentage of photons are decoys that contain no information at all about the key. "The eavesdropper has no idea which is the signal or which is the decoy," Lo says. "In the end, Alice and Bob can compare, and Alice will announce [in a separate message that doesn't need to be encrypted] which ones are the signals and which are the decoys." The signal photons contain information about the key, but the eavesdropper doesn't know which photons she measured.
The concept of using decoys in quantum cryptography was first proposed in 2003 by Won-Young Hwang, then at Northwestern University in Evanston, IL. In 2005, Lo says, his team mathematically proved that the technique could enhance security. In their most recent announcement, Lo and his team have shown for the first time that the decoy method can actually work in a real-world environment, using a modified off-the-shelf quantum cryptographic system and commercial fiber optics.
The major implication of their findings is that quantum cryptography should now be usable over greater distances. "Prior to decoy states, you couldn't ramp up the signal to increase the distance," says Jim Harrington, a researcher at Los Alamos National Laboratory, "because you would send out more than one photon."
Lo and his team claim that the new technique can guarantee security over 15 kilometers of commercial fiber-optic lines. While this isn't a distance record, Lo says small modifications to the setup could allow extremely secure transactions over 120 kilometers -– roughly the current upper limit claimed for commercial quantum encryption systems, such as those from id Quantique of Geneva, Switzerland, and MagiQ Technologies of New York City.
Knowledge is Power! Op.Sec http://opsec.spaces.live.com October 02 Vulnerabilities in wireless drivers?All modern operating systems, such as Linux, BSD, Windows and Mac OSX, have a similar fundamental security measure: the separation of kernel and user code. The Kernel is the core of the operating system and controls processes, disk access, and hardware access. While programs are typically prevented from accessing the memory of other programs or directly controlling the hardware, the kernel has no such restrictions. Vulnerabilities at the kernel layer are especially dangerous. Operating in the kernel, malicious code has complete control of the system. So-called "root kit" can alter the kernel to hide files from anti-virus scanners, hide running programs from the user, and capture input from the mouse or keyboard. Root kits have become an increasing risk with malicious software. Device drivers function at the kernel level. Network device drivers are especially at risk as they handle remote data, which cannot be trusted. Any bugs in the code that handle remote packets can lead to system crashes, or worse, code execution at the kernel layer. Remote driver bugs have typically been rare and can be quickly fixed once the vendor is notified. Kernel-layer bugs are very difficult to defend against without a vendor update. Antiviral software typically operates outside of the kernel, and firewalls software can prevent connections on TCP/IP ports but not vulnerabilities at the wireless layer. 802.11 management packets can contain no IP traffic data and are not passed to the wireless layer, but a flaw in the driver’s handling of the management contents could lead to an exploitable vulnerability. Many methods can be used to find vulnerabilities. The method du jour is "fuzzing." A fuzzer is a smart bruit-force algorithm that provides enough structure to generate a packet that appears valid, but the contents of the fields are filled with iteratively randomized data. Fuzzing is not limited to wireless protocols; it has been a valuable technique for testing software responses to different types of invalid data for in-house developers and security researchers. Fortunately, the risk of bugs in wireless drivers can be minimized. The window of exposure is extremely limited. Unlike someone attacking an Internet server, the attacker must be within radio range of the victim. Always turn the latest version of the drivers for your wireless card, as they may contain fixes for vulnerabilities such as these. The ultimate protection? Turn of your wireless card when you aren’t using the network. Knowledge is Power! Op.Sec http://opsec.spaces.live.com September 25 Is WEP ever enough?Is WEP ever enough? How insecure is Wired Equivalent Privacy? The short answer is that WEP (Wired Equivalent Privacy) is badly broken and only fit for a few low-security uses. Wireless communications are, for obvious reasons, far more susceptible to eavesdropping and unauthorised access than wired communications, and WEP was intended to provide a cryptographic 'wrapper' around the communications channel to protect it. Unfortunately, both the design and implementation of WEP were badly flawed, and attackers are able to crack open the encryption and listen in on - or modify - the 'real' data without much effort. To make matters worse, these attacks have been turned into 'script-kiddy' tools, so the skill level needed to crack WEP is now close to zero. As the final nail in the coffin, these attacks grow faster and simpler with every increase in bandwidth and CPU speed. The weaknesses of WEP are obvious in retrospect (poor choice of an encryption algorithm, poor key management, poor key use, poor design and implementation of initialisation vectors, and so on), but users and network administrators don't really need to worry about the cryptanalytic nuances. What is important is that they recognise WEP for what it is: a very-weak-but-very-convenient security tool, and use it accordingly. So how and when should you use WEP? Its weaknesses make it a terrible choice for protecting mission-critical data or restricting access to sensitive networks, but it might be appropriate for home use. Even there, WEP shouldn't be thought of as a barrier to determined hackers. Instead, it's a useful obstacle to casual eavesdropping and to anyone thinking of piggybacking on your wireless connection. Even if you won't stop these people with WEP, they're likely to turn their attention to other more vulnerable wireless networks they can see around you. It’s important to remember that WEP is not your only choice for securing your wireless network; far better alternatives are now available. The definitive solution is the IEEE's 802.11i standard, but the intermediate solution of WiFi Protected Access (WPA) is simpler than 802.11i and much more secure than WEP. A few final recommendations: any wireless encryption solution is a first-hop solution and does nothing to protect your traffic once it leaves the access point. Genuinely sensitive traffic needs end-to-end encryption and should be protected by a virtual private network (VPN) of some sort. It's also important to remember that encryption - no matter how good - only addresses one small part of the wireless threat landscape. A complete wireless security solution should also contain measures such as an endpoint firewall, AP filtering or whitelisting, and controls over the use of ad-hoc networking. Knowledge is Power! Op.Sec http://opsec.spaces.live.com September 11 ECHELONECHELON is a name used to describe a highly secretive world-wide signals intelligence/SIGINT and analysis network run by the UKUSA Community (otherwise described as the "Anglo-Saxon alliance") that has been reported by a number of sources including, in 2001, a committee of the European Parliament (EP report[1]). According to some sources ECHELON can capture radio and satellite communications, telephone calls, faxes emails other data streams nearly anywhere in the world and includes computer automated analysis and sorting of intercepts [2]. The EP committee, however, concluded that "the analysis carried out in the report has revealed that the technical capabilities of the system are probably not nearly as extensive as some sections of the media had assumed." Name The EP committee stated that "it seems likely, in view of the evidence and the consistent pattern of statements from a very wide range of individuals and organisations, including American sources, that its name is in fact ECHELON, although this is a relatively minor detail." (EP report, p. 11) The U.S. intelligence community uses many code names See, for example, CIA cryptonym. Margaret Newsham claims that she worked on the configuration and installation of some of the software that makes up the ECHELON system while employed at Lockheed Martin, for whom she worked from 1974 to 1984 in Sunnyvale , California and in Menwith Hill, England.[3]. At that time, according to Newsham, the code name ECHELON was NSA's term for the computer network itself. Lockheed called it P415 . The software programs were called SILKWORTH and SIRE. A satellite named VORTEX would intercept communications. An image available on the internet of a fragment apparently torn from a job description shows Echelon listed along with several other code names. [4]History Reportedly created to monitor the military and diplomatic communications of the Soviet Union and its East Bloc allies during the Cold War in the early sixties, ECHELON is today believed to also search for hints of terrorist plots, drug-dealers' plans, and political and diplomatic intelligence. But some critics claim the system is also being used for large-scale commercial theft and invasion of privacy. [citation needed] While the details of methods and capabilities are highly sensitive and protected by special laws (e.g. 18 USC 798), gathering signals intelligence (SIGINT) is an acknowledged mission of the U.S. National Security Agency. As of August 2006, their web site had a FAQ page on the topic, [5] which states: "NSA/CSS’s Signal Intelligence mission is to intercept and analyze foreign adversaries' communications signals, many of which are protected by codes and other complex countermeasures. We collect, process, and disseminate intelligence reports on foreign intelligence targets in response to intelligence requirements set at the highest levels of government. ... Foreign intelligence means information relating to the capabilities, intentions, and activities of foreign powers, organizations or persons." In 2001, the EP report (p. 19) recommended that citizens of member states routinely use cryptography in their communications to protect their privacy. In the UK, the government introduced the Regulation of Investigatory Powers Act which gives authorities the power to demand that citizens hand over their encryption keys, without a judge-approved warrant. In April 2004, the European Union decided to spend 11 million EUR developing secure communication based on quantum cryptography — the SECOQC project — a system that would theoretically be unbreakable by ECHELON or any other espionage system. European governments have been leery of ECHELON since a December 3, 1995 story in the Baltimore Sun claiming that aerospace company Airbus lost a $6Billions contract with Saudi Arabia in 1994 after the NSA reported that Airbus officials had been bribing Saudi officials to secure the contract [6] [7]. Capabilities The ability to intercept communications depends on the medium used, be it radio, satellite, microwave, cellular or fiber-optic (EP report p. 30 ff) During World War II and through the 1950s, high frequency ("short wave") radio was widely used for military and diplomatic communication (The Codebreakers, Ch. 10, 11), and could be intercepted at great distances (EP report p. 33). The rise of geostationary communications satellites in the 1960s presented new possibilities for intercepting international communications. The EP report states (p. 34) "If UKUSA states operate listening stations in the relevant regions of the earth, in principle they can intercept all telephone, fax and data traffic transmitted via such satellites." Many, if not most reports on ECHELON focus on satellite interception. (e.g. [8]) The role of satellites in point-to-point voice and data communications has largely been supplanted by fiber optics. As of 2006, 99 percent of the world's long-distance voice and data traffic is carried over optical-fiber cables. [9] The 2001 EP report (p. 37) states that "the proportion of international communications accounted for by satellite links has decreased substantially over the past few years in Central Europe; it lies between 0.4 and 5%." Even in less developed parts of the world, such as Latin America, communications satellites are largely used for point-to-multipoint applications, such as video [10]. The EU report concludes (p. 11) "this means that the majority of communications cannot be intercepted by earth stations, but only by tapping cables and intercepting radio signals, something which — as the investigations carried out in connection with the report have shown — is possible only to a limited extent. One approach is to place intercept equipment at locations where fiber optic communications are switched. For the Internet, much of the switching occurs at a relatively small number of sites. There have been reports of one such intercept site in the United States. In the past, much Internet traffic was routed through the U.S. and the UK. However this is less true at present. According the to the 2001 EP report (p. 33), "95% of intra-German Internet communications are routed via a switch in Frankfurt." Thus for a worldwide surveillance network to be comprehensive, either illegal intercept sites would be required on the territory of friendly nations or cooperation of local authorities would be needed. The EP report points out (p. 27) "interception of private communications by foreign intelligence services is by no means confined to the US or British foreign intelligence services." U.S. intelligence maintains liaison relationships with countries all over the world [11]. Some reports of cooperation involving signals intelligence have come to light since the September 11, 2001 attacks on the United States. Monitoring of mobile phones in Pakistan was reportedly used to track Khalid Shaikh Mohammed before he was arrested in Rawalpindi on March 1, 2003 (How Tiny Swiss Cellphone Chips Helped Track Global Terror Web, New York Times, March 4, 2004). According to many reports, the captured signals are then processed through a series of computers, that are programmed to search for targeted addresses, words, phrases or even individual voices[citation needed]. Controversy US intelligence agencies are generally prohibited from spying on people inside the US, and other Western countries' intelligence services generally faced similar restrictions within their own countries. There are allegations, however, that ECHELON and the UKUSA alliance were used to circumvent these restrictions by, for example, having the UK facilities spy on people inside the US and the US facilities spy on people in the UK, with the agencies exchanging data. The NSA state on its SIGINT FAQ web page "We have been prohibited by executive order since 1978 from having any person or government agency, whether foreign or U.S., conduct any activity on our behalf that we are prohibited from conducting ourselves. Therefore, NSA/CSS does not ask its allies to conduct such activities on its behalf nor does NSA/CSS do so on behalf of its allies." The proposed US-only "Total Information Awareness" program relied on technology similar to ECHELON, and was to integrate the extensive sources it is legally permitted to survey domestically, with the "taps" already compiled by ECHELON. It was cancelled by the U.S. Congress in 2004. It has been alleged that in 2002 the Bush Administration extended the ECHELON program to domestic surveillance. This controversy was the subject of the New York Times eavesdropping exposé of December, 2005 [12] [13] [14] [15]. Organization The UKUSA intelligence alliance has maintained ties in collecting and sharing intelligence since World War II. Each member of the UKUSA alliance is allegedly assigned responsibilities for monitoring different parts of the globe. Canada's main task used to be monitoring northern portions of the former Soviet Union and conducting sweeps of all communications traffic that could be picked up from embassies around the world. In the post-Cold War era, a greater emphasis has been placed on monitoring satellite, radio and cellphone traffic originating from Central and South America, primarily in an effort to track drugs and non-aligned paramilitary groups in the region. The United States, with its vast array of spy satellites and listening posts, monitors most of Latin America, Asia, Asiatic Russia and northern China. Britain listens in on Europe and Russia west of the Urals as well as Africa. Australia hunts for communications originating in Indochina, Indonesia and southern China. New Zealand sweeps the western Pacific. Supporters stress that ECHELON is simply a method of sorting captured signals and is just one of the many arrows in the intelligence community's quiver, along with increasingly sophisticated bugging and communications interception techniques, satellite tracking, through-clothing scanning, automated biometric recognition systems that can recognize faces, fingerprints & retina patterns. The U.S. communications-intelligence agency is the National Security Agency (NSA), which is headquartered at Fort Meade, just outside Washington, DC. Although the NSA budget is classified[16], as of 1996 the agency was estimated to have a global staff of roughly 38,000 and a budget of approximately US$3.6-billion[17]. The UK equivalent organisation is the Government Communications Headquarters GCHQ based near Cheltenham. Further, smaller organisations exist to provide communications technology and expertise (e.g. Her Majesty's Government Communication Centre HMGCC). By comparison, Canada's communications-intelligence operations are conducted by the Communications Security Establishment (CSE), a branch of the Canadian Department of National Defence. It has a staff of 890 people and an annual budget of $110 million CAD[citation needed]. The CSE's headquarters is the Sir Leonard Tilley Building on Heron Road in the nation's capital of Ottawa, Ontario, and its main communications intercept site is located on an old armed-forces radio base in Leitrim, just south of Ottawa. On July 6, 2000 the BBC published an article called Echelon: Big brother without a cause? that said: The Echelon spy system, whose existence has only recently been acknowledged by US officials, is capable of hoovering up millions of phone calls, faxes and emails a minute. [...] Echelon evolved out of Cold War espionage arrangements set up by the US and UK in 1948, and later bringing in Australia, Canada and New Zealand, in their capacity as Britain's Commonwealth partners. The biggest of Echelon's global network of listening posts is at Menwith Hill, North Yorkshire, where about 30 "giant golf balls" called radomes litter the landscape. The system also boasts 120 American satellites in geostationary orbit. Bases in the five countries are linked directly to the headquarters of the secretive US National Security Agency (NSA) headquarters at Fort Mead, Maryland. The system's superpowerful voice recognition capability enables it to filter billions of international communications for whatever key words or word patterns are programmed in.[18] "The United States will occasionally have the United Kingdom keep an eye on individuals in this country [meaning inside the US], with the understanding that if Britain turns up any interesting tidbits, it will slide them across the table." - from the book, "CHATTER: Dispatches from the Secret World of Global Eavesdropping"Hardware According to its web site NSA is "a high technology organization, ... on the frontiers of communications and data processing." In 2006, the Baltimore Sun reported that the NSA was at risk of electrical overload, because of insufficient internal electrical infrastructure at Fort Meade to support the amount of computer equipment being installed. [19] While there are occasional stories speculating on the types of computers involved, [20] Jonathan Meier, in his biography, has stated of his time at the NSA that: "Conjecture and speculation were rampant on the [ECHELON] projects, even internally. Truthfully, very few individuals were privy to the logistics involved." At least one company, Narus, is publicly selling systems for mass surveillance of Internet traffic and one of its systems was apparently installed in 2003 in Room 641A, allegedly an intercept station run by AT&T on behalf of NSA. Likely satellite intercept stations The following stations are listed in the EP report (p.54 ff) as likely to have a role in intercepting transmissions from telecommunications satellites: Hong Kong (since closed) Australian Defence Satellite Communications Station (Geraldton, Western Australia)Menwith Hill (Yorkshire, UK)Misawa Air Base (Japan)Morwenstow (Cornwall, UK)Pine Gap (Northern Territory, Australia - close to Alice Springs)Sabana Seca (Puerto Rico - US)Sugar Grove (West Virginia, US)Yakima (Washington, US) MapWaihopai (New Zealand)Possible satellite intercept stations The following stations are listed in the EP report (p.57 ff) as ones whose roles "cannot be clearly established": Agios Nikolaos (Cyprus - UK)Bad Aibling (Germany - US) - moved to Griesheim in 2004[citation needed]Buckley Air Force Base (Colorado, US)Fort Gordon (Georgia, US)Guam (Pacific OceanUS)Kunia (Hawaii, US)Leitrim (south of Ottawa, Canada)Medina Annex (Texas, US)Various other ground stations The following facilities have been claimed to host various intelligence gathering stations of U.S. intelligence agencies and armed forces or their allies. [citation needed] Alert (Ellesmere Island, Nunavut, Canada)Bremerhaven (Germany - UK)RAF Chicksands (Bedfordshire, UK)Diego Garcia (Indian Ocean - US-UK)RAF Digby (Lincolnshire, UK)Elmendorf Air Force Base (Alaska - US)Feltwell (Norfolk, UK)Fort Meade (Maryland, US) (headquarters of NSA)Gander (Newfoundland and Labrador, Canada)Gibraltar (UK)Griesheim (near Darmstadt, Germany - US)Karamursel (Turkey - US)Malta (Malta - UK)Masset (British Columbia, Canada)Osan Air Base (South Korea, US)Rota, Spain (Spain, US)Shoal Bay Receiving Station (Northern Territory, Australia)West Point, New York (NY, US)aflandshage, Amager Denmark (DennmarkTangimoana (New Zealand)Naval Communication Station Harold E. Holt (Exmouth, Western Australia)Former ground stations [citation needed] Augsburg (Germany - US) - closed in 1993Clark Air Base (Philippines - US) - closed in 1997Edzell (Scotland, UK) - closed in 1997Kabkan (Iran - US) - closed in 1979Little Sai Wan (Hong Kong - UK) - closed in 1984Nurrungar (South Australia, Australia - south of Woomera, South Australia) - closed in 1999San Vito dei Normanni (Italy - US) - closed in 1994Teufelsberg (West Berlin, Germany - US) - closed in 1989Silvermine (near Cape Town, South Africa - US)September 10 Encryption on Tape Drives?Encrytpion on Tape Drives?
Sept 7 -- IBM Corp. has announced that data encryption capabilities are now standard on newly ordered IBM System Storage TS1120 Tape Drives. Encrypting data at tape speed helps to avoid the need for host-based encryption of data, and the concurrent drain on host performance, or the use of specialized encryption appliances, the company said on its web-site. This capability supports high volume data encryption of tape data, helping protect information if tape cartridges are lost or stolen, it added.
Encryption is a powerful and widely used technology that helps protect data from loss and inadvertent or deliberate compromise, according to IBM of Armonk, New York. Businesses today are focused on the importance of securing customer and business data, it said. Increasing regulatory requirements are driving the need for the security of data, it added. The IBM Encryption Key Manager component for the Java platform, which is supported on a wide variety of environments including z/OS, i5/OS, AIX, HP, Sun, Windows and Linux, can help generate and manage encryption keys for TS1120 tape drives across the enterprise, according to IBM. This feature uses standard key repositories on supported platforms and supports three different encryption management methods - application managed, system managed, or library managed, it added. The TS1120 tape drive supports transparent encryption, minimizing application changes in the system and library managed implementations, according to IBM. The encryption capability is supported when the TS1120 tape drive is integrated into or attached to the IBM System Storage TS3500 Tape Library, the IBM System Storage TS1120 Tape controller, the IBM TotalStorage 3494 Tape Library, the IBM 3592 Tape Frame Model C20, or is used in stand-alone environments, IBM said. For application managed encryption, IBM Tivoli Storage Manager has been enhanced to control the encryption process, and is designed to generate and provide keys to the TS1120 tape drive. The TS1120 encryption solution benefits from IBM's decades of mainframe expertise in encryption and encryption management, according to IBM. The z/OS operating system has provided encryption key management for over 15 years, allowing users to generate keys, manage them based on customer policies, and recover keys when necessary, IBM said. z/OS also provides information for audit compliance, as well as management and access controls, it added. In October last year, IBM enhanced encryption capabilities with the announcement of the IBM Encryption Facility for z/OS — a software-based product that's designed to leverage mainframe cryptography to encrypt data that's then written to tape drives. This host-based solution is ideal for businesses that need to exchange data with business partners who utilize non-mainframe platforms since it may not require installation of any additional or special purpose hardware to support data encryption and decryption, IBM said. With the tape subsystem-level encryption, users have the flexibility to use z/OS centralized key management to provide a long term repository for the tape-encryption keys, according to IBM. z/OS centralized key management is designed to offer exceptional security and availability with a single point of control and excellent disaster-recovery (D/R) capabilities. Customers can opt to store their keys for all supported servers in the z/OS system leveraging TCP/IP (Transmission Control Protocol/ Internet Protocol) for the transfer of key information between servers, IBM said. More information at www.ibm.com
Knowledge is Power! Op.Sec September 08 Why is WEP crackable?Why is WEP crackable? How WEP weaknesses affect your wireless network securityAn exploration of the security weaknesses of the Wired Equivalent Privacy (WEP). What is WEP?WEP stands for Wired Equivalent Privacy. The 802.11 designers intention was to provide wireless users with a level of security equivalent to that achievable on a wired network. Unfortunately WEP has turned out to be much less secure than intended. How does WEP work?WEP uses secret keys to encrypt data. Both AP and the receiving stations must know the secret keys. There are two kinds of WEP with keys of either 64bits or 128bits. The longer key gives a slightly higher level of security (but not as much as the larger number would imply). In fact the user keys are 40bits and 104bits long, the other 24bits in each case being taken up by a variable called the Initialization Vector (IV). When a packet is to be sent it is encrypted using a combination of the IV and the secret key. The IV is different (in theory) for each packet, while the secret key is fixed. The resulting packet data looks like random data and therefore makes the original message unreadable to an outsider not knowing the key. The receiving station reverses the encryption process to retrieve the message in clear text. What's wrong with WEP?IV values can be reusedIn fact the standard does not specify that the value needs to change at all. Reusing keys is a major cryptographic weakness in any security system. IV length is too short24 bit keys allow for around 16.7 million possibilities. Sounds a lot, but on a busy network this number can be achieved in a few hours. Reuse is then unavoidable. Some manufacturers use 'random' keys. This is not the best way to ensure against reuse. A better solution is to start with a key and increment by one for each subsequent key. Unfortunately many devices revert to the same value at start up and then follow the same sequence providing lots of duplicate values for hackers to work on. Weak keys are susceptible to attackCertain keys value combinations, 'Weak IVs', do not produce sufficiently random data for the first few bytes. This is the basis of the highly publicized attacks on WEP and the reason that keys can be discovered. Manufacturers often deliberately disallow Weak IV values. This is good in that it reduces the chances of a hacker capturing weak keys, but also has the effect of reducing the already limited key possibilities further, increasing the chance of reuse of keys. Master keys are used directlyFrom a cryptographic point of view using master keys directly is not at all recommended. Master keys should only be used to generate other temporary keys. WEP is seriously flawed in this respect. Key Management and updating is poorly provided forAdministration of WEP keys is not well designed and difficult to do on large networks. Users tend to change keys very infrequently which gives a potential hacker lots of time to collect enough packets to launch an attack. Message integrity checking is ineffectiveWEP does have a message integrity check but hackers can change messages and recompute a new value to match. This makes the checking ineffective against tampering. ConclusionAlthough WEP is far from an ideal security solution you should still use it. Some security is better than none. A determined attacker may be able to discover your keys given time and enough weak IVs, but that's no reason to leave all of your doors open. Check if your equipment manufacturer has an updated driver that avoids sending weak IVs. Use 128 bit encryption if your equipment supports it. Change the key if there is any suspicion of an attack. Ideally install an Intruder Detection System (IDS) to monitor attacks. Take these precautions and your wireless network will be reasonably secure. For stronger security consider using WiFi Protected Access (WPA). Knowledge is Power! Op.Sec http://Op.Sec.spaces.live.com |
|
|
