Network executives worried about the security of their wireless LANs may soon be able to sleep a little easier: The standards committee responsible for the broken wireless LAN encryption algorithm, Wired Equivalent Privacy, has approved a fix to the system that can be applied to existing equipment.
The fix for the WEP encryption standard uses a technique called fast-packet keying to rapidly generate unique encryption keys for each data packet transmitted.
A committee of the IEEE responsible for WEP and a clutch of other wireless LAN standards has approved the fix, according to RSA and Hifn – two companies involved in WEP development.
Equipment vendors can distribute the fix as a software or firmware patch, letting users update existing vulnerable devices, according to RSA Security and Hifn.
Anyone with an appropriate radio receiver can overhear traffic on wireless LANs, so the IEEE 802.11 standards committee adopted the WEP standard as a way of encrypting this traffic to make it as secure from eavesdroppers as traffic on wired LANs. Other representatives of the 802.11 committee could not be reached for comment.
However, flaws in the encryption algorithm meant it was relatively simple to guess the keys with which successive packets of data were encrypted on WEP wireless LANs because the keys were too closely related. Current implementations of the WEP standard use RSA’s RC4 algorithm for encryption.
RSA defends its encryption algorithm, saying the successful attacks against WEP were not a result of any weakness in RC4, but rather in how WEP created encryption keys for each data packet, based on a secret code known only to the wireless LAN base station and the remote terminal. The keys for different packets were too similar, RSA says, meaning hackers could exploit the similarity to deduce the secret code, and with it, the content of all network traffic.
The fast packet keying method can be used to reduce the similarity between keys used to encrypt successive data packets, making it harder for hackers to guess the secret code known to the network terminals, RSA says.
Peter Sayer is a correspondent with IDG News Service’s Paris bureau.