Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Four reasons to buy (and one reason to avoid) the Droid
Cisco MARS shuts out new third-party security devices
Verizon Droid buzz muted in Boston
Week in Google news: Google Dashboard, Droid fever, focus on e-commerce
Cloud computing, virtualization proponents getting antsy
Data center start-up offers energy saving software
Vendors scrambling to fix bug in Net's security
Judge dismisses lawsuit challenging Gartner's Magic Quadrant
Boston Celtics clamp down on spam
Cloud computing inevitable? Not so fast, educator says
Blue Coat slashes staff, buys S7 services company
Apple seeks new sheriff to lock up iPhones
Google releases new search engine for e-commerce sites
Rackspace apologizes for cloud outage, prepares to issue service credits
Wireless/Mobile /

Wireless LAN security fix on tap from IEEE group

Related linksToday's breaking news
Send to a friendFeedback

By Peter Sayer
Network World, 01/07/02

Network executives worried about the security of their wireless LANs may soon be able to sleep a little easier: The standards committee responsible for the broken wireless LAN encryption algorithm, Wired Equivalent Privacy, has approved a fix to the system that can be applied to existing equipment.

The fix for the WEP encryption standard uses a technique called fast-packet keying to rapidly generate unique encryption keys for each data packet transmitted.

A committee of the IEEE responsible for WEP and a clutch of other wireless LAN standards has approved the fix, according to RSA and Hifn - two companies involved in WEP development.

Equipment vendors can distribute the fix as a software or firmware patch, letting users update existing vulnerable devices, according to RSA Security and Hifn.

Anyone with an appropriate radio receiver can overhear traffic on wireless LANs, so the IEEE 802.11 standards committee adopted the WEP standard as a way of encrypting this traffic to make it as secure from eavesdroppers as traffic on wired LANs. Other representatives of the 802.11 committee could not be reached for comment.

However, flaws in the encryption algorithm meant it was relatively simple to guess the keys with which successive packets of data were encrypted on WEP wireless LANs because the keys were too closely related. Current implementations of the WEP standard use RSA's RC4 algorithm for encryption.

RSA defends its encryption algorithm, saying the successful attacks against WEP were not a result of any weakness in RC4, but rather in how WEP created encryption keys for each data packet, based on a secret code known only to the wireless LAN base station and the remote terminal. The keys for different packets were too similar, RSA says, meaning hackers could exploit the similarity to deduce the secret code, and with it, the content of all network traffic.

The fast packet keying method can be used to reduce the similarity between keys used to encrypt successive data packets, making it harder for hackers to guess the secret code known to the network terminals, RSA says.

Sayer is a correspondent with IDG News Service's Paris bureau.

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.