TO: Professor Jason Ellis
FROM: Gladielle Z. Cifuentes
DATE: September 9, 2020
SUBJECT: 500-word summary
This is a 500-word summary of the article “Security Flaws in 802.11 Data Link Protocols” by Nancy Cam-Winget (Cisco Systems), Russ Housley (Vigil Security), David A. Wagner (University of CA at Berkeley) and Jesse Walker (Intel Corp.).It discusses the vulnerabilities that a WLAN experiences by a person who can potentially eavesdrop through radio receivers due to weak security protocols.
Wireless Equivalent Privacy (WEP) is the mechanism that the IEEE 802.11 protocol uses as its standard for data confidentiality. WEP had an array of flaws and would leave Wireless Local Area Networks (WLANs) with security vulnerabilities. This article will describe the flaws of WEP and how researchers went about on finding ways to improve the security or replace WEP.
WEP has many vulnerabilities and reasons as to why it is not a trustworthy security protocol. Since using WEP is optional, it causes a huge threat to security. This results in encryption of data to never be used. Another defect of WEP is the shared key standard it uses for all devices. According to this article, the most serious security breach that WEP has is how attackers can use cryptanalysis to recover the encryption keys that the WEP uses on its devices. “Once the WEP key is discovered, all security is lost.” (Cam-Winget, Housley, Wagner & Walker, 2003, p. 36). Due to the flaws of WEP, the conclusion is that this security protocol was poorly designed. Experienced security protocol designers and cryptographers are needed for the creation of such difficult security protocol designs.
A short-term solution to WEP is the creation of Temporal Key Integrity Protocol (TKIP). TKIP are sets of algorithms that “adapt the WEP protocol to address the known flaws while meeting these constraints” (Cam-Winget, Housley, Wagner & Walker, 2003, p. 37). Packet sequencing and Per-Packet key mixing are the functions that TKIP help with the security flaws of WEP for short term purposes.
A long-term solution that researchers found for WEP security flaws is using the Counter-Mode-CBC-MAC Protocol. For the algorithm of this protocol, the Advanced Encryption system was used. This system contains features that improve the operation of the WEP and its security capabilities which include: single key usage, using integrity protection for packet header/packet payload, reducing latency by allowing precomputation, pipelining and more. In order to meet the criteria for this security protocol, the CCM mode was designed.
CCM works by merging two techniques such as a counter mode for encryption and the Cipher Block Chaining Message Authentication Code (CBC-MAC). CCM is seen as a vulnerability due to it using the same key for both “confidentiality and integrity” (Cam-Winget, Housley, Wagner & Walker, 2003, p. 39)., It guarantees to never overlap the counter mode with the CBC-MAC vector.
This article reviewed WEP and the security flaws found. The authors described short-term and long-term alternative protocols that can replace WEP and how they can be implemented for securing a WLAN.
References:
Cam-Winget, N., Housley, R., Wagner, D., & Walker, J. (2003). Security Flaws in 802.11 Data Link Protocols. Communications of the ACM, 46(5), 35-39. https://doi.org/10.1145/769800.769823