We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Wireless LANs face security risks

Encryption algorithm insecure on wireless networks

A security weakness in the encryption standard used within IEEE 802.11b-based wireless LANs (local area networks) has been uncovered.

Three cryptographers in the US have described a practical way of attacking the key scheduling algorithm of the RC4 cipher, in a paper entitled (somewhat unimaginatively) Weaknesses in the key scheduling algorithm of RC4. The RC4 cipher forms the basis of the WEP (Wired Equivalent Privacy) encryption that is used in IEEE 802.11b (also known as WiFi) wireless networks.

The paper's authors discovered several ways to uncover patterns in packets of information passing over wireless LANs. These patterns can be used to figure out the WEP encryption 'key' and the number used to scramble the data being transmitted. Once the key is recovered, it can be used to decrypt the messages.

The authors say using a longer key, one of 128 bits compared to the current WEP standard of 40 bits, does not make it significantly harder for attackers to uncover the process.

"Even with WEP, the hacker world has come up with programs to unscramble the codes and decipher all the packets," agreed Raymond Poon, associate director of computing services at City U, Hong Kong's City University. "Unless there's a better design for WEP algorithms, we'll have to wait for something more mature to evolve that will have everything enabled." City U uses wireless LANs extensively.

According to university officials, finding an encryption code that has not yet been hacked continues to be a dilemma.

Security experts said that although wireless LAN encryption is based on a pre-shared secret key, anyone with the same key can eavesdrop. Yet it does not necessarily mean that all deployments of wireless LANs will be affected by the WEP security hole.

This may seem only of specialist interest, but more and more places are being 'wirelessed up', such as business class lounges in airports and other public places.


IDG UK Sites

4G to get faster and cheaper with Freeview spectrum: We're in for a wait though

IDG UK Sites

Why you shouldn't buy your gadgets at launch: Wait and pick up a bargain

IDG UK Sites

Artist creates a geometric rave in a chapel for The House of St Barnabus

IDG UK Sites

Mac mini (Late 2014) 1.4 GHz review: Mac mini is sort of upgradable, but is it any good as it is?