Researchers at the University of Maryland's Department of Computer Science have discovered three more security risks in the Wired Equivalent Privacy (WEP) technology used in the 802.11 standard. (For information about the original security risks, discovered by three researchers at the University of California, Berkeley, see Wireless Equivalent Privacy Not So Private, Windows IT Security News, February 9, 2001.) According to a report by William A. Arbaugh, Narendar Shankar, and Y.C. Justin Wan, published March 30, the three more risks involve vulnerabilities in two access control mechanisms currently used in Orinoco and in Lucent Technology's Wavelan PCMCIA cards, that are based on the 802.11 standard. In addition, the researchers identified an eavesdropping attack that an intruder can leverage against WEP's shared-key authentication mechanisms.
The University of Maryland team points out that due to the risk discovered, if a wireless network does not encrypt its traffic, intruders might be able to gain immediate access to the wireless network and even the entire internal network. However, even when a network uses encryption, an attacker can combine the WEP vulnerabilities discovered at Berkeley with these new risks to systematically gain wireless network access. The researchers point out that due to the nature of radio signals, intruders could infiltrate a network from anywhere they can receive a wireless radio signal, such as outside a company's office in a nearby parking lot.
In the report, the researchers detail how intruders can use the discovered risks to exploit the shared-key authentication in 802.11 devices. The researchers suggest that for a short-term solution, a user might try a more robust key management system for WEP and use stronger security mechanisms, such as the IPSec protocol.
On March 27, we reported that Microsoft is supporting the 802.1x wireless network access standard in Windows XP, which is currently in beta testing and due for public release later this year. The 802.1x standard defines port-based network access control for wireless networks. In a document entitled "Wireless Communications and Windows," Microsoft says that we can expect several security improvements from 802.1x, including automatic key management, centralized user authentication, and authorization prior to LAN access. Such enhancements might help eliminate some of the risks associated with WEP.