Snorting over the LAN gets cracked

Agere Systems has unvieled ‘WEPplus’, a security enhancement for it’s ORiNOCO wireless LAN-based networks.

Agere Systems has announced ‘WEPplus’, a security enhancement for it’s ORiNOCO wireless LAN-based networks.

WEPplus is included in the company’s new Winter Software release, which is available via a free Internet download, and will be included in all products shipped beginning on November 23, 2001. It helps to prevent hacker programs such as AirSnort from exploiting the ‘weak’ key component of the standard WEP (Wired Equivalent Privacy) encryption used in most 802.11b, Wi-Fi wireless networks.

In the last few months, there has been a lot of attention focused on the fact that the WEP encryption as defined by IEEE 802.11 is not an ‘industrial strength’ encryption protocol.

A recent paper entitled ‘Intercepting Mobile Communications’ by Nikita Borisov and David Wagner of UC Berkeley, and Ian Goldberg of Zero-Knowledge Systems discussed the vulnerabilities of WEP. More recently, another paper on ‘Weaknesses in Key Scheduling’ by Scott Fluhrer of Cisco Systems, and Itsik Mantin and Adi Shamir of the Weizmann Institute in Israel demonstrated the ability to easily-mount passive attacks on what are known as ‘weak’ WEP keys, that is, relatively easy to crack by hackers.

Also, with the introduction of the AirSnort program, which is now available on the Internet, it is possible to passively monitor and hack into a WEP-protected wireless LAN. WEPplus can ensure the integrity of a network against these attacks.

WEPplus is designed for Agere ORiNOCO-branded or OEM-branded Agere Systems’ Wi-Fi wireless LAN products. Non Wi-Fi equipment will still be able to exchange data with the WEPplus enhanced network, but may be susceptible to WEP weak key attacks. The Agere ORiNOCO wireless WEPplus implementation provides complete interoperability with all Wi-Fi compliant wireless LAN products, continuing Agere’s commitment to the complete interoperability of Wireless LAN equipment across different vendors.

‘We have developed a new way of implementing WEP encryption that avoids the use of certain initialisation vectors that create weak keys that can be easily intercepted and broken,’ said Richard Edgar, Agere Systems ORiNOCO product manager. ‘This new enhancement is part of (our) initiative to improve wireless LAN security, which includes our new high-security products like the Access Server 2000 and the Access Point 2000.’

ORiNOCO product users can download the new Winter Software package with WEPplus from www.orinocowireless.com. Users of products based on ORiNOCO wireless systems will need to download the new drivers and software from their manufacturer’s Web site.

On the web