You'd think we would have learned some important lessons about security when WEP was broken last year by products like AirSnort. Unfortunately, we did not. In fact, some of us believed we could simply take a few security components from the cryptographer's tool box, put them together by the book and wind up with a certifiably secure system. . . .
You'd think we would have learned some important lessons about security when WEP was broken last year by products like AirSnort. Unfortunately, we did not. In fact, some of us believed we could simply take a few security components from the cryptographer's tool box, put them together by the book and wind up with a certifiably secure system.

Meanwhile, 802.11's WEP illustrated just how subtle -- yet catastrophic -- a security system's flaws can be.

In January, I wrote about another important wireless authentication mechanism, 802.1x. (See "Trust in Networking: A Fairy Tale?" ). A month later, William Arbaugh and his colleagues published a whole set of attacks against 802.1x when it is used with 802.11.

The IEEE 802.1x workgroup focused its efforts on Ethernet, token ring and FDDI networks. However, the 802.1x standard clearly indicates that the intended application is principally for hub-based deployments. Only one section in the standard document covers using 802.1x in "shared-media LANs." That section warns that a secure association (EAP method) is required to avoid man-in-the-middle and denial-of-service attacks. During the development of 802.1x, some of the participants seemed to have thought, "802.11 access points could use the 802.1x protocol too." Shortly after the first papers on WEP's weaknesses were released, the 802.11 workgroup took on the task of improving 802.11's security, and 802.1x's MAC-based authentication method quickly became the cornerstone of this improvement effort. Since that move, all 802.11 efforts have been to build a complete security system using 802.1x.

The link for this article located at Network Computing is no longer available.