Wireless Equivalent Privacy Not So Private

Scientists at the University of California, Berkeley, released a report detailing several security problems in the Wireless Equivalent Privacy (WEP) technology that wireless LAN traffic uses. WEP is part of the IEEE 802.11 standard and uses the RC4 algorithm with a 40-bit key to encrypt network traffic.RC4, a stream cipher invented by Ronald Rivest, works by expanding a short key into an infinite psuedo-random key. The cipher has long been known for its vulnerability to various analytical attacks; nonetheless, popular products such as Lotus Notes and Oracle SQL server use the cipher. Microsoft also supports RC4 with 40-bit keys in some of its products, such as Terminal Server, SQL Server, and Microsoft Message Queuing (MSMQ), as well as the CryptoAPI technology for developers. According to the published report, researchers Nikita Borisov, Ian Goldberg, and David Wagner found that WEP has at least four types of attacks that an intruder can successfully launch against wireless LANs that use WEP encryption. These problems include attacks to decrypt traffic based on statistical analysis, to inject new traffic from unauthorized mobile systems based on known plain text, to decrypt traffic by tricking the access point base unit, and to use a dictionary-based attack in realtime after analyzing an entire day's traffic. The researchers point out that off-the-shelf consumer equipment can be modified to monitor 802.11-based traffic, which lends to the feasibility of such attacks.