Saturday, June 19, 2010

WEP, TKIP Declared Out…

If the fast spreading news on the Internet is to be believed, Wi-Fi alliance has decided to drop off WEP and TKIP encryption techniques from its certification criteria.

WEP was the only encryption techniques mentioned in the original IEEE 802.11 standard. Some flaws in the WEP encryption algorithm were discovered just after two years of release of WiFi standard and it was cracked in 2001. Since then several attacks on WEP have been published e.g. FMS attack, Korek attack, chop-chop attack, fragmentation attack, Aircrack-PTW attack, Caffe Latte attack etc.

TKIP was an enhancement over WEP. It was an attempt to provide better security to legacy WEP encryption capable devices and hence same RC4 technique with some modification was used in TKIP. The first and only attack on TKIP was published by Martin Beck and Erik Tews in 2008, five years after the release of TKIP specification for WiFi encryption. The attack was about injection of few small sized frames in the client to cause some disruption. It was not a key retrieving attack and unlike WEP, data privacy was guaranteed in TKIP.

The migration towards only-AES encryption mode will be done in stages over three years starting from 2011. From 2011, WiFi alliance will stop certifying APs with WEP or TKIP configuration. In 2012, wireless client devices will be axed for their support for WEP or TKIP. Starting from 2014, new WiFi devices which support only AES encryption will be certified. These requirements must be easily satisfied by device vendors by masking the disallowed encryption techniques just by applying software patch on the newly manufactured devices and if it happens, this will be a great move towards much needed secured wireless world.

A very interesting observation to note here is that the default configuration of most out of the box access points is “Open” which is a much bigger evil than WEP or TKIP. If a wireless LAN is operating in open mode all types of wireless attacks are possible e.g. data snooping, impersonation, unauthorized access to the network etc. The ideal move would be to support only one configuration in the Access Point and Client with the AES encryption as per the IEEE 802.11i and the IEEE 802.11w standard.

In short, the good (TKIP) and the bad (WEP) has been declared out but the ugly (Open configuration) will be continued to play!

Saturday, June 12, 2010

Lessons from Apple’s WWDC Fiasco

If you haven’t heard about it, here is the condensed version of what happened on the opening day of iPhone 4G. The information has been gathered from various stories released on the Internet but the essence of all is same.

“Steve Job was trying to show the screen resolution and speed of the device by accessing a web portal that’s where the mishap happened. A completely saturated 2.4 GHz spectrum couldn’t distinguish between Steve’s new iPhone and hundreds of WiFi clients active at that location and hence the iPhone 4G was starved from getting wireless service.”

You may compare this scenario with a very heavily congested road. No matter what model or speed of the car is, one can not drive faster than the average speed of the traffic.

Could this have been avoided?

I am astonished to see every body (whether it’s WLAN infrastructure vendor or else) making claim that if Apple had used their solution or service, the problem would have never arisen. The way Ferrari can’t solve the very basic problem of congestion likewise iPhone 4G can’t solve the saturated link problem.

I have yet to see a solution which can accommodate hundreds of WiFi client devices or save 2.4 GHz from being saturated in the similar situation.

Yes there are solutions which could have raised alert on seeing too many devices operating in 2.4GHz band. Kudos to great Steve Job, he realized this very soon and requested his audiences to shutoff their WiFi warriors and saved his iPhone 4G demo!

If you are going to make such a crucial demo and planning to use WiFi you are bound to face the similar fiasco until you learn the lessons from Apple.


1. You ensure that there are not too many WiFi devices are operating in 2.4 GHz band. Its better to ask audience to switch of WiFi in the beginning.
2. If your device supports 5GHz band, better you use one channel in 5Ghz band
3. Always use security (WPA or WPA2 ) on your AP so that others can not connect to your device
4. Your demo environment should be free from Wireless DoS or jamming or at least it should be detectable
5. Have a WiFi expert not sales expert setup the WiFi infrastructure

Thursday, June 3, 2010

Is Your Wireless Auditing Done Right?

WiFi is one of the newest networking technologies and hence auditing wireless networks is still a big challenge for auditors. It is mainly due to the unavailability of sophisticated solutions to cover all possible and realistic scenarios. More often than not the wireless network or security audits are done with the help of open source software/tools freely available on the Internet. These tools have some intrinsic limitations and hence do not always give answer to all the wireless auditing related questions. Due to the software limitations wireless auditing fail to ensure FIVE important wireless audit requirements are:

1. Presence of NO mis-configured, rogue or unmanaged wireless device on the trusted/authorized network
2. Presence of ALL authorized wireless device on the network Up and Running
3. Presence of the BEST wireless security configuration (e.g. WPA2/802.1x)for authorized wireless LANs
4. Presence of NO infected or rogue wireless client device
5. Presence of ALL wireless connection association logs for forensics purpose

Now we know what to see in the report when we get a wireless audit done next time !