Dynamic WEP refers to the combination of 802.1x technology and the EAP. EAP is a flexible Layer 2 authentication protocol and a replacement to PAP and CHAP under Point-to-Point Protocol (PPP). The term dynamic WEP is derived from its unique ability to change (rekey) encryption keys. This prevents an attacker from being able to collect enough data to crack the current encryption keys. Each time a user logs into the network, a new key is created for that session. No other user will have the same session key, and the key lengths are such that reuse of the keys would be impossible to predict. Dynamic WEP also initiates more frequent key updates during the user's session, constantly changing the user's key by periodically renewing the keys every few minutes. This prevents an attacker from capturing significant data with the same key, thereby preventing any meaningful decryption of the WEP key.
We have all considered how insecure Wireless is using dynamic WEP in the scenario mentioned and I quote - "Due to one of our applications, we will be sending a clear strong signal to the parking lot". As also the mail says "Right now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate SSID" to quote from the mails of Rocko.
My understanding of Dynamic WEP is that, in the case of PEAP or for that matter any other form of EAP derived security, there is no single common WEP key that is derived and used for all the clients. The point I am trying to lay my stress on is "no single common WEP key". In this scenario - if we were to look at this organization where we assume, should I say about 100 Wireless clients, then at an average of 15 people under each Access Point, this translates to 15 different keys - one key per person on the same Access Point. Add to this the probability of people moving from one Access Point to another at every (say) 3hours interval. Add to that the probability that the keys are not all changing at a defined point in time - this implies that based on when the user has derived the first dynamic key - the key changes at configured intervals.
To an external user (sitting in the parking lot) this poses 5 levels of randomness -
1. different users have different keys
2. different users changing their keys at different points in time
3. different users traversing across Access Points and hence changing their keys
4. The physical security that is existing on the ground that can contribute (if not greatly - at least to a reasonable extent) and hence the probability of finding out a parking lot hacker
5. Add again the probability of this guy getting sufficient numbers of weak IV's
Add to this, the number of users that are really sitting down in an area that provides a strong signal to the parking lot. Add also "direction finding capabilities" - (I am not too sure what this direction finding capability of the Access Point is, but based on context I guess it is something that deals with improving security).
SHOULD WE STILL BE AS PARANOID AS THESE MAILS SOUND OR CAN WE RELAX A BIT.
Ofcourse I would also like to add that we have not looked at whether this is a scenario where we have a Patch Antenna/ Parabolic Antenna that transmits signals in a defined direction - in this scenario there is a possibility of the replies above being used as an effective hack
Moreover, most Organizations that have this level of consideration for security should be having some form of IDS/ IPS - NIDS/ HIDS - wouldn't these have detected/ alarmed the Admin in some way or the other if he is on the LAN/ some Server/ workstation
Technically, if we were to sit down in front of a box, it will crack after sometime, but realistically in the scenario - is this possible, I guess this is the outlook that we should take when we discuss on such problems. Moreover, this immediately puts a doubt in the mind of the person about PEAP and EAP related security measures or for that matter any solution when thought from this point angle
I WOULD LIKE TO KNOW THE COMMUNITIES' VIEW IN THIS SCENARIO.
No comments:
Post a Comment