Conference Topic: Civic Responsibilities
Discuss the responsible use, or misuse, of data communications
Your response must be cut and paste into the text area of the response.
This is so students will not have to download and convert word processing documents.
Please provide the sources for your response.
Response:
Thunder in the Sky
by Theresa L. Ford on 10-10-2004
Back in June, my husband and I plugged in our new wireless router so I could connect over our network to my new Sharp Zaurus SL-6000L, a Linux handheld computer with a built-in 802.11b wireless network card. Taking care to secure our network, we set it to use the Wireless-B only (not Wireless-G), turned off DHCP, blocked anonymous Internet requests, turned on the default firewall, and set the router to only allow one preset MAC address through the wireless connection. We also created a 128 bit WEP (wired equivalent privacy) key, which is an encrypted "password" used by the router to verify an approved connection. How secure is our wireless network?
Citizens in Scottsdale, Arizona, called the police when wardrivers (people who go looking for unsecured wireless networks) discovered their wireless networks, stated an October 4th azcentral.com article by Michael Ferraresi titled "Drive-by hackers get residents' hackles up". Six reports of wireless network access caused the neighborhood's executive director to warn residents. In August, one of the residents had his American Express card used at an online store after granting access to his wireless network. (Ferraresi, 2004)
On October 7th, a mere 3 days after that article, PacketStorm Security updated its entry on Aircrack, one of the tools used to decipher WEP keys. (Packet Storm: aircrack-2.1.tgz, 2004)
"Aircrack is an 802.11 WEP cracking program that can recover a 40-bit or 104-bit WEP key once enough encrypted packets have been gathered. It implements the standard FMS attack along with some optimizations, thus making the attack much faster compared to other WEP cracking tools." (Packet Storm: aircrack-2.1.tgz, 2004) |
Apparently, using Aircrack, it's possible that the WEP key can be determined in a mere five minutes. The WEP keys include a 24-bit initialization vector (IV), somewhat randomly generated by the hardware. "With only 24 bits, WEP eventually uses the same IV for different data packets." Jim Geier writes in his tutorial titled "802.11 WEP: Concepts and Vulnerability". Using this data, a cracker can determine the key and subsequently decrypt any packet. (Geier, 2002).
Are we protected from the cracker hiding in the barn across the street from my house? As wireless networks become more prominent, how long until this WEP flaw is fixed?
Borisov, N., Goldberg, I., and Wagner, D. (2001). Security of the WEP algorithm. Retrieved Oct. 9, 2004, from http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
Devine, C. (2004). Aircrack Documentation. Retrieved Oct. 9, 2004, from http://www.cr0.net:8040/code/network/aircrack/
Ferraresi, M. (2004). Drive-by hackers get residents' hackles up. Retrieved Oct. 9, 2004, from http://www.azcentral.com/news/articles/1004wardriving04.html
Geier, J. (2002). 802.11 WEP: Concepts and Vulnerability. Retrieved Oct. 9, 2004, from http://www.wi-fiplanet.com/tutorials/article.php/1368661
Packet Storm: aircrack-2.1.tgz. (2004). Retrieved Oct. 9, 2004, from http://www.packetstormsecurity.org/filedesc/aircrack-2.1.html