Paper finds new wireless standard less secure

A new paper by a leading security expert says that the new Wi-Fi Protected Access (WPA) security standard may be less secure, in certain scenarios, than WEP, the wireless standard it was designed to replace.

In the paper, "Weakness in Passphrase Choice in WPA Interface," Robert Moskowitz, a senior technical director at ICSA Labs, part of TruSecure Corp., describes a number of problems with the new WPA standard, including the ability of attackers to "sniff" critical information from wireless traffic and to discover the value of a wireless network's security key.

WPA is a new security standard based on work by the Institute of Electrical and Electronics Engineers Inc. (IEEE) on the 802.11i wireless security standard. WPA is intended to replace Wired Equivalent Privacy (WEP), the most common standard for securing data on wireless networks.

WPA offers a number of security improvements over WEP, including better data encryption and the ability to authenticate users on large networks using a separate authentication service such as Remote Authentication Dial-In User Service, before allowing them to join the network, according to the Wi-Fi Alliance, a wireless industry group.

The problems with WPA center on the use of Pre-Shared Keys (PSKs), which are an alternative authentication tool for small businesses and home users that do not want to use a separate authentication server and full 802.1x key infrastructure, according to Moskowitz, who helped design the 802.11i wireless security standard and WPA.

As with WEP, wireless users can use passphrases for the PSK, which can range from 8 to 63 bytes. Most wireless equipment makers allow only a single PSK to be used on a wireless network, Moskowitz said.

Moskowitz writes that the method that WPA devices use to conduct "handshakes," or exchanges of information that are used to generate data encryption keys for wireless sessions, allows attackers who do not know a PSK to guess it using what is known as a "dictionary" attack.

In dictionary attacks, attackers capture (or "sniff") wireless network traffic in transit between the access point and the wireless workstation, then use specialized software programs to guess the key.

Other wireless security standards are also vulnerable to such attacks. WEP keys have long been known to be insecure. More recently, a security expert showed that Cisco Systems Inc.'s Lightweight Extensible Authentication Protocol (LEAP) standard is vulnerable to dictionary attacks too.

However, attackers who want to compromise WEP and LEAP need to harvest large quantities of network traffic before they can decipher the passphrase. In contrast, WPA only requires them to capture four specific packets of data, Moskowitz said.

Passphrases with fewer than 20 characters long are unlikely to withstand a dictionary attack, and attackers who miss those four packets in transit can easily trick a wireless access point into doing a new "handshake" and sending the packets to the attacker again, he said.