IEEE patches flawed security standard for wireless LANs

IEEE patches flawed security standard for wireless LANs

The IEEE Standards Association has adopted a fix for the flawed Wired Equivalent Privacy protocol for wireless LANs.

WEP defines the way data is encrypted for wireless transmission under the IEEE 802.11 standard, established by the Institute of Electrical and Electronics Engineers. A weakness in the protocol made wireless LANs susceptible to eavesdropping, limiting their use for sensitive data.

The weakness, caused by sharing of encryption keys at an access point, prompted the Army to put a moratorium on wireless LANs.

'The problem with WEP is the way you handle the keys,' said Mike Vergara, director of product marketing for RSA Security Inc. of Bedford, Mass. Weak, static keys used to establish connections make it possible to for an eavesdropper to discover stronger keys used to encrypt data using the RC4 algorithm.

The fix, developed by RSA and Hifn Inc. of Los Gatos, Calif., is called Fast Packet Keying. 'Each packet will be encrypted with its own key' with no similarities between the keys, Vergara said.

Vendors will distribute a software or firmware patch to update existing wireless equipment. IEEE adopted the patch last month. It originally had been scheduled for adoption in October, but the Sept. 11 attacks delayed the committee meeting, Vergara said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • machine learning

    Mitigating the risks of military AI

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group