IEEE patches flawed security standard for wireless LANs

IEEE patches flawed security standard for wireless LANs

The IEEE Standards Association has adopted a fix for the flawed Wired Equivalent Privacy protocol for wireless LANs.

WEP defines the way data is encrypted for wireless transmission under the IEEE 802.11 standard, established by the Institute of Electrical and Electronics Engineers. A weakness in the protocol made wireless LANs susceptible to eavesdropping, limiting their use for sensitive data.

The weakness, caused by sharing of encryption keys at an access point, prompted the Army to put a moratorium on wireless LANs.

'The problem with WEP is the way you handle the keys,' said Mike Vergara, director of product marketing for RSA Security Inc. of Bedford, Mass. Weak, static keys used to establish connections make it possible to for an eavesdropper to discover stronger keys used to encrypt data using the RC4 algorithm.

The fix, developed by RSA and Hifn Inc. of Los Gatos, Calif., is called Fast Packet Keying. 'Each packet will be encrypted with its own key' with no similarities between the keys, Vergara said.

Vendors will distribute a software or firmware patch to update existing wireless equipment. IEEE adopted the patch last month. It originally had been scheduled for adoption in October, but the Sept. 11 attacks delayed the committee meeting, Vergara said.

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.