http://www.siliconvalley.com/docs/news/svfront/049744.htm Monday, Dec. 17, 2001 SAN FRANCISCO (Reuters) - RSA Security Inc. Monday will announce new technology designed to improve the security of wireless networks used within buildings and protect them from so-called ``drive-by hacks.'' Bedford, Massachusetts-based RSA and Hifn of Los Gatos, California, have developed a technology patch for the Wireless Equivalent Privacy (WEP) protocol designed to encrypt communications transferred over standard 802.11 wireless networks. Such networks are growing increasingly common within corporations, warehouses and government offices for laptops and handheld devices where users need mobility. ``If you are running a wireless LAN (local area network), if someone was sitting in the parking lot with the correct software and a (wireless network) scanner they could pick up information flowing over the network,'' said Mike Vergara, director of product marketing at RSA. ``They could read all the traffic.'' The current WEP implementation is flawed in that it uses encryption ``keys'' or codes for hiding data that are too similar to each other, making it relatively easy for someone to figure out the keys, Vergara said. There are tools, such as AirSnort, which surreptitiously grab data moving across wireless networks and analyze it to decode the encryption, he said. FAST PACKET KEYING The new technology, called Fast Packet Keying, ``enables you to encrypt each packet of data with a different key,'' Vergara said. The technology has been approved by the Institute of Electrical and Electronics Engineers (IEEE) standards body as an addendum, or patch, to the 802.11 standard, he said. Device makers are upgrading their software, according to Vergara, but he didn't know when the patches would make it into devices out in the market. The patch only addresses the known security vulnerability and does not address any new holes that might crop up, Vergara conceded. For that reason, Avi Rubin, a computer security researcher at AT&T Labs, suggested researchers develop wireless technology using the new Advanced Encryption Standard (AES), approved by the U.S. government. AES, which is exponentially more difficult to crack than its predecessor, is expected to become the standard for securing Internet communications over the coming years. Using AES would require new wireless network cards, said Rubin, who was among the first to discover a way to crack the WEP protocol. ``Band aid approaches may be necessary for the short term,'' he said. But ``for the next generation of (wireless network) cards they should throw everything away and design something with AES.'' - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Dec 19 2001 - 11:53:55 PST