[8595] in cryptography@c2.net mail archive
Re: 802.11 Wired Equivalent Privacy (WEP) attacks
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Tue Feb 13 20:34:37 2001
Mime-Version: 1.0
Message-Id: <v04210101b6aa138bfd76@[24.218.56.92]>
In-Reply-To: <23023.981752153@coconut.itojun.org>
Date: Fri, 9 Feb 2001 17:02:16 -0500
To: itojun@iijlab.net
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cryptography@c2.net, wep@isaac.cs.berkeley.edu
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
At 5:55 AM +0900 2/10/2001, itojun@iijlab.net wrote:
> >WF1
>>
>>In WF1 the 802.11 WEP keys would be changed many times each hour, say
>>every 10 minutes. A parameter, P , determines how many time per hour
>>the key is to be changed, where P must divide 3600 evenly. The WEP
>>keys are derived from a master key, M, by taking the low order N
>>bits (N = 40, 104, whatever) of the SHA1 hash of the master key with
>>the date and time (UTC) of the key change appended.
>>
>> WEPkey = Bits[0-N](SHA1(M | yyyymmddhhmmss))
>(snip)
>>Clearly good synchronization of the time-of-day clock on each node is
>>essential in WF1, but protocols already exist that can do this over
>>a network. Small synchronization discrepancies can be handled by the
>>802 retry mechanism and should look very much like a short RF outage.
>
> i see chicken and egg loop here - for instance, if I've got a laptop
> with 802.11 card only, I need to use the 802.11 network to synchronize
> clock. i'm not sure if WF1 is workable (if you have other secure
> channel for synchronizing clock, you are okay - but then why bother
> using 802.11?).
>
That is one of the reasons I suggested a key change interval of every
10 minutes. Most PCs internal clocks will keep time to within a few
seconds from day to day, so re-synchronization should not be a
problem. If necessary the PC's time can be manually set well enough
using any number of time sources:
Most phone companies in the US have a number you can call.
"News" radio stations announce the time frequently.
Many cell phones have clocks.
GPS receivers give accurate time.
For about $60 you can buy a clock that synchronizes itself to WWVB.
802.11 has a short range, so there are likely other PCs nearby
that you can get the time from.
I don't know how tolerant actual 802.11 systems are to a delayed key
change (experiments are welcome), but if a user sets their PC time in
the middle of a ten minute interval, there will be no delay at all.
Actually there is a highly accurate time synchronism mechanism built
into 802.11. The transceivers must be sync'd way before they get to
worry about encryption. But I don't know if that time value is
accessible by the client computer. If so, more frequent key changes
should be workable.
Arnold Reinhold
