Intern proves WLAN encryption protocol vulnerable

Intern proves WLAN encryption protocol vulnerable
MANHASSET, N.Y. — A 20-year-old undergraduate student from Rice University, Adam Stubblefield, has earned the distinction of being the first to implement a devastating new attack on the wired equivalent privacy (WEP) encryption protocol used in 802.11b wireless local area networks.

The attack, described in a recent paper by Fluhrer, Mantin & Shamir , is the most deadly to date on the embattled protocol, allowing for the rapid retrieval of the network key through passive means — regardless of the key bit length.

Stubblefield, working as an intern at AT&T Labs (Florham Park, N.J.) with AT&T research staff members John Ioannidis and Aviel Rubin, used the $100 Prism II-based Linksys PC card and a Linux driver that could capture encrypted WEP packets to perform the attack. Stubblefield's attempt took just under a week, which included the time taken to deliver the card, set up the testbed, perform debug and then finally retrieve the key.

'Completely insecure'

"The implications are clear," Stubblefield said. "Basically, a competent programmer who has access to the Shamir paper — and our paper to some degree — could, in the space of under a week, be able to do exactly what we did." While Stubblefield said he and his coworkers won't be releasing their code, "someone else might, for whatever reason. At that point, anyone can jump on it, and from there everyone's network would be completely insecure."

A copy of Stubblefield's report can be found online through the Rice University Web site.