LANCOM Reference Manual LCOS 3.50 Chapter 11: Wireless LAN – WLAN
220
Wireless LAN – WLAN
which could automatically crack an arbitrary WLAN connection within a few
hours. With this, WEP was essentially worthless.
A first 'quick shot' to secure WLANs against this kind of program was the
simple notion that the weak IV values are known, and that they could simply
be skipped during encryption—since the IV used is after all transmitted in the
packet, this procedure would be completely compatible with WLAN cards
which didn't understand this extension, dubbed WEPplus. A true
improvement in security would naturally only result once all partners in the
WLAN were using this method.
In a network equipped with WEPplus, a potential attacker again has the chore
of listening to the entire data traffic, waiting for IV repetitions—simply
waiting for the few packets with weak IVs is no longer an option. This raised
the bar for an attacker again, particularly if one didn't simply set the IV
counter to zero when initialising a WLAN card, but rather initialised with a
random value: the IV counter at an access point only starts to count when the
first station logs in and starts transmitting data. If the access point and station
each initialised their IV counters to zero, packets with identical IV values occur
immediately after the connection is made. By initialisation to a random value,
the collision can at least be delayed by an average of 223 packets, that is, half
the space of possible IVs —with more than one station in a WLAN, this value
is naturally reduced. WEPplus is thus technically only a slight improvement—
but it did serve to calm the user base enough to make WEP acceptable again,
at least for home use (as long as a new key was configured often enough.) For
use in a professional environment, of course, that didn't suffice.
11.2.4 EAP and 802.1x Obviously, an 'add-on' like WEPplus can't eliminate the basic problem of too-
short IVs, without changing the format of packets on the WLAN, thus
rendering all existing WLAN cards incompatible. There is, however, a
possibility of solving several of our problems with one central change: no
longer use the formerly fixed WEP key, but to negotiate them dynamically
instead. As the process to be used for this purpose, the Extensible
Authentication Protocol has emerged. As the name suggests, the original
purpose of EAP is authentication, that is, the regulated access to a WLAN—