Wireless network security shows cracks

In a paper published last week, University of Maryland's William Arbaugh and Arunesh Mishra said the new 802.1X security system has two basic problems--one where a hacker can hijack an existing connection, and another where they can interpose themselves during authentication and steal access information as it's being set up.

In the first case, a hacker monitors the transmissions and when a session is established between a client and an access point, he sends a fake packet to the client purporting to be from the access point saying "Session closed". The client just reconnects with a new session while the legitimate access point thinks the old session is still open and is exposed.

The other way-- a "man in the middle" attack--again involves a hacker "pretending" to be an access point, this time relaying messages between the client and the real access point while monitoring their contents, having "...completely bypassed any higher-layer authentication and render(ing) the authentication mechanism ineffective," according to Arbaugh and Mishra.

The paper, An Initial Security Analysis of the IEEE 802.1X Standard, said the standard needs to be modified to include symmetric authentication--where the client and the access point both prove to be legitimate--and better handling of access point authentication. Without this, 802.1X and 802.11 cannot provide sufficient levels of security.

The 802.1X standard itself--and its associated standard, Extensible Authentication Protocol--is already in use for wireless networking in Cisco 802.11b products, for example. 802.1X has already been under investigation for its vulnerability to a number of different potential attacks, including several potential denial-of-service flaws.