Robert Moskowitz writes: "In January, I wrote about another important wireless authentication mechanism, 802.1x.). A month later, William Arbaugh and his colleagues published a whole set of attacks against 802.1x when it is used with 802.11.

The IEEE 802.1x workgroup focused its efforts on Ethernet, token ring and FDDI networks. However, the 802.1x standard clearly indicates that the intended application is principally for hub-based deployments. Only one section in the standard document covers using 802.1x in "shared-media LANs." That section warns that a secure association (EAP method) is required to avoid man-in-the-middle and denial-of-service attacks. During the development of 802.1x, some of the participants seemed to have thought, "802.11 access points could use the 802.1x protocol too." Shortly after the first papers on WEP's weaknesses were released, the 802.11 workgroup took on the task of improving 802.11's security, and 802.1x's MAC-based authentication method quickly became the cornerstone of this improvement effort. Since that move, all 802.11 efforts have been to build a complete security system using 802.1x."

[ Read more ]

Related items

• News: Startup takes on WLAN security (3 June 2002)
• News: Odyssey makes wireless LANs a safe trip (22 May 2002)
• News: Could hackers derail wireless LANs? (17 May 2002)
• News: Defense agency using unsecure WLAN security cameras (17 May 2002)
• News: Protecting the WLAN (13 May 2002)
• News: Wireless LANs - Standards and security (8 May 2002)
• News: Wireless Internet (6 May 2002)
• News: Wireless (In)Security (3 May 2002)
• News: Security exhibitors set up insecure WLANs (24 April 2002)
• News: Wireless LAN Security: A Short History (23 April 2002)
• News: Hacking Through the Wireless Jungle (21 April 2002)