Data Encryption

The use of data obfuscation through cryptographic ciphers and algorithms has been around for a long time. The Atbash alphabet was used to obscure the names of various items in Hebrew writings, such as the Bible. The obfuscation method commonly used on Usenet, rot13, has its origins in the scytales that were believed to have been used by ancient Greeks, whereby they wrapped a strip of paper around a stick, wrote the message, and transported the strip of paper. Only someone with a stick of equivalent diameter would be able to read the message.

The need for encryption has carried through from ancient times. Modern computer networks also make heavy use of encryption technology. As wireless technologies continue to spread, the use of encryption and authentication schemes has become more important for many users. Privacy concerns, classified information, and trade secrets are transmitted over wireless technologies. An adversary who receives the data being transmitted over the wireless link will still have to crack the encryption before the data being protected can be read. Transmissions from hostile sources trying to spoof the identity of an authorized party still need to subvert or break the authentication mechanism before the data will be accepted.

There are problems and limitations in many of the current encryption deployments for wireless technologies, however. The initial encryption mechanism used by 802.11X protocols is known as Wired Equivalent Privacy (WEP). WEP has a serious design flaw that allows hostile entities to derive the encryption key and see all traffic with relative ease. Access control mechanisms that used the Media Access Control (MAC) address of networked devices no longer give IT professionals any guarantee a rogue device is within an easily identified physical area. Wireless address book synchronization capabilities in cellular phones and other portable devices allow address books to be stolen when implemented incorrectly, for example, Bluesnarfing for Bluetooth-enabled devices.

With advances in cryptanalysis, software for analyzing wireless network traffic and deriving encryption keys and passwords has become commonplace. Assigning a complex encryption key for WEP still allows an attacker to find out what the key is within a matter of minutes using software such as aircrack and WepLab. Using stronger encryption algorithms with weak keys leaves networks vulnerable to dictionary attacks that use lists of words and permutations to try and guess encryption keys. Both aircrack and WepLab support this mode of operation as well.