Computer scientists in Japan say they’ve developed a way to break the WPA encryption system used in wireless routers in about one minute.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima.

Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. “They took this stuff which was fairly theoretical and they’ve made it much more practical,” he said.

They Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.

The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts.

In 1979, Whitfield Diffie and Martin Hellman authored a practical method of public key exchange, which was known almost immediately as Diffie-Hellman. After thirty years, Diffie Hellman is still used in all the best examples of encryption software due to its speed, accuracy and ability to ensure protection from “Man in the Middle attacks” when used in conjunction with various authentication techniques.

The true beauty of Diffie-Hellman key exchange is in the way that it establishes a quick and secure ‘key’ which can be used for full secrecy due to the fact that the steps required to generate the key no longer exist.
This secure key can then be used in conjunction with single key encryption algorithms such as RSA to transport public key details in order to set up more secure relationships.

The efficiency of Diffie-Hellman is mostly due to the simplicity of the system. It is simple enough to be integrated in almost every main security suite as a basis for key-exchange to try to setup secure asymmetrical cryptography, which is greatly more secure than the likes of RSA.

It is important to understand that Diffie-Hellman is not an encryption algorithm, but a way to generate a completely random key that is unique to the two parties that underwent the key agreement phase. This means that Diffie-Hellman can generate keys for any symmetric encryption algorithm, such as ecliptic curve cryptography, which is currently one of the most efficient private-key algorithms currently available.

Gold Lock Enterprise utilizes Diffie-Hellman and Elliptic Curve cryptography to ensure the security of information that will be transported or shared with others. This means by choosing Gold Lock Enterprise, key management becomes fully automated due to the highly secure transparent negotiation that takes place in the beginning of each call, and in the background during each call.

Hardware loss is perhaps the biggest threat to corporate security as the loss of a notebook computer or storage device could effectively give a hacker full access to not only files contained within the device, but also possibly full unabridged access to the corporate network.

Today’s growing trend for home workers and road warriors is a concerning reality for most major organizations. The necessity for people to work flexibly means that adequate security policies are suffering, and as a direct result data theft and loss is on the rise.

Shockingly enough, the growth in the trend of data loss is not changing the way information is being stored. Whilst many companies have security policies that refer to remote access, these documents tend to be very vague and ambiguous when talking about file-storage and the transport of files to remote locations.

Hardware loss is a reality, and the risks can be mitigated by ensuring appropriate file and system security is used to ensure that should a system get into the hands of anyone other than intended, it will be unbootable and unrecoverable. This ensures that data theft is negligible and the only financial implications will be the cost in replacing the hardware.

Whilst it is not always this simple, the reality is that any sensitive data should always be encrypted to ensure that only those intended recipients have access to it. This extends to ensuring thumb drives, notebooks, and media such as CD and DVD’s are encrypted with appropriately secure algorithm.

One of the best-known encryption algorithms currently available is known as AES. This is an encryption technique, which is successfully managed by the military grade,  freely available  Gold Lock Desktop encryption suite. This all in one solution ensures that organizations can encrypt files and email transfer, ensuring that risk factors are mitigated and cost implications due to data loss or theft are negligible.