Transcript Devireddy

Wired Equivalent Privacy (WEP)
Presented By
Kavitha Devireddy
Sapna Shankar
Agenda








Introduction
-Kavitha
WEP
WEP Encryption
WEP Decryption
Problems with WEP
Various attacks on WEP
-Sapna
Solutions for improving security of Wireless
LAN
Conclusion
Introduction



wireless network connectivity is becoming
very important part of computing
environments.
Currently popular wireless network standard
is 802.11, in this standard data is transmitted
over radio waves.
In this transmissions interception and
tampering becomes easy to anyone with a
radio.
WEP





Wired Equivalent Privacy (WEP), a security
protocol for wireless local area networks
(WLANs) defined in the 802.11b standard.
LANs are more secure than WLANs.
WLANs, which are over radio waves are
more vulnerable to tampering.
WEP provides security by encrypting data
over radio waves.
WEP provides confidentiality and data
integrity, and protects access to the network.
WEP Encryption

WEP uses a 40bit length shared secret key.
Fig: WEP Encryption frame
Plaintext
Message
XOR
CRC
IVCiphertext
Transmitted Data
Keystream=RC4(IV,k)
WEP Encryption Cont..





First message data frame is checksummed,
c(M).
plaintext(p) = message(M) + Checksum
message(c(M))
Keystream = RC4(IV, k). Here k is shared key.
ciphertext = plaintext XOR Keystream
The cipher text and the initialization vector
(IV) are then transmitted via radio.
WEP Decryption






Decryption is reverse of encryption.
First receiver recreates the keystream,
Keystream = RC4(IV, k).
Plaintext = Ciphertext XOR Keystream
This plain text is then divided into Message and
checksum.
Checksum is then computed for the message and
compared with the received checksum.
If (Original checksum != Computed checksum),
then the message has been changed during
transmission.
Problems with WEP

Key management:


IV reuse:




WEP standard lacks good Key management that
leads to poor quality.
WEP's IV size is 24 bits.
WEP uses the same IV for different data packets.
An attacker can decrypt packets that were
encrypted with the same IV.
Inappropriate Integrity check:

MD5 or SHA-1 algorithms are more suitable for
cryptographic hash than CRC-32.
Various Attacks


passively attacking to decrypt traffic.
 all wireless traffic can be intercepted by a passive
intruder, until an IV collision occurs.
 he can recover all the messages with same IV after
recovering the entire plaintext for one of the
messages.
actively attacking to inject traffic.
 If the attacker knows plaintext of one encrypted
message, he can change the plaintext to the new
message by calculating CRC-32 and doing bit flips
on the original encrypted message.
 If the attacker sends the new packet to the access
point, it will be accepted.
Various Attacks cont..


actively attacking from both ends.
 If the attacker guesses the headers of a packet,
which includes destination IP address, he can flip
relevant bits to make the destination system to
send the packet to his own system and transmit it
using some mobile station.
attacking using table of appropriate initialization
vectors.
 Here the attacker can build table of IVs, if he
knows the plaintext for some packets.
 Once he builds this table, he can decrypt all
packets that are sent over the wireless link.
Solutions for improving security of
Wireless LAN’s




Multiple Security measures along with WEP.
Using VPN.
Using Efficient key management techniques
as an additional measure.
Using alternative encryption techniques like
IPsec instead of WEP.
New Standards for improving
security of Wireless LAN’s


802.1X
802.11i
802.1X : Framework for
Authentication




802.1x is an open standard framework for
authenticating wireless stations.
Authenticates the wireless stations with an
authentication server via an access point.
EAP(Extensible Authentication Protocol )is
used for message exchange to manage
mutual authentication.
Dynamic distribution of encryption keys.
802.11i
Standard is a solution to current security
problems of WLAN’s.
802.11i has two sections
802.1x section provides authentication and
key management for stations.
The second section, 802.11i, defines two
data privacy protocols.






Temporal Key Integrity Protocol(TKIP)
Counter Mode/CBC MAC Protocol(CCMP)
Temporal Key Integrity
Protocol(TKIP)



It is data encryption algorithm,provided for
backward compatibility with devices using
WEP and it is optional to implement.
TKIP resolves the key reuse in WEP by
providing 128 bit “temporal key” in a
dynamic way for securing data.
It uses the same RC4 algorithm as WEP does
and it is not considered as a long term
solution.
Counter Mode/CBC-MAC Protocol




It is mandatory for all devices implementing
802.11i standard.
Is an encryption algorithm based on AES.
Counter Mode provides confidentiality,
integrity and protection against replay
attacks.
CBC-MAC(Cipher Block Chaining message
authentication code) provides authentication.
Conclusion



WEP does little to secure the WLAN’s from
attackers.
Better to use WEP rather than not using any
encryption.
New standards and specifications which will
replace WEP can be expected to provide
sufficient security for wireless LAN’s.