Transcript WEP and WPA
WEP AND WPA
by
Kunmun Garabadu
Wireless LAN
• Hot Spot : Hotspot is a readily available wireless connection.
Access Point : It serves as the communication hub so that a wireless device
can gain access to a cabled network.
Client
Router
Ethernet Cabling
• Wireless Network Security vs Wired Network Security
• Wireless Security Protocols
• Wired Equivalent Privacy (WEP)
• Wi-fi Protected Access (WPA)
Why WEP ?
•WEP implements part of the IEEE 802.11 standards.It was designed
to protect networks from eavesdropping. Another function is to
prevent unauthorised access to the network.
•It operates at the data-link and physical layers.
It does not provide end-to-end security.
•It uses RC4 encryption which is a symmetric stream cipher to
provide confidentiality
•It uses 64 bit or128 bit key encryption.
It uses a 24 bit initialisation vector (IV)which is randomly generated.
It is used to augment the shared secret key and produce a different
keystream for each packet.
•It uses a CRC-32 checksum for data integrity check and this is
part of the encrypted payload.
Encryption is performed at the Access Point (AP) as follows :
• The Integrated Check Value(ICV) is computed
• The encryption key is selected
• The Initialisation Vector ( IV) is generated using a pseudo
random generator
• The IV is appended to the key and the keystream is
generated
• The ICV is concated with the payload and then XORed
with the generated key stream.
• AP sends the IV,key number and cipher text to the client
Encryption Process
Decryption at the client :
•Uses key number to get private key
•Uses the sent IV to generate key stream
•XORs the text that was received with the key stream
•Computes ICV on payload
•If the new ICV matches the sent ICV the packet is
authenticated
Decryption Process
WEP’s vulnerabilities
• Short and static key : Actual keyspace is 40 bits or 104 bits
No easy way to exchange and distribute keys.Key change
involves manually changing the key on each AP
and Client.
• Simple ASCII key strings are used as keys. Easy to crack
by hackers.
• IV is sent out in clear text usually at the starting of the packet.
•IV collision. If the IV appears twice(assuming it is used with
the same cipher key) it is known as a collision.
Keystream is repeated every 2 ^ 24 times. This could be
intercepted in a very short period of time on high traffic wireless
networks.An attacker can then recover the plaintext.
•No mutual authentication. Client does not authenticate the
access point. Opens up the possibility for man-in-the-middle
type attack.
•CRC-32 is linear. If the message is manipulated the
checksum can also be manipulated by a malicious user
•Table Attack : Significant amount of traffic can be generated
.A table of keystream/IV pairs can be created. The keystream
can be obtained by doing xor of the plain text with the cipher
text. This does not generate the key but can get decrypted
data as long as IV/key stream pair exists for each packet
•Passive Attack to Decrypt Traffic : A passive eavesdropper can
snoop all packets till an IV collision occurs. Two packets having
same IV can be xored to obtain the xor of the two plain-text
messages. This XOR can be used to infer the contents of the
packet. IP traffic is sometimes quite redundant. Educated guesses
can be made to statistically reduce the possibilities of messages
Sometimes is possible to get to the exact messages.
•Active Attack to Inject Traffic : An attacker who gets to know the
exact plain text of one encrypted message correctly can use it to
construct another encrypted message. RC4(X) xor X xor Y =
RC4(Y). The attacker flips bits in the encrypted message to
change the contents,adjusts the CRC and sends it to the destination
•Active Attack to change Header: An attacker can get to the
contents of the header especially the IP destination. Can change
IP address to a machine he controls. The port address also can
be changed.
•WEP provides minimum level of security in small network
environments
WPA : Wi-fi Protected Access
Why WPA ?
It was created to patch the security issues
of WEP
•WPA implements a subset of 802.11i standards. It was started as a
temporary measure to replace WEP while 802.11i got fully prepared
•It uses Temporal Key Integrity Protocol (TKIP) which provides
for key changing dynamically. It replaces WEP without having the
need to replace legacy hardware.It encrypts every`data packet with a
unique key.It hashes the IV and the IV goes out encrypted.It is
defined in 802.11i spec
•It can work with pre-shared keys as well as use 802.1 x
authentication
•It uses RC4 stream cipher with a 128 bit key and a 48 bit IV
The longer key and IV together defeat the key recovery attacks on
WEP
•It uses a solution called Michael, which is a Message Integrity Check
(MIC), to thwart the checksum being corrupted issue, It uses a 32 bit
Integrity Check Value(ICV).This is inserted after payload and before IV.
The MIC includes a frame counter which helps to prevent replay attacks
•WPA2 is the implementation of IEEE 802.11i. It implements all
mandatory features specified in the standard
By increasing the key size, number of keys and by providing a more
secure message verification system WPA adds security to a wireless
network.
WPA can be used for providing more robust security in
corporate environments