Wireless Systems
Security
(50255
3-3)
Lecture 5
Wired Equivalent Privacy (WEP),
1
� Wired Equivalent Privacy
• (WEP)
The main goal of the WEP protocol is to guarantee the
authentication, confidentiality, and integrity by implementing
encryption techniques to protect data communication security
between the clients and the access points.
• WEP protocol is used only to protect link level data during
wireless transmission between clients and the access points.
– WEP provides security for the wireless
portion of the connection, but does not
provide end-to-end security.
2
�Wired Equivalent Privacy
(WEP)
3
� Wired Equivalent Privacy
• (WEP)
WEP protocol is implemented from the initial connection
between the clients and the APs.
• The clients can only successfully connect to the APs by using
the correct passwords.
• WEP achieves the security goals by encrypting the
transmission so that only the receivers who own the correct
decryption key can decrypt the transmitted information.
4
� WEP Framework
• WEP utilizes the following to protect the
transmission between a wireless station (client) and an AP:
–A pre-established shared secret key (the base key)
that is shared between the client and the AP.
– RC4 encryption algorithm,
– CRC-32 (Cyclic Redundancy Code) checksum algorithm,
• The original base key with a fixed value was 40 bits long
(weak encryption) [802.11]. The key had been increased by
most manufactures to 104 bits with a security concern (strong
encryption) [802.11b].
5
� WEP Authentication
• WEP authentication uses a simple challenge-response
scheme based on whether a client/AP has the knowledge of a
shared secret key.
1. The initiator (client) sends an authentication
request management frame to the AP.
2. After receiving the authentication request, the responder
(AP) responds by sending an
authentication management frame containing 128
octets of challenge text tothe initiator. The
challenge text is generated by using the WEP
pseudorandom number generator (PRNG) with the
shared secret key and a random initializing vector
(IV).
6
� WEP Authentication
3. Once the initiator receives the management frame, it
copies the challenge text into a new management
frame body and applies an integrity check algorithm
(CRC-32) to the challenge text, which produces an
Integrity Check Value (ICV). This new
management frame body is then encrypted with WEP
using the shared secret along with a new IV
selected by the initiator.
4. The encrypted management frame is then sent to the
responder. The responder decrypts the received
frame and verifies that the 32-bit CRC integrity
check value (ICV) is valid, and that the challenge
text matches the one sent in the challenge
7
� WEP
Authentication
– If the authentication is successful, then the AP and the
client switch their role as initiator and responder
respectively and repeat the process to ensure mutual
authentication.
8
� WEP Confidentiality and
•Integrity
Two processes are applied to plaintext data:
- one encrypts the plaintext
- and the other protects it from unauthorized modification
while it is in transit.
• The secret key is concatenated with a random initialization
vector (IV) that adds a random 24 bits to the resulting key.
This key is input to RC4 algorithm. The RC4 algorithm
outputs a key sequence of equal in length to the plaintext input.
As the RC4 algorithm generates a long pseudo-random key
stream, the encryption keys are different for encrypting
different packets. Thus, the same plaintext may generate
different cipher text at different times.
9
� WEP Confidentiality
and Integrity
• The sender XORs the key stream with the plaintext to
generate encrypted text (ciphertext), and transmits it to the
receiver along with the IV.
• Upon receipt of the ciphertext, the receiver uses the IV and
its own copy of the secret key to produce a key stream that is
identical to the key stream generated by the transmitter. The
receiver then XORs the key stream with the ciphertext to
reveal the original plaintext
1
� WEP Confidentiality
and Integrity
• To protect the ciphertext against unauthorized modification
while in transit, WEP (in sender) applies an integrity check
algorithm (CRC-32) to the text (message), which produces an
Integrity Check Value (ICV). The ICV is then concatenated
to the plaintext and sent to the receiver along with the IV.
• The receiver combines the ciphertext with the key stream to
uncover the plaintext. Applying the integrity algorithm to the
plaintext and comparing the output ICV to the transmitted
ICV verify the decryption. If the two ICVs are identical, the
message is authenticated.
1
�WEP – Encryption and
Integrity
1
�WEP – Decryption and
Integrity
1
� Weaknesses of
• WEP is noWEP
longer considered as a secure mechanism as it
contains several vulnerabilities and can be compromised. The
major WEP vulnerabilities can be summarized into:
1. The use of static WEP keys:
– Many users in a wireless network potentially sharing the
identical key for long periods of time. This is a well-
known security vulnerability.
– If a client as a laptop were to be lost or stolen, the key
could become compromised along with all the other
computers sharing that key. Moreover, if every station uses
the same key, a large amount of traffic may be rapidly
available to an eavesdropper for analytic attacks.
1
� Weaknesses of WEP
2. The IV in WEP is only 24 bits long:
– Reuse of the same IV, and thus, reuse of the same key
stream. It is known that the same traffic key should not be
used twice for a stream cipher such as RC4. Since the
length of the IV is 24, in a large and busy network, an AP
may exhaust the space of IVs and thus reuse the same IV
after several hours.
1
� Weaknesses of WEP
2. The IV in WEP is only 24 bits long (cont.):
– The IV is sent in the clear text portion of a message. As a
result, the attacker can ascertain that two packets are
encrypted with the same key stream. If an attacker flips a
bit in the ciphertext the corresponding plain text also gets
flipped. By doing statistical analysis on two cipher texts
encrypted with the same key stream, the attacker can
recover the plain text, including the key stream that was
used to encrypt the data.
1
� Weaknesses of WEP
3. WEP uses a non-cryptographic cyclic redundancy check
(CRC) to check the integrity of packets with the
correct checksum. The CRC computation and
XORing the plaintext and key-stream are linear
computation, so the attacker can make changes in the
ciphertext and can generate the CRC part to keep the
CRC correct.
4. No protection against replays: WEP does not offer any
protection against replays. An adversary can create
forgeries without changing any data in an existing
packet, simply by recording WEP packets and then
retransmitting later. Replay, a special type of
forgery attack, can be used to derive information about
1
� WEP Attacks
• Due to the above vulnerabilities in WEP, attackers have
already launched attacks on WEP by compromising
these vulnerabilities. This section describes the
following three major attacks on WEP: Brute force
attack, Key Stream Re-uses, and Weak IV attacks
1. Brute force attack: The brute force attack will try all
possible keys either by manually or by the computers until
the correct one is found. Attackers can utilize the computers
to find the key within the time period of less than several
days by a continuous search.
1
� WEP Attacks
2. Key Stream Re-use attacks:
– In WEP Authentication, the authenticator (AP) will first
send a clear text to the supplicant (client).
– Then, the supplicant will be authenticated by replying
with the correctly encrypted message of the text.
– If an attacker can steal the ciphertext and plaintext pair
by snooping the authentication
communication, the attacker can simply recover
the key stream by using RC4 algorithm on the
ciphertext and plaintext pair.
– Once the attacker successfully recovers the key stream,
he can decrypt all the data which is associated
with that key stream. 1
� WEP Attacks
3. Weak IV attacks: By collecting sufficient data packets using
weak IVs, the attacker can re-calculate the accurate WEP
key. Specifically, a single weak IV reveals a correct key
byte 5% of the time. By gathering a high number of
statistics (IVs), the most probable key may be calculated
within several days.
