Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Wired equivalent privacy (wep)

Download as PPTX, PDF
akruthi k
akruthi k

Wired Equivalent Privacy (WEP) was an early protocol for wireless network security. It aimed to provide confidentiality through encryption and integrity through a checksum. However, WEP had several flaws: 1. It reused encryption keys too frequently due to a small initialization vector space, allowing the same encryption to be used for multiple packets. 2. It used a weak integrity checksum that could be predicted, allowing packets to be modified without detection. 3. Its short secret key provided insufficient security against brute force attacks to recover keys from captured network traffic.

1 of 29
Wired Equivalent Privacy (WEP)
• Cryptographic Background to WEP • WEP Cryptographic Operations • Problems with WEP • Dynamic WEP Contents
• Guarding against traffic interception is the domain of cryptographic protocols. • two most commonly cited informal security objectives are 1. maintaining the secrecy of network data and 2. ensuring it has not been tampered with. • Initially ,WEP was the answer for wireless security. • WEP has many flaws, but better than nothing (very simple) WEP
 WEP requires the use of the RC4 cipher (A stream cipher )  A stream cipher uses a stream of bits, called the keystream.  The keystream is then combined with the message to produce the ciphertext.  To recover the original message, the receiver processes the ciphertext with an identical keystream. Cryptographic Background to WEP
Keyed stream cipher operation Most stream ciphers operate by taking a relatively short secret key and expanding it into a pseudorandom keystream the same length as the message. The pseudorandom number generator (PRNG) is a set of rules used to expand the key into a keystream. Cryptographic Background to WEP
Cryptographic Background to WEP Stream Cipher Security • A totally random keystream is called a one-time pad and is the only known encryption scheme that is mathematically proven to protect against certain types of attacks. • One-time pads are not commonly used ,since • keystream must be perfectly random • the same length as the data • it can never be reused.
WEP Cryptographic Operations 3 major objectives of security 1. Confidentiality : • protection against interception by unauthorized parties. • provided by encryption 2. Integrity : • make sure data has not been modified. • provided by integrity check sequence 3. Authentication and authorization • finding out who the user is . WEP uses 802.1x. • whether the access operation is allowed  WEP attempts to meet all these objectives
WEP Cryptographic Operations • Confidentiality and integrity are handled simultaneously in WEP WEP Data Processing
WEP Cryptographic Operations WEP Data Processing As input, WEP requires three items: 1. The payload to be protected 2. A secret key, used in frame encryption. WEP allows four keys to be stored simultaneously. 3. An initialization vector, used along with the secret key in frame transmission. After processing, WEP has a single output:  An encrypted frame, ready for transmission over an untrusted network with enough information to enable decryption at the remote end.
WEP Cryptographic Operations WEP key length • The only key length present in the standard is a 64-bit WEP seed • 40 bits are shared, IV-24 bits • 128-bit WEP seed • 104 bits are a kept secret • One vendor even offers the option of using 256-bit secret keys • WEP, however, is not a well-designed cryptographic system, and the extra bits in the key buy you very little
WEP Cryptographic Operations Types of WEP keys Two types of WEP keys • Default keys (broadcast keys) • Key mapping keys(unicast keys )
WEP Cryptographic Operations • Each mobile device can have its own key value for unicast frame. • All users share a single default key. • The AP can operate with default keys and key mapping keys simultaneously; • When the AP receives a frame (or wants to send one), it looks in the key table to see whether there is an entry corresponding to the MAC address of the mobile. If it finds an entry, it uses it. If not, it uses the default key instead. Key Mapping Keys
WEP Cryptographic Operations • WEP uses two key distribution schemes: Static WEP. • Administrators distribute single default key manually • Manual Key updates . • WEP without any key distribution mechanism is often called manual WEP or static WEP. • uses same key for all frames transmitted by every station • Static WEP is supported by Many low-power devices such as 802.11 phones, handheld bar code scanners, and even some PDAs. Manual (static) versus automatic (dynamic) WEP
WEP Cryptographic Operations • Dynamic WEP • The encryption keys used by the clients are distributed using key encryption keys derived from strong authentication protocols. • In this case, each station uses two keys. 1. mapping key, shared between the station and access point, used to protect unicast frames. 2. default key, shared by all stations in the same service set, that protects broadcast and multicast frames. Manual (static) versus automatic (dynamic) WEP
WEP Cryptographic Operations • Dynamic WEP advantages • Keys are used less often and protects less traffic. • Attackers have much less data to work for each key, making attacks more time-consuming. • At periodic intervals, the keys can be refreshed by the access point. Manual (static) versus automatic (dynamic) WEP
WEP Cryptographic Operations WEP key numbering and storage
WEP Cryptographic Operations WEP key numbering and storage
Problems with WEP Cryptographic Properties of RC4 • RC4 is remarkably simple to implement and considered to be very strong if used in the right way. • The basic idea behind RC4 encryption is to generate a pseudorandom sequence of bytes called the key stream that is then combined with the data using an exclusive OR (XOR) operation
Problems with WEP
Problems with WEP Cryptographic Properties of RC4
Problems with WEP Cryptographic Properties of RC4 • Major weakness in any stream cipher - Reuse of the keystream • XOR of the two encrypted packets is equivalent to the XOR of the two plaintext packets • By analyzing differences between the two streams in conjunction with the structure of the frame body, attackers can learn about the contents of the plaintext frames themselves
Problems with WEP Cryptographic Properties of RC4 • To help prevent the reuse of the keystream, WEP uses the IV to encrypt different packets with different RC4 keys. • However, the IV is part of the packet header and is not encrypted.
Problems with WEP Cryptographic Properties of RC4 • If IV’s repeat, confidentiality is at risk – If we send two ciphertexts (C, C’) using the same IV, then the xor of plaintexts leaks (P  P’ = C  C’), which might reveal both plaintexts  Lesson: If RC4 isn’t used carefully, it becomes insecure IV, P  RC4(K, IV) IV, P’  RC4(K, IV)
Problems with WEP Cryptographic Properties of RC4 • WEP uses CRC for integrity check but CRC is not cryptographically secure. • With CRC it is easy to predict how changing a single bit will affect the result of the CRC calculation.
Design Flaws of the WEP System
Design Flaws of the WEP System • As standardized, static WEP offers a shared secret of only 40 bits. • WEP's use of the IV tips off an attacker to the reuse of a keystream. • IV space is quite small so repetitions are guaranteed on busy networks • Two frames that share the same IV almost certainly use the same secret key and keystream.
Design Flaws of the WEP System • Infrequent rekeying allows attackers to have Decryption dictionaries • large collections of frames encrypted with the same key streams • As more frames with the same IV pile up, more information is available about the unencrypted frames even if the secret key is not recovered
Design Flaws of the WEP System • WEP uses a CRC for the integrity check. • Although the value of the integrity check is encrypted by the RC4 keystream, CRCs are not cryptographically secure. • Use of a weak integrity check does not prevent determined attackers from transparently modifying frames.
Design Flaws of the WEP System

More Related Content

Wired equivalent privacy (wep)

  • 2. • Cryptographic Background to WEP • WEP Cryptographic Operations • Problems with WEP • Dynamic WEP Contents
  • 3. • Guarding against traffic interception is the domain of cryptographic protocols. • two most commonly cited informal security objectives are 1. maintaining the secrecy of network data and 2. ensuring it has not been tampered with. • Initially ,WEP was the answer for wireless security. • WEP has many flaws, but better than nothing (very simple) WEP
  • 4.  WEP requires the use of the RC4 cipher (A stream cipher )  A stream cipher uses a stream of bits, called the keystream.  The keystream is then combined with the message to produce the ciphertext.  To recover the original message, the receiver processes the ciphertext with an identical keystream. Cryptographic Background to WEP
  • 5. Keyed stream cipher operation Most stream ciphers operate by taking a relatively short secret key and expanding it into a pseudorandom keystream the same length as the message. The pseudorandom number generator (PRNG) is a set of rules used to expand the key into a keystream. Cryptographic Background to WEP
  • 6. Cryptographic Background to WEP Stream Cipher Security • A totally random keystream is called a one-time pad and is the only known encryption scheme that is mathematically proven to protect against certain types of attacks. • One-time pads are not commonly used ,since • keystream must be perfectly random • the same length as the data • it can never be reused.
  • 7. WEP Cryptographic Operations 3 major objectives of security 1. Confidentiality : • protection against interception by unauthorized parties. • provided by encryption 2. Integrity : • make sure data has not been modified. • provided by integrity check sequence 3. Authentication and authorization • finding out who the user is . WEP uses 802.1x. • whether the access operation is allowed  WEP attempts to meet all these objectives
  • 8. WEP Cryptographic Operations • Confidentiality and integrity are handled simultaneously in WEP WEP Data Processing
  • 9. WEP Cryptographic Operations WEP Data Processing As input, WEP requires three items: 1. The payload to be protected 2. A secret key, used in frame encryption. WEP allows four keys to be stored simultaneously. 3. An initialization vector, used along with the secret key in frame transmission. After processing, WEP has a single output:  An encrypted frame, ready for transmission over an untrusted network with enough information to enable decryption at the remote end.
  • 10. WEP Cryptographic Operations WEP key length • The only key length present in the standard is a 64-bit WEP seed • 40 bits are shared, IV-24 bits • 128-bit WEP seed • 104 bits are a kept secret • One vendor even offers the option of using 256-bit secret keys • WEP, however, is not a well-designed cryptographic system, and the extra bits in the key buy you very little
  • 11. WEP Cryptographic Operations Types of WEP keys Two types of WEP keys • Default keys (broadcast keys) • Key mapping keys(unicast keys )
  • 12. WEP Cryptographic Operations • Each mobile device can have its own key value for unicast frame. • All users share a single default key. • The AP can operate with default keys and key mapping keys simultaneously; • When the AP receives a frame (or wants to send one), it looks in the key table to see whether there is an entry corresponding to the MAC address of the mobile. If it finds an entry, it uses it. If not, it uses the default key instead. Key Mapping Keys
  • 13. WEP Cryptographic Operations • WEP uses two key distribution schemes: Static WEP. • Administrators distribute single default key manually • Manual Key updates . • WEP without any key distribution mechanism is often called manual WEP or static WEP. • uses same key for all frames transmitted by every station • Static WEP is supported by Many low-power devices such as 802.11 phones, handheld bar code scanners, and even some PDAs. Manual (static) versus automatic (dynamic) WEP
  • 14. WEP Cryptographic Operations • Dynamic WEP • The encryption keys used by the clients are distributed using key encryption keys derived from strong authentication protocols. • In this case, each station uses two keys. 1. mapping key, shared between the station and access point, used to protect unicast frames. 2. default key, shared by all stations in the same service set, that protects broadcast and multicast frames. Manual (static) versus automatic (dynamic) WEP
  • 15. WEP Cryptographic Operations • Dynamic WEP advantages • Keys are used less often and protects less traffic. • Attackers have much less data to work for each key, making attacks more time-consuming. • At periodic intervals, the keys can be refreshed by the access point. Manual (static) versus automatic (dynamic) WEP
  • 16. WEP Cryptographic Operations WEP key numbering and storage
  • 17. WEP Cryptographic Operations WEP key numbering and storage
  • 18. Problems with WEP Cryptographic Properties of RC4 • RC4 is remarkably simple to implement and considered to be very strong if used in the right way. • The basic idea behind RC4 encryption is to generate a pseudorandom sequence of bytes called the key stream that is then combined with the data using an exclusive OR (XOR) operation
  • 20. Problems with WEP Cryptographic Properties of RC4
  • 21. Problems with WEP Cryptographic Properties of RC4 • Major weakness in any stream cipher - Reuse of the keystream • XOR of the two encrypted packets is equivalent to the XOR of the two plaintext packets • By analyzing differences between the two streams in conjunction with the structure of the frame body, attackers can learn about the contents of the plaintext frames themselves
  • 22. Problems with WEP Cryptographic Properties of RC4 • To help prevent the reuse of the keystream, WEP uses the IV to encrypt different packets with different RC4 keys. • However, the IV is part of the packet header and is not encrypted.
  • 23. Problems with WEP Cryptographic Properties of RC4 • If IV’s repeat, confidentiality is at risk – If we send two ciphertexts (C, C’) using the same IV, then the xor of plaintexts leaks (P  P’ = C  C’), which might reveal both plaintexts  Lesson: If RC4 isn’t used carefully, it becomes insecure IV, P  RC4(K, IV) IV, P’  RC4(K, IV)
  • 24. Problems with WEP Cryptographic Properties of RC4 • WEP uses CRC for integrity check but CRC is not cryptographically secure. • With CRC it is easy to predict how changing a single bit will affect the result of the CRC calculation.
  • 25. Design Flaws of the WEP System
  • 26. Design Flaws of the WEP System • As standardized, static WEP offers a shared secret of only 40 bits. • WEP's use of the IV tips off an attacker to the reuse of a keystream. • IV space is quite small so repetitions are guaranteed on busy networks • Two frames that share the same IV almost certainly use the same secret key and keystream.
  • 27. Design Flaws of the WEP System • Infrequent rekeying allows attackers to have Decryption dictionaries • large collections of frames encrypted with the same key streams • As more frames with the same IV pile up, more information is available about the unencrypted frames even if the secret key is not recovered
  • 28. Design Flaws of the WEP System • WEP uses a CRC for the integrity check. • Although the value of the integrity check is encrypted by the RC4 keystream, CRCs are not cryptographically secure. • Use of a weak integrity check does not prevent determined attackers from transparently modifying frames.
  • 29. Design Flaws of the WEP System