Wired Equivalent Privacy (WEP) was an early protocol for wireless network security. It aimed to provide confidentiality through encryption and integrity through a checksum. However, WEP had several flaws:
1. It reused encryption keys too frequently due to a small initialization vector space, allowing the same encryption to be used for multiple packets.
2. It used a weak integrity checksum that could be predicted, allowing packets to be modified without detection.
3. Its short secret key provided insufficient security against brute force attacks to recover keys from captured network traffic.
2. • Cryptographic Background to WEP
• WEP Cryptographic Operations
• Problems with WEP
• Dynamic WEP
Contents
3. • Guarding against traffic interception is the domain of
cryptographic protocols.
• two most commonly cited informal security objectives are
1. maintaining the secrecy of network data and
2. ensuring it has not been tampered with.
• Initially ,WEP was the answer for wireless security.
• WEP has many flaws, but better than nothing (very simple)
WEP
4. WEP requires the use of the RC4 cipher (A stream cipher )
A stream cipher uses a stream of bits, called the keystream.
The keystream is then combined with the message to produce the ciphertext.
To recover the original message, the receiver processes the ciphertext with
an identical keystream.
Cryptographic Background to WEP
5. Keyed stream cipher operation
Most stream ciphers operate by taking a relatively short secret key and
expanding it into a pseudorandom keystream the same length as the
message. The pseudorandom number generator (PRNG) is a set of rules
used to expand the key into a keystream.
Cryptographic Background to WEP
6. Cryptographic Background to WEP
Stream Cipher Security
• A totally random keystream is called a one-time pad and is the only
known encryption scheme that is mathematically proven to protect
against certain types of attacks.
• One-time pads are not commonly used ,since
• keystream must be perfectly random
• the same length as the data
• it can never be reused.
7. WEP Cryptographic Operations
3 major objectives of security
1. Confidentiality :
• protection against interception by unauthorized parties.
• provided by encryption
2. Integrity :
• make sure data has not been modified.
• provided by integrity check sequence
3. Authentication and authorization
• finding out who the user is . WEP uses 802.1x.
• whether the access operation is allowed
WEP attempts to meet all these objectives
9. WEP Cryptographic Operations
WEP Data Processing
As input, WEP requires three items:
1. The payload to be protected
2. A secret key, used in frame encryption. WEP allows four keys to be
stored simultaneously.
3. An initialization vector, used along with the secret key in frame
transmission.
After processing, WEP has a single output:
An encrypted frame, ready for transmission over an untrusted network
with enough information to enable decryption at the remote end.
10. WEP Cryptographic Operations
WEP key length
• The only key length present in the standard is a 64-bit WEP seed
• 40 bits are shared, IV-24 bits
• 128-bit WEP seed
• 104 bits are a kept secret
• One vendor even offers the option of using 256-bit secret keys
• WEP, however, is not a well-designed cryptographic system, and the extra
bits in the key buy you very little
12. WEP Cryptographic Operations
• Each mobile device can have its own key value for unicast
frame.
• All users share a single default key.
• The AP can operate with default keys and key mapping keys
simultaneously;
• When the AP receives a frame (or wants to send one), it looks
in the key table to see whether there is an entry
corresponding to the MAC address of the mobile. If it finds an
entry, it uses it. If not, it uses the default key instead.
Key Mapping Keys
13. WEP Cryptographic Operations
• WEP uses two key distribution schemes:
Static WEP.
• Administrators distribute single default key manually
• Manual Key updates .
• WEP without any key distribution mechanism is often called
manual WEP or static WEP.
• uses same key for all frames transmitted by every station
• Static WEP is supported by Many low-power devices such as
802.11 phones, handheld bar code scanners, and even some
PDAs.
Manual (static) versus automatic (dynamic) WEP
14. WEP Cryptographic Operations
• Dynamic WEP
• The encryption keys used by the clients are distributed using key
encryption keys derived from strong authentication protocols.
• In this case, each station uses two keys.
1. mapping key, shared between the station and access point,
used to protect unicast frames.
2. default key, shared by all stations in the same service set, that
protects broadcast and multicast frames.
Manual (static) versus automatic (dynamic) WEP
15. WEP Cryptographic Operations
• Dynamic WEP advantages
• Keys are used less often and protects less traffic.
• Attackers have much less data to work for each key, making attacks
more time-consuming.
• At periodic intervals, the keys can be refreshed by the access point.
Manual (static) versus automatic (dynamic) WEP
18. Problems with WEP
Cryptographic Properties of RC4
• RC4 is remarkably simple to implement and considered to
be very strong if used in the right way.
• The basic idea behind RC4 encryption is to generate a
pseudorandom sequence of bytes called the key stream
that is then combined with the data using an exclusive OR
(XOR) operation
21. Problems with WEP
Cryptographic Properties of RC4
• Major weakness in any stream cipher - Reuse of the keystream
• XOR of the two encrypted packets is equivalent to the XOR of the
two plaintext packets
• By analyzing differences between the two streams in conjunction
with the structure of the frame body, attackers can learn about the
contents of the plaintext frames themselves
22. Problems with WEP
Cryptographic Properties of RC4
• To help prevent the reuse of the keystream, WEP uses the IV to
encrypt different packets with different RC4 keys.
• However, the IV is part of the packet header and is not encrypted.
23. Problems with WEP
Cryptographic Properties of RC4
• If IV’s repeat, confidentiality is at risk
– If we send two ciphertexts (C, C’) using the same IV, then the xor of
plaintexts leaks (P P’ = C C’), which might reveal both plaintexts
Lesson: If RC4 isn’t used carefully, it becomes insecure
IV, P RC4(K, IV)
IV, P’ RC4(K, IV)
24. Problems with WEP
Cryptographic Properties of RC4
• WEP uses CRC for integrity check but CRC is not
cryptographically secure.
• With CRC it is easy to predict how changing a single bit will
affect the result of the CRC calculation.
26. Design Flaws of the WEP System
• As standardized, static WEP offers a shared secret of only 40
bits.
• WEP's use of the IV tips off an attacker to the reuse of a
keystream.
• IV space is quite small so repetitions are guaranteed on
busy networks
• Two frames that share the same IV almost certainly use
the same secret key and keystream.
27. Design Flaws of the WEP System
• Infrequent rekeying allows attackers to have Decryption
dictionaries
• large collections of frames encrypted with the same key
streams
• As more frames with the same IV pile up, more information
is available about the unencrypted frames even if the
secret key is not recovered
28. Design Flaws of the WEP System
• WEP uses a CRC for the integrity check.
• Although the value of the integrity check is encrypted by
the RC4 keystream, CRCs are not cryptographically secure.
• Use of a weak integrity check does not prevent determined
attackers from transparently modifying frames.