WEP (Wired Equivalent Privacy) was one of the first security solutions for WLANs that employed encryption. WEP uses a static 64-bit key, where the key is 40 bits long, and a 24-bit initialization vector (IV) is used. Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication. In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Thus, any client, regardless of its WEP keys, can authenticate itself with the Access Point and then attempt to associate. In effect, no authentication (in the true sense of the term) occurs. After the authentication and association, WEP can be used for encrypting the data frames. At this point, the client needs to have the right keys.
In Shared Key authentication, WEP is used for authentication. A four-way challenge-response handshake is used:
1. The client station sends an authentication request to the Access Point.
2. The Access Point sends back a clear-text challenge.
3. The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.
4. The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response.
After the authentication and association, WEP can be used for encrypting the data frames. Because repetitious data will
eventually allow a person to discover the key, a random IV value is added to the data and included in the encryption; however, the IV is sent in clear-text. Because WEP uses RC4 as an encryption algorithm and the IV is sent in clear-text, soWEP can be broken. The IV is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.To alleviate this problem, the key was extended to 104 bits with the IV value. However, either variation can easily be broken in minutes on laptops and computers produced today.
Because WEP can easily be broken, it is not recommended to be used in company networks. However, in SOHO networks it is still commonly used because of its simplicity to implement; to add an extra level of security, it is commonly combined with MAC address filtering. Even so, a determined attacker/hacker can easily bypass both methods. Because of the security issues prevalent in WEP, Cisco enhanced it with a proprietary solution called Temporal Key Integrity Protocol (TKIP). TKIP does per-packet keying and Cisco Message Integrity Check (CMIC), which basically does per-packet keying and hashing. With TKIP, every packet has a unique encryption key, and each packet is digitally signed to validate the source of the sender before decrypting it, to make sure the packet is valid and that it’s coming from a trusted source and not being spoofed.
This stopgap enhancement to WEP was present in some of the early 802.11i drafts. It was implementable on some (not all) hardware not able to handle WPA or WPA2, and extended both the IV and the key values to 128 bits.[15] It was hoped to eliminate the duplicate IV deficiency as well as stop brute force key attacks.
After it became clear that the overall WEP algorithm was deficient (and not just the IV and key sizes) and would require even more fixes, both the WEP2 name and original algorithm were dropped. The two extended key lengths remained in what eventually became WPA's TKIP.
This stopgap enhancement to WEP was present in some of the early 802.11i drafts. It was implementable on some (not all) hardware not able to handle WPA or WPA2, and extended both the IV and the key values to 128 bits.[15] It was hoped to eliminate the duplicate IV deficiency as well as stop brute force key attacks.
After it became clear that the overall WEP algorithm was deficient (and not just the IV and key sizes) and would require even more fixes, both the WEP2 name and original algorithm were dropped. The two extended key lengths remained in what eventually became WPA's TKIP.
In Shared Key authentication, WEP is used for authentication. A four-way challenge-response handshake is used:
1. The client station sends an authentication request to the Access Point.
2. The Access Point sends back a clear-text challenge.
3. The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.
4. The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response.
After the authentication and association, WEP can be used for encrypting the data frames. Because repetitious data will
eventually allow a person to discover the key, a random IV value is added to the data and included in the encryption; however, the IV is sent in clear-text. Because WEP uses RC4 as an encryption algorithm and the IV is sent in clear-text, soWEP can be broken. The IV is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.To alleviate this problem, the key was extended to 104 bits with the IV value. However, either variation can easily be broken in minutes on laptops and computers produced today.
Because WEP can easily be broken, it is not recommended to be used in company networks. However, in SOHO networks it is still commonly used because of its simplicity to implement; to add an extra level of security, it is commonly combined with MAC address filtering. Even so, a determined attacker/hacker can easily bypass both methods. Because of the security issues prevalent in WEP, Cisco enhanced it with a proprietary solution called Temporal Key Integrity Protocol (TKIP). TKIP does per-packet keying and Cisco Message Integrity Check (CMIC), which basically does per-packet keying and hashing. With TKIP, every packet has a unique encryption key, and each packet is digitally signed to validate the source of the sender before decrypting it, to make sure the packet is valid and that it’s coming from a trusted source and not being spoofed.
This stopgap enhancement to WEP was present in some of the early 802.11i drafts. It was implementable on some (not all) hardware not able to handle WPA or WPA2, and extended both the IV and the key values to 128 bits.[15] It was hoped to eliminate the duplicate IV deficiency as well as stop brute force key attacks.
After it became clear that the overall WEP algorithm was deficient (and not just the IV and key sizes) and would require even more fixes, both the WEP2 name and original algorithm were dropped. The two extended key lengths remained in what eventually became WPA's TKIP.
This stopgap enhancement to WEP was present in some of the early 802.11i drafts. It was implementable on some (not all) hardware not able to handle WPA or WPA2, and extended both the IV and the key values to 128 bits.[15] It was hoped to eliminate the duplicate IV deficiency as well as stop brute force key attacks.
After it became clear that the overall WEP algorithm was deficient (and not just the IV and key sizes) and would require even more fixes, both the WEP2 name and original algorithm were dropped. The two extended key lengths remained in what eventually became WPA's TKIP.
No comments :
Post a Comment