110 likes | 201 Views
ANALYSIS OF WIRED EQUIVALENT PRIVACY. CS265, Spring 2003 Xunyan Yang. OVERVIEW. Introduction Working Mechanism Attackable Entries Improvement In WEP Implementation Conclusion & Recommendations. INTRODUCTION. What is WEP --- Wired Equivalent Privacy What is WEP used for
E N D
ANALYSIS OF WIRED EQUIVALENT PRIVACY CS265, Spring 2003 Xunyan Yang
OVERVIEW • Introduction • Working Mechanism • Attackable Entries • Improvement In WEP Implementation • Conclusion & Recommendations
INTRODUCTION • What is WEP --- Wired Equivalent Privacy • What is WEP used for --- Provides confidentiality for wireless LAN • What’s problems with WEP --- Cryptographic errors
WORKING MECHANISM A string cipher using the RC4 encryption algorithm • A message (plaintext M) • A Integrity Check (checksum algorithm c ) • A shared secret key (short key k ) • A per packet Initialization Vector (IV) Ciphertext = (M·c(M)) XOR RC4(IV ·k)
WORKING MECHANISM(Contd.) Integrity Check • 32-bit Cyclic Redundancy Check (CRC-32) checksum Confidentiality • Initialization Vector (IV) A 24-bit field and appended to the cleartext part of a message
ATTACKABLE ENTRIES • IV Collisions • IV Reuse • Modify Checksum
IV COLLISION & REUSE • IV will be exhausted after about five hours 1500-byte packet at the speed of 11MbPS: 1500 * 8 / (11 * 10^6) / 60^2 * 2^24 • A common wireless card resets the IV to 0 each time a card is initialized, and increments the IV by 1 with each packet.
MODIFY CHECKSUM • CRC-32 is a linear algorithm • Compute the bit difference of two CRCs based on the bit difference of the messages • Flip arbitrary bits in an encrypted message and correctly adjust the checksum
IMPROVEMENT IN WEP IMPLEMENTATION Automatic WEP rotation • Constant automatic key rotation • Continual key replacement • Unique key generation http://www.wavelink.com
CONCLUSTION & RECOMMENDATION WEP Provides Inadequate Security • Assume that the link layer offers no security • Don’t rely on WEP. Use higher-level security mechanisms • Place all access points outside the firewall • Assume that anyone within physical range can communicate on the network as a valid user • Always turn on WEP in your access point