WEP and WPA

7/31/2019 WEP and WPA

1/22

Securing Wireless Network With WEP and WPA

110922

1 | P a g e

School of Computer Sciences

UniversitiSains Malaysia, Pulau Pinang

CST233Information Security and Assurance

Academic Session: 2011/12

Assignment 2

White Paper

Tittle: Securing Wireless Network With WEP and WPA

NAME: CHEW KHA SON

NO.MATRIC: 110922

LECTURER NAME: DR AMAN JANTAN


2/22


110922

2 | P a g e

Table of Cont ents

Introduction ........................................................................................................2

What are WEP and WPA .....................................................................................3

WEP (Wired Equivalent Privacy) ............................................................................ 3

WPA (Wi-Fi Protected Access) ............................................................................... 6

Why need WEP and WPA ....................................................................................9

WEP (Wired Equivalent Privacy) ............................................................................ 9

WPA (Wi-Fi Protected Access) ............................................................................. 10

Attack on WEP netw ork ....................................................................................11

Setup WPA on access point DLink DI R-300 .....................................................16

The End ..............................................................................................................19

Reference ..........................................................................................................20


3/22


110922

3 | P a g e

Introduction

According to website Washington.edu, Wifi security is a main issue to all Wifi network

users. The security protocols are defined underorganization IEEE802.11i and the system

such as WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and WPA2 (Wi-

Fi Protected Access 2). Up until the early 2000s, WEP was a primary security protocol

for protect the wireless computer networks, unfortunately the technology is evolve

every day, WEP encryption has become a weak security control for wireless networks.

However, things have just gotten worse. A researcher at the Technical University of

Darmstadt in Germany has written a paper in which they claim to be able to crack 104

bit WEP encryption in 60 seconds or less. In recent years, WPA and WPA2 have

replaced old mechanism that is WEP as the standard for all wireless network security.

WPA and WPA2 are more powerful compare with WEP security protocol, because WPA

allow for more password complexity, which leads to a more secure network, but the

newest security protocol is WPA2 and it more secure compare to WPA. WPA2 has

stronger security because of it has new encryption mode that is AES-based.


4/22

4 | P a g

What a

WEP (

WEP is

commu

wireless

messag

This ke

packets

the dat

64bits,1

XOR wit

key. M

Howeve

small fr

Besides,

but cra

weakne

e

re WEP a

ired Equi

802.11

ication fro

network

.WEP use

created

are forme

a packet.

28 bits an

h plaintext

st device

r, this rest

action of

the longe

king a lo

ses in WE

d WPA2

valent Pri

irst hard

m eavesdr

(access

the RC4

sing a 24

using an

Additional

256 bits i

(Source:

also allo

ricts each

ossible b

key the b

nger key

P, includin

acy)

are form

opping. Be

control)

cipher str

bits initiali

XOR functi

ly, the us

n HEX. Th

ttp://en.

the use

byte to b

te values,

tter as it

equires in

the possi

of secur

sides, it c

and pre

am to enc

ation vect

on to use

ers canco

is is the b

ikipedia.o

exampl

entere

charac

four bi

bit IV

r to enter

a printa

greatly r

ill increas

terception

ility of IV

Securin

ity and

n prevent

ent tam

rypt each

r (IV) an

he RC4 ke

figure wi

sic WEP

g/wiki/Wir

e, a 64-

as a strin

er represe

s each giv

produces

the key

le ASCII

ducing th

the diffic

of more

collisions

g Wireless Netw

sed to p

unauthori

ering wi

packet usi

a 40 bits

y value str

h an enc

ncryption

d_Equival

it WEP

of 10 he

nts four bi

es 40 bits,

he compl

s five AS

haracter,

space of

lty for cra

packets. T

nd altered

rk With WEP a

rotect wir

ed access

h transm

g 64 bits

key value.

eam to en

ryption ke

RC4 keyst

nt_Privac

ey is u

adecimal.

ts, 10 digi

adding th

te 64-bit

CII charac

hich is o

possible

kers to cr

here are

packets,

d WPA

110922

less

to a

itted

key.

The

rypt

y of

eam

).For

ually

Each

ts of

24-

WEP

ters.

ly a

eys.

ck it,

ther

hich


5/22


110922

5 | P a g e

are not helped by using a longer key. WEP has two kind of authentication such as

shared key and open system. This two authentication has its own function. For the

shared key authentication it needs four steps to complete the handshake (happens

when a computer wants to talk to another computer. Before anything is sent and

received the handshake takes place), first is the client send an authentication request to

access point (AP), then the AP will replies with a clear text. Next, the clients encrypts

the challenge-text based on the configuration WEP key and send the challenge-text

back to another authentication request. Lastly, the AP will decrypt the request. If the

challenges-text is match then it will reply back.In addition, open system authentication

is the WLAN client need not provide its credentials to the AP during authentication. Any

client can authenticate with the AP and then attempt to associate. In effect, no

authentication occurs. Subsequently WEP keys can be used for encrypting data frames.

At this point, the client must have the correct keys. According to many research papers,

WEP is too weak for wireless network setting. The vulnerability of WEP can be

attributed to the following:

It only provides a method for network card to authenticate access point and

there are no ways for access point to authenticate the network card. So it is

possible for a hacker or cracker to sniff the data through access point.

Unauthorized decryption and the violation of data integrity Once the WEP key

is revealed, a hacker may transform the cipher text into its original form and

understand the meaning of the algorithm. Based on the understanding of the


6/22


110922

6 | P a g e

algorithm, a hacker may use the cracked WEP key to modify the cipher text and

forward the changed message to the receiver.

Poor key management The key management is not effective since most

networks use a single shared secret key value for each client. Synchronizing key

change is a tedious process, and no key management is defined in the protocol,

so keys are seldom changed.

WEP uses the same WEP key and a different IV to encrypt data. The IV has only

a limited range that is 0 until 16777215 to choose from. In time, the same IVs

may be used over and over again. By picking the repeating IVs out of the data

stream, hacker can ultimately have enough collection of data to crack the WEP

key.

There are many vendor produce their own solution to address the leak of WEP, such as

enhance the WEP to WEP+. In 1998, Lucent pioneered a 128-bit WEP to extend the

WEP key from 40-bit to 104-bit in order to enhance security. Under this approach,

attackers might take longer amount of time to break the enhanced WEP keys. However,

the approach was not very helpful because the previous security flaws in WEP still

persisted. Agere and US Robotics also went after Lucent and created their own

enhanced WEP solutions (Ageres 152-bit WEP and US Robotics 256-bit WEP). Besides,

dynamic WEP is implementing by several vendors, including Cisco andMicrosoft,

implemented dynamic WEP re-keying of access points. The dynamic WEP keys


7/22


110922

7 | P a g e

prevented attackers from eavesdropping the communications. The attackers might

never collect enough data to crack WEP keys.

WPA (Wi -Fi Prot ected Access)

WPAwas created to resolve the issues with WEP. WPA is used to secure wireless

networks and it much stronger encryption algorithm created specifically by the

networking industry to mitigate the problems associated with WEP. WPA has a key size

of 128 bits and instead of static, seldom changed keys, it uses dynamic keys created

and shared by an authentication server. This figure shows WPA work flow. Besides, it

uses the same encryption and decryption method

with all devices on the wireless network, but does

not use the same master key. Devices connected to

a WPA encrypted wireless network use temporary

keys that are dynamically changed to communicate.

WPA is designed to work with all wireless network

cards, but not necessarily with first generation

wireless access points. The WPA protocol

implements much of the IEEE 802.11i standard. Specifically, the Temporal Key Integrity

Protocol (TKIP) is used to accomplish the WPA. TKIP is a collection of algorithm that

attempt to deliver the best security that can be obtained given the constraints of the

wireless of the wireless network environment. It employs a per-packet key, meaning

that it dynamically generates a new 128-bit key for each packet and thus prevents the


8/22


110922

8 | P a g e

types of attacks that compromised WEP.Besides TKIP, WPA adopts 802.1X EAP based

to report the issue of user authentication in WEP. This feature initially is designed for

wired networks but is also applicable to wireless networks. 802.1X EAP based

authentication is contained of three elements that is supplicant, authentication server

and authenticator. Supplicant is a client wants to be authenticated. It can be the client

software on wireless device. The authentication server is a system, such as a RADIUS

server and handles actual authentications. For the authenticator is a device (Access

Point) acts as an intermediary between a supplicant and an authentication server. The

exact method of supplying identity is defined in the Extensible AuthenticationProtocol

(EAP). EAP is the protocol that 802.1X uses to manage mutual authentication. There is

several type of EAP method such as:

EAP LEAP - Uses a username and password to transmit the identity to the

RADIUS server for authentication.

EAP PEAP Provide a secure mutual authentication and design to overcome

some vulnerability exist in other method.

EAP TLS Used an X 509 certificate to handle authentication.

EAP TTLS Used while authenticator identifies itself to the client with a server

certificate, the supplicant uses a username and password identity instead.

According to the book Principles of Information Security 3rd edition, TKIP adds four

new algorithms to WEP:


9/22


110922

9 | P a g e

A cryptographic message integrity code, or MIC, called Michael, to defeat

forgeries;

A new IV sequencing discipline, to remove replay attacks from the attacker

arsenal;

A per-packet key mixing function, to de-correlate the public IVs from weak keys;

and

A rekeying mechanism, to provide fresh encryption and integrity keys, undoing

the threat of attacks stemming from key reuse.

While it offered dramatically improved security over WEP, WPA was not the most

secure wireless protocol design. Some compromises were made in the security

design to countenance compatibility with existing wireless network components.

Protocols to replace TKIP are currently under development. Apart from that, Counter

Cipher Mode with Block Chaining Message Authentication Code Protocol also is an

encryption protocol and common call as CCMP. CCMP used to implement the

standards of the IEEE 802.11i modification to the original IEEE 802.11 standard and

is an enhanced data cryptographic encapsulation mechanism designed for data

confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES

standard. It was created to address the vulnerabilities presented by TKIP, a protocol

in WPA, and WEP, a dated, insecure protocol.


10/22


110922

10 | P a g e

Why need WEP and WPA

WEP

For several people, WEP is the only choice until the new security methods added to the

IEEE 802.11 standard become established. Even with its weaknesses, WEP is still more

effective than no security at all, providing you are aware of its potential weaknesses. It

provides a barrier, although small, to attack and is therefore likely to cause many

attackers to just drive on down the street in search of an unsecure network. Most of the

attacks depend on collecting a reasonable sample of transmitted data so, for a home

user, where the number of packets sent is quite small, WEP is still a fairly safe option.

Here are some advantages of WEP.

It can prevent illegal usage from spamming to accessing or viewing pornography

may be traced back to your router.

Avoid wasted internet bandwidth to slow you down.

Thwart other people can connect your router which your computer will assume is

a trusted member of your network and the computer will allow them to gain

information from your system.

Prevent identity theft.


11/22


110922

11 | P a g e

WPA

WPA was industrialized by the WiFi Alliance in conjunction with the IEEE as an interim

wireless security solution that works with existing hardware, in anticipation of the

802.11i wireless security standards that were recently consented, but are not

compatible with all legacy hardware. For those who aren't ready to upgrade all of their

wireless hardware and who need more security than WEP can provide, WPA is the

answer. Below are some advantages of WPA:

WPA uses much stronger encryption algorithms than its predecessor. WPA uses a

Temporary Key Integrity Protocol (TKIP), which dynamically changes the key as

data packets are sent across the network.

WPA provides a way for enterprises to authenticate wireless users with a RADIUS

server. The authentication protocol that's used is the Extensible Authentication

Protocol (EAP). The RADIUS server also allows you to set user access policies to

control wireless access to your network. For example, you can set time limits on

wireless sessions or place restrictions on days and times that users can connect.

Has backward compatible WEP support for devices that are not upgraded.


12/22


110922

12 | P a g e

Attack on WEP netw ork

Tools: Backtrack 3 BT3 (Linux Kernel), Spoonwep2, and USB Wi-Fi adapter

1. Firstly, boot the BT3 and plug in the USB Wi-Fi adapter.

2. Start the Spoonwep2 by click on start button >BackTrack> Radio Network

Analysis > 80211 > all > Spoonwep2.

3. The window will pop up the Spoonwep2. Then choose the network card (USB Wi-

Fi adapter) RAUSB0 > for option Driver choose NORMAL (If your wifi adapter is


13/22


110922

13 | P a g e

Atheros, please select option Atheros) >MODE choose UNKNOW VICTIM > click

on NEXT.

Clickon it


14/22


110922

14 | P a g e

4. Then you will see a window like below. Click on LAUNCH button to start scanning

the nearby network.

5. During scanning, you will see a window display the details about the AP (Access

Point) such as channel, data, SSID, packet, power and so on.

Clickon it


15/22


110922

15 | P a g e

6.After that, you will see the wireless network that you desire to hack appear on

the main window like below. Then you need click on the wireless network you

would like to hack, and click on button SELECTION OK.

7. Then it go to attack panel, that will let you choose the attack method and select

the length of bits and channel. After select, click on LAUNCH button to start the

attack.


16/22


110922

16 | P a g e

8. You need to wait until the spoonwep2 found the key. The key that you get will

in HEX, so you need to convert into ACSII for easy you remember.


17/22


110922

17 | P a g e

Setup WPA on access point DLink DI R-300

1. Log into the web-based configuration by using web browser and entering the

default IP address of the router (192.168.0.1). Then click on Wireless Setup on

the left hand side.


18/22


110922

18 | P a g e

2. Go to WIRELESS SECURITY MODE, select Enable WPA only wireless security

(enhanced).

3. Then go to Cipher Mode, select TKIP, AES or Both.

4. Next to PSK/EAP option panel, select PSK.

5. Then enter the password that you desire.


19/22


110922

19 | P a g e

6. Click on Save Setting and wait the router save the setting. Then the page will

refresh.


20/22


110922

20 | P a g e

The End

As a conclusion, a wireless networks without WEP or WPA are unacceptable due to the

exceedingly high risks involved. If the wireless network that without any security (WEP

or WPA), mean the user can does not take any skill to discover and gain unauthorized

access to wireless networks. One does not have to be a programmer, Linux expert, or

network specialist. All it takes is a laptop with a wireless network card, and some

software or tools that can be easily downloaded for free from the Internet. Armed with

these basic tools anybody can drive around, detect open wireless networks, and

connect to them. With a Linux machine, additional software, some advanced knowledge,

and some time and patience it is even possible to break into wireless networks that use

encryption. Although, WEP offers such weak encryption that it is generally considered

as unsecured but it better than your wireless network that do not have any


21/22


110922

21 | P a g e

security.WPA is enhancement of WEP, but many researchers found faults that make it

impartially insecure as well compare to protocol WPA2.

Reference

Principles of Information Security Third Edition

http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy

http://www.pcworld.com/article/130330/how_to_secure_your_wireless_network.

html

http://wifihelps.com/disadvantages.php

http://en.wikipedia.org/wiki/CCMP

http://www.techrepublic.com/article/wpa-wireless-security-offers-multiple-

advantages-over-wep/5060773

http://support.netgear.com/app/answers/detail/a_id/1105/~/what%27s-new-in-

security%3A-wpa-%28wi-fi-protected-access%29


22/22


110922

22 | P a g e

http://etutorials.org/Networking/802.11+security.+wi-

fi+protected+access+and+802.11i/Part+III+Wi-

Fi+Security+in+the+Real+World/

http://www.practicallynetworked.com/support/wireless_secure.htm

http://www.brighthub.com/computing/smb-security/articles/78216.aspx

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

WEP and WPA

Documents

Transcript of WEP and WPA