WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.
-
Upload
alfred-flowers -
Category
Documents
-
view
218 -
download
6
Transcript of WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.
![Page 1: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/1.jpg)
WEP Protocol Weaknesses and
Vulnerabilities
Riad Lemhachheche
Jumnit Hong
![Page 2: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/2.jpg)
OUTLINE
Introduction to WEP Problems with WEP Solutions to WEP
802.1x 802.11i WPA
Conclusion
![Page 3: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/3.jpg)
Introduction to WEP
Basically a pseudo random number generator that encrypts data packets. Start with generic 802.11 packet Use a secret key plus IV to seed RC4 stream cipher to
create pseudo random number Create a CRC-32 of data portion of packet which is
then called ICV. Data || ICV XOR Pseudo Random Number =
Encrypted portion of WEP Packet
![Page 4: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/4.jpg)
How WEP Works
Frame Header Frame Body FCS
Secret Key (40Bits)
RC4 Algorithm
IV (24bits)
Generic 802.11 Packet Frame
Shared before communication begins
Created by Sending Device
Integrity Check Algorithm
Frame Body ICV
Frame Header IV Frame Body ICV FCS WEP Packet Frame
Encrypted
![Page 5: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/5.jpg)
Problems with WEP
Key Generation ICV Generation Weak Key’s and Weak IV’s WEP Attacks
![Page 6: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/6.jpg)
Key Generation Problems
The main problem of WEP is Key Generation. Secret Key is too small, only 40 Bits.
Very susceptible to brute force attacks.
IV is too small. Only 16 Million different possibilities for every packet.
Secret Keys are accessible to user, therefore not secret.
Key distribution is done manually.
![Page 7: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/7.jpg)
ICV Generation Problems
The ICV is generated from a cyclic redundancy check (CRC-32) Only a simple arithmetic computation. Can be done
easily by anyone. Not cryptographically secure.
Easy for attacker to change packet and then change ICV to get response from AP.
![Page 8: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/8.jpg)
Weak Key’s and IV’s
Certain keys are more susceptible to showing the relationship between plaintext and ciphertext. There are approx 9000 weak keys out of the 40 bit
WEP secret key.
Weak IV will correspond to weak Keys.
![Page 9: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/9.jpg)
Attacks
Replay Statistical gathering of certain ciphertext that once
sent to server will cause wanted reaction.
802.11 LLC Encapsulation Predictable headers to find ciphertext, plaintext
combinations
Denial of Service Attacks Flooding the 2.4Ghz frequency with noise.
![Page 10: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/10.jpg)
Solutions to WEP
802.1x WPA 802.11i All much more secure.
![Page 11: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/11.jpg)
802.1x
IEEE 802.1X is a standard from the IEEE for port-based network access control. The 802.1X authentication process for 802.1X applied to WLAN works as follows:
1. The client access the wireless medium using CSMA/CD and associate with the access point
2. The access point accepts the association and places the client on hold in an unauthenticated ’holding area’. It sends an authentication request to the client. The access to the LAN for the client is still blocked
3. The client provides an identification response with a username or some kind of identifier. It is forwarded by the access point to a RADIUS server
![Page 12: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/12.jpg)
802.1x (2)
4. The RADIUS server looks up the username from a local database or another authentication server.
5. If the username has been identified by the RADIUS server then the access point starts challenging the client. The way the client is challenged is not specified by the protocol and so depends on the hardware/software implementations. Nevertheless, no secret information, like passwords, are passed over the medium as plaintext.
6. The client initiates a reverse challenge with the RADIUS server to achieve mutual authentication. This protects the network from rogue access points installed by hackers to obtain client authentication data.
7. Once the mutual authentication is performed, a virtual port on the access point is opened up and the client can fully access the network.
![Page 13: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/13.jpg)
WPA(Wireless Protected Access)Wi-Fi Protect Access (WPA) has for goal to be an
update to WEP weaknesses. It is designed to be: strong, Interoperable & security replacement for WEP software upgradeable for certified Wi-Fi products available quickly.
To fulfill these goals, 2 major enhancements have been made:
Improved data encryption User authentication
![Page 14: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/14.jpg)
WPA vs. 802.11i
WPA and IEEE 802.11i Comparison WPA will be forward-compatible with the IEEE 802.11i
security specification. WPA is a subset of the current 802.11i draft, taking
already available pieces of the 802.11i draft such as its implementation of 802.1x and TKIP.
The main pieces of the 802.11i draft that are not included in WPA are : Secure IBSS & Secure fast handoff, Secure de-authentication and disassociation, Enhanced encryption protocols such as AES-CCMP.
![Page 15: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/15.jpg)
802.11i
Possibility of two modes to encrypt packets TKIP or CCMP.
TKIP uses current WEP and wraps a new packet around the WEP packet. Used to support legacy devices.
CCMP uses AES in CBC mode to create MAC and encrypt data packets. New 802.11 encryption standard.
![Page 16: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/16.jpg)
802.11i-CCMP
![Page 17: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/17.jpg)
Conclusion
The WEP protocol described in 802.11 is not sufficient at creating cryptographically secure communication between a wireless client and an access point. It will only stop the casual attacker, with virtually no security to protect a network from the professional hacker.
The problems with WEP are as follows: Key Generation and Distribution Weak IV’s and Key’s Predictable Integrity Check algorithm (CRC-32) Freely available tools to break WEP
![Page 18: WEP Protocol Weaknesses and Vulnerabilities Riad Lemhachheche Jumnit Hong.](https://reader036.fdocuments.us/reader036/viewer/2022083008/56649ef25503460f94c035e2/html5/thumbnails/18.jpg)
Conclusion (2)
Solutions Modifying WEP by utilizing TKIP enables superior
security to that of WEP, but the most secure way to provide cryptographically secure communication is to use well known and studied standard encryption algorithms such as AES. CCMP utilizes AES in cipher-clock-chaining mode to produce a MAC and to encrypt the message. This is the most secure way to transfer confidential information wirelessly. Both CCMP and TKIP are in the new 802.11i standard.
WEP only protects against casual attackers and the new 802.11i will provide much needed wireless protection from malicious users.