- Wired Equivalent Privacy
Wired Equivalent Privacy (WEP) is a deprecated
algorithm to secureIEEE 802.11 wireless networks. Wireless networks broadcast messages usingradio and are thus more susceptible toeavesdropping than wired networks. When introduced in 1999, WEP was intended to provideconfidentiality comparable to that of a traditional wired network.Beginning in 2001, several serious weaknesses were identified by
cryptanalysts with the result that today a WEP connection can be cracked with readily available software within minutes.cite paper| author=Nikita Borisov ,Ian Goldberg ,David Wagner | title=Intercepting Mobile Communications: The Insecurity of 802.11|url=http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf | accessdate=2006-09-12] Within a few months theIEEE created a new 802.11i task force to counteract the problems. By 2003, theWi-Fi Alliance announced that WEP had been superseded byWi-Fi Protected Access (WPA), which was a subset of then upcoming 802.11i amendment. Finally in 2004, with the ratification of the full 802.11i standard ( WPA2), the IEEE declared that both WEP-40 and WEP-104 "have beendeprecated as they fail to meet their security goals". [citeweb|title=What is a WEP key?|url=http://lirent.net/wifi/what-is-a-wep-key.html|publisher=lirent.net|accessdate=2008-03-11] Despite its weaknesses, WEP is still widely in use. [citeweb|title=Wireless Adoption Leaps Ahead, Advanced Encryption Gains Ground in the Post-WEP Era|url=http://www.rsa.com/press_release.aspx?id=8451|publisher=rsa.com|accessdate=2008-03-11] WEP is often the first security choice presented to users by router configuration tools even though it provides a level of security that deters only unintentional use, leaving the network vulnerable to deliberate compromise. [citepaper|author=Andrea Bittau, Mark Handley, Joshua Lackey|url=http://www.cs.ucl.ac.uk/staff/M.Handley/papers/fragmentation.pdf|title=The Final Nail in WEP's Coffin|accessdate=2008-03-16]WEP is sometimes inaccurately referred to as "Wireless Encryption Protocol".
Encryption details
WEP was included as the privacy of the original
IEEE 802.11 standard ratified in September 1999.cite book|title=IEEE 802.11-1999: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications|url=http://standards.ieee.org/getieee802/download/802.11-1999.pdf|date=1999] WEP uses thestream cipher RC4 forconfidentiality ,citeweb|title=WPA Part 2: Weak IV's|url=http://www.informit.com/guides/content.aspx?g=security&seqNum=85|publisher=informit.com|accessdate=2008-03-16] and theCRC-32 checksum forintegrity . [citeweb|title=An Inductive Chosen Plaintext Attack against WEP/WEP2|url=http://www.cs.umd.edu/~waa/attack/v3dcmnt.htm|publisher=cs.umd.edu|accessdate=2008-03-16] It was deprecated as a wireless privacy mechanism in 2004, but for legacy purposes is still documented in the current standard.cite book|title=IEEE 802.11i-2004: Medium Access Control (MAC) Security Enhancements|url=http://standards.ieee.org/getieee802/download/802.11i-2004.pdf|date=2004]Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit
initialization vector (IV) to form the RC4 traffic key. At the time that the original WEP standard was being drafted, U.S. Government export restrictions on cryptographic technology limited the key size. Once the restrictions were lifted, all of the major manufacturers eventually implemented an extended 128-bit WEP protocol using a 104-bit key size (WEP-104).A 128-bit WEP key is almost always entered by users as a string of 26
hexadecimal (base 16) characters (0-9 and A-F). Each character represents four bits of the key. 26 digits of four bits each gives 104 bits; adding the 24-bit IV produces the final 128-bit WEP key. A 256-bit WEP system is available from some vendors, and as with the 128-bit key system, 24 bits of that is for the IV, leaving 232 actual bits for protection. These 232 bits are typically entered as 58 hexadecimal characters. (58 × 4 = 232 bits) + 24 IV bits = 256-bit WEP key.Key size is not the only major security limitation in WEP. [citepaper|title=Weaknesses_in_the_Key_Scheduling_Algorithm_of_RC4|author=Fluhrer, Mantin, and Shamir|url=http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf|accessdate=2008-03-16] Cracking a longer key requires interception of more packets, but there are active attacks that simulate the necessary traffic. There are other weaknesses in WEP, including the possibility of IV collisions and altered packets, that are not helped at all by a longer key.
Authentication
Two methods of authentication can be used with WEP: Open System authentication and Shared Key authentication.
For the sake of clarity, we discuss WEP authentication in the Infrastructure mode (ie, between a WLAN client and an Access Point), but the discussion applies to the Ad-Hoc mode too.
In Open System authentication, the WLAN client need not provide its credentials to the Access Point during authentication. Thus, any client, regardless of its WEP keys, can authenticate itself with the Access Point and then attempt to associate. In effect, no authentication (in the true sense of the term) occurs. After the authentication and association, WEP can be used for encrypting the data frames. At this point, the client needs to have the right keys.
In Shared Key authentication, WEP is used for authentication. A four-way challenge-response handshake is used:
# The client station sends an authentication request to the Access Point.
# The Access Point sends back a clear-text challenge.
# The client has to encrypt the challenge text using the configured WEP key, and send it back in another authentication request.
# The Access Point decrypts the material, and compares it with the clear-text it had sent. Depending on the success of this comparison, the Access Point sends back a positive or negative response.After the authentication and association, WEP can be used for encrypting the data frames.
At first glance, it might seem as though Shared Key authentication is more secure than Open System authentication, since the latter offers no real authentication. However, it is quite the reverse. It is possible to derive the keystream used for the handshake by capturing the challenge frames in Shared Key authentication. Hence, it is advisable to use Open System authentication for WEP authentication, rather than Shared Key authentication. (Note that both authentication mechanisms are weak).
Remedies
Use of encrypted
tunneling protocols (e.g.IPSec ,Secure Shell ) can provide secure data transmission over an insecure network. However, replacements for WEP have been developed with the goal of restoring security to the wireless network itself.802.11i (WPA and WPA2)
The recommended solution to WEP security problems is to switch to WPA2 or the less resource intensive WPA. Either is much more secure than WEP. [citeweb|title=802.11b Update: Stepping Up Your WLAN Security|url=http://www.networkmagazineindia.com/200112/focus3.htm|publisher=networkmagazineindia.com|accessdate=2008-03-16] To add support for WPA or WPA2, some old Wi-Fi
access point s might need to be replaced or have theirfirmware upgraded. WPA was designed as an interim software solution for WEP; it runs on the same hardware that WEP does. [citepaper|title=WIRELESS NETWORK SECURITY|url=http://www.proxim.com/learn/library/whitepapers/wireless_security.pdf|publisher=Proxim Wireless |accessdate=2008-03-16]Implemented non-standard fixes
WEP2
This stopgap enhancement to WEP was present in some of the early 802.11i drafts. It was implementable on "some" (not all) hardware not able to handle WPA or WPA2, and extended both the IV and the key values to 128 bits. [citeweb|title=WEP2, Credibility Zero|url=http://www.starkrealities.com/wireless003.html|publisher=starkrealities.com|accessdate=2008-03-16] It was hoped to eliminate the duplicate IV deficiency as well as stop brute force key attacks.
After it became clear that the overall WEP algorithm was deficient however (and not just the IV and key sizes) and would require even more fixes, both the WEP2 name and original algorithm were dropped. The two extended key lengths remained in what eventually became WPA's TKIP.
WEPplus
Also known as WEP+. A proprietary enhancement to WEP by
Agere Systems (formerly a subsidiary ofLucent Technologies ) that enhances WEP security by avoiding "weak IVs". [citeweb|title=Agere Systems is First to Solve Wireless LAN Wired Equivalent Privacy Security Issue; New Software Prevents Creation of Weak WEP Keys|url=http://findarticles.com/p/articles/mi_m0EIN/is_2001_Nov_12/ai_79954213|publisher=Business Wire |accessdate=2008-03-16] It is only completely effective when WEPplus is used at "both ends" of the wireless connection. As this cannot easily be enforced, it remains a serious limitation. It is possible that successful attacks against WEPplus will eventually be found. It also does not necessarily preventreplay attack s.Dynamic WEP
Change WEP keys dynamically. Vendor-specific feature provided by several vendors such as
3Com .The dynamic change idea made it into 802.11i as part of TKIP, but not for the actual WEP algorithm.
ee also
*
Stream cipher attack References
Wikimedia Foundation. 2010.
