ANALYSIS OF WIRED EQUIVALENT PRIVACY

1
ANALYSIS OF WIRED EQUIVALENT PRIVACY

• CS265, Spring 2003
• Xunyan Yang

2
OVERVIEW

• Introduction
• Working Mechanism
• Attackable Entries
• Improvement In WEP Implementation
• Conclusion Recommendations

3
INTRODUCTION

• What is WEP
• --- Wired Equivalent Privacy
• What is WEP used for
• --- Provides confidentiality for wireless LAN
• Whats problems with WEP
• --- Cryptographic errors

4
WORKING MECHANISM

• A string cipher using the RC4 encryption
  algorithm
• A message (plaintext M)
• A Integrity Check (checksum algorithm c )
• A shared secret key (short key k )
• A per packet Initialization Vector (IV)
• Ciphertext (Mc(M)) XOR RC4(IV k)

5
WORKING MECHANISM (Contd.)

• Integrity Check
• 32-bit Cyclic Redundancy Check (CRC-32) checksum
• Confidentiality
• Initialization Vector (IV)
• A 24-bit field and appended to the cleartext
  part of a message

6
ATTACKABLE ENTRIES

• IV Collisions
• IV Reuse
• Modify Checksum

7
IV COLLISION REUSE

• IV will be exhausted after about five hours
• 1500-byte packet at the speed of 11MbPS
• 1500 8 / (11 106) / 602 224
• A common wireless card resets the IV to 0 each
  time a card is initialized, and increments the IV
  by 1 with each packet.

8
MODIFY CHECKSUM

• CRC-32 is a linear algorithm
• Compute the bit difference of two CRCs based on
  the bit difference of the messages
• Flip arbitrary bits in an encrypted message and
  correctly adjust the checksum

9
IMPROVEMENT IN WEP IMPLEMENTATION

• Automatic WEP rotation
• Constant automatic key rotation
• Continual key replacement
• Unique key generation
• 
  http//www.wavelink.com

10
CONCLUSTION RECOMMENDATION

• WEP Provides Inadequate Security
• Assume that the link layer offers no security
• Dont rely on WEP. Use higher-level security
  mechanisms
• Place all access points outside the firewall
• Assume that anyone within physical range can
  communicate on the network as a valid user
• Always turn on WEP in your access point

11

• ???...