Problems in WEP Encryption

In a wired network – due to the fact that stations are connected via cables, the data is pretty secure in itself. However when the transmission medium is air, all data transmissions are heard by every Station in the network. The Data can also be sniffed by hacker stations that can try and decrypt the packets.

WEP was developed to provide security equivalent to a wired network. However, WEP failed in its attempt to provide the same as the WEP security implementation was seriously flawed.

Some of the flaws that caused WEP to be denounced for better security mechanisms are detailed below

WEP IV re-use and static IVs

As discussed in previous articles, all the data packets sent by the 802.11 station are encrypted using the same WEP secret key. Hence, the input data and output data would form a pair and remain the same.

To resolve this, the 802.11 standard added the Initialization vector to the WEP key which would provide a different WEP seed for encrypting different packets leading to differently encrypted packet for the same input. This mechanism seems good. However, the IV field was limited to 24 bits and the number of different IVs would exhaust within a few hours. Once the IV field reached the maximum limit, it would wrap around and the same IVs would be re-used with the WEP key. Also, the IV is sent in clear-text. Hence, again the WEP input and output would start to be same after sometime. A brute force attack would allow a hacker to exploit this vulnerability and obtain the WEP key in a matter of hours

Weak IVs

It was seen that some of the IVs were inherently weak and could be exploited to find the WEP key. The RC4 algorithm encrypts one data byte at a time with a key-stream output from the ARC4 Programmable Random number generator (PRNG). RC4 uses the key to initialize a state machine, and then continuously modifies the state and generates a new byte of the key-stream from the new state. It was seen that with certain Initialization vector – a hacker knowing the first byte of the key-stream and “m” bytes of the Key would be able to generate the “m+1” byte of the key. This attack was first published by Fluhrer, Mantin and Shamir and can be referenced at this location

Fluhrer, Mantin and Shamir paper on WEP vulnerability

A reader can also refer the wiki page to obtain am understanding of this issue

WEP Vulnerability

This attack caused WEP to be broken at an algorithmic level.

Shared System authentication flaw

Shared System authentication has a challenge text format. It is inherently flawed in the sense that the encrypted text and the clear text are sent out. Since, the IV is also sent out in clear-text in WEP. A hacker has sufficient information to launch an attack on the system to retrieve the key.

The WEP flaws were addressed in TKIP encryption key via increasing the IV length to 48 bits. Also, if the IV number field exhausts, a new TKIP Key needs to be exchanged with the Access Point. The IV length exhaustion would take a very large amount of time – due to the 48 bit length and other settings (e.g. PTK key timeout) would be hit prior to IV length exhaustion.

TKIP also added replay protection and Michael’s Integrity check protection in addition to the above to provide a more robust security. TKIP in itself is now been superseded by the AES encryption which is far more robust and secure. TKIP and AES will be discussed in later articles once 802.1x authentication mechanisms are discussed.

802.1X authentication and Data Security Enhancements

Leave a Reply

Your email address will not be published. Required fields are marked *