Data Analysis
Data AnalysisWhen data is transferred via the airwaves, it can be easily captured using programs downloaded from the Internet. This type of monitoring was expected, and is why WEP security was added to the 802.11 standard. Through the use of WEP, all data can be scrambled to the point where it becomes unreadable. Although WEP will not stop the wanton interception of data, it can stop the casual interpretation of the captured data.
However, there are faults in the implementation of RC4. Specifically, if a hacker can determine what data is being sent before it is encrypted, the captured
|
Technical Example
The reason for this flaw is that WEP produces the
Comparable Equation 1Ciphertext = Plaintext XOR Keystream As you can see, the only value masking the plaintext is the keystream. If we reverse this process, we see that the only value masking the keystream is the plaintext, as depicted by Comparable Equation 2. Comparable Equation 2Keystream = Ciphertext XOR Plaintext
To further
Creating the Ciphertext (Using Comparable Equation 1)If we assume the following: Plaintext = A (ASCII) Then we can obtain the following: Plaintext 1 0 0 0 0 0 0 1 Keystream 0 1 1 1 0 0 0 1 XOR Ciphertext 1 1 1 1 0 0 0 0 Obtaining the Keystream (Comparable Equation 2)If we assume the following: Plaintext = A (ASCII) Then we can obtain the following: Plaintext 1 0 0 0 0 0 0 1 Ciphertext 1 1 1 1 0 0 0 0 XOR Keystream 0 1 1 1 0 0 0 1 You now have the keystream used to encrypt this packet! Discussion
As
This can be tricky; however, hackers are tricky people. For instance, if they have access to the network on the inside of the firewall, they could install a sniffer on the inside and capture all data before it's encrypted. They would then use a wireless sniffer to capture all data after it is encrypted. However, this is redundant because the hacker has already
The second and more likely way a hacker could predetermine the plaintext is to trick someone into receiving or sending a predictable message. To facilitate this, a chat session or email could provide a hacker all the plaintext he needs. However, this method can also be difficult as a result of extraneous data becoming intermingled with the predictable data. For example, TCP/IP packets include IP headers and other distracting information. Checksums, proprietary data additions by the email server, and more can all obscure the predictable data. Therefore, if a hacker is going to succeed in this method of attack, she needs to send a message that
(" ")
or a long string of the same character:
("AAAAAAAAAAAAAAAAAAAAAAAA").
The third method used to predetermine plaintext is to look for known communication headers. As previously mentioned, TCP/IP packets include required IP headers that are required to ensure proper delivery. If you can determine the IP address of the access point or client WNIC and make an
Assuming a hacker can determine the plaintext and use this to glean the keystream, what can he do with this information? The answer to this will become apparent as you read on. You should also note that one or even a couple of keystreams by
|
065 (ANSI)
Similar products
Guide to Wireless Network Security
Darknet: Hollywood's War Against the Digital Generation
ARRL Ham Radio License Manual: All You Need to Become an Amateur Radio Operator (Arrl Ham Radio License Manual) (Arrl Ham Radio License Manual)
Wireless Communications Security (Artech House Universal Personal Communications)
Similar products
- Microsoft Exchange Server 2003 Delta Guide
Vsapi 2.5 bridgehead - Microsoft Corporation - MCSE Training Kit (Exam 70-220. Designing Microsoft Windows 2000 Network Security)
Kerberos inter-realm trust - CCNP Self-Study CCNP Practical Studies. Switching
Switch collision domain - Network Security Assessment
Iissystem.zip - Pinnacle Studio 10 for Windows. Visual QuickStart Guide
Pinnacle studio device selection