4.1 The Pitfalls of WEP

The IEEE specifications for 802.11a/b/g all provide a form of encryption called Wired Equivalent Privacy (WEP). WEP operates at the Media Access Control (MAC) layer, or the Data Link layer, between the Physical Layer (radio waves) and the Network Layer (TCP). WEP encryption is based on the RC4 algorithm from RSA Data Security and employs a 40-bit encryption key.

Anyone who knows the secret key (unless you're the only user on the network, this key is shared, so it's not all that secret) can participate in a WEP network. Secret keys are generally either plaintext words or somewhat longer combinations of hexadecimal numbers .

There are two major problems with WEP:

• Encryption is handled at the Data Link layer, so if you connect to a WEP network with your notebook, the communication between your notebook and the access point is encrypted. All packets are decrypted at the access point and sent from there in the clear.

• Other computers that also have the secret key for this WEP network can read all packets sent to and from your computer. The secret key is a "shared" key, which means that all devices that encrypt packets must use the same key. Some access points use a passphrase to generate the WEP key, making the key even easier to deduce. Once you are connected to a WEP network, you can do all the packet sniffing you want with a tool like Ethereal.

A team of cryptographers from the University of California at Berkeley, as well as several other groups (see the references at the end of this section), have identified weaknesses in the way that WEP keys are generated and used, effectively making the number of bits in the key immaterial. Even though many manufacturers have added extra bits to the key length, up to 152 bits, the longer key length provides minimal protection, because WEP is not a well-designed cryptographic system.

With all of these problems, why is WEP still supported by wireless equipment manufacturers? Until recently, there had not been another standard for wireless encryption. You could have run a Virtual Private Network (VPN) on top of your wireless network, but this would have presented its own set of challenges, and it is not practical for home or even small-business users. The Wi-Fi Alliance announced a standard called Wireless Protected Access (WPA) in mid-2002. WPA is based on a draft of the IEEE 802.11i specification, which will probably be ratified in mid-2004. We cover WPA a bit later in the chapter.

So why would you want to use WEP on your wireless network at all? Consider it a first line of defense. While it is definitely possible to crack its keys and gain access to a WEP network, someone who is looking for free wireless access will choose an open network when given the choice. However, if you are worried about an attacker specifically targeting your network, you must take stronger measures.

Consider not using WEP at all. There are other alternatives that provide stronger encryption and authentication, and we cover those in this chapter. However, if you want an easy out-of-the-box setup, WEP is your ticket. To keep your WEP network as secure as possible, keep these guidelines in mind:

• Make your secret key difficult to crack. Once a hacker has captured enough frames from your encrypted network, he needs to run a tool to guess your secret key. This is no different from a hacker running crack against a password database. The more complex your key, the less likely a standard dictionary attack will crack it. Choose a long, complex key that utilizes nonalphanumeric characters . If you can, use hexadecimal strings. Use the longest key that your hardware will support. If you have access points and clients that support 128-bit WEP, by all means use it. However, some implementations of WEP have weaknesses that allow attackers to recover the key even without mounting a dictionary attack.

• Change your secret key often. WEP key attacks rely on two methods : a dictionary attack or the collection of large amounts of frames data in order to deduce the secret key. Obviously, you provide less of a chance for an attacker to break your key when you change it often. However, this option becomes more cumbersome with larger networks, giving you the classic key-distribution problem.

• Use WEP in combination with other security measures. If your network uses equipment from a single manufacturer, you may be able to take advantage of nonstandard security features. Cisco and Proxim, for example, support rapid WEP key rotation and dynamic rekeying. If all of your clients can take advantage of these features, use them. You should also consider whether the various IP tunneling or VPN solutions will fit into your network infrastructure.

Several security measures that come standard with many access points are almost useless in protecting your wireless network:

Disabling SSID broadcast

This creates a "hidden" network by causing the access point to suppress the broadcast of SSID information. In order to join a network with SSID broadcast disabled, the client must manually enter the SSID.

Premise: if you don't know the SSID, you can't join the network.

Reality: Kismet and other wireless network scanners can easily pick up the SSID by monitoring traffic from clients of the "hidden" network.

MAC address filtering

Most access points allow you to set up a list of allowed network cards by entering their MAC address. If the access point sees a MAC address that is not on the list, it will not allow that device to associate.

Premise: only authorized network cards can join the network.

Reality: Kismet and other wireless scanners can easily pick up MAC addresses by monitoring client traffic on the wireless network. Spoofing a MAC address is very easy under Linux and other operating systems, allowing easy access to the network. Also, wireless network cards can easily be stolen. The MAC address filter only authenticates a device, so anyone can use it.

IP address filtering

Similar to MAC address filtering, this technique allows you to set up a list of allowed IP addresses that can send TCP/IP traffic on the network. Other machines may be allowed to associate with the access point, but they would not be able to participate in any TCP/IP network.

Premise: only known IP addresses are allowed to communicate on the network.

Reality: any network sniffer or analyzer, such as Ethereal or tcpdump, can easily find IP addresses in use on any given network. Spoofing IP addresses is even easier than spoofing MAC addresses.

4.1.1 References

As mentioned previously, several groups have identified weaknesses in the way that WEP keys are generated and used. To learn more, consult the following sources:

• Your 802.11 Wireless Network has No Clothes (http://www.cs.umd.edu/~waa/wireless.pdf) by Arbaugh, Shankar, and Wan. University of Maryland, March 30, 2001.

• Weaknesses in the Key Scheduling Algorithm of RC4 (http://www.crypto.com/papers/others/rc4_ksaproc.ps) by Fluhrer, Mantin, and Shamir. July 25, 2001.

• Using the Fluhrer, Mantin, and Shamir Attack to Break WEP (http://www.cs.rice.edu/~astubble/wep). AT&T Labs Technical Report by Stubblefield, Ioannidis, and Rubin. August 21, 2001.

• Security of the WEP Algorithm (http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html) by Borisov, Goldberg, and Wagner, UC Berkeley. April 1, 2001.

4.1.2 WEP with Linux

Back in Chapter 2, we covered the use of schemes to set up multiple wireless networks on your PC with the ability to switch between them as needed. Here again is a sample /etc/pcmcia/wireless.opts that contains schemes for two networks and includes the use of a WEP key:

 case "$ADDRESS" in     home,0,*,*)     INFO="Home wireless setup"     ESSID="home"     MODE="managed"     CHANNEL="11"     RATE="auto"     ;; yourjob,0,*,*)     INFO="Work wireless setup"     ESSID="BigCorp"     MODE="managed"     CHANNEL="4"     RATE="auto"  KEY="s:bigsecret  " esac 

Use cardctl yourjob to switch to the WEP-enabled scheme.

The corresponding iwconfig command to configure a WEP key is iwconfig enc or iwconfig key . This command accepts several parameters:

iwconfig eth1 key [onoff]

on and off enable and disable encryption, respectively.

iwconfig eth1 key 0a12fc132

Secret keys can be entered as hex strings with or without separating dashes.

iwconfig eth1 key s:supersecret

ASCII secret keys can be entered in the form of s:secretkey .

iwconfig eth1 key s:supersecret [2]

An index of keys can be generated by appending an index number in brackets ([ ]) to the key when it is entered.

iwconfig eth1 key [2]

You can change secret keys by passing the index number of the key as an option.

iwconfig eth1 key [openrestricted]

Two operating modes are available: open accepts nonencrypted traffic, and restricted accepts only encrypted packets.