WEP Introduction


The Wired Equivalent Privacy protocol is incorporated as part of the IEEE 802.11b protocol. Actually, the standard only calls for 40-bit WEP, but almost all vendors offer up to 128-bit WEP.

To secure data, WEP uses the RC4 algorithm to encrypt the packets of information as they are sent out from the access point or wireless network card. This is the same algorithm used in many other Internet applications that require security, such as Secure Sockets Layer (SSL). SSL is the most common protocol used by online stores to encrypt customer information sent over the Internet. This reduces the risk of a hacker sniffing the customer's credit card information off the wire and adds a layer of protection to the transaction process.

RC4 is a secure algorithm, and should remain so for several years to come. However, in this case it is the specific wireless implementation of the RC4 algorithm with respect to the initialization vector that is at fault.

In general, it is difficult to correctly implement strong cryptography. Even if a vendor implements a cipher that is known to be very strong, many times the implementation can weaken the cipher or make it ineffective . Implementation oversights could be as simple as insecure key storage, poor random number generation, or flaws in key generation routines. All of these functions may comprise a cipher without actually being part of the cipher itself. The cipher is at the mercy of these outside functions, and can thus be circumvented or weakened by flaws in those dependencies.

As you will learn, implementation oversights in WEP include a small IV space (IV collisions), large amounts of known plaintext in IP traffic, IV weaknesses, no key exchange/management mechanisms (which leads to the same shared key for all users), very weak packet integrity protection (CRC32), lack of replay protection, and a flawed authentication system. Items not addressed by the 802.11 WEP definitions, such as IV incrementing, also lead to problems with WEP implementations. Most implementations start IV counters at zero upon card initialization, and IV collisions between nodes is very common when users boot in the morning.



Maximum Wireless Security
Maximum Wireless Security
ISBN: 0672324881
EAN: 2147483647
Year: 2002
Pages: 171

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net