Notes for Lecture-38

MCA 206: Advanced Computer Networks

1. Introduction

Wireless security is different from wired security. It gives potential attackers easy
transport medium access. This access significantly increases the threat that any
security architecture must address. Wireless security requires a slightly different
thinking. The goals of 802.11 security are:

1. Develop a wider understanding of network security requirements.

2. Explain how 802.11 security works now.
3. Describe its major issues.
4. Understand what is being done to address the issues.
5. Create the privacy achieved by a wired network - Only prevent intellectual
property from leaking through casual browsing.
6. Simulate physical access control by denying access to unauthenticated stations.

2. Wired Equivalent Privacy (WEP)

The security mechanisms for the wireless 802.11 standards known as wired equivalent
privacy (WEP). WEP provides a level of security similar to the wired networks. It is a
standard of security for IEEE 802.11a and b and offers authentication and data encryption
between a host and a wireless base station, using a secret shared key. The essence of this
protocol between a host and a base station (wireless access point) is as follows:

1. The host requests authentication from the base station.

2. The base station responds.
3. The host encrypts data by using secret-key encryption.
4. The base station decrypts the received encrypted data. If the decrypted
data matches the original one sent to the host, the host is authenticated by
the base station.

Fist, a 40-bit secret key k, known by both the host and the base station is created. A 24-
bit initialization field to be used to encrypt a single frame is appended to this key.

WEP encapsulation

• Encryption Algorithm = RC4

• Per-packet encryption key = 24-bit IV concatenated to a pre-shared key
• WEP allows IV to be reused with any frame
• Data integrity provided by CRC-32 of the plaintext data (the “ICV”)
• Data and ICV are encrypted under the per-packet encryption key
2. WEP Protocol

In order to send a message M to B, the station performs the following actions:

• compute the integrity checksum c = c(M) of message M and concatenate the two to
obtain the plaintext P = 〈M, c〉

• choose a public initialization vector v and computes C = P ⊕ RC4(K, v);

• build the frame F = 〈v, C〉 and send it to the access point

• Upon receiving the frame F, the access point performs the following actions

• compute P′= C ⊕ RC4(K, F.v);split P′ into 〈M′, c′〉;

• check whether c′ = c(M′) (if not, F is rejected)

3. Authentication and Key Management

3.1 Authentication

There are three methods of authentication can be used with WEP: Open System
authentication, Closed Network authentication and Shared Key authentication.

3.1.1 Open System authentication

A station is allowed to join a network without any identity verification, i.e., no

authentication. Authentication management frames are sent in the clear even when WEP
is enabled.

3.1.2 Closed Network authentication

Only the clients with the knowledge of the network name, or SSID, can join. Here, the
AP is configured to not send the beacon. The SSID acts as a shared secret. It is
proprietary.
Weakness
• Several management frames contain SSID
• These frames are broadcast in the clear even when WEP is enabled
• An attacker can easily sniff the secret (SSID)

3.1.3 Shared Key authentication

A station is allowed to join a network if it proves possession of a WEP key shared. It
works on Challenge-response protocol.

3.2 Key Management

802.11 does not specify any key management. Key management is left as an exercise for
vendors. The standard allows for a unique key for each mobile station however. In
practice, most installations use a single key for an entire network.

4. Weakness of WEP

1. Key management and key size

Key management is not specified in the WEP standard; without interoperable key
management, keys will tend to be long-lived and of poor quality. Most wireless
networks that use WEP have one single WEP key shared between every node on
the network. Access points and client stations must be programmed with the same
WEP key. Since synchronizing the change of keys is tedious and difficult, keys
are seldom changed. Also, the 802.11 standard does not specify any WEP key
sizes other than 40 bits.
2. The IV is too small
WEP's IV size of 24 bits provides for 16,777,216 different RC4 cipher streams for
a given WEP key, for any key size. Remember that the RC4 cipher stream is
XOR-ed with the original packet to give the encrypted packet that is transmitted,
and the IV is sent in the clear with each packet. The problem is IV reuse. If the
RC4 cipher stream for a given IV is found, an attacker can decrypt subsequent
packets that were encrypted with the same IV or can forge packets.
3. The ICV algorithm is not appropriate
The WEP ICV is based on CRC-32, an algorithm for detecting noise and common
errors in transmission. CRC-32 is an excellent checksum for detecting errors, but
an awful choice for a cryptographic hash. Better-designed encryption systems use
algorithms such as MD5 or SHA-1 for their ICVs.
4. Authentication messages can be easily forged