Presentation is loading. Please wait.

Presentation is loading. Please wait.

WEP Protocol Weaknesses and Vulnerabilities

Published byAlfred Flowers Modified over 9 years ago

Similar presentations

Presentation on theme: "WEP Protocol Weaknesses and Vulnerabilities"— Presentation transcript:

1 WEP Protocol Weaknesses and Vulnerabilities
Riad Lemhachheche Jumnit Hong

2 OUTLINE Introduction to WEP Problems with WEP Solutions to WEP
802.1x 802.11i WPA Conclusion

3 Introduction to WEP Basically a pseudo random number generator that encrypts data packets. Start with generic packet Use a secret key plus IV to seed RC4 stream cipher to create pseudo random number Create a CRC-32 of data portion of packet which is then called ICV. Data || ICV XOR Pseudo Random Number = Encrypted portion of WEP Packet

4 Shared before communication begins Created by Sending Device
How WEP Works Frame Header Frame Body FCS Secret Key (40Bits) RC4 Algorithm IV (24bits) Generic Packet Frame Shared before communication begins Created by Sending Device Integrity Check Algorithm ICV WEP Packet Frame Encrypted

5 Problems with WEP Key Generation ICV Generation
Weak Key’s and Weak IV’s WEP Attacks

6 Key Generation Problems
The main problem of WEP is Key Generation. Secret Key is too small, only 40 Bits. Very susceptible to brute force attacks. IV is too small. Only 16 Million different possibilities for every packet. Secret Keys are accessible to user, therefore not secret. Key distribution is done manually.

7 ICV Generation Problems
The ICV is generated from a cyclic redundancy check (CRC-32) Only a simple arithmetic computation. Can be done easily by anyone. Not cryptographically secure. Easy for attacker to change packet and then change ICV to get response from AP.

8 Weak Key’s and IV’s Certain keys are more susceptible to showing the relationship between plaintext and ciphertext. There are approx 9000 weak keys out of the 40 bit WEP secret key. Weak IV will correspond to weak Keys.

9 Attacks Replay 802.11 LLC Encapsulation Denial of Service Attacks
Statistical gathering of certain ciphertext that once sent to server will cause wanted reaction. LLC Encapsulation Predictable headers to find ciphertext, plaintext combinations Denial of Service Attacks Flooding the 2.4Ghz frequency with noise.

10 Solutions to WEP 802.1x WPA 802.11i All much more secure.

11 802.1x IEEE 802.1X is a standard from the IEEE for port-based network access control. The 802.1X authentication process for 802.1X applied to WLAN works as follows: The client access the wireless medium using CSMA/CD and associate with the access point The access point accepts the association and places the client on hold in an unauthenticated ’holding area’. It sends an authentication request to the client. The access to the LAN for the client is still blocked The client provides an identification response with a username or some kind of identifier. It is forwarded by the access point to a RADIUS server

12 802.1x (2) The RADIUS server looks up the username from a local database or another authentication server. If the username has been identified by the RADIUS server then the access point starts challenging the client. The way the client is challenged is not specified by the protocol and so depends on the hardware/software implementations. Nevertheless, no secret information, like passwords, are passed over the medium as plaintext. The client initiates a reverse challenge with the RADIUS server to achieve mutual authentication. This protects the network from rogue access points installed by hackers to obtain client authentication data. Once the mutual authentication is performed, a virtual port on the access point is opened up and the client can fully access the network.

13 WPA (Wireless Protected Access)
Wi-Fi Protect Access (WPA) has for goal to be an update to WEP weaknesses. It is designed to be: strong, Interoperable & security replacement for WEP software upgradeable for certified Wi-Fi products available quickly. To fulfill these goals, 2 major enhancements have been made: Improved data encryption User authentication

14 WPA vs. 802.11i WPA and IEEE 802.11i Comparison
WPA will be forward-compatible with the IEEE i security specification. WPA is a subset of the current i draft, taking already available pieces of the i draft such as its implementation of 802.1x and TKIP. The main pieces of the i draft that are not included in WPA are : Secure IBSS & Secure fast handoff, Secure de-authentication and disassociation, Enhanced encryption protocols such as AES-CCMP.

15 802.11i Possibility of two modes to encrypt packets TKIP or CCMP.
TKIP uses current WEP and wraps a new packet around the WEP packet. Used to support legacy devices. CCMP uses AES in CBC mode to create MAC and encrypt data packets. New encryption standard.

16 802.11i-CCMP

17 Conclusion The WEP protocol described in is not sufficient at creating cryptographically secure communication between a wireless client and an access point. It will only stop the casual attacker, with virtually no security to protect a network from the professional hacker. The problems with WEP are as follows: Key Generation and Distribution Weak IV’s and Key’s Predictable Integrity Check algorithm (CRC-32) Freely available tools to break WEP

18 Conclusion (2) Solutions
Modifying WEP by utilizing TKIP enables superior security to that of WEP, but the most secure way to provide cryptographically secure communication is to use well known and studied standard encryption algorithms such as AES. CCMP utilizes AES in cipher-clock-chaining mode to produce a MAC and to encrypt the message. This is the most secure way to transfer confidential information wirelessly. Both CCMP and TKIP are in the new i standard. WEP only protects against casual attackers and the new i will provide much needed wireless protection from malicious users.

Download ppt "WEP Protocol Weaknesses and Vulnerabilities"

Similar presentations

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukStream Ciphers1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
IEEE 802.11i IT443 Broadband Communications Philip MacCabe October 5, 2005

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
CSE 6590 1.  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in 802.11  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 

CSE  Wired Equivalent Privacy (WEP) ◦ first security protocol defined in  Wi-Fi Protected Access (WPA) ◦ defined by Wi-Fi Alliance 
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.

Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.

WiFi Security. What is WiFi ? Originally, Wi-Fi was a marketing term. The Wi-Fi certified logo means that the product has passed interoperability tests.
Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.

Wireless LAN Security Jerry Usery CS 522 December 6 th, 2006.
1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID 001790660.

1 Enhancing Wireless Security with WPA CS-265 Project Section: 2 (11:30 – 12:20) Shefali Jariwala Student ID
COMP4690, HKBU1 Security of 802.11 COMP4690: Advanced Topic.

COMP4690, HKBU1 Security of COMP4690: Advanced Topic.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
How To Not Make a Secure Protocol 802.11 WEP Dan Petro.

How To Not Make a Secure Protocol WEP Dan Petro.
W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID 003503527.

W i reless LAN Security Presented by: Pallavi Priyadarshini Student ID
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.

Vulnerability In Wi-Fi By Angus U CS 265 Section 2 Instructor: Mark Stamp.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
IEEE 802.11 Wireless Local Area Networks (WLAN’s).

IEEE Wireless Local Area Networks (WLAN’s).

Similar presentations

Ads by Google