WEP Tutorial 1

WEP (Wired Equivalent Privacy) is the only encryption standard supported in IEEE 802.11-1999 (commonly known as Wi Fi) standard. Being broadcast medium wireless medium is highly susceptible to eavesdropping. WEP was intended to provide the required confidentiality. But started early 2001, many serious cryptographic vulnerabilities were discovered with WEP protocol. Those vulnerabilities were so strong that IEEE had to deprecate the WEP standard.

The video starts with the WEP history, and mainly talks about the working of WEP protocol. Given the encryption key and the plain text message, how exactly the WEP encryption block encrypts the packets and how its counterpart i.e. decryption block decrypts the packet is the main focus of the video.

Enable Javascript or Download Flash Playe if you see this!

WEP uses RC4 stream cipher algorithm for confidentiality and CRC-32 checksum for integrity checking (ICV). For calculating the key stream from the static key, the Initializing Vector (IV) and the actual static key are concatenated with each other and are given as input to the RC4 block. RC4 algorithm runs on this seed and gives a key stream as a output. This key stream is XORed with the actual plain text data to get the cipher text data. At the receiver end the same process is performed to get the plain text data from encrypted data.

Ideally a different key stream should be generated for every packet, and that’s the very reason of introduction of IV. Different IV combined with key stream generates different key streams, unfortunately IV space is very small. IV comprises of 24 bits or there are 2 power 24 possibilities for IV. In a reasonably bust environment the IV space will be wrapped around in few hours. Giving good chances for the passive listener to decrypt the packets. IV and key sizes are just one flaw, but there exist many more even more serious security flaws with WEP.

The next two videos discuss more about those flaws.

Amit Vartak, 27 is working in wired and wireless security fields since last 3-4 years. His current area of interest includes IEEE 802.11 (Wi-Fi) suite of protocols, vulnerabilities in these protocols and countermeasure for those vulnerabilities. Working on cutting edge tools and technology always keeps him busy. He has contributed from concept level to final prototyping for the presentations in Defcon 2007 (The Emperor Has No Cloak - WEP Cloaking Exposed) and Toorcon 2007 (Caffe latte attack). He holds 2 patents with USPTO (current status: Patent Pending) and a few papers in IEEE journals on wireless protocol vulnerabilities. Prior to this, he was working on MEMS (Micro Electro Mechanical Systems) and has published a few papers in SPIE and ICMAT. (Yeah… kindda orthogonal fields… but technology really doesn’t limit the talent :) He did his masters in Electrical Engineering from one of the premier institutes in India, Indian Institute of Technology, Bombay (IIT-Bombay) and his under graduation, from University of Mumbai in Electronics and Telecommunication Engineering. He is currently working with AirTight Networks Inc. as a team lead in technology group since last 3 years.You can get in touch with him at amitcv[at]gmail[dot]com