WEP Tutorial 3

WEP (Wired Equivalent Privacy) is the only encryption standard supported in IEEE 802.11-1999 (commonly known as Wi Fi) standard. Being broadcast medium wireless medium is highly susceptible to eavesdropping. WEP was intended to provide the required confidentiality. But starting early 2001, many serious cryptographic vulnerabilities were discovered with WEP protocol. Those vulnerabilities were so strong that IEEE had to deprecate the WEP standard.

When WEP is active in a wireless LAN, each 802.11 packet is encrypted separately with an RC4 cipher stream generated by a 64 bit RC4 key. This key is composed of a 24 bit initialization vector (IV) and a 40 bit WEP key. The encrypted packet is generated with a bitwise exclusive OR (XOR) of the original packet and the RC4 stream. The IV is chosen by the sender and should be changed so that every packet won't be encrypted with the same cipher stream. The IV is sent in the clear with each packet. An additional 4 byte Integrity Check Value (ICV) is computed on the original packet using the CRC-32 checksum algorithm and appended to the end.

The WEP tutorial #1 covers the basic working of WEP protocol. Tutorial #2 talks about the flaws in the WEP protocol and explains few very important flaws. This video talks about the remaining flaws with WEP as a protocol. It also talks about the flaws in general and gives the overview of the tools available on the new which can help in cracking the WEP key.

The flaws discussed in this video include,

• Bit flipping attacks
• Replay attacks
• Shared key authentication with WEP

Enable Javascript or Download Flash Playe if you see this!

The recommended solution to WEP security problems is to switch to WPA2 or the less resource intensive WPA. Either is much more secure than WEP. To add support for WPA or WPA2, some old Wi-Fi access points might need to be replaced or have their firmware upgraded. WPA was designed as an interim software solution for WEP; it runs on the same hardware that WEP does.

Amit Vartak, 27 is working in wired and wireless security fields since last 3-4 years. His current area of interest includes IEEE 802.11 (Wi-Fi) suite of protocols, vulnerabilities in these protocols and countermeasure for those vulnerabilities. Working on cutting edge tools and technology always keeps him busy. He has contributed from concept level to final prototyping for the presentations in Defcon 2007 (The Emperor Has No Cloak - WEP Cloaking Exposed) and Toorcon 2007 (Caffe latte attack). He holds 2 patents with USPTO (current status: Patent Pending) and a few papers in IEEE journals on wireless protocol vulnerabilities. Prior to this, he was working on MEMS (Micro Electro Mechanical Systems) and has published a few papers in SPIE and ICMAT. (Yeah… kindda orthogonal fields… but technology really doesn’t limit the talent :) He did his masters in Electrical Engineering from one of the premier institutes in India, Indian Institute of Technology, Bombay (IIT-Bombay) and his under graduation, from University of Mumbai in Electronics and Telecommunication Engineering. He is currently working with AirTight Networks Inc. as a team lead in technology group since last 3 years.You can get in touch with him at amitcv[at]gmail[dot]com