Wired Equivalent Privacy

From Free net encyclopedia

Wired Equivalent Privacy (WEP) is a scheme to secure wireless networks (WiFi). Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping. WEP was intended to provide comparable confidentiality to a traditional wired network, hence the name. Several serious weaknesses were identified by cryptanalysts, and WEP was superseded by Wi-Fi Protected Access (WPA) in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the weaknesses, WEP provides a level of security that can deter casual snooping.

Contents 1 Details 2 Flaws 3 Remedies 4 References 5 External links

Details

WEP is part of the IEEE 802.11 standard ratified in September 1999. WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity.

Standard 64-bit WEP uses a 40 bit key, to which a 24-bit initialization vector (IV) is concatenated to form the RC4 traffic key. At the time that the original WEP standard was being drafted, US Government export restrictions on cryptographic technology limited the keysize. Once the restrictions were lifted, all of the major manufacturers eventually implemented an extended 128-bit WEP protocol using a 104-bit key size. A 128-bit WEP key is almost always entered by users as a string of 26 Hexadecimal (Hex) characters (0-9 and A-F). Each character represents 4 bits of the key. 4 * 26 = 104 bits. Adding the 24-bit IV brings us what we call a "128-bit WEP key". A 256-bit WEP system is available from some vendors, and as with the above-mentioned system, 24 bits of that is for the I.V., leaving 232 actual bits for protection. This is typically entered as 58 Hexadecimal characters. (58 * 4 = 232 bits) + 24 I.V. bits = 256 bits of WEP protection.

Key size is not the major security limitation in WEP. Cracking a longer key requires interception of more packets, but there are active attacks that stimulate the necessary traffic. There are other weaknesses in WEP, including the possibility of IV collisions and altered packets, that are not helped at all by a longer key. See stream cipher attack.

Flaws

Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plaintext, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack.

Many WEP systems require a key in hexadecimal format. Some users choose keys that spell words in the limited 0-9, A-F hex character set, for example C0DE C0DE C0DE C0DE. Such keys are often easily guessed.

In August 2001, Scott Fluhrer, Itzik Mantin, and Adi Shamir. published a cryptanalysis of WEP that exploits the way the RC4 cipher and IV is used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network for a few hours. The attack was soon implemented, and automated tools have since been released. It is possible to perform the attack with a personal computer, off-the-shelf hardware and freely-available software.

Cam-Winget et al. (2003) surveyed a variety of shortcomings in WEP. They write "Experiments in the field indicate that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target." They also reported two generic weaknesses:

• the use of WEP was optional, resulting in many installations never even activating it, and
• WEP did not include a key management protocol, relying instead on a single shared key amongst users.

In 2005, a group from the U.S. Federal Bureau of Investigation gave a demonstration where they cracked a WEP-protected network in 3 minutes using publicly available tools.

Remedies

The most widely recommended solution to WEP security problems is to switch to WPA or WPA2. Either is much more secure than WEP. Some old WiFi access points might need to be replaced to do this or have their operating system, in flash memory, upgraded; however, replacements are relatively inexpensive. Another alternative is to use a tunneling protocol, such as IPsec.

References

• Nikita Borisov, Ian Goldberg, David Wagner, "Intercepting mobile communications: the insecurity of 802.11." MOBICOM 2001, pp180–189.
• Nancy Cam-Winget, Russell Housley, David Wagner, Jesse Walker: Security flaws in 802.11 data link protocols. Communications of the ACM 46(5): 35-39 (2003)
• Scott R. Fluhrer, Itsik Mantin, Adi Shamir, "Weaknesses in the Key Scheduling Algorithm of RC4". Selected Areas in Cryptography 2001: pp1–24.

External links

• (In)Security of the WEP algorithm
• Weaknesses in the Key Scheduling Algorithm of RC4
• List of security problems with WEP
• WEP: Dead Again, Part 1 (Dec. 14, 2004)
• WEP: Dead Again, Part 2 (Mar. 8, 2005)
• The Feds can own your WLAN too : TomsNetworking
• Humphrey Cheung, How to crack WEP, part one, part two, part three May/June 2005.
• Several software tools are available to compute and recover WEP keys by passively monitoring transmissions.
  • aircrack
  • Aircrack-ng (aircrack-ng is the next generation of aircrack)
  • AirSnort
  • WEPCrack
  • Weplab
  • KisMACde:Wired Equivalent Privacy

es:Wired Equivalent Privacy fr:Wired equivalent privacy ko:WEP id:WEP it:Wired Equivalent Privacy nl:Wired Equivalent Privacy pl:WEP pt:WEP fi:WEP tr:WEP zh:有線等效加密