1 / 15

WEP AND WPA by Kunmun Garabadu

Learn about the security protocols WEP and WPA for wireless LANs, their vulnerabilities, and why WPA is a more secure solution. This article covers encryption, authentication, key distribution, and potential attacks.

curryj
Download Presentation

WEP AND WPA by Kunmun Garabadu

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEP AND WPA by Kunmun Garabadu

  2. Wireless LAN • Hot Spot : Hotspot is a readily available wireless connection. • Access Point : It serves as the communication hub so that a wireless device can gain access to a cabled network. • Client • Router • Ethernet Cabling

  3. Wireless Network Security vs Wired Network Security • Wireless Security Protocols • Wired Equivalent Privacy (WEP) • Wi-fi Protected Access (WPA)

  4. Why WEP ? • WEP implements part of the IEEE 802.11 standards.It was designed • to protect networks from eavesdropping. Another function is to • prevent unauthorised access to the network. • It operates at the data-link and physical layers. • It does not provide end-to-end security. • It uses RC4 encryption which is a symmetric stream cipher to • provide confidentiality • It uses 64 bit or128 bit key encryption. It uses a 24 bit initialisation vector (IV)which is randomly generated. It is used to augment the shared secret key and produce a different keystream for each packet. • It uses a CRC-32 checksum for data integrity check and this is • part of the encrypted payload.

  5. Encryption is performed at the Access Point (AP) as follows : • The Integrated Check Value(ICV) is computed • The encryption key is selected • The Initialisation Vector ( IV) is generated using a pseudo random generator • The IV is appended to the key and the keystream is generated • The ICV is concated with the payload and then XORed with the generated key stream. • AP sends the IV,key number and cipher text to the client

  6. Encryption Process

  7. Decryption at the client : • Uses key number to get private key • Uses the sent IV to generate key stream • XORs the text that was received with the key stream • Computes ICV on payload • If the new ICV matches the sent ICV the packet is authenticated

  8. Decryption Process

  9. WEP’s vulnerabilities • Short and static key : Actual keyspace is 40 bits or 104 bits • No easy way to exchange and distribute keys.Key change • involves manually changing the key on each AP • and Client. • Simple ASCII key strings are used as keys. Easy to crack • by hackers. • IV is sent out in clear text usually at the starting of the packet. • IV collision. If the IV appears twice(assuming it is used with • the same cipher key) it is known as a collision. • Keystream is repeated every 2 ^ 24 times. This could be • intercepted in a very short period of time on high traffic wireless • networks.An attacker can then recover the plaintext.

  10. No mutual authentication. Client does not authenticate the access point. Opens up the possibility for man-in-the-middle type attack. • CRC-32 is linear. If the message is manipulated the checksum can also be manipulated by a malicious user • Table Attack : Significant amount of traffic can be generated .A table of keystream/IV pairs can be created. The keystream can be obtained by doing xor of the plain text with the cipher text. This does not generate the key but can get decrypted data as long as IV/key stream pair exists for each packet

  11. Passive Attack to Decrypt Traffic : A passive eavesdropper can snoop all packets till an IV collision occurs. Two packets having same IV can be xored to obtain the xor of the two plain-text messages. This XOR can be used to infer the contents of the packet. IP traffic is sometimes quite redundant. Educated guesses can be made to statistically reduce the possibilities of messages Sometimes is possible to get to the exact messages. • Active Attack to Inject Traffic : An attacker who gets to know the exact plain text of one encrypted message correctly can use it to construct another encrypted message. RC4(X) xor X xor Y = RC4(Y). The attacker flips bits in the encrypted message to change the contents,adjusts the CRC and sends it to the destination

  12. Active Attack to change Header: An attacker can get to the contents of the header especially the IP destination. Can change IP address to a machine he controls. The port address also can be changed. • WEP provides minimum level of security in small network • environments

  13. WPA : Wi-fi Protected Access Why WPA ? It was created to patch the security issues of WEP

  14. WPA implements a subset of 802.11i standards. It was started as a • temporary measure to replace WEP while 802.11i got fully prepared • It uses Temporal Key Integrity Protocol (TKIP) which provides • for key changing dynamically. It replaces WEP without having the • need to replace legacy hardware.It encrypts every`data packet with a • unique key.It hashes the IV and the IV goes out encrypted.It is • defined in 802.11i spec • It can work with pre-shared keys as well as use 802.1 x • authentication • It uses RC4 stream cipher with a 128 bit key and a 48 bit IV • The longer key and IV together defeat the key recovery attacks on • WEP

  15. It uses a solution called Michael, which is a Message Integrity Check • (MIC), to thwart the checksum being corrupted issue, It uses a 32 bit • Integrity Check Value(ICV).This is inserted after payload and before IV. • The MIC includes a frame counter which helps to prevent replay attacks • WPA2 is the implementation of IEEE 802.11i. It implements all • mandatory features specified in the standard By increasing the key size, number of keys and by providing a more secure message verification system WPA adds security to a wireless network. WPA can be used for providing more robust security in corporate environments

More Related