1 / 17

Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP). Presented By Kavitha Devireddy Sapna Shankar. Agenda. Introduction -Kavitha WEP WEP Encryption WEP Decryption Problems with WEP Various attacks on WEP -Sapna Solutions for improving security of Wireless LAN Conclusion. Introduction.

ziya
Download Presentation

Wired Equivalent Privacy (WEP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wired Equivalent Privacy (WEP) Presented By Kavitha Devireddy Sapna Shankar

  2. Agenda • Introduction -Kavitha • WEP • WEP Encryption • WEP Decryption • Problems with WEP • Various attacks on WEP -Sapna • Solutions for improving security of Wireless LAN • Conclusion

  3. Introduction • wireless network connectivity is becoming very important part of computing environments. • Currently popular wireless network standard is 802.11, in this standard data is transmitted over radio waves. • In this transmissions interception and tampering becomes easy to anyone with a radio.

  4. WEP • Wired Equivalent Privacy (WEP), a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. • LANs are more secure than WLANs. • WLANs, which are over radio waves are more vulnerable to tampering. • WEP provides security by encrypting data over radio waves. • WEP provides confidentiality and data integrity, and protects access to the network.

  5. Plaintext Message CRC XOR Keystream=RC4(IV,k) Transmitted Data IVCiphertext WEP Encryption • WEP uses a 40bit length shared secret key. Fig: WEP Encryption frame

  6. WEP Encryption Cont.. • First message data frame is checksummed, c(M). • plaintext(p) = message(M) + Checksum message(c(M)) • Keystream = RC4(IV, k). Here k is shared key. • ciphertext = plaintext XOR Keystream • The cipher text and the initialization vector (IV) are then transmitted via radio.

  7. WEP Decryption • Decryption is reverse of encryption. • First receiver recreates the keystream, Keystream = RC4(IV, k). • Plaintext = Ciphertext XOR Keystream • This plain text is then divided into Message and checksum. • Checksum is then computed for the message and compared with the received checksum. • If (Original checksum != Computed checksum), then the message has been changed during transmission.

  8. Problems with WEP • Key management: • WEP standard lacks good Key management that leads to poor quality. • IV reuse: • WEP's IV size is 24 bits. • WEP uses the same IV for different data packets. • An attacker can decrypt packets that were encrypted with the same IV. • Inappropriate Integrity check: • MD5 or SHA-1 algorithms are more suitable for cryptographic hash than CRC-32.

  9. Various Attacks • passively attacking to decrypt traffic. • all wireless traffic can be intercepted by a passive intruder, until an IV collision occurs. • he can recover all the messages with same IV after recovering the entire plaintext for one of the messages. • actively attacking to inject traffic. • If the attacker knows plaintext of one encrypted message, he can change the plaintext to the new message by calculating CRC-32 and doing bit flips on the original encrypted message. • If the attacker sends the new packet to the access point, it will be accepted.

  10. Various Attacks cont.. • actively attacking from both ends. • If the attacker guesses the headers of a packet, which includes destination IP address, he can flip relevant bits to make the destination system to send the packet to his own system and transmit it using some mobile station. • attacking using table of appropriate initialization vectors. • Here the attacker can build table of IVs, if he knows the plaintext for some packets. • Once he builds this table, he can decrypt all packets that are sent over the wireless link.

  11. Solutions for improving security of Wireless LAN’s • Multiple Security measures along with WEP. • Using VPN. • Using Efficient key management techniques as an additional measure. • Using alternative encryption techniques like IPsec instead of WEP.

  12. New Standards for improving security of Wireless LAN’s • 802.1X • 802.11i

  13. 802.1X : Framework for Authentication • 802.1x is an open standard framework for authenticating wireless stations. • Authenticates the wireless stations with an authentication server via an access point. • EAP(Extensible Authentication Protocol )is used for message exchange to manage mutual authentication. • Dynamic distribution of encryption keys.

  14. 802.11i • Standard is a solution to current security problems of WLAN’s. • 802.11i has two sections • 802.1x section provides authentication and key management for stations. • The second section, 802.11i, defines two data privacy protocols. • Temporal Key Integrity Protocol(TKIP) • Counter Mode/CBC MAC Protocol(CCMP)

  15. Temporal Key Integrity Protocol(TKIP) • It is data encryption algorithm,provided for backward compatibility with devices using WEP and it is optional to implement. • TKIP resolves the key reuse in WEP by providing 128 bit “temporal key” in a dynamic way for securing data. • It uses the same RC4 algorithm as WEP does and it is not considered as a long term solution.

  16. Counter Mode/CBC-MAC Protocol • It is mandatory for all devices implementing 802.11i standard. • Is an encryption algorithm based on AES. • Counter Mode provides confidentiality, integrity and protection against replay attacks. • CBC-MAC(Cipher Block Chaining message authentication code) provides authentication.

  17. Conclusion • WEP does little to secure the WLAN’s from attackers. • Better to use WEP rather than not using any encryption. • New standards and specifications which will replace WEP can be expected to provide sufficient security for wireless LAN’s.

More Related