WEP: WEP (IV concatenate key with RC4 approach) in 1997 IEEE 802.11 is weak and not recommended in WLAN anymore. WEP technology was broken in 2001, 2005, 2006, and 2007. This resulted in WPA2 in IEEE 802.11i, strengthening the Confidentiality (AES) and Integrity (CCMP) of WLAN suite for the communication between wireless nodes and the AP.
Read, understand, and summarize the following paper (open the link in a web browser): eprint.iacr.org/2007/120.pdf
Your report consists of the following sections:
(1) 20-pt Key Problems and Motivation
(2) 20-pt Approach
(3) 20-pt Experiments
(4) 20-pt Conclusions
(5) 20-pt Your proposal for further improvement
Key Problems and Motivation
Wired Equivalent Privacy (WEP) is used in the encryption of wirelessly transmitted packets over networks. Examples of these networks include the IEEE 802.11 network. During transmission, all packets are transmitted under a common key. The recovery of this key may, therefore, be used to access the whole network. One problem that faced the application of WEP is the use of one root key as opposed to the four that are allowed. This makes the task of hacking WEP easier as the hackers only require to obtain one root key.
Another problem facing the use of WEP was the usability of old IV values. This is because it allowed the injection of messages. This vulnerability further allowed the use of cipher text-only attacks against the RC4. In order to use this form of attack, the hackers needed to capture at least 4 million different frames and fill a resolved condition with the IVs. In a bid to remove the possibility of this kind of attack, all the IVs were filtered and the more vulnerable ones were neutralized. However, this security measure only held until 2004, when a person hacked the WEP without using the weak IVs. The new hacking method only used 500,000 IVs to complete the hack instead of the previous requirement of 4 million.
Furthermore, that method was improved upon by the ability to use related keys that had no resolved condition on the IVs in use. This new attack method can be done with much less frames than the original requirement. Finally, the current WEP attack method involves the real-time decryption attack on the WEP. This new method does not require recovery of the root key. It applies the packet fragmentation technique.
The approach used is the related key attack. Here, the attacker waits and observes how a cipher will be operated. This is done for a number of several different keys. The attacker then comes up with a mathematical formula that shows the relationship between the used keys. This approach is very popular in the attack of WEP since all network adapters under a certain network access use the same key. When a stream cipher is used, care should be taken to ensure that the same key is not used twice. In an effort to prevent this from being the source of attacks, a 24-bit initialization vector is included in every unique packet. All RC4 keys are usually concatenated with the WEP key.
During attacks, the hacker assumes that a single WEP key is shared by all the RC4 keys that are used in the encryption of the packets. Though the 24 bit IV is put in place to avert any attacks, the attackers are usually aware that it can only generate a maximum of 17 million possibilities. The determination of the WEP key in use had been made easier by the probability that for every 5,000 packets, there are at least two packets that share the same key and, therefore, the same RC4 key.
A method to try and prevent the use of this approach to attack the WEP is the use of specially designed protocols. The protocols were designed to ensure that encryption keys do not have a relationship that can easily be identified. The use of at least three different levels of keys has also been used to ensure that the recovery of one key is not enough to launch a devastating attack.
The experiment involves the use of a sufficient amount of key streams to execute an attack. The assumption made is that the WEP key used is made up of 104 bits. In the experiment, Ai is calculated for all the recovered keys. The votes for each are then called back and recorded in a tabular form. Another assumption is then made that the correct value for each key is the one that has been voted the most.
There are several steps that are involved in the experiment. The first step involves key ranking. Here, key streams are generated using an initialization vector key and a guessed key. The generated values are then compared with the collected keys. To find the correct key, all values are analyzed. These are values those contained in tables that have the least variation from the original entry table.
The second step involves the handling of the strong keys. A key is said to be strong if at least one of the key bytes that it possess is a strong key byte. Any other key that does not possess this property is said to be a normal key byte. In order to separate the strong key bytes from the normal ones, there are 2 steps involved:
- Find the keys that are strong. From these, one knows that the remaining keys are the normal ones. Large samples should be used to increase the accuracy of the strong values obtained.
- Find the right values for the keys. This step can be combined with the key ranking method. For this combination, we ignore the tabulated values and use the values resulting from the calculations.
Next, the number of frames required to break WEP was lowered significantly using the same method demonstrated in the 2004 attack, the “chopchop” attack. Using this attack or the fragmentation attack both allows the decryption of request and response packets that traveled through WEP. When enough plaintext is recovered, WEP is ultimately broken.
WEP is vulnerable to attacks, mainly because it uses a single key to safeguard its packets. Due to this vulnerability, an enhancement to the WEP was made, called the Wi-Fi Protected Access (WPA). It tried to improve on the vulnerability of WEP with the use of several levels of different keys: the master key, the working key, and the RC4 key. Incorporation of TKIP protocol into the WEP helped to generate new random keys and avert many attacks. However, the WPA is not invulnerable. It is advisable to use WPA for networks that involve the transmission of confidential information to avoid its leakage to other 3rd parties.
WEP can be cracked by any person who looks up the past attacks and has an average laptop. Even though its biggest pitfalls were corrected in WPA, WEP is still widely used commercially. Every internet connection under protection of WEP is currently unsafe.
Further research may be done in several fields, such as on multiple key byte extensions. Additionally, more can be done for the study of correlations in RC4 that is independent of Klein’s analysis. Research may also be done on the stretching of the RC4 key to 254 bits through repetition. This is to be done until the required of frames is achieved (Sari & Karay, 2015).
It may also be useful to study the use of a modified FMS attack. There has been speculation that this would result in the ability to attack the WEP within an even shorter period of time. Currently, there is ongoing research to try and reduce the number of packets needed by up to a half. This is to be done while the rate of success remains high.
- Primary Source iacr.org/2007/120.pdf
- Sari, A. & Karay, M. (2015). Comparative Analysis of Wireless Security Protocols: WEP vs WPA. IJCNS, 08(12), 483-491. http://dx.doi.org/10.4236/ijcns.2015.812043