What Is WEP?
WEP is an abbreviation for WIRED EQUINITIALIZATION VECTORALENT PRINITIALIZATION VECTORACY. It is a security algorithm for IEEE 802.11 wireless networks. Initially, it was introduced as part of the original 802.11 standard ratified in September 1999, to provide data confidentiality comparable to that of a traditional wired network. It used to be the first choice for users and was also very widely utilized.
How Does It Work?
Three different protocols, designed and named after the number of bits in user defined ASCII code is used as a WEP Key.
64 bit WEP uses 40 bit Key to which 24 bit INITIALIZATION VECTOR (IV) is concatenated. The 40 bit key is derived from a hexadecimal code (0-9 and A-F) of 10 digits, each digit representing 4 bits. This 40 bit key and INITIALIZATION VECTOR code together form a 64 bit code, which is called an RC4 Key. This Key is XORed (ith reference to Exclusive OR in Truth table of binary algebra) with a user defined plain text of 5 ASCII characters each occupying 8 bits or 1 byte of data totaling to 40 bits. This restricts each byte to be a printable ASCII Character.
The key size was restricted initially by U. S. Government’s EXPORT RESTRICTION ON CRYPTOGRAPHIC TECHNOLOGY.
Once the restriction was lifted, 128 bit WEP protocol was implemented, using 104 bit key size. It is a string of 13 digit ASCII key, that is a 26 hexadecimal characters, which is again a 26 hexadecimal code X 4 bits per hexadecimal code = 104 bits concatenated to an INITIALIZATION VECTOR of 24 bits, totaling to 128 bit WEP key.
256 bit WEP is also available from some vendors. It is similar to other WEP variants, 24 bits are reserved for INITIALIZATION VECTOR (Initialization Vector) and the rest is used for actual protection. The remaining 232 bits are entered as 58 hexadecimal characters, which are actually 29 ASCII characters that are to be entered by the users.
How Is The Authentication Performed?
WEP uses two different authentication methods to provide access to clients in an environment like Infrastructural and Adhoc network.
Open System Authentication:
WLAN client need not provide its credentials to access point during authentication. And subsequently, WEP keys can be used for encrypting data frames. Here, the clients must have correct keys. But this provides no actual authentication between the Access Point and the client.
Shared Key Authentication:
It involves Access Point to make a 4 step – Challenge – Response – Handshake method of authentication with client. The steps are as follows:
1. Client initiates Authentication Request to the Access point.
2. Access Point replies with a CLEAR _ TEXT Challenge.
3. Client encrypts the challenge – text using the configured WEP Key, and sends it to access point in another authentication request.
4. Access point decrypts the response and if this matches the challenge text, the access point sends back a positive reply.
After authentication, the pre shared WEP key is used for encrypting data frames, using RC4 key. Even though the Shared Key Authentication looks more secure, the challenge frames sent by access point can be used to derive the key stream. So the Open System Authentication is advisable even though it offers no real authentication.
‘No authentication is better than Bad authentication’, you see!
What Are The Flaws Detected in WEP?
1. Because RC4 (ARC4, a software) is a stream cipher, loosely inspired by one time pad, the same traffic key must never be used twice. The purpose of an Initialization Vector, which is transmitted as plain text, is to prevent any repetition, but a 24-bit INITIALIZATION VECTOR is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.
2. In August 2001, Scott Fluhrer, Itsik Mantin and Adi Shamir published a cryptanalysis of WEP that exploits the way the RC4 ciphers and IV are used in WEP, resulting in a passive attack that can recover the RC4 key after eavesdropping on the network. Depending on the amount of network traffic and the number of packets available for inspection, a successful key recovery could take as little as one minute. If insufficient number of packets is being sent, there are ways for an attacker to send packets on the network and thereby stimulate reply packets which can then be inspected to find the key. It is possible to perform the attack with a personal computer and freely available software in a jiffy.
3. Cam – Winget et al surveyed a variety of shortcomings in WEP. They say, “Experiments in the field show that, with proper equipment, it is practical to eavesdrop on WEP-protected networks from distances of a mile or more from the target.” They also reported two generic weaknesses:
a) The use of WEP was optional, resulting in many installations never even activating it, and
b) By default, WEP relies on a single shared key among users, which leads to practical problems in handling compromises, which often leads to ignoring compromises.
4. In 2005, a group from the U.S. Federal Bureau of Investigation (FBI) gave a demonstration where they cracked a WEP-protected network within 3 minutes, using publicly available tools.
5. Andreas Klein presented another analysis of the RC4 stream cipher. Klein showed that there are more correlations between the RC4 key stream and the key than the ones found by Fluhrer, Mantin and Shamir which can additionally be used to break WEP in WEP-like usage modes.
6. In 2006, Bittau, Handley, and Lackey showed that the 802.11 protocol itself can be used against WEP to enable earlier attacks that were previously thought impractical. After eavesdropping of a single packet, an attacker can rapidly bootstrap to be able to transmit arbitrary data.
7. In 2007, Erik Tews, Andrei Pychkine, and Ralf-Philipp Weinmann were able to extend Klein’s 2005 attack and optimize it for usage against WEP. With the new attack it is possible to recover a 104-bit WEP key with probability 50% using only 40,000 captured packets. For 85,000 available data packets, the success probability is about 95%. Using active techniques like ARP re-injection, 40,000 packets can be captured in less than one minute under good conditions. The actual computation takes about 3 seconds and 3 MB of main memory on a Pentium-M 1.7 GHz processor and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40-bit keys with an even higher success probability.
8. Payment Card Industry (PCI) Security Standards Council’s update of the Data Security Standard (DSS) (2008), prohibits use of the WEP as part of any credit-card processing after 30 June 2010, and prohibits any new system from being installed that uses WEP after 31 March 2009.
Keeping in mind the above failures, WEP, certified to be a weak algorithm, was disapproved in favour of Wi-Fi Protected Access (WPA 2) by IEEE, as it failed to meet their security goals, in 2004.
What Are The Remedies Suggested?
The IEEE has tried to nullify WEP’s ability of being breached using further modifications. They are-
Use of Encrypted Tunneling Protocols:
Protocols like IPSec, Secure Shell etc., can provide secure data transmission over an insecure network. However, replacements for WEP have been developed with the goal of restoring security to the wireless network itself.
802.11i (WPA and WPA2):
The recommended solution to WEP security problems is to switch to WPA2. Both WPA and WPA2 are much more secure than WEP. To add support for WPA or WPA2, some old Wi-Fi access points might need to be replaced or have their firmware upgraded.
WPA was designed as an interim software-implementable solution for WEP that could forestall immediate deployment of new hardware. However, TKIP (the basis of WPA) has reached the end of its designed lifetime, has been partially broken, and had been officially disapproved with the release of the 802.11 -2012 standard.
Implemented Non-Standard Fixes:
a) WEP 2: This enhancement to WEP was present in some of the early 802.11i drafts also. It was implementable on some hardware that is not able to handle WPA or WPA2. After it became clear that the WEP’s whole algorithm was deficient (and not just the INITIALIZATION VECTOR and key sizes) and would require even more fixes, both the WEP 2 name and original algorithm were dropped.
The two extended key lengths remained in what eventually became WPA’s TKIP.
b) WEP plus: WEP + is a proprietary enhancement to WEP by Agere Systems (formerly a subsidiary of Lucent Technologies) that enhances WEP security by avoiding “weak INITIALIZATION VECTORS”. It is completely effective only when WEP plus is used at both ends of the wireless connection. As this cannot easily be enforced, it remains a serious limitation. It also does not necessarily prevent replay attacks, and is ineffective against later statistical attacks that do not rely upon weak IVs.
c) Dynamic WEP: Dynamic WEP refers to the combination of 802.1x technology and the Extensible Authentication Protocol. Dynamic WEP changes WEP keys dynamically. It is a vendor-specific feature provided by several vendors such as 3Com. The dynamic change idea made it into 802.11i as part of Temporary Key Integrity Protocol (TKIP), but not for the actual WEP algorithm.
Hope this article successfully enlightened its readers with a detailed report on WEP and reasons why we call it a weak algorithm. Stay tuned to Czar for more such updates.