WEP Security:
There are two parts to WEP security described in the standard. The first is the authentication phase and the second is the encryption phase.
The idea goes roughly as follows: When a new mobile device wants to
join to an access point, it must first prove its identity. Ideally, the
mobile device would also like the access point to prove itself as well.
This phase is known as authenticating each others identity.
Two Types of authentication:
1. Open Authentication:
For open authentication, the mobile device sends one message requesting authentication and the access point replies with a success message.
2. Shared Authentication:
When the mobile device requests authentication, the access point sends a random number called challenge text. This is an arbitrary 128-bit number (preferably random). The mobile device then encrypts this number with the secret key using WEP and sends it back to the access point. Because the access point remembers the random number previously sent, it can check whether the result sent back was encrypted with the correct key; the mobile device must know the key in order to encrypt the random-value successfully. This does nothing to prove to the mobile device that the access point knows the key.
There is a time savings in rejecting mobile devices that cannot communicate
after associating. This is a management feature rather than a security feature.
TYPE VALUE 1 - IdentityRC4 Algorithm
There are two main phases to RC4's use. In the first phase, initialization, some internal data tables are constructed based on the key value supplied; and in the second phase, the data runs through and is encrypted. In the case of WEP, both the initialization phase and the encryption phase occur with each packet. That is, each packet is treated as if it were a new stream of data, which ensures thatif one packet is lost the following packet can still be decrypted.
What is Initialization Vector (IV):
Key value is fixed, so for a given key and plain text, the encrypted message is same. So, If the attacker spots the same ciphered text, he might guess that same plain text is sent. Ex. He might guess the IP, which he can guess to be same. So, it is better to have differently encrypted message for a given plain text. The answer is IV. So, WEP introduces 24 Bit IV which changes for each message and is sent unencrypted along with the encrypted message so that at the reciever end, the message can be easily decrypted.
WEP uses encryption keys only; it performs no data authentication. Therefore, it does not have data integrity keys. WEP uses two types of encryption keys:
1. Default key(s) - Shared Key/Broadcast Key
2. Key mapping key(s) - Per Station key
Default Key:
For Manaagement purpose othere are 4 default keys. A device can choose one of them to be active key.
The same key is used to receive and to transmit (except during a key change). With four keys, you can operate with different keys in each direction. Remember that transmitted frames are always encrypted using the active key. Key 2 on the AP has to match key 2 on the mobile device and key 0 on the mobile has to match key 0 on the AP. However, key 0 is different from key 2. This is called directional key use. The key number (0, 1, 2, or 3) that is used for transmission has to be notified to the receiver so it knows which key to use for decryption. This is done by sending the information, called the KeyID bits, in each encrypted frame.
Key Mapping Key:
The basic principle of key mapping keys is to give each mobile device its own key value. For decrypting the Bcast keys, the default key is used. Whenever the AP receives a frame, it has to pick out the sender's MAC address and use it as an index into the table to find the right key to use for decrypting.
Similarly, before transmitting, it has to look up the correct key based on the destination address. This is tough work for the AP. WPA do provide these capabilities and the ability to manage the key lists in a much more effective way.
When a key-mapping key for an address pair is present, the WEP Key ID subfield in the MPDU shall be set to 0 on transmit and ignored on receive.
Wep Encryption process:
1. The first step in encryption is to add some bytes called the integrity check value (ICV). ICV is similar to the CRC except that it is computed and added on before encryption. The conventional CRC is still added after encryption.
2. After the ICV is appended, the frame is ready for encryption. First, the system must select an IV value and append it to the secret WEP key (as indicated by the active key selection).
3. Next, it initializes the RC4 encryption engine.
4. Finally it passes each byte from the combined data and ICV block into the encryption engine. For each byte going in, an encrypted byte comes out until all the bytes are processed. This is a stream cipher.
5. For the receiver to know how to decrypt the message, the key number and IV value must be put on the front of the message. Four bytes are added for this purpose.
Wep Decryption process:
RC4 Algorithm to generate Stream Cipher.
There are two phases in RC4: key setup and pseudo-randomgeneration. The first phase, the key setup algorithm, establishes a 256-byte array with a permutation of the numbers 0 255; that is, all the numbers are present in the array but the order is mixed up. The permutation in the array, or S-box, is established by first initializing the array with the numbers 0 255 in order. The elements in the S-box are then rearranged through the following process. First, a second 256-byte array, or K-box, is filled with the key, repeating as needed to fill the array. Now each byte in the S-box is swapped with another byte in the S-box. Starting at the first byte, the following computation is made:
Easy to remember: MAMARK
WEP Fails in all of the above
Default Key:
For Manaagement purpose othere are 4 default keys. A device can choose one of them to be active key.
The same key is used to receive and to transmit (except during a key change). With four keys, you can operate with different keys in each direction. Remember that transmitted frames are always encrypted using the active key. Key 2 on the AP has to match key 2 on the mobile device and key 0 on the mobile has to match key 0 on the AP. However, key 0 is different from key 2. This is called directional key use. The key number (0, 1, 2, or 3) that is used for transmission has to be notified to the receiver so it knows which key to use for decryption. This is done by sending the information, called the KeyID bits, in each encrypted frame.
Key Mapping Key:
The basic principle of key mapping keys is to give each mobile device its own key value. For decrypting the Bcast keys, the default key is used. Whenever the AP receives a frame, it has to pick out the sender's MAC address and use it as an index into the table to find the right key to use for decrypting.
Similarly, before transmitting, it has to look up the correct key based on the destination address. This is tough work for the AP. WPA do provide these capabilities and the ability to manage the key lists in a much more effective way.
When a key-mapping key for an address pair is present, the WEP Key ID subfield in the MPDU shall be set to 0 on transmit and ignored on receive.
Wep Encryption process:
1. The first step in encryption is to add some bytes called the integrity check value (ICV). ICV is similar to the CRC except that it is computed and added on before encryption. The conventional CRC is still added after encryption.
2. After the ICV is appended, the frame is ready for encryption. First, the system must select an IV value and append it to the secret WEP key (as indicated by the active key selection).
3. Next, it initializes the RC4 encryption engine.
4. Finally it passes each byte from the combined data and ICV block into the encryption engine. For each byte going in, an encrypted byte comes out until all the bytes are processed. This is a stream cipher.
5. For the receiver to know how to decrypt the message, the key number and IV value must be put on the front of the message. Four bytes are added for this purpose.
Wep Decryption process:
There are two phases in RC4: key setup and pseudo-randomgeneration. The first phase, the key setup algorithm, establishes a 256-byte array with a permutation of the numbers 0 255; that is, all the numbers are present in the array but the order is mixed up. The permutation in the array, or S-box, is established by first initializing the array with the numbers 0 255 in order. The elements in the S-box are then rearranged through the following process. First, a second 256-byte array, or K-box, is filled with the key, repeating as needed to fill the array. Now each byte in the S-box is swapped with another byte in the S-box. Starting at the first byte, the following computation is made:
WEP Failures:
The mechanisms that are needed for security:- Authentication: No Mutual Authentication. Only, station is validated by AP.
- Access control: It is often confused with authentication. All that authentication does is to establish who you are; it does not follow that, because you are authenticated, you should be allowed access.
- Replay prevention: You are replaying an old message without needing to know the contents. If there were no replay protection, the access point would correctly decode the message; after all, it was originally encrypted with a valid key before you recorded it. The access point passes the message to the login server, which accepts it as a valid login. WEP has no protection against replay at all. It was just not considered in the design. There is a sequence number in the MAC frame that must increase monotonically. However, it is not included in the WEP protection so it is easy to modify the sequence number to be valid without messing with the encrypted portion on the frame. Replay protection is not broken in WEP; it simply doesn't exist.
- Message modification detection: (Cipher Text Modification). ICV used is a linear method. So, if out of the entire message we can know which bits are changed if we change a bit in the message, so attacker can get those bits changed by changing other bits in the cipher text, which is modifying the original message.the assumption that the ICV is protected by encryption just doesn't hold water. Its actual value is protected, but you can reliably flip its bits. And because you can work out which bits to flip corresponding to a change in the data, you can completely defeat its protection. The reality is that WEP provides no effective protection against ciphertext modification. [In fact, in the general case, no integrity check word can be used successfully with RC4 unless it is created using a key generated specifically for integrity checking (as distinct from the encryption key)].
- Message privacy:
- Key protection
Easy to remember: MAMARK
WEP Fails in all of the above
