WEP (Wired Equivalent Privacy) is the first security standard for Wi-Fi (Wireless) networks today.
What is WEP Encryption?
The wireless encryption system is designed to provide privacy comparable to a traditional wired network; the Wired Equivalent Privacy acronym, IEEE 802.11 standard encryption system, is a protocol for wireless networks.
It provides level 2 encryption based on the RC4 encryption algorithm using 64-bit (40-bit plus 24-bit initialization vector IV) or 128-bit (104-bit plus 24-bit IV) keys. Broadcast messages from wireless networks are transmitted by radio waves, which makes them easier compared to wired networks and is relatively easy to collect. WEP was first introduced in 1999.
Starting in 2001, crypto analysts detected some severe weaknesses. As a result, WEP protection today can be violated with easily accessible software within minutes. A few months later, IEEE created the new 802.11i security fix to neutralize problems. In 2003, the Wi-Fi Alliance announced that it was replacing WEP with Wi-Fi Protected Access (WPA).
Finally, in 2004, with the approval of the full 802.11i standard (known as WPA2), IEEE stated that both WEP-40 and WEP-104 were canceled because they did not offer security. Despite its weaknesses, it continues to be used as it is the first security option provided to users by router configuration tools. It can only prevent unauthorized users from accessing a private network without giving absolute protection, but it can also offer a level of security. It was deprecated as a wireless privacy mechanism in 2004 but is still documented in the current standard.
WEP is sometimes misinterpreted as the Wireless Encryption Protocol.
Definition
WEP is an optional security algorithm that is included in the first version of the IEEE 802.11 standard and protects wireless networks kept unchanged in the new 802.11a and 802.11b to guarantee compatibility between different manufacturers. It is a standard encryption system implemented on MAC and supported by most wireless solutions. In no case is it compatible with IPSec.
Standard
The IEEE 802.11 standard provides security mechanisms through authentication and encryption processes. In Private or Advanced Service Set network mode, authentication can be done using an open system or shared key. A requesting network station can authorize any station or only stations on a predefined list. In a shared vital system, only stations with an encrypted key are authenticated.
The 802.11 standard specifies an optional encryption feature; its purpose is to create a security level similar to that of wired networks. It uses RSA Data Security’s RC4 algorithm and is used to encrypt over air transfers.
While WLAN systems can resist passive eavesdropping, the only effective way to prevent someone from sacrificing transmitted data is by using encryption mechanisms. The purpose of WEP is to encrypt data carried by radio signals to ensure that WLAN systems have a level of privacy equivalent to that of wired LAN networks. A secondary purpose of WEP is to prevent unauthorized users from accessing WLAN networks (i.e., providing authentication).
This secondary purpose is not explicitly specified in the 802.11 standard but is considered an essential feature of the WEP algorithm. It is also a critical element to ensure access control through authentication mechanisms as well as to guarantee the confidentiality and integrity of data in WLAN systems based on the 802.11 standard. As a result, most 802.11-compatible WLAN products support WEP as an optional standard feature.
Encryption
It uses a secret key shared between the wireless station and the access point. All data sent and received between the station and the access point can be encrypted using this shared key. The 802.11 standard does not specify how the private key is set but allows a table to associate a unique key with each station. In general practice, however, the same key is shared between all stations and access points in a particular system.
To protect the encrypted text from unauthorized changes during transmission, WEP applies an integrity checking algorithm (CRC-32) that generates an integrity check value (ICV) to plain text. This integrity check value is combined with plain text. The integrity check value is actually a kind of fingerprint of plain text. The ICV value is added to the encrypted text and sent to the receiver with the initialization vector. The recipient combines the encrypted text with the keystream to get the plain text. By applying the integrity algorithm to plain text and comparing the output with the received ICV vector, it can be verified that the decryption process is correct or the data is corrupted.
If the two ICV values are the same, the message is authenticated; that is, the fingerprints match.
Authentication
It provides two types of authentication: an open system where all users have access to the WLAN and a shared key authentication that controls access to the WLAN and prevents unauthorized access to the network. Shared key authentication is the secure mode. It uses a secret key shared between all stations and access points in the WLAN system. When a station tries to connect to an access point, it is duplicated with random text, which is the challenge. The station must use a copy of the shared secret key to encrypt the test text and send it back to the access point for authentication.
The access point decrypts the response using the same shared key and compares it to the test text sent earlier. If the two texts are the same, the access point sends a confirmation message to the station and accepts it in the network. If the station does not have a password or sends an incorrect response, the access point refuses it, preventing the station from accessing the network.
Shared vital authentication works only if encryption is enabled. If it is not enabled, the system will return to the open-access mode (unsafe) by default in the application and allow any station in the access point range to connect to the network in practice. This creates a window for intruders to enter the system, after which you can send, receive, and change messages.
It is good to make sure WEP is enabled when a secure authentication mechanism is required. Even if shared key authentication is enabled, all wireless stations in a WLAN system can have the same shared key depending on how the system was set up.
In such networks, personalized authentication is not possible. All users can access the network, including unauthorized users who have the shared key. This weakness can cause unauthorized access, mainly if the system contains a large number of users. The more users, the more likely the shared key will get into the wrong hands.
What Does It Do?
According to the standard, WLAN networks should provide privacy, authentication, and access control. It uses the same static and symmetric switch at the stations and access points. The standard does not design any automatic key distribution mechanism that forces the key to write the key manually on each network element. This creates several ailments. On the one hand, the key is stored at all stations, which increases the chances of compromising. On the other hand, manual distribution of switches causes an increase in maintenance by the network administrator, which in most cases means that the switch changes little or not at all.
Algorithms
The encryption algorithm used is RC4 with a key (seed) compared to the standard 64-bit. This 64-bit consists of 24 bits corresponding to the start vector and 40 bits of the secret key. Forty bits are bits that must be distributed manually. On the other hand, the initiation vector (IV) is dynamically generated and should be different for each frame. The purpose pursued with IV is to encrypt with different keys to prevent a potential attacker from capturing enough encrypted traffic with the same key and eventually removing the key.
Obviously, both ends should know both the secret key and IV. The first thing we know is that it is stored in the configuration of each network element because it is known. On the other hand, IV is produced at one end and sent to the other end of the frame, so it is known. Remember that it is easy for a potential attacker to intervene when traveling IV in each frame.
Encryption Algorithm
A 32-bit CRC is calculated from the data. This CRC-32 is the recommended method to guarantee the integrity of messages (ICV, Integrity Check Value).
- The secret key is combined after creating the IV seed.
- RC4’s PRNG (Pseudo-Random Number Generator) generates a series of fake random characters (keystreams) of the same length as the bits obtained from the seed at point 1.
- The special OR (XOR) point of the characters is calculated, and the data is encrypted as a message.
- IV (unencrypted) and encrypted message is sent within the data area (frame body) of the IEEE 802.11 frame.
- The decryption algorithm is similar to the previous one. Since the other end will know the IV and secret key, it will have the seed and will be able to generate the critical flow with it. Performing XOR between the received data and keystream receives the unencrypted message (data and CRC-32), then checks if the CRC-32 is correct.
RC4 Encryption Algorithm
It is a Flow Encryption (not block) algorithm created in 1987 by Ronald Rivest (RSA R-RSA Data Security Trade Secret). A newsgroup was published on sci.crypt on 13 September 1994 using an anonymous remailer. It is used by various commercial programs such as Netscape and Lotus Notes.
It operates from a 1 to 256-byte (8 to 1024-bit) key that initializes the status table. This table is used to create a list of pseudo-random bytes combined with plain text using the XOR function; the result is encrypted text.
Security Flaws
The weakness of the initiation vector (IV) in this algorithm is that it has several security problems. Note that IV is the part that changes from the key (seed) to prevent a potential attacker from collecting enough encrypted information with the same key.
However, the 802.11 standard does not specify how to use IV. It is stated that in order to increase privacy, it should be changed in every framework, but it is not mandatory. The question of how to replace IV in their products is open to manufacturers. The result of this is that a good portion of applications prefer a simple solution: each time the network card is started, the IV is set to 0, and 1 for each frame is increased.
This causes the first combinations of IVs and a secret key to be repeated too often. Also, considering that each station uses the same secret key, the squares with the same key are multiplied in the middle. On the other hand, the number of different IVs is not very high (about 224 = 16 million), so they will be repeated in a few minutes or hours. The higher the network load, the less time will be. Ideally, IV should never be repeated, but as we have seen, this is impossible in WEP. The number of repetitions of the same IV will depend on the application and network load selected to change the IV by the manufacturer (sequential, random).
The 24-bit length for IV is part of the standard and cannot be changed. There are applications with 128-bit keys (known as WEP2), but the only thing that is actually increased is the secret key (104-bit), but IV is kept with 24-bit. Increasing the length of the secret key does not solve the weakness of IV.
If several frames with the same IV have been captured, that is, with the same keystream, you only need to know the unencrypted message that does XOR between an unencrypted message and the same encryption that will give us the mainstream for IV.
By knowing the critical flow associated with an IV, you can decrypt all frames using the same IV. So, the problem is knowing an unencrypted message. Still, even if this is not too complex, it can cause predictable traffic or cause ICMP echo request and response messages and TCP confirmations.
Solution Suggestions for Current WEP
- Use higher levels of encryption, such as IPsec
- Place a Firewall between the access points and the LAN.
- Use a VPN.
Suggested Solutions for Future WEP Versions
- Pass the key and IV through the Hash function before entering RC4. It should be done every season.
- Change the encryption system for a more secure symmetric algorithm, such as AES.
- Use asymmetric essential methods to distribute keys.
- Change the keys frequently.
- Use random keys, not keys generated from words.
- Identify stations safely.
Alternatives
The vulnerabilities disclosed are more than enough reason to use other security mechanisms in WLAN networks. Although not part of the standard, manufacturers of Wi-Fi products decided to offer the possibility to use twice the length of the switches (64-bit to 128-bit). WEP, which is used with 128-bit keys, is generally known as WEP2. However, the size of the initialization vector is still 24 bits (IEEE 802.11 frames do not allow IV to send more bits), so the only thing to increase is the secret key (from 40 to 104 bits). Since IV length and how it is used do not change, the weaknesses of IV can continue to be used in the same way. WEP2 does not solve WEP problems.
Another variant used in some applications is dynamic WEP. The goal, in this case, is to include automatic fundamental distribution mechanisms and user authentication via 802.1x / EAP / RADIUS. Requires a network authentication server (typically RADIUS). If the same key (secret key + WEP) is not used in more than one frame, this mechanism will be sufficient to compensate for the main weaknesses of WEP.
However, the solution preferred by companies as an alternative to WEP has been the use of VPNs, which will be done if users connect remotely to the office. Although it was not designed explicitly for WLAN networks, VPN technology has been proven enough and considered safe. The disadvantage is the lack of interoperability between devices from different manufacturers.
The mechanisms specifically designed to be the successor of WLAN networks are WPA and WPA2 (IEEE 802.11i). The first is expected in 2003, and the second is scheduled for late 2004.
Security in wireless networks is a critical issue that cannot be ignored. As transfers pass through an unsafe environment, mechanisms are necessary to ensure the integrity and originality of the data as well as its confidentiality.
Despite its potential strength in the IEEE 802.11 standard to provide security and protect data privacy and integrity, there are a number of limitations that can only be avoided by proper management. The first problem arises in the use of the initialization vector included in the unencrypted part of the message. Hence, the receiver knows which IV (Initial Vector) value to use when generating the keystream for decryption.
The 802.11 standard recommends but does not require the IV value to be changed after each transmission. If the IV value is not changed regularly but is used for subsequent messages, a listener can encrypt the IV value and the critical flow generated by the secret key, thereby decrypting messages using that value; it becomes even more crucial if all terminals are configured with the duplicate keys.