In this very important chapter, we will discuss the much-maligned 802.11 specified security solution known as Wired Equivalent Privacy, or WEP. As you may already know, WEP alone will not keep a hacker out of a wireless LAN for very long. This chapter will explain why, and offer some steps for how WEP can be used with some level of effectiveness.
We will explain the various methods that can be used to attack a wireless LAN so that as an administrator you will know what to expect and how to prevent it. Then we will discuss some of the emerging security solutions that are available, but not yet specified by any of the 802.11 standards. Finally, we will offer some recommendations for maintaining wireless LAN security and discuss corporate security policy as it pertains specifically to wireless LANs.
Wired Equivalent Privacy
Wired Equivalent Privacy (WEP) is an encryption algorithm used by the Shared Key
authentication process for authenticating users and for encrypting data payloads over only the wireless segment of the LAN. The IEEE 802.11 standard specifies the use of WEP.
WEP is a simple algorithm that utilizes a pseudo-random number generator (PRNG) and the RC4 stream cipher. For several years this algorithm was considered a trade secret and details were not available, but in September of 1994, someone posted the source code in the cypherpunks mailing list. Although the source code is now available, RC4 is still trademarked by RSADSI. The RC4 stream cipher is fast to decrypt and encrypt, which saves on CPU cycles, and RC4 is also simple enough for most software developers to code it into software.
When WEP is referred to as being simple, it means that it is weak. The RC4 algorithm was inappropriately implemented in WEP, yielding a less-than-adequate security solution for 802.11 networks. Both 64-bit and 128-bit WEP (the two available types) have the same weak implementation of a 24-bit Initialization Vector (IV) and use the same flawed process of encryption. The flawed process is that most implementations of WEP initialize hardware using an IV of 0 - thereafter incrementing the IV by 1 for each packet sent. For a busy network, statistical analysis shows that all possible IVs (224) would be exhausted in half a day, meaning the IV would be reinitialized starting at zero at least once a day. This scenario creates an open door for determined hackers. When WEP is used, the IV is transmitted in the clear with each encrypted packet. The manner in which the IV is incremented and sent in the clear allows the following breaches in security:
- Active attacks to inject new traffic- Unauthorized mobile stations can inject packets onto the network based on known plaintext
- Active attacks to decrypt traffic - Based on tricking the access point
- Dictionary-building attacks - After gathering enough traffic, the WEP key can be cracked using freeware tools. Once the WEP key is cracked, real-time decryption of packets can be accomplished by listening to broadcasts packets using the WEP key
- Passive attacks to decrypt traffic - Using statistical analysis, WEP traffic can be decrypted.
Why WEP Was Chosen
Since WEP is not secure, why was it chosen and implemented into the 802.11 standard? Once the 802.11 standard was approved and completed, the manufacturers of wireless LAN equipment rushed their products to market. The 802.11 standard specifies the following criteria for security:
- Exportable
- Reasonably Strong
- Self-Synchronizing
- Computationally Efficient
- Optional
support the security goals of confidentiality, access control, and data integrity. What actually happened is that too many early adopters of wireless LANs thought that they could simply implement WEP and have a completely secure wireless LAN. These early adopters found out quickly that WEP wasn't the complete solution to wireless LAN security. Fortunately for the industry, wireless LAN hardware had gained immense popularity well before this problem was widely known. This series of events led to many vendors and third party organizations scrambling to create wireless LAN security solutions.
The 802.11 standard leaves WEP implementation up to wireless LAN manufacturers, so each vendor’s implementation of WEP keys may or may not be the same, adding another weakness to WEP. Even WECA's Wi-Fi interoperability standard tests include only 40-bit WEP keys. Some wireless LAN manufacturers have chosen to enhance (fix) WEP, while others have looked to using new standards such as 802.1x with EAP or Virtual Private Networks (VPN). There are many solutions on the market addressing the weaknesses found in WEP.
WEP Keys
The core functionality of WEP lies in what are known as keys, which are the basis for the encryption algorithm discussed in the previous section of this chapter. WEP keys are implemented on client and infrastructure devices on a wireless LAN. A WEP key is an alphanumeric character string used in two manners in a wireless LAN. First, a WEP key can be used to verify the identity of an authenticating station. Second, WEP keys can be used for data encryption.
When a WEP-enabled client attempts to authenticate and associate to an access point, the access point will determine whether or not the client has the correct WEP key. By “correct”, we mean that the client has to have a key that is part of the WEP key distribution system implemented on that particular wireless LAN. The WEP keys must match on both ends of the wireless LAN connection.
As a wireless LAN administrator, it may be your job to distribute the WEP keys manually, or to setup a more advanced method of WEP key distribution. WEP key distribution systems can be as simple as implementing static keys or as advanced as using centralized encryption key servers. Obviously, the more advanced the WEP system is, the harder it will be for a hacker to gain access to the network.
WEP keys are available in two types, 64-bit and 128-bit. Many times you will see them referenced as 40-bit and 104-bit instead. This reference is a bit of a misnomer. The reason for this misnomer is that WEP is implemented in the same way for both encryption lengths. Each uses a 24-bit Initialization Vector concatenated (linked end-toend) with a secret key. The secret key lengths are 40-bit or 104-bit yielding WEP key lengths of 64 bits and 128 bits.
The number of characters entered for the secret key depends on whether the configuration software requires ASCII or HEX and whether 64-bit or 128-bit WEP is being used. If your wireless card supports 128-bit WEP, then it automatically supports 64-bit WEP as well. If entering your WEP key in ASCII format, then 5 characters are used for 64-bit WEP and 13 characters are used for 128-bit WEP. If entering your WEP key in HEX format, then 10 characters are used for 64-bit WEP and 26 characters are used for 128-bit WEP.
Static WEP Keys
If you choose to implement static WEP keys, you would manually assign a static WEP key to an access point and its associated clients. These WEP keys would never change, making that segment of the network susceptible to hackers who may be aware of the intricacies of WEP keys. For this reason, static WEP keys may be an appropriate basic security method for simple, small wireless LANs, but are not recommended for enterprise wireless LAN solutions.
When static WEP keys are implemented, it is simple for network security to be compromised. Consider if an employee left a company and "lost" their wireless LAN card. Since the card carries the WEP key in its firmware, that card will always have access to the wireless LAN until the WEP keys on the wireless LAN are changed.
When static WEP keys are implemented, it is simple for network security to be compromised. Consider if an employee left a company and "lost" their wireless LAN card. Since the card carries the WEP key in its firmware, that card will always have access to the wireless LAN until the WEP keys on the wireless LAN are changed.
If a WEP key were compromised, it would mean changing 25 stations and an access point or two instead of the entire network.
Another reason for multiple WEP keys is in case there is a mix of 64-bit and 128-bit cards on the network. Since an administrator might want to use as strong an encryption scheme as possible for nodes that support 128-bit WEP, being able to segment users into groups of 64-bit and 128-bit WEP ensures the use of the maximum encryption available for each without affecting the other group.