МИНИСТЕРСТВО НАУКИ И ВЫСШЕГО ОБРАЗОВАНИЯ РФ

Национальный исследовательский Томский государственный университет

Томский государственный университет систем управления и радиоэлектроники
Болгарская Академия наук
Академия инженерных наук им. А.М. Прохорова
Международная научно-техническая организация «Лазерная ассоциация»

ИННОВАТИКА-2020
СБОРНИК МАТЕРИАЛОВ

XVI Международной школы-конференции студентов,

аспирантов и молодых ученых
23–25 апреля 2020 г.
г. Томск, Россия

Под редакцией А.Н. Солдатова, С.Л. Минькова

Томск – 2020
 STUDYING IEEE-802.11 ENCRYPTION PROTOCOL
M. Oduro, A. Poguda
National Research Tomsk State University
mdoduro@gmail.com

From the inception of wireless network in 1997, wireless network has enabled us to
communicate over the internet without wired network. It has also grown exponentially
over the past three decades and it is ubiquitous of all humans’ activities. As the
wireless communication expands, so does wireless network threats. The IEEE in
conjugation with Wi-Fi Alliance provides wireless encryption protocols: WEP, WPA,
and WPA2.The article will look into the various weaknesses, strengths and attacks of
each encryption protocols.
Keywords: IEEE, Wi-Fi Alliance, wireless network, WEP, WPA, WPA2.

The Institute of Electrical and Electronics Engineering (IEEE) in June 1997

design the new form on how computers can communicate without wired
connection. This form of communication is called 802.11 or wireless LAN. It
is report that wireless network carries half of the internet traffic [1].
Since the creation of IEEE 802.11, security to protect wireless data
communication is paramount to the organizing bodies. So in 1999, IEEE
introduce that new security called Wired Equivalent Privacy (WEP) to secure
protection for the 802.11a and 802.11b traffic from eavesdropping. As attack
on the new security as increases and WEP key encryption protocol was broken.
So Wi-Fi Alliance in 2003 introduced a stopgap replacement of WEP
called Wi-Fi Protected Access (WPA). WPA gave extra security features such
as strong message integrity check, TKIP encryption and dynamic key mixing
per packet. WPA was a software upgrade and run on WEP algorithm
architecture, only software upgrade needed. In 2004, a second version of WPA
(WPA2) was rectified with a much stronger encryption algorithm CCMP/AES.
WPA2 requires a new hardware upgrade.
WEP uses RC4 cipher algorithm for data confidentiality and Cyclic
Redundancy Check (CRC-32 bit) for data integrity. WEP supports 64-bit and
128-bit key encryption of data. The 64-bit uses a secret 40-bit static key with a
fixed 24-bit initialization vector (IV) while the 128-bit uses 104-bit static key
with 24-bit IV. In the transmission of data packet, the IVs are send in plain text
with every new frame created. The key allow clients to connect to access point
(AP) and encrypt data packet. WEP also uses CRC-32 integrity check value
(IVC) to ensure wireless data is not modified during transmission. WEP
support two authentication methods: Open and Shared Key. Open

555
authentication requires no key to connect to AP whiles Shared key
authentication requires a key.
The Rivest Cipher 4 Algorithm: The RC4 developed by Ronald Rivest in
1987 and consist of two components: key scheduling algorithm (KSA) of key
size K (40 to 254-bit) and pseudo-random generation algorithm (PRGA). The
KSA perform key initialization and PRGA generates pseudo random number
generator (PRNG) output. RC4 start the encryption process with KSA
initialization value K and two array indices i, j to 0 with permutation S
(0.1,..N=2n). K is swaps i and j in S. PRGA put i and j to zero, loops four
operation to increment i as a counter and j random increment to give a
permutation of S and generate a keystream S = S[i] + S[j].
WEP Weaknesses RC4 Algorithm Problem: The simplicity of the key-
scheduling algorithm produces more correlation between the key and output
leading to easy detection of weak keys for encrypted packets [3]. The first
bytes of IV keys are sent in clear text and passive monitoring can show the
unencrypted IV.
Weak and Short IV: The 24-bit IV generates 17 million different frames
but 9000 are of interest. Attacker can filters and obtain the IV [3].
Key Management and Short Static Key: The 40-bit or 104-bit static key is
share with every client and AP on the network. The shortness of key is
susceptible to brute force attack. Also the static key is share with every client
and AP, so an attack in one client affects the whole network [5].
Weak IVC: The CRC-32 IVC is a linear function algorithm and attacker
can compute bit difference of two CRC messages leading to bit-flipping attack
[6].
Attacks on WEP Packet Injection Attack: Attacker captures WEP message
and reinject packets on the network due to the weakness in IVC
Forged Authentication: Since the first three bytes of WEP packet are
deterministic, and the challenge message is send in cleartext in second frame,
attacker can retrieve the keystream from the encrypted frame and IV in third
frame. He sends authentication request to AP to get the second frame and
construct third frame to generate the keystream. Once the AP confirms the
frame as valid, attacker can join the network.
FSM Attack: An attacker passively captures encrypted packets and IV.
Because the first bytes are in plaintext, he can recover the first keystream. Also
because IV is cleartext, he can use correlation technique and guessing to
recover the secret key.

556
 ChopChop Attack: In this attack, attacker chops of the last byte before the
encrypted ICV because the last byte contain the data in WEP packet. With the
chopped packet, attacker patches the byte using value 00 to FF in guessing to
generate new ICV and send the packet to the AP. If the AP respond, then guess
is correct, new ICV is correct [7–8].
In 2003, Wi-Fi Alliance introduced WPA is a subset of IEEE 802.11i
security standard or RSN. WPA uses temporary key integrity protocol (TKIP)
with RC4 algorithm to encrypt and decrypt wireless data. WPA uses 4way
handshake to support strong authentication. With TKIP and 4way-handshak to
solve many common WEP flaws: TKIP uses 128-bit temporary key with 48-bit
IV, client and AP MAC addresses to create Per-Packet Key Mixing to prevent
weak key attack and reduces IV collision [9]. In addition, WPA uses Message
Integrity Check MIC 64-bit provide strong data integrity than CRC-32bit. MIC
prevent data modification. It also uses with dynamic Temporal Encryption
Keys for mitigate social engineering attacks [10]. To provide secure user
authentication, WPA introduced PSK for home users and small businesses and
802.1X for business enterprises.
However, since WPA was built on WEP RC4 algorithm, Robert
Moskowitz in 2003, found a flaw not in WPA protocol but on the hardware
interface leading to offline dictionary attacks. Similar ChopChop attack [7] can
conduct on TKIP to inject ARP traffic leading to DoS or ARP poisoning
attacks. This attack can’t recover the encryption and can work on 802.11e QoS
network.
So in 2004, the full edition of 802.11i was released WPA2 with CCMP the
core of WPA architecture. CCMP uses AES to create dynamic block cipher
128-bit key. The Counter Mode (CTR) in CCMP provides data confidentiality
and Cipher Block Chaining Message (CBC-MAC) for data integrity and
authentication [12]. WPA2 which requires a new hardware support backward
compatibility with WPA-TKIP. WPA2 also uses PSK and 802.1X
authentication mechanism in the same way as WPA but their only differences
are in the encryption protocols. WPA2 PSK also suffer from dictionary attack
because on the PMK initial value of the handshake.
The PSK is a 256-bit which accept a passphrase or password of 8-63
characters. All clients share the same passphrase with the AP but the 256-bit is
dynamically different of each client authentication. The PSK is generated from
PBKDF2 which iterate the passphrase, SSID, SSID length 4096 times to
produce the 256bit hash value. The 256bit becomes the Pairwise Master Key
as the initial value for the 4-handshake. The 4-way handshake exchanges

557
announce from the AP and announce from the client with AP MAC and client
to provide 128-bit use to encrypt all WPA/WPA2 data.
The 802.1X is a port-based access use RADIUS server to permit or deny
client via authentication. 802.1X uses EAP methods such as PEAP, TTLS TLS
with other encryption types: MSCHAPv2, MD5 to exchange messages. After
the establishment of 802.1X/EAP authentication, is when the 4way-handshake
process continues [12].
These are some attacks on WPA/WPA2 PSK: Beck and Tew Attack,
Ohigashi-Morii attack, Michael attack, Hole196 vulnerability attack, Key
Reinstallation attack [10–11].
In 802.1X/EAP, because of some of the encryption mechanisms are weak
like MSCHAPv2 and MD5, they are susceptible to dictionary attack and
MITM [12].

Reference
1. Wi-Fi Alliance security update. 10 Apr. 2019 [Electronic resource]. – URL: https://www.wi-
fi.org/news-events/newsroom/wi-fi-alliance-security-update-april-2019 (accessed 12 Apr.
2020).
2. Statistics [Electronic resource]. – URL: https://wigle.net/stats (accessed 7 May 2020).
3. Fluhrer S., Mantin I., Shamir A. Weaknesses in the Key Scheduling Algorithm of RC4.
4. Hytnen R., Garcia M. An Analysis of Wireless Security in South Central Conference. –
Corpus Christi, Texas, 2016.
5. What's Wrong with WEP? 2002 [Electronic resource]. – URL:
http://www.opus1.com/www/whitepapers/whatswrongwithwep.pdf (Accessed 15 Jan. 2020).
6. Borisov N., Ian G., Wagner D. Security of the WEP algorithm, 2001 [Electronic resource]. –
URL: http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html (Accessed 15 Jan. 2020).
7. Beck M., Tews E. Practical Attacks against WEP and WPA. – 2008.
8. Korek. Chopchop Experimental WEP attacks. 14 Sept. 2014 [Electronic resource]. – URL:
http://www.netstumbler.org/unix-linux/chopchop-experimental-wep-attacks-t12489.html
(accessed 10 Jan. 2020).
9. Bulbul H.I., Batmaz I., Ozel M. Wireless Network Security: Comparison of WEP Mechanism,
WPA and RSN Security Protocols. – European Union Digital Library, Jan. 2008.
10. Caneill M., Gilis J.-L. Attacks against the WiFi protocols WEP and WPA. – 2010.
11. Vanhoef M., Piessens F. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. – ACM
Digital Library, 2017. – P. 1313–1328.
12. Coleman D.D., Westcott D.A., Harkins B. Certified Wireless Security : professional study
guide ; 2nd ed. – 2017.

558