Wireless Security

Presented by: Amit Kumar Singh

Instructor : Dr. T. Andrew Yang
 Going Wireless
 Recent technologies include
802.11b,802.11g etc.
 Most commonly and widely present
are 802.11b (11 mbps)
 802.11b uses security techniques
like WEP to make the network
secure.
 IEEE came up with 802.11x
standards for wireless ethernet.
 What is WEP ?
 Wireless connections need to be secured
since the intruders should not be allowed
to access, read and modify the network
traffic.
 Mobile systems should be connected at
the same time.
 Algorithm is required which provides a
high level of security as provided by the
physical wired networks.
 Protect wireless communication from
eavesdropping, prevent unauthorized
access.
 Security Goals of WEP:
 Access Control
 Ensure that your wireless infrastructure
is not used.
 Data Integrity
 Ensure that your data packets are not
modified in transit.
 Confidentiality
 Ensure that contents of your wireless
traffic is not leaked.
 Understanding WEP
 WEP relies on a secret key which is
shared between the sender (mobile
station) and the receiver (access point).
 Secret Key : packets are encrypted using
the secret key before they are
transmitted.
 Integrity Check : it is used to ensure that
packets are not modified in transit
 Understanding WEP contd…
 To send a message to M:
• Compute the checksum c(M). Checksum
does not depend on the secret key ‘k’.
• Pick a IV ‘v’ and generate a key stream
RC4(v,k).
• XOR <M,c(M)> with the key stream to
get the cipher text.
• Transmit ‘v’ and the cipher text over a
radio link.
 How WEP Works
Plain Text

Message CRC

XOR

Key Stream = RC4(v,k)

V Cipher Text

Transmitted Data
 How WEP works ?
 WEP uses RC4 encryption algorithm
known as “stream cipher” to protect the
confidentiality of its data.
 Stream cipher operates by expanding a
short key into an infinite pseudo-random
key stream.
 Sender XOR’s the key stream with
plaintext to produce cipher text.
 Receiver has the copy of the same key,
and uses it to generate an identical key
stream.
 XORing the key stream with the cipher
text yields the original message.
 Attack types
 Passive Attacks
• To decrypt the traffic based on statistical
analysis (Statistical Attack)
 Active Attacks
• To inject new traffic from authorized mobile
stations, based on known plaintext.
 Active Attacks
• To decrypt the traffic based on tricking the
access point
 Dictionary Attacks
• Allow real time automated decryption of all
traffic.
 Defenses of WEP
 Integrity Check (IC) field
• Used to ensure that packet has not been
modified in transit
 Initialization Vector (IV)
• Used to avoid encrypting two cipher
texts with the same key stream
• Used to argument the shared key and
produce a different RC4 key for each
packet
 References
 http://www.cs.fsu.edu/~yasinsac/group/sl
ides/cubukcu.pdf
 http://www.isaac.cs.berkeley.edu/isaac/w
ep-faq.html
 www.itserv.com/wireless
 http://www.bluefiresecurity.com/bluefire_
downloads.php?download=main
 http://www.isaac.cs.berkeley.edu/isaac/m
obicom.pdf