Saturday, 26 June 2021

WEP INSECURITIES

 

WEP INSECURITIES

Two researchers from the University of California at Berkeley and one from Zero Knowledge Systems Inc. published a report identifying security weaknesses within the Wired Equivalency Privacy (WEP) algorithm in 2001.1 Based on their research, WEP was found to be insecure due to improper implementation of the RC4 encryption algorithm and the use of a 32-bit cyclical redundancy check (CRC-32) checksum for data integrity. These vulnerabilities create the potential for active and passive attacks that could allow attackers to decrypt traffic or inject unauthorized data into a network. Furthermore, the researchers hypothesized that the attacks would not require specialized equipment but could be conducted using readily available hardware sold at consumer electronics stores.2 (At the risk of losing reader suspense, the prediction was very accurate indeed.) Hackers began automating the exploits once the vulnerabilities were made public.

 

What is 802.11x?

Wireless LAN standards are defined by the IEEE’s 802.11 working group. WLANs come in three flavors, namely 802.11b, 802.11a and 802.11g.3 802.11b-networking equipment first became available in 1999 and quickly gained popularity. 802.11b operates in the 2.4000-GHz to 2.4835-GHz frequency range and can operate at up to 11 megabits per second, although it can also reduce throughput to 5.5 Mbps, 2 Mbps or 1 Mbps when interference degrades signal quality.4 The 802.11a standard increases throughput to a theoretical maximum of 54 Mbps and operates in the 5.15- to 5.35-GHz through 5.725- to 5.825-GHz frequency range. 802.11a hardware first became available in late 2001. Due to operation at different frequencies, 802.11a is not compatible with 802.11b hardware. Finally, the 802.11g standard has not yet been approved but promises compatibility with 802.11b hardware as it too will operate at the 2.4-GHz frequency. The major advantage that will be offered by the 802.11g standard will be increased bandwidth comparable to 802.11a at 54 Mbps.5

 

Confused? For the purposes of this paper, keep in mind that WEP is defined in the 802.11 standard, not the individual standards for the 802.11b, 802.11a or 802.11g task groups. As a consequence, WEP vulnerabilities have the potential to affect all flavors of 802.11 networks; therefore, this paper frequently refers to WLANs as 802.11x networks.

 

When setting up a WLAN, the channel and service set identifier (SSID) must be configured in addition to traditional network settings such as an IP address and a subnet mask. The channel is a number between one and 11 (one and 13 in Europe) and designates the frequency on which the network will operate (see Figure 1: 802.11b channels). The SSID is an alphanumeric string that differentiates networks operating on the same channel. It is essentially a configurable name that identifies an individual network. These settings are important factors when identifying WLANs and sniffing traffic, which is discussed later.

 



WEP INSECURITIES

  WEP I NSECURITIES Two researchers from the University of California at Berkeley and one from Zero Knowledge Systems Inc. published a repor...