Wired Equivalent Privacy - Essay Example

? Wired Equivalent Privacy Wired Equivalent Privacy Introduction During the setting up of a wireless network for business or home establishments, most people overlook the configuration of prerequisite wireless security feature. For this reason, malicious users are allowed to access the established network and pose a risk of compromising the confidentiality of information in the network. Wired Equivalent Privacy, WEP is one of the options of providing security in such circumstances. WEP is the oldest security protocol specified by IEEE under the IEEE Wireless Fidelity Standard, 802.11b (Arbaugh, Shankar, Wan, & Zhang, 2002). The protocol is designed to give a level of privacy and security in a wireless local area network (WLAN), which is comparable to that available in the wired Local Area Networks. Generally, a wired local area network is protected from intrusion through physical barriers such as limited access to buildings or server rooms. Although these protection mechanisms are effective for physically controlled environment, the case is not the same for WLANs since the radio waves are not necessarily constrained by physical walls surrounding the network. WEP seeks to solve this concern by providing a similar protection as that in the wired networks through encryption of data transmitted in the WLAN. The encryption algorithm in WEP entails the use of security code selected at the network configuration phase. This code is usually referred to as WEP key and it uses defined hexadecimal digits such as 99D767BAC38EA23B0C0176D152 and1A648C9FE2. In order to allow for the transfer of information, the digital sequence should match in all the gadgets seeking to connect in a wireless network. Depending on the form of WEP encryption being used, WEP keys can be generated in different lengths. The overall functionality of WEP depends of the philosophy that data encryption shields the susceptible wireless links between access points and ‘client’. Once this protection is in place, other common mechanisms such as, end-to-end encryption, password protection, authentication, and virtual private networks (VPNs) come in handy to bolster privacy. How it Works The functionality of WEP security entails two parts being Authentication and Encryption. Whereas authentication is carried out at the introduction of a device in a network, encryption alters the nature of data once they are available in the network. Authentication The process of authentication in a wireless network uses WEP to prevent a new gadget or station from joining a network if the WEP key is not known. The two authentication methods used in WEP are the Open System authentication and Shared Key authentication. In the Open System authentication, WLAN clients are not required to give any credentials at the network access point. This scenario would allow any user to authenticate themselves at the access point after which association may be established. In essence, there is no authentication taking place here. For the Shared Key authentication, the predetermined WEP key must be produced to authenticate a user and allow access to a network. This type of authentication comprises of a 4-way request and response mechanism. At the first stage of authentication, the client station, or device sends a request for authentication at the access point. The access point responds by replying a clear-text challenge. At the third stage, the client encrypts the text with the automatically configured WEP key and sends to the access point as a unique authentication request. Lastly, the access point decrypts the requested items and compares it against the clear-text sent previously. Depending on the outcome of the comparison, the access point initiates a negative response by denying access or positive response by granting the access. Encryption In WEP, RC4 stream cipher is used to encode the data in to a form that cannot be understood by third parties through a process called encryption. The data is encrypted at the transition phase between access point and a wireless device seeking to join a network. In this security protocol, 8-bit RC4 is used and it operates using 8-bit values through creation of a 256 values array for lookup table. For data integrity in WEP, Cyclic Redundancy Check, CRC to checksum plaintext operations and generate CRC value which is later concatenated in to the plaintext. On the other hand, the secret key is joined to the Initialization Vector (IV) and delivered to RC4. Founded on the IV and secret key, keystream is generated by the RC4. The plaintext, CRC message, and keystream are XOR’ed together to forma ciphertext. The Initialization Vector used previously is put before a clear text on the resultant ciphertext. The combination of IV and ciphertext (IV + Ciphertext) are transmitted on the air alongside frame headers. Advantages Most researchers have identified flaws in WEP security protocol. Although cracking the WEP is possible, it is noteworthy that the most users do not have the skill required for this compromise. An outstanding advantage of this technique is that the users are always prompted to produce a secret key, which in itself discourages further intrusion and indicate that they are not welcome to a network unless authorized. Secondly, WEP allows various devices to interoperate within a network because most wireless gadgets support the basic encryption used in WEP. This is helpful in circumstances where there are older devices requiring wireless connectivity (Gast, 2006). Disadvantages Several weaknesses have been identified with regard to WEP encryption’s inability to provide the desired confidentiality and privacy. The evolution of technology, has made WEP encryption obsolete, with the readily available applications being able to crack the secret key in short time. Since the WEP encryption uses and sends a shared key authentication alongside data packets, malicious users may gather sufficient data which they can use to create their own key. As early as 2001, some researchers showed that RC4 key scheduling, which forms part of WEP (Wired Equivalent Privacy) protocol, required approximately 4 million data packets to generate a full secret key (Fluhrer, Mantin, & Shamir, 2001). For malicious users with enough time, accumulating these packets of data is possible. Currently, a 1.7-GHz Pentium M processor can be used to dig up 104-bit WEP from the intercepted data. With the same computing power, the required amount of data is attainable in seconds. This paints a bad picture on the reliability of WEP encryption and calls for robust encryption protocol to safeguard the confidentiality and privacy of a network. Other than cracking, WEP encryption is disadvantaged when it comes to alteration of a master key. If the master key is to be changed, it implies that the same process must be replicated in all wireless devices manually (Walker, 2000). This process can be tedious for networks with many devices. Conclusion In conclusion, it is true that WEP protocol gives the required level of security in a wireless communication between wireless devices and access points to certain level. The level of security does not match the sophistication of computing systems anymore. The poor selection of CRC-32 and small IV space required for data integrity verification opens a room of compromise in the protocol. Therefore, better security measures must be introduced in a wireless network to complement the weaknesses of WEP security protocol. References Arbaugh, W. A., Shankar, N., Wan, Y. J., & Zhang, K. (2002). Your 80211 wireless network has no clothes. Wireless Communications, IEEE, 9(6), 44-51. Fluhrer, S., Mantin, I., & Shamir, A. (2001, January). Weaknesses in the key scheduling algorithm of RC4. In Selected areas in cryptography (pp. 1-24). Springer Berlin Heidelberg. Gast, M. (2006). 802.11 wireless networks: The definitive guide. Sebastopol, CA: O’Reilly Media Inc. Walker, J. R. (2000). Unsafe at any key size; an analysis of the WEP encapsulation. IEEE document, 802(00), 362. Read More