WEP KEY and Its Vulnerabilities - Essay Example

Module Module WEP KEY and Its Vulnerabilities ID: WEP KEY and Its Vulnerabilities Table of contents Content Page Appendices………………………………………………………………………………..3 Introduction………………………………………………………………………………..4 How Wired Equivalent Privacy works…………………………………………………….4 WEP in Practice……………………………………………………………………………5 WEP Flaws and vulnerabilities…………………………………………………………….6 The way forward/Recommendations………………………………………………………7 Conclusion………………………………………………………………………………….8 Reference…………………………………………………………………………………..9 Appendices WEP Wired Equivalent Privacy WPA WI-FI protected Access LAN Local Area Network IV Initialization Vector IEEE Institute of Electrical and Electronic Engineers WEP KEY and Its Vulnerabilities Introduction In the recent past, wide usage of wireless networks has been evident. This is attributed to the ease of use, the cost effectiveness, and their flexibility. The vulnerabilities to these wireless network have also been established. The security relating to usage of wireless LAN is very vital to organisations, for instance to those relating to transmission of credit card numbers, among other financial aspects. Analysis of these security vulnerabilities calls for the need to proactively safeguard the network against unauthorized access and cyber attacks. Security mechanisms employed to safeguard networks against attacks include Wired Equivalent Privacy, 802.11i (WPA) and WI-FI protected Access (WPA). Wired Equivalent Privacy makes the WLAN secure and its role incorporates authentication and encryption of the wireless adapters on the network. It can be applied on the wireless devices at the data-link layer. The encryption algorithm in the WEP is the RC4. This paper analyses the working, algorithm and structure used in the WEP protocol. It also seeks to analyze the loopholes that attackers can get accessed to, so as to bypass the wireless network, WEP. The paper as well aims to come up with proactive measures that can be incorporated to ensure the wireless networks stay safe and be attack-proof in this age of increased cases of cyber threats (Geier, 2002) How Wired Equivalent Privacy works The Wired Equivalent Privacy was developed by the IEEE, which is a group that consists of volunteer users. This is the encryption for the 802.11 wireless networks. It grants security for the data that is transmitted from point to point via the wireless network through the radio waves. It basically serves three functions; it guards against unauthorized access, protects the network against compromise to the data (data integrity) and confidentiality (eavesdropping). The RC4 cipher combines a 40-bit WEP key with Initialization Vector (IV) that is a random number in the data encryption. The actual data in the transmission is attached to the sender’s XORs stream cipher and this produces the cipher text. The receiver is in charge of data description of the cipher text by use of attached IV and the stored WEP key. Security breaches can be evident. Though it might be hard for inexperienced sniffers to get through the network; hardcore hackers are able to crack the WEP keys in a period of a quarter an hour (Geier, 2002). WEP in Practice As part of the process of encryption, the WEP makes a “seed” that is a key schedule through concatenation of the secret key shared by the sender together with an initialization vector, which is 24-bit. The IV is a vital component such that it can be used since it extends the life of the secret key and the sending station can be the initialization vector. The WEP then incorporates the “seed” in the pseudo-number generator. The result is the production of the keystream that equals to the frame’s payload in length in addition to a 32-bit (ICV), the integrity check value. In the event that the receiving station gets discrepancies in the ICV, then frame will be rejected The shared secret keys that the WEP uses are normally 40-64 bit for the data encryption and decryption although versions of 128-bit keys are available in the market. Since WEP uses the similar type of key for decryption, every access point and the network interface card should be manually constructed to the same key. The regularity by which the frames are changed improves the security of the network. Before the process of decryption, the 802.11 packet is run through the Cyclic Redundancy Check (CRC) to verify the data integrity. This is possible because the CRC algorithm has the explicit capabilities to identify the single bit errors (Geier, 2002) WEP Flaws and vulnerabilities The WEP over a long period of time has faced imminent criticism that it makes the wireless network susceptible to cyber attacks. In fact to some, the WEP protocol is as NO for the network citing various flaws that attackers capitalize and render the network insecure. As earlier mentioned, cyber-attacks have huge cost implications to the information held by the organizations and an actual threat to the very presence of the organizations. These vulnerabilities therefore need to be critically assessed and relevant security measures put in place to protect data safety on the widely embraced wireless network. One of the major criticisms is on the generation of the keys and challenges of distribution. For the RC4 stream cipher, key generation is based on a 40 or 104 bit secret key. The 40-bit key in the WEP is widely prone to the hacker attacks. The Initialization Vector in the WEP is also very small. On average such a 24-bit IV could allow for 16, 7777. 216 in a WEP key. This means that in a less busy environment, IV provide a time span of 5 to 8 hours after which it allows for the repetition. In scenarios where the network is busy, the repetition is undergone after only several hours of the network traffic. With this technique of repeating keys, it is much easier to establish the correlation between the plaintext and the cipher text. This presents a weakness in such a manner that the secret key can be established. Those IV are selected in random, for instance, get susceptible after a repetition of 5000 packets (Geier, 2002). This aspect of vulnerability was put into light in 2001 when Scott Fluher, Adi Shamir and Itsik Mantin made a publication by the name “Weaknesses in the Key Scheduling Algorithm of RC4.” They argued that the first bite of the cipher text and plain text could be easily captured because of the way the header was ‘casually’ prepared. During the development in 1997, the 40bit keys were seen efficient because the only eminent threats were normal eavesdropping. With the advancement of the computer age, cyber attacks have become a real phenomenon and security system is no longer a luxury (Geier, 2002) Information technicians in as far as 2001 had noted that the RC4 key scheduling algorithm had been compromised but estimated that a single attack on this WEP protocol required at least 4 million packets to make it a success. Currently, a 1.7 GHZ Pentium M processor would take three seconds to get the 104bit WEP key from the data intercepted from the network. The way forward/Recommendations RC4 operates efficiently because the pseudo-random generator works exceptionally well. Even the recent cyber attacks relate to the key development and scheduling and no attack is yet registered regarding the pseudo-random generator. The wireless networks should therefore advocate the use of more sophiscated software tools as well as stronger block ciphers such as AES or RC6, which provide both efficiency and integrity in the data along the network. Users of Wi-Fi are advised to go for a more robust protocol. The key scheduling components should also be altered to include the 256 byte pseudorandom output with advanced decryption system such as Temporary Key Integrity Protocol (TKIP). Conclusion The wireless network is one of the most effective networks in use today. Security issues on any type of network are a key ingredient to its efficacy. Critical assessment of the underlying vulnerabilities ought to be carried out. Advanced software tool should incorporate the restructure of the WEP’s key generation so as to seal off the probabilistic prediction that hackers use to bypass the RC4 cipher system Reference Geier, J. 2002. IT business Edge; 802.11 WEP: Concepts and Vulnerability (online) Available at http://www.wi-fiplanet.com/tutorials/article.php/1368661. (Accessed 24 October 2014). Read More