Transcript A History of WEP

A History of
WEP
The Ups and Downs of
Wireless Security
Wireless Communication
Beginnings
 Early



Cordless Phones and Cell Phones
Used same idea as Walkie-Talkies
Anyone with a “Scanner” could easily
eavesdrop on calls
Used a Spread-Spectrum algorithm to
defeat the traditional “Scanner”
The 802.11 Standard
 Defines
wireless communications
protocols

802.11b, 802.11g, 802.11n common wireless
network protocols
Similar to early Cell Phones and Cordless
Phones at the start – no real protection
 Can easily find out network names and
connect to them
 Invent of War Driving!

Early Security Attempts
 Open

Access to Networks – Solution?
Filter the “unique” MAC address of the
wireless cards
 Problem?



Keep a large list of EVERY network card that
can have access
No real authentication or check takes
place
MAC addresses can be “spoofed”
Introducing WEP
 W.E.P.
– Wired Equivalent Privacy
 Introduced in September of 1999
 First real attempt at securing open wireless
networks

Attempted to make the network as
confidential as a traditional wired network
 Originally
used a 40-bit security key, later
expanded to 104-bits, and 232-bits
A Look At WEP



IV – Initialization Vector (24-bits)
Key Selected by User
Combined to create a seed to generate the
keystream
All Secured Sir…….
 RC4
is a popular cipher used in many
security applications
 Problem: RC4 is a stream cipher



Keystream cannot be reused or you can
get back the message
24-bit IV has a 50% chance of repeating on
a busy network after 5000 IVs generated
Can also capture packets an replay them:
poor authentication
Demonstration Time
After WEP
 WPA
created to use existing hardware
 Fixes many of the downfalls of WEP
 Not without its own problems



Uses a password to generate keys
Dictionary attack
TKIP Algorithm used has flaws
 WPA2

developed to fix WPA
Made before WPA flaw discovered