WEP IEEE 802.11

WEP
WEP provides data confidentiality services by encrypting the data sent between wireless nodes. Setting a WEP flag in the MAC header of the 802.11 frame indicates that the frame is encrypted with WEP encryption. WEP provides data integrity by including an integrity check value (ICV) in the encrypted portion of the wireless frame.

WEP defines two shared keys:
Multicast/global key. The multicast/global key is an encryption key that protects multicast and broadcast traffic from a wireless AP to all of its connected wireless clients.

Unicast session key. The unicast session key is an encryption key that protects unicast traffic between a wireless client and a wireless AP and multicast and broadcast traffic sent by the wireless client to the wireless AP.

WEP encryption uses the RC4 symmetric stream cipher with 40-bit and 104-bit encryption keys. Although 104-bit encryption keys are not specified in the 802.11 standard, many wireless AP vendors support them.

WEP Encryption
The WEP encryption process is shown in the following figure.

WEP Encryption Process
To encrypt the payload of an 802.11 frame, the following process is used:

1.A 32-bit integrity check value (ICV) is calculated for the frame data.
2.The ICV is appended to the end of the frame data.
3.A 24-bit initialization vector (IV) is generated and appended to the WEP encryption key.
4.The combination of initialization vector and WEP encryption key is used as the input of a pseudo-random number generator (PRNG) to generate a bit sequence that is the same size as the combination of data and ICV.
5.The PRNG bit sequence, also known as the key stream, is bit-wise exclusive ORed (XORed) with the combination of data and ICV to produce the encrypted portion of the payload that is sent between the wireless access point (AP) and the wireless client.
6.To create the payload for the wireless MAC frame, the IV is added to the front of the encrypted combination of the data and ICV, along with other fields.

WEP Decryption
The WEP decryption process is shown in the following figure.

WEP Decryption Process
To decrypt the 802.11 frame data, the following process is used:

1.The initialization vector (IV) is obtained from the front of the MAC payload.
2.The IV is appended to the WEP encryption key.
3.The combination of initialization vector and WEP encryption key is used as the input of the same PRNG to generate a bit sequence of the same size as the combination of the data and the ICV. This process produces the same key stream as that of the sending wireless node.
4.The PRNG bit sequence is XORed with the encrypted combination of the data and ICV] to decrypt the combined data and ICV portion of the payload.
5.The ICV calculation for the data portion of the payload is run, and its result is compared with the value included in the incoming frame. If the values match, the data is considered to be valid (sent from the wireless client and unmodified in transit). If they do not match, the frame is silently discarded.

Security Issues with WEP and IEEE 802.11
The main problem with WEP is that the determination and distribution of WEP encryption keys are not defined. WEP keys must be distributed by using a secure channel outside of the 802.11 protocol. In practice, WEP keys are text strings that must be manually configured using a keyboard for both the wireless AP and wireless clients. However, this key distribution system does not scale well to an enterprise organization and is not secure.

Additionally, there is no defined mechanism for changing the WEP encryption keys either per authentication or periodically for an authenticated connection. All wireless APs and clients use the same manually configured WEP key for multiple sessions. With multiple wireless clients sending a large amount of data, an attacker can remotely capture large amounts of WEP ciphertext and use cryptanalysis methods to determine the WEP key.

The lack of a WEP key management protocol is a principal limitation to providing 802.11 security, especially in infrastructure mode with a large number of stations. Some examples of this type of network include corporate and educational institutional campuses and public places such as airports and malls. The lack of automated authentication and key determination services also affects operation in ad hoc mode, in which users might want to use in peer-to-peer collaborative communication in areas such as conference rooms.

WPA
Although 802.1X addresses many of the security issues of the original 802.11 standard, issues still exist with regard to weaknesses in the WEP encryption and data integrity methods. The long-term solution to these problems is the IEEE 802.11i standard, which is currently in draft form.

Until the IEEE 802.11i standard is ratified, wireless vendors have agreed on an interoperable interim standard known as Wi-Fi Protected Access (WPA). The goals of WPA are the following:

To require secure wireless networking. WPA requires secure wireless networking by requiring 802.1X authentication, encryption, and unicast and multicast/global encryption key management.

To address WEP issues with a software upgrade. The implementation of the RC4 stream cipher within WEP is vulnerable to known plaintext attacks. Additionally, the data integrity provided with WEP is relatively weak. WPA solves all the remaining security issues with WEP, yet only requires firmware updates in wireless equipment and an update for wireless clients. Existing wireless equipment is not expected to require replacement.

To provide a secure wireless networking solution for small office/home office (SOHO) wireless users. For the SOHO, there is no RADIUS server to provide 802.1X authentication with an EAP type. SOHO wireless clients must use either shared key authentication (highly discouraged) or open system authentication (recommended) with a single static WEP key for both unicast and multicast traffic. WPA provides a pre-shared key option intended for SOHO configurations. The pre-shared key is configured on the wireless AP and each wireless client. The initial unicast encryption key is derived from the authentication process, which verifies that both the wireless client and the wireless AP have the pre-shared key.


To be compatible with the upcoming IEEE 802.11i standard. WPA is a subset of the security features in the proposed IEEE 802.11i standard. All the features of WPA are described in the current draft of the 802.11i standard.


To be available today. WPA upgrades to wireless equipment and for wireless clients were available beginning in February 2003.

WPA Security Features
WPA contains enhancements or replacements for the following security features:

Authentication
Encryption
Data integrity

Authentication
With 802.11, 802.1X authentication is optional; with WPA, 802.1X authentication is required. Authentication with WPA is a combination of open system and 802.1X authentication, which uses the following phases:

The first phase uses open system authentication to indicate to the wireless client that it can send frames to the wireless AP.

The second phase uses 802.1X to perform a user-level authentication. For environments without a RADIUS infrastructure, WPA supports the use of a pre-shared key; for environments with a RADIUS infrastructure, WPA supports EAP and RADIUS.


Encryption
With 802.1X, rekeying of unicast encryption keys is optional. Additionally, 802.11 and 802.1X provide no mechanism to change the global encryption key that is used for multicast and broadcast traffic. With WPA, rekeying of both unicast and global encryption keys is required. The Temporal Key Integrity Protocol (TKIP) changes the unicast encryption key for every frame, and each change is synchronized between the wireless client and the wireless AP. For the multicast/global encryption key, WPA includes a facility for the wireless AP to advertise changes to the connected wireless clients.

TKIP
For 802.11, WEP encryption is optional. For WPA, encryption using TKIP is required. TKIP replaces WEP with a new encryption algorithm that is stronger than the WEP algorithm, yet can be performed using the calculation facilities present on existing wireless hardware. TKIP also provides for the following:

The verification of the security configuration after the encryption keys are determined.


The synchronized changing of the unicast encryption key for each frame.

The determination of a unique starting unicast encryption key for each pre-shared key authentication.

AES
WPA defines the use of the Advanced Encryption Standard (AES) as an optional replacement for WEP encryption. Because adding AES support by using a firmware update might not be possible for existing wireless equipment, support for AES on wireless network adapters and wireless APs is not required.

Data Integrity
With 802.11 and WEP, data integrity is provided by a 32-bit ICV that is appended to the 802.11 payload and encrypted with WEP. Although the ICV is encrypted, it is possible through cryptanalysis to change bits in the encrypted payload and update the encrypted ICV without being detected by the receiver.

With WPA, a method known as Michael specifies a new algorithm that calculates an 8-byte message integrity code (MIC) with the calculation facilities available on existing wireless hardware. The MIC is placed between the data portion of the 802.11 frame and the 4-byte ICV. The MIC field is encrypted along with the frame data and the ICV.

Michael also provides replay protection through the use of a frame counter field in the 802.11 MAC header.