1

Wireless Threats 1 – Cracking WEP

Cracking WEP in Chapter 5 of Wireless Maximum Security by Peikari, C. and Fogie, S.

2

Cracking WEP

WEP Review Data Analysis Technical Example IV Collision Key Extraction

3

WEP Review 0

Define methods through which wireless data should be secured

Standardization: all vendors can build and hardware products to augment various aspects of wireless networking without to rewrite the code for each and every device.

WEP uses the RC4 algorithm to encrypt its data. (RC4 is used in Secure Sockets Layer (SSL))

RC4 uses a streaming cipher that creates a unique encrypted data. It does this by combining various characteristics of a preshared password, a state value, and a value known as an initialization vector (IV) to scramble the data.

This part of RC4 is known as the Key Scheduling Algorithm. The resultant array is then used to seed Pseudo-Random Generation Algorithm, which produces a stream of data that is XORed with the message (plaintext) to produce the ciphertext sent over the airwaves.

4

WEP Review 1 The transmitted data consists of the original message and the

checksum. The checksum is used to protects against normal corruption,

but also helps alert the user to malicious tampering. After the data is encrypted, the IV is prepended to the data,

along with a bit of data that marks the packet is being encrypted. The entire bundle is then broadcast into the atmosphere, where it is caught and decrypted by the receiving party.

The decryption process is the reverse of the encryption process. The IV is removed from the data packet and merged with the shared password. This value then used to recreate the KSA, which is subsequently used to recreate the keystream.

The stream and encrypted data packet are XORed together, which results in the plaintext output. The CRC is then removed from the plaintext and compared against a recalcualted CRC; the packet is then either accepted or rejected.

5

Data Analysis

When data is transferred via the airwaves, it can be easily capture using programs downloaded from the Internet.

Through the use of WEP, all data can be scrambled to the point where it becomes unreadable.

Although WEP will not stop the interception of data, it can stop the casual interpretation of the captured data.

A hacker can determine what data is being sent before it is encrypted, the captured ciphertext and known plaintext can be XORed together to produce the keystream.

6

Technical Example - Principle

WEP produces the ciphertext by merging only two variables together using XOR.

Comparable Equation 1 depicts the final functions of the RC4 algorithm, which encrypts the data.

Comparable Equation 1 Ciphertext = Plaintext XOR Keystream

Comparable Equation 2 Keystream = Ciphertext XOR Plaintext

7

Technical Example – Plaintext Attack

Assume Plaintext = A = 065 = 0100 0001 Keystream = 0111 0001 Equation 1: Ciphertext = 0011 0000

Equation 2: Keystream = 0111 0001

8

Technical Example – Discussion

Easy to extract a keystream from encrypted data => need ciphertext and original plaintext

Easy to capture the ciphertext (wireless sniffer) Obtain the original plaintext

If inside the network, capture all data before it’s encrypted. Benefit => to gain free and anonymous Internet service

Predetermine the plaintext is to trick someone into receiving or sending a predictable message. (A chat session or email), usually an email full of blank spaces: (“ “) Or a long string of the same character: (“AAAAAAAAAAA”)

To look for known communication headers (determine IP address of the access point or client WNIC and make an educated guess or SNAP as the first byte in 802.11)

9

IV Collision

WEP uses an initialization vector (IV) to encrypt each packet with its own key.

WEP does this by merging or concatenating the preshared password with the IV to create a new exclusive “packet key” for each and every packet of information sent over the WLAN.

10

IV Collision – IV Explanation

WEP uses a 3-byte IV for each packet of data transmitted over the WLAN.

When the data is sent, the IV is prepended to the encrypted packet. This ensures the receiving party has all the information it needs to decrypt the data.

The IV is 3x8 = 24 bits long. You have a list of 224 (16,777,216) possible keys.

As a result of pseudo-random, one could expect to start seeing repeats (collision) after 5,000 packet transmission.

Considering the average wireless device transmits a 1,500-byte packet, a collision could be expected with the transfer of just a 7-10MB file. (For example, 5,000 packets x1500 bytes = 7,000,000 bytes [7MB].

A hacker is about to send an email message packed with the character “2” repeated over and over. The hacker WEP in his test lab.

11

IV Collision – Data Capture

The hacker first prepares to sniff the WLAN as the predictable data is transferred.

The hacker would have to maintain a listening status until he captured a matching IV.

The hacker obtains The original data using IV, the ciphertext generated from the transmission

of the original data with IV, and The unknown ciphertext generated in another

packet with the IV. Perform some bitwise calculations

12

IV Collision – Bitwise Comparisons

Keystream =(Ciphertext) XOR (Plaintext) E.g. We have captured Ciphertext1,and

Ciphertext2. We also have Plaintext1. We can Plaintext2 = Plaintext1 XOR (Ciphertext1 XOR Ciphertext2)

Lab01 – Bitwise comparison

13

IV Collision – Discussion

A serious issue (e.g. Credit Card Number or personal information) due to the limited number of IVs and WEP process

14

Key Extraction

A hacker would have to completely saturate a WLAN with known data until every IV combination is known.

If a hacker knew the password, she could connect to a WLAN and become a “legitimate” user of the wireless.

Due to the format of WLAN packets (SNAP header), hackers can deduce parts of the password from the encrypted WLAN data.

Technical explanation can be found in the book.