Wireless Hacks. 100 Industrial-Strength Tips and Techniques

While not the answer to every wireless security need, WEP can still be effective if used properly.

The 802.11b specification provides a form of encryption called Wired Equivalent Privacy (WEP). It operates on the Media Access Control (MAC) layer, which is part of the Data Link layer of the OSI model. When using WEP, only clients that know the "secret key" can associate with an Access Point or Peer-to-Peer Group. Anyone without the key may be able to see network traffic, but every frame is encrypted. The specification employs a 40-bit shared-key RC4 PRNG algorithm from RSA Data Security. Virtually all cards that speak 802.11b support this encryption standard.

Although hardware encryption sounds like a good idea, the implementation in 802.11b is far from perfect. First of all, the encryption provided happens at the link layer, not at the application layer. This means that your communications are protected up to the gateway, but no further. Once it hits the wire, your packets are sent in the clear. Worse than that, every other legitimate wireless client that has the key can read your packets with impunity, since the key is shared across all clients. You can try it for yourself. On a network using WEP, simply run a packet sniffer such as tcpdump [Hack #37] or Ethereal [Hack #38] on your laptop and watch your neighbor's packets just fly by.

40- Versus 64- Versus 104- Versus 128-bit WEP

Why do the various card manufacturers quote so many different key lengths? The original 802.11b specification defined a 40-bit user-specified key. This key is combined with a 24-bit Initialization Vector (the IV), a random number that is part of the WEP algorithm. Together, this yields 64 bits of "key," although the IV is actually sent in the clear!

Likewise, a 104-bit WEP is used with the IV to yield 128 bits of "key." This is why user-defined keys are 5 characters long (5 characters x 8 bits/character = 40 bits) or 13 characters long (13 characters x 8 bits/character = 104 bits). The user doesn't define the IV; it is part of the WEP algorithm (and is generally implemented as 24 random bits.)

Naturally, more bits sounds more secure to the consumer, so some manufacturers choose to list the larger number as the "key length." Unfortunately for WEP, more bits do not necessarily mean significantly greater security.

Many manufacturers have implemented their own proprietary extensions to WEP, including 104-bit keys and dynamic key management. Unfortunately, as they are not defined by the 802.11b standard, there is no guarantee that cards from different manufacturers that use these extensions will interoperate.

To throw more kerosene on the burning WEP tire mound, a team of cryptographers at the University of California at Berkeley (among others; see the references at the end of this section) has identified weaknesses in the way WEP is implemented, effectively making the number of bits used in the encryption key irrelevant. With all of these problems, why is WEP still supported by manufacturers? And what good is it for securing your network?

WEP was not designed to be the ultimate "killer" security feature (nor can anything seriously claim to be). Its acronym makes the intention clear: wired equivalent protection. In other words, the aim behind WEP is to provide no greater protection than you would have when you physically plug into your Ethernet network. Keep in mind that in a wired Ethernet setting, there is no encryption provided by the protocol at all.

WEP provides an easy, generally effective, interoperable deterrent to unauthorized access. Given the choice between an open access point with all of the defaults in place and a network running 40-bit WEP, the casual user running NetStumbler [Hack #21] will choose to investigate the open network every time. While definitely not beyond the reach of a determined network cracker, a well-chosen WEP key is still just too much of a pain for the average War Driver to deal with. To make the best use of WEP, consider the following guidelines:

  • Use a nonobvious key. Dictionary attacks against a WEP key are executed much more quickly and easily than a full-blown AirSnort session. Make sure that your key doesn't use a simple word, even if you obfuscate it further with l33t h4x0r sP33k. Believe me, network crackers know how to speak it better than you do. Throw in a couple of symbols, or better yet, use a Hex key with nonprintable characters.

  • Use the longest key that your hardware supports. If all of your wireless network hardware supports 104-bit WEP, use it. But keep in mind that many devices do not support 104-bit WEP, and those that do may not interoperate well.

  • Change keys often. Current WEP key attacks depend on either a dictionary attack or the collection of large amounts of data to deduce the key. The more often you change the key being used, the more difficult a potential cracker's job will be. Unfortunately, this might not be feasible for a network with a large user base, as you would be faced with the classic key distribution problem.

  • Use WEP in combination with other security features. If you happen to have a network that uses hardware of the same manufacturer, you might be able to take advantage of proprietary extensions to shore up WEP. For example, Cisco equipment supports rapid WEP key rotation and dynamic keying using 802.1x. If all of your clients can take advantage of these extensions, then use them. Unfortunately, as we will see in [Hack #87], using other standard features like "closed" networks and MAC filters really does little to improve network security.

  • Consider WEP a deterrent, not a guarantee. Remember that it is unlikely that WEP alone will keep out the most determined attackers. When building a security policy, be sure to consider your likeliest threats, and weigh them against the benefits and restrictions of your implementation. The threat model for a wireless network on dial-up in a house in the middle of the woods looks very different from that of an AP on the internal LAN at a law firm downtown. Consider the risks and benefits of your wireless network, and configure it accordingly.

  • Consider not using WEP at all. This chapter is full of practical implementations that neatly sidestep the whole question of WEP security by introducing strong application-layer encryption. Consider doing away with WEP altogether in favor of strong authentication and encryption.

See Also

  • Your 802.11 Wireless Network has No Clothes (http://www.cs.umd.edu/~waa/wireless.pdf) by Arbaugh, Shankar, and Wan, University of Maryland, March 30, 2001.

  • Weaknesses in the Key Scheduling Algorithm of RC4 (http://www.crypto.com/papers/others/rc4_ksaproc.ps) by Fluhrer, Mantin and Shamir, July 25, 2001.

  • Using the Fluhrer, Mantin, and Shamir Attack to Break WEP (http://www.cs.rice.edu/~astubble/wep/) AT&T Labs Technical Report by Stubblefield, Ioannidis, and Rubin, August 21, 2001.

  • Security of the WEP algorithm (http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html) by Borisov, Goldberg, and Wagner, UC Berkeley, April 1, 2001.

Категории