wireless security - wep

Archived from groups: alt.internet.wireless (More info?)

Hi
My name is Kelsey Braun, and I am a student at Jamestown Community College
in Jamestown, NY. I am doing a presentation and paper on wireless
networking security. Another student has brought up that the RC4 algorithm
is not flawed because it is used in SSL, which is pretty secure. My
question is how can the alogorithm be secure in SSL and not in WEP? I
searched the internet for this answer, but never really got one that was
understandable. Also, if you have any suggestions on how to set up a WLAN
that would be secure, they would be greatly appreciated.

Thanks,
Kelsey

Archived from groups: alt.internet.wireless (More info?)

Just do a google search on "wep cracking". You will get dozens, if not
hundreds of hits, including pointers to white papers that explain it in
excruciating detail.

Briefly, the problem is not with RC4 but with a flawed implementation of RC4
in the 802.11 standard definition of WEP. RC4 is a stream cypher. It uses a
table generated by a private key to generate a stream of bytes that can be
exclusively or'ed against that plaintext, producing the cyphertext. The
table is modified and permuted by the RC4 algorithm as it produces the byte
stream. The receiver, using the same private key, generates the same table
and the same sequence of modifications to generate the same byte stream. The
receiver exclusively ors with this byte stream to recover the plaintext.

In WEP, for each transmitted packet, 24 bits of the key used for that frame
are generated by another pseudorandom process. These 24 bits, called the IV
(Initialization Vector) are transmitted - unencrypted - with the frame. The
sender and receiver privately share a hidden key, but they concatenate the
publicly-known IV with the private shared key to create the WEP key, which
is then used to generate the keystream for the frame.

I think the idea is that using essentially different keys for each frame
should increase security and reliability, because if you used the same key
for all frames, you would run into synch problems due to lost packets, and
in any case all PNR algorithms have a finite period - they can generate only
so many numbers before the sequence repeats. The number is large, but
finite, and you will recycle if you use the same key over days or weeks.
That could be exploited for an attack.

The problem is that the IV is transmitted with each frame, so it is a clue
to the WEP cracker. It has been shown that certain IVs are "weak" (that is,
text encrypted with keys containing weak IVs is simply easier to crack, due
to statistical anomalies of RC4). This is a problem simply because the WEP
cracker can plainly read the IV in each transmitted frame.

Many manufacturers now eliminate the weak IVs - they are simply not used.

"Randi" <RSaddler@stny.rr.com> wrote in message
news:%vOjc.126314$e17.3710@twister.nyroc.rr.com...
> Hi
> My name is Kelsey Braun, and I am a student at Jamestown Community College
> in Jamestown, NY. I am doing a presentation and paper on wireless
> networking security. Another student has brought up that the RC4
algorithm
> is not flawed because it is used in SSL, which is pretty secure. My
> question is how can the alogorithm be secure in SSL and not in WEP? I
> searched the internet for this answer, but never really got one that was
> understandable. Also, if you have any suggestions on how to set up a WLAN
> that would be secure, they would be greatly appreciated.
>
> Thanks,
> Kelsey
>
>