of 22
7/31/2019 WEP and WPA
1/22
Securing Wireless Network With WEP and WPA
110922
1 | P a g e
School of Computer Sciences
UniversitiSains Malaysia, Pulau Pinang
CST233Information Security and Assurance
Academic Session: 2011/12
Assignment 2
White Paper
Tittle: Securing Wireless Network With WEP and WPA
NAME: CHEW KHA SON
NO.MATRIC: 110922
LECTURER NAME: DR AMAN JANTAN
7/31/2019 WEP and WPA
2/22
Securing Wireless Network With WEP and WPA
110922
2 | P a g e
Table of Cont ents
Introduction ........................................................................................................2
What are WEP and WPA .....................................................................................3
WEP (Wired Equivalent Privacy) ............................................................................ 3
WPA (Wi-Fi Protected Access) ............................................................................... 6
Why need WEP and WPA ....................................................................................9
WEP (Wired Equivalent Privacy) ............................................................................ 9
WPA (Wi-Fi Protected Access) ............................................................................. 10
Attack on WEP netw ork ....................................................................................11
Setup WPA on access point DLink DI R-300 .....................................................16
The End ..............................................................................................................19
Reference ..........................................................................................................20
7/31/2019 WEP and WPA
3/22
Securing Wireless Network With WEP and WPA
110922
3 | P a g e
Introduction
According to website Washington.edu, Wifi security is a main issue to all Wifi network
users. The security protocols are defined underorganization IEEE802.11i and the system
such as WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) and WPA2 (Wi-
Fi Protected Access 2). Up until the early 2000s, WEP was a primary security protocol
for protect the wireless computer networks, unfortunately the technology is evolve
every day, WEP encryption has become a weak security control for wireless networks.
However, things have just gotten worse. A researcher at the Technical University of
Darmstadt in Germany has written a paper in which they claim to be able to crack 104
bit WEP encryption in 60 seconds or less. In recent years, WPA and WPA2 have
replaced old mechanism that is WEP as the standard for all wireless network security.
WPA and WPA2 are more powerful compare with WEP security protocol, because WPA
allow for more password complexity, which leads to a more secure network, but the
newest security protocol is WPA2 and it more secure compare to WPA. WPA2 has
stronger security because of it has new encryption mode that is AES-based.
7/31/2019 WEP and WPA
4/22
4 | P a g
What a
WEP (
WEP is
commu
wireless
messag
This ke
packets
the dat
64bits,1
XOR wit
key. M
Howeve
small fr
Besides,
but cra
weakne
e
re WEP a
ired Equi
802.11
ication fro
network
.WEP use
created
are forme
a packet.
28 bits an
h plaintext
st device
r, this rest
action of
the longe
king a lo
ses in WE
d WPA2
valent Pri
irst hard
m eavesdr
(access
the RC4
sing a 24
using an
Additional
256 bits i
(Source:
also allo
ricts each
ossible b
key the b
nger key
P, includin
acy)
are form
opping. Be
control)
cipher str
bits initiali
XOR functi
ly, the us
n HEX. Th
ttp://en.
the use
byte to b
te values,
tter as it
equires in
the possi
of secur
sides, it c
and pre
am to enc
ation vect
on to use
ers canco
is is the b
ikipedia.o
exampl
entere
charac
four bi
bit IV
r to enter
a printa
greatly r
ill increas
terception
ility of IV
Securin
ity and
n prevent
ent tam
rypt each
r (IV) an
he RC4 ke
figure wi
sic WEP
g/wiki/Wir
e, a 64-
as a strin
er represe
s each giv
produces
the key
le ASCII
ducing th
the diffic
of more
collisions
g Wireless Netw
sed to p
unauthori
ering wi
packet usi
a 40 bits
y value str
h an enc
ncryption
d_Equival
it WEP
of 10 he
nts four bi
es 40 bits,
he compl
s five AS
haracter,
space of
lty for cra
packets. T
nd altered
rk With WEP a
rotect wir
ed access
h transm
g 64 bits
key value.
eam to en
ryption ke
RC4 keyst
nt_Privac
ey is u
adecimal.
ts, 10 digi
adding th
te 64-bit
CII charac
hich is o
possible
kers to cr
here are
packets,
d WPA
110922
less
to a
itted
key.
The
rypt
y of
eam
).For
ually
Each
ts of
24-
WEP
ters.
ly a
eys.
ck it,
ther
hich
7/31/2019 WEP and WPA
5/22
Securing Wireless Network With WEP and WPA
110922
5 | P a g e
are not helped by using a longer key. WEP has two kind of authentication such as
shared key and open system. This two authentication has its own function. For the
shared key authentication it needs four steps to complete the handshake (happens
when a computer wants to talk to another computer. Before anything is sent and
received the handshake takes place), first is the client send an authentication request to
access point (AP), then the AP will replies with a clear text. Next, the clients encrypts
the challenge-text based on the configuration WEP key and send the challenge-text
back to another authentication request. Lastly, the AP will decrypt the request. If the
challenges-text is match then it will reply back.In addition, open system authentication
is the WLAN client need not provide its credentials to the AP during authentication. Any
client can authenticate with the AP and then attempt to associate. In effect, no
authentication occurs. Subsequently WEP keys can be used for encrypting data frames.
At this point, the client must have the correct keys. According to many research papers,
WEP is too weak for wireless network setting. The vulnerability of WEP can be
attributed to the following:
It only provides a method for network card to authenticate access point and
there are no ways for access point to authenticate the network card. So it is
possible for a hacker or cracker to sniff the data through access point.
Unauthorized decryption and the violation of data integrity Once the WEP key
is revealed, a hacker may transform the cipher text into its original form and
understand the meaning of the algorithm. Based on the understanding of the
7/31/2019 WEP and WPA
6/22
Securing Wireless Network With WEP and WPA
110922
6 | P a g e
algorithm, a hacker may use the cracked WEP key to modify the cipher text and
forward the changed message to the receiver.
Poor key management The key management is not effective since most
networks use a single shared secret key value for each client. Synchronizing key
change is a tedious process, and no key management is defined in the protocol,
so keys are seldom changed.
WEP uses the same WEP key and a different IV to encrypt data. The IV has only
a limited range that is 0 until 16777215 to choose from. In time, the same IVs
may be used over and over again. By picking the repeating IVs out of the data
stream, hacker can ultimately have enough collection of data to crack the WEP
key.
There are many vendor produce their own solution to address the leak of WEP, such as
enhance the WEP to WEP+. In 1998, Lucent pioneered a 128-bit WEP to extend the
WEP key from 40-bit to 104-bit in order to enhance security. Under this approach,
attackers might take longer amount of time to break the enhanced WEP keys. However,
the approach was not very helpful because the previous security flaws in WEP still
persisted. Agere and US Robotics also went after Lucent and created their own
enhanced WEP solutions (Ageres 152-bit WEP and US Robotics 256-bit WEP). Besides,
dynamic WEP is implementing by several vendors, including Cisco andMicrosoft,
implemented dynamic WEP re-keying of access points. The dynamic WEP keys
7/31/2019 WEP and WPA
7/22
Securing Wireless Network With WEP and WPA
110922
7 | P a g e
prevented attackers from eavesdropping the communications. The attackers might
never collect enough data to crack WEP keys.
WPA (Wi -Fi Prot ected Access)
WPAwas created to resolve the issues with WEP. WPA is used to secure wireless
networks and it much stronger encryption algorithm created specifically by the
networking industry to mitigate the problems associated with WEP. WPA has a key size
of 128 bits and instead of static, seldom changed keys, it uses dynamic keys created
and shared by an authentication server. This figure shows WPA work flow. Besides, it
uses the same encryption and decryption method
with all devices on the wireless network, but does
not use the same master key. Devices connected to
a WPA encrypted wireless network use temporary
keys that are dynamically changed to communicate.
WPA is designed to work with all wireless network
cards, but not necessarily with first generation
wireless access points. The WPA protocol
implements much of the IEEE 802.11i standard. Specifically, the Temporal Key Integrity
Protocol (TKIP) is used to accomplish the WPA. TKIP is a collection of algorithm that
attempt to deliver the best security that can be obtained given the constraints of the
wireless of the wireless network environment. It employs a per-packet key, meaning
that it dynamically generates a new 128-bit key for each packet and thus prevents the
7/31/2019 WEP and WPA
8/22
Securing Wireless Network With WEP and WPA
110922
8 | P a g e
types of attacks that compromised WEP.Besides TKIP, WPA adopts 802.1X EAP based
to report the issue of user authentication in WEP. This feature initially is designed for
wired networks but is also applicable to wireless networks. 802.1X EAP based
authentication is contained of three elements that is supplicant, authentication server
and authenticator. Supplicant is a client wants to be authenticated. It can be the client
software on wireless device. The authentication server is a system, such as a RADIUS
server and handles actual authentications. For the authenticator is a device (Access
Point) acts as an intermediary between a supplicant and an authentication server. The
exact method of supplying identity is defined in the Extensible AuthenticationProtocol
(EAP). EAP is the protocol that 802.1X uses to manage mutual authentication. There is
several type of EAP method such as:
EAP LEAP - Uses a username and password to transmit the identity to the
RADIUS server for authentication.
EAP PEAP Provide a secure mutual authentication and design to overcome
some vulnerability exist in other method.
EAP TLS Used an X 509 certificate to handle authentication.
EAP TTLS Used while authenticator identifies itself to the client with a server
certificate, the supplicant uses a username and password identity instead.
According to the book Principles of Information Security 3rd edition, TKIP adds four
new algorithms to WEP:
7/31/2019 WEP and WPA
9/22
Securing Wireless Network With WEP and WPA
110922
9 | P a g e
A cryptographic message integrity code, or MIC, called Michael, to defeat
forgeries;
A new IV sequencing discipline, to remove replay attacks from the attacker
arsenal;
A per-packet key mixing function, to de-correlate the public IVs from weak keys;
and
A rekeying mechanism, to provide fresh encryption and integrity keys, undoing
the threat of attacks stemming from key reuse.
While it offered dramatically improved security over WEP, WPA was not the most
secure wireless protocol design. Some compromises were made in the security
design to countenance compatibility with existing wireless network components.
Protocols to replace TKIP are currently under development. Apart from that, Counter
Cipher Mode with Block Chaining Message Authentication Code Protocol also is an
encryption protocol and common call as CCMP. CCMP used to implement the
standards of the IEEE 802.11i modification to the original IEEE 802.11 standard and
is an enhanced data cryptographic encapsulation mechanism designed for data
confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES
standard. It was created to address the vulnerabilities presented by TKIP, a protocol
in WPA, and WEP, a dated, insecure protocol.
7/31/2019 WEP and WPA
10/22
Securing Wireless Network With WEP and WPA
110922
10 | P a g e
Why need WEP and WPA
WEP
For several people, WEP is the only choice until the new security methods added to the
IEEE 802.11 standard become established. Even with its weaknesses, WEP is still more
effective than no security at all, providing you are aware of its potential weaknesses. It
provides a barrier, although small, to attack and is therefore likely to cause many
attackers to just drive on down the street in search of an unsecure network. Most of the
attacks depend on collecting a reasonable sample of transmitted data so, for a home
user, where the number of packets sent is quite small, WEP is still a fairly safe option.
Here are some advantages of WEP.
It can prevent illegal usage from spamming to accessing or viewing pornography
may be traced back to your router.
Avoid wasted internet bandwidth to slow you down.
Thwart other people can connect your router which your computer will assume is
a trusted member of your network and the computer will allow them to gain
information from your system.
Prevent identity theft.
7/31/2019 WEP and WPA
11/22
Securing Wireless Network With WEP and WPA
110922
11 | P a g e
WPA
WPA was industrialized by the WiFi Alliance in conjunction with the IEEE as an interim
wireless security solution that works with existing hardware, in anticipation of the
802.11i wireless security standards that were recently consented, but are not
compatible with all legacy hardware. For those who aren't ready to upgrade all of their
wireless hardware and who need more security than WEP can provide, WPA is the
answer. Below are some advantages of WPA:
WPA uses much stronger encryption algorithms than its predecessor. WPA uses a
Temporary Key Integrity Protocol (TKIP), which dynamically changes the key as
data packets are sent across the network.
WPA provides a way for enterprises to authenticate wireless users with a RADIUS
server. The authentication protocol that's used is the Extensible Authentication
Protocol (EAP). The RADIUS server also allows you to set user access policies to
control wireless access to your network. For example, you can set time limits on
wireless sessions or place restrictions on days and times that users can connect.
Has backward compatible WEP support for devices that are not upgraded.
7/31/2019 WEP and WPA
12/22
Securing Wireless Network With WEP and WPA
110922
12 | P a g e
Attack on WEP netw ork
Tools: Backtrack 3 BT3 (Linux Kernel), Spoonwep2, and USB Wi-Fi adapter
1. Firstly, boot the BT3 and plug in the USB Wi-Fi adapter.
2. Start the Spoonwep2 by click on start button >BackTrack> Radio Network
Analysis > 80211 > all > Spoonwep2.
3. The window will pop up the Spoonwep2. Then choose the network card (USB Wi-
Fi adapter) RAUSB0 > for option Driver choose NORMAL (If your wifi adapter is
7/31/2019 WEP and WPA
13/22
Securing Wireless Network With WEP and WPA
110922
13 | P a g e
Atheros, please select option Atheros) >MODE choose UNKNOW VICTIM > click
on NEXT.
Clickon it
7/31/2019 WEP and WPA
14/22
Securing Wireless Network With WEP and WPA
110922
14 | P a g e
4. Then you will see a window like below. Click on LAUNCH button to start scanning
the nearby network.
5. During scanning, you will see a window display the details about the AP (Access
Point) such as channel, data, SSID, packet, power and so on.
Clickon it
7/31/2019 WEP and WPA
15/22
Securing Wireless Network With WEP and WPA
110922
15 | P a g e
6.After that, you will see the wireless network that you desire to hack appear on
the main window like below. Then you need click on the wireless network you
would like to hack, and click on button SELECTION OK.
7. Then it go to attack panel, that will let you choose the attack method and select
the length of bits and channel. After select, click on LAUNCH button to start the
attack.
7/31/2019 WEP and WPA
16/22
Securing Wireless Network With WEP and WPA
110922
16 | P a g e
8. You need to wait until the spoonwep2 found the key. The key that you get will
in HEX, so you need to convert into ACSII for easy you remember.
7/31/2019 WEP and WPA
17/22
Securing Wireless Network With WEP and WPA
110922
17 | P a g e
Setup WPA on access point DLink DI R-300
1. Log into the web-based configuration by using web browser and entering the
default IP address of the router (192.168.0.1). Then click on Wireless Setup on
the left hand side.
7/31/2019 WEP and WPA
18/22
Securing Wireless Network With WEP and WPA
110922
18 | P a g e
2. Go to WIRELESS SECURITY MODE, select Enable WPA only wireless security
(enhanced).
3. Then go to Cipher Mode, select TKIP, AES or Both.
4. Next to PSK/EAP option panel, select PSK.
5. Then enter the password that you desire.
7/31/2019 WEP and WPA
19/22
Securing Wireless Network With WEP and WPA
110922
19 | P a g e
6. Click on Save Setting and wait the router save the setting. Then the page will
refresh.
7/31/2019 WEP and WPA
20/22
Securing Wireless Network With WEP and WPA
110922
20 | P a g e
The End
As a conclusion, a wireless networks without WEP or WPA are unacceptable due to the
exceedingly high risks involved. If the wireless network that without any security (WEP
or WPA), mean the user can does not take any skill to discover and gain unauthorized
access to wireless networks. One does not have to be a programmer, Linux expert, or
network specialist. All it takes is a laptop with a wireless network card, and some
software or tools that can be easily downloaded for free from the Internet. Armed with
these basic tools anybody can drive around, detect open wireless networks, and
connect to them. With a Linux machine, additional software, some advanced knowledge,
and some time and patience it is even possible to break into wireless networks that use
encryption. Although, WEP offers such weak encryption that it is generally considered
as unsecured but it better than your wireless network that do not have any
7/31/2019 WEP and WPA
21/22
Securing Wireless Network With WEP and WPA
110922
21 | P a g e
security.WPA is enhancement of WEP, but many researchers found faults that make it
impartially insecure as well compare to protocol WPA2.
Reference
Principles of Information Security Third Edition
http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
http://www.pcworld.com/article/130330/how_to_secure_your_wireless_network.
html
http://wifihelps.com/disadvantages.php
http://en.wikipedia.org/wiki/CCMP
http://www.techrepublic.com/article/wpa-wireless-security-offers-multiple-
advantages-over-wep/5060773
http://support.netgear.com/app/answers/detail/a_id/1105/~/what%27s-new-in-
security%3A-wpa-%28wi-fi-protected-access%29
7/31/2019 WEP and WPA
22/22
Securing Wireless Network With WEP and WPA
110922
22 | P a g e
http://etutorials.org/Networking/802.11+security.+wi-
fi+protected+access+and+802.11i/Part+III+Wi-
Fi+Security+in+the+Real+World/
http://www.practicallynetworked.com/support/wireless_secure.htm
http://www.brighthub.com/computing/smb-security/articles/78216.aspx
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access